Search in sources :

Example 1 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newAttributeStatement.

/**
     * New attribute statement.
     *
     * @param attributes            the attributes
     * @param setFriendlyName       the set friendly name
     * @param configuredNameFormats the configured name formats
     * @return the attribute statement
     */
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final boolean setFriendlyName, final Map<String, String> configuredNameFormats) {
    final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
    for (final Map.Entry<String, Object> e : attributes.entrySet()) {
        if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
            LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
            continue;
        }
        final Attribute attribute = newAttribute(setFriendlyName, e, configuredNameFormats);
        attrStatement.getAttributes().add(attribute);
    }
    return attrStatement;
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) Map(java.util.Map)

Example 2 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildAuthnStatement.

/**
 * Creates an authentication statement for the current request.
 *
 * @param assertion    the assertion
 * @param authnRequest the authn request
 * @param adaptor      the adaptor
 * @param service      the service
 * @param binding      the binding
 * @return constructed authentication statement
 * @throws SamlException the saml exception
 */
private AuthnStatement buildAuthnStatement(final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final String binding) throws SamlException {
    final Assertion assertion = Assertion.class.cast(casAssertion);
    final String authenticationMethod = this.authnContextClassRefBuilder.build(assertion, authnRequest, adaptor, service);
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    final AuthnStatement statement = newAuthnStatement(authenticationMethod, DateTimeUtils.zonedDateTimeOf(assertion.getAuthenticationDate()), id);
    if (assertion.getValidUntilDate() != null) {
        final ZonedDateTime dt = DateTimeUtils.zonedDateTimeOf(assertion.getValidUntilDate());
        statement.setSessionNotOnOrAfter(DateTimeUtils.dateTimeOf(dt.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance())));
    }
    statement.setSubjectLocality(buildSubjectLocality(assertion, authnRequest, adaptor, binding));
    return statement;
}
Also used : ZonedDateTime(java.time.ZonedDateTime) Assertion(org.jasig.cas.client.validation.Assertion) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)

Example 3 with Statement

use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method authenticateWhenEncryptedAttributeThenDecrypts.

@Test
public void authenticateWhenEncryptedAttributeThenDecrypts() {
    Response response = response();
    Assertion assertion = assertion();
    EncryptedAttribute attribute = TestOpenSamlObjects.encrypted("name", "value", TestSaml2X509Credentials.assertingPartyEncryptingCredential());
    AttributeStatement statement = build(AttributeStatement.DEFAULT_ELEMENT_NAME);
    statement.getEncryptedAttributes().add(attribute);
    assertion.getAttributeStatements().add(statement);
    response.getAssertions().add(assertion);
    TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
    Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
    Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
    assertThat(principal.getAttribute("name")).containsExactly("value");
}
Also used : Response(org.opensaml.saml.saml2.core.Response) EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Test(org.junit.jupiter.api.Test)

Example 4 with Statement

use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.

the class TestOpenSamlObjects method assertion.

static Assertion assertion(String username, String issuerEntityId, String recipientEntityId, String recipientUri) {
    Assertion assertion = build(Assertion.DEFAULT_ELEMENT_NAME);
    assertion.setID("A" + UUID.randomUUID().toString());
    assertion.setVersion(SAMLVersion.VERSION_20);
    assertion.setIssuer(issuer(issuerEntityId));
    assertion.setSubject(subject(username));
    assertion.setConditions(conditions());
    SubjectConfirmation subjectConfirmation = subjectConfirmation();
    subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
    SubjectConfirmationData confirmationData = subjectConfirmationData(recipientEntityId);
    confirmationData.setRecipient(recipientUri);
    subjectConfirmation.setSubjectConfirmationData(confirmationData);
    assertion.getSubject().getSubjectConfirmations().add(subjectConfirmation);
    AuthnStatement statement = build(AuthnStatement.DEFAULT_ELEMENT_NAME);
    statement.setSessionIndex("session-index");
    assertion.getAuthnStatements().add(statement);
    return assertion;
}
Also used : SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) SubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData)

Example 5 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class SamlProfileSamlAttributeStatementBuilderTests method verifyFriendlyNamesForKnownAttributes.

@Test
public void verifyFriendlyNamesForKnownAttributes() throws Exception {
    val service = getSamlRegisteredServiceForTestShib();
    val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId()).get();
    val buildContext = SamlProfileBuilderContext.builder().samlRequest(getAuthnRequestFor(service)).httpRequest(new MockHttpServletRequest()).httpResponse(new MockHttpServletResponse()).authenticatedAssertion(getAssertion(Map.of("urn:oid:0.9.2342.19200300.100.1.1", "casuser", "urn:oid:2.5.4.20", "+13477465341", "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", "casuser-principal", "urn:oid:0.9.2342.19200300.100.1.3", "cas@example.org"))).registeredService(service).adaptor(adaptor).binding(SAMLConstants.SAML2_POST_BINDING_URI).build();
    val statement = samlProfileSamlAttributeStatementBuilder.build(buildContext);
    val attributes = statement.getAttributes();
    assertFalse(attributes.isEmpty());
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:0.9.2342.19200300.100.1.1") && a.getFriendlyName().equalsIgnoreCase("uid")));
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:2.5.4.20") && a.getFriendlyName().equalsIgnoreCase("telephoneNumber")));
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:1.3.6.1.4.1.5923.1.1.1.6") && a.getFriendlyName().equalsIgnoreCase("eduPersonPrincipalName")));
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:0.9.2342.19200300.100.1.3") && a.getFriendlyName().equalsIgnoreCase("email")));
}
Also used : lombok.val(lombok.val) lombok.val(lombok.val) Autowired(org.springframework.beans.factory.annotation.Autowired) TestPropertySource(org.springframework.test.context.TestPropertySource) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UUID(java.util.UUID) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test) BaseSamlIdPConfigurationTests(org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests) List(java.util.List) SamlProfileBuilderContext(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext) SamlProfileObjectBuilder(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Map(java.util.Map) NameIDType(org.opensaml.saml.saml2.core.NameIDType) Qualifier(org.springframework.beans.factory.annotation.Qualifier) Assertions(org.junit.jupiter.api.Assertions) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) Tag(org.junit.jupiter.api.Tag) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)19 Attribute (org.opensaml.saml.saml2.core.Attribute)10 Assertion (org.opensaml.saml.saml2.core.Assertion)8 Map (java.util.Map)7 Test (org.junit.jupiter.api.Test)6 XMLObject (org.opensaml.core.xml.XMLObject)6 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)6 List (java.util.List)5 lombok.val (lombok.val)5 SamlProfileBuilderContext (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext)5 SamlProfileObjectBuilder (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder)5 NameIDType (org.opensaml.saml.saml2.core.NameIDType)5 UUID (java.util.UUID)4 BaseSamlIdPConfigurationTests (org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests)4 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)4 Assertions (org.junit.jupiter.api.Assertions)4 Tag (org.junit.jupiter.api.Tag)4 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)4 Autowired (org.springframework.beans.factory.annotation.Autowired)4 Qualifier (org.springframework.beans.factory.annotation.Qualifier)4