Examples with Statement org.opensaml.saml.saml2.core.Statement used on opensource projects

Example 1 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newAttributeStatement.

/**
     * New attribute statement.
     *
     * @param attributes            the attributes
     * @param setFriendlyName       the set friendly name
     * @param configuredNameFormats the configured name formats
     * @return the attribute statement
     */
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final boolean setFriendlyName, final Map<String, String> configuredNameFormats) {
    final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
    for (final Map.Entry<String, Object> e : attributes.entrySet()) {
        if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
            LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
            continue;
        }
        final Attribute attribute = newAttribute(setFriendlyName, e, configuredNameFormats);
        attrStatement.getAttributes().add(attribute);
    }
    return attrStatement;
}

Example 2 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildAuthnStatement.

/**
 * Creates an authentication statement for the current request.
 *
 * @param assertion    the assertion
 * @param authnRequest the authn request
 * @param adaptor      the adaptor
 * @param service      the service
 * @param binding      the binding
 * @return constructed authentication statement
 * @throws SamlException the saml exception
 */
private AuthnStatement buildAuthnStatement(final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final String binding) throws SamlException {
    final Assertion assertion = Assertion.class.cast(casAssertion);
    final String authenticationMethod = this.authnContextClassRefBuilder.build(assertion, authnRequest, adaptor, service);
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    final AuthnStatement statement = newAuthnStatement(authenticationMethod, DateTimeUtils.zonedDateTimeOf(assertion.getAuthenticationDate()), id);
    if (assertion.getValidUntilDate() != null) {
        final ZonedDateTime dt = DateTimeUtils.zonedDateTimeOf(assertion.getValidUntilDate());
        statement.setSessionNotOnOrAfter(DateTimeUtils.dateTimeOf(dt.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance())));
    }
    statement.setSubjectLocality(buildSubjectLocality(assertion, authnRequest, adaptor, binding));
    return statement;
}

Example 3 with Statement

use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method authenticateWhenEncryptedAttributeThenDecrypts.

@Test
public void authenticateWhenEncryptedAttributeThenDecrypts() {
    Response response = response();
    Assertion assertion = assertion();
    EncryptedAttribute attribute = TestOpenSamlObjects.encrypted("name", "value", TestSaml2X509Credentials.assertingPartyEncryptingCredential());
    AttributeStatement statement = build(AttributeStatement.DEFAULT_ELEMENT_NAME);
    statement.getEncryptedAttributes().add(attribute);
    assertion.getAttributeStatements().add(statement);
    response.getAssertions().add(assertion);
    TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
    Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
    Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
    assertThat(principal.getAttribute("name")).containsExactly("value");
}

Example 4 with Statement

use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.

the class TestOpenSamlObjects method assertion.

static Assertion assertion(String username, String issuerEntityId, String recipientEntityId, String recipientUri) {
    Assertion assertion = build(Assertion.DEFAULT_ELEMENT_NAME);
    assertion.setID("A" + UUID.randomUUID().toString());
    assertion.setVersion(SAMLVersion.VERSION_20);
    assertion.setIssuer(issuer(issuerEntityId));
    assertion.setSubject(subject(username));
    assertion.setConditions(conditions());
    SubjectConfirmation subjectConfirmation = subjectConfirmation();
    subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
    SubjectConfirmationData confirmationData = subjectConfirmationData(recipientEntityId);
    confirmationData.setRecipient(recipientUri);
    subjectConfirmation.setSubjectConfirmationData(confirmationData);
    assertion.getSubject().getSubjectConfirmations().add(subjectConfirmation);
    AuthnStatement statement = build(AuthnStatement.DEFAULT_ELEMENT_NAME);
    statement.setSessionIndex("session-index");
    assertion.getAuthnStatements().add(statement);
    return assertion;
}

Example 5 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class SamlProfileSamlAttributeStatementBuilderTests method verifyFriendlyNamesForKnownAttributes.

@Test
public void verifyFriendlyNamesForKnownAttributes() throws Exception {
    val service = getSamlRegisteredServiceForTestShib();
    val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId()).get();
    val buildContext = SamlProfileBuilderContext.builder().samlRequest(getAuthnRequestFor(service)).httpRequest(new MockHttpServletRequest()).httpResponse(new MockHttpServletResponse()).authenticatedAssertion(getAssertion(Map.of("urn:oid:0.9.2342.19200300.100.1.1", "casuser", "urn:oid:2.5.4.20", "+13477465341", "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", "casuser-principal", "urn:oid:0.9.2342.19200300.100.1.3", "cas@example.org"))).registeredService(service).adaptor(adaptor).binding(SAMLConstants.SAML2_POST_BINDING_URI).build();
    val statement = samlProfileSamlAttributeStatementBuilder.build(buildContext);
    val attributes = statement.getAttributes();
    assertFalse(attributes.isEmpty());
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:0.9.2342.19200300.100.1.1") && a.getFriendlyName().equalsIgnoreCase("uid")));
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:2.5.4.20") && a.getFriendlyName().equalsIgnoreCase("telephoneNumber")));
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:1.3.6.1.4.1.5923.1.1.1.6") && a.getFriendlyName().equalsIgnoreCase("eduPersonPrincipalName")));
    assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:0.9.2342.19200300.100.1.3") && a.getFriendlyName().equalsIgnoreCase("email")));
}