Search in sources :

Example 16 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildAuthnStatement.

/**
     * Creates an authentication statement for the current request.
     *
     * @param assertion    the assertion
     * @param authnRequest the authn request
     * @param adaptor      the adaptor
     * @param service      the service
     * @return constructed authentication statement
     * @throws SamlException the saml exception
     */
private AuthnStatement buildAuthnStatement(final Assertion assertion, final AuthnRequest authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) throws SamlException {
    final String authenticationMethod = this.authnContextClassRefBuilder.build(assertion, authnRequest, adaptor, service);
    final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
    final AuthnStatement statement = newAuthnStatement(authenticationMethod, DateTimeUtils.zonedDateTimeOf(assertion.getAuthenticationDate()), id);
    if (assertion.getValidUntilDate() != null) {
        final ZonedDateTime dt = DateTimeUtils.zonedDateTimeOf(assertion.getValidUntilDate());
        statement.setSessionNotOnOrAfter(DateTimeUtils.dateTimeOf(dt.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance())));
    }
    statement.setSubjectLocality(buildSubjectLocality(assertion, authnRequest, adaptor));
    return statement;
}
Also used : ZonedDateTime(java.time.ZonedDateTime) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) SecureRandom(java.security.SecureRandom)

Example 17 with Statement

use of org.opensaml.saml.saml2.core.Statement in project OpenAttestation by OpenAttestation.

the class TrustAssertion method populateAssertionMap.

/**
     * Sample assertion statements that may appear in the XML: Trusted (boolean)
     * Trusted_BIOS (boolean) Trusted_VMM (boolean) BIOS_Name (string)
     * BIOS_Version (string) BIOS_OEM (string) VMM_Name (string) VMM_Version
     * (string) VMM_OSName (string) VMM_OSVersion (string) The BIOS_* entries
     * will only appear if Trusted_BIOS is true The VMM_* entries will only
     * appear if Trusted_VMM is true
     */
private void populateAssertionMap() {
    for (Statement statement : assertion.getStatements()) {
        if (statement instanceof AttributeStatement) {
            HashMap<String, String> assertionMap = new HashMap<String, String>();
            HostTrustAssertion hostTrustAssertion = new HostTrustAssertion(assertion, assertionMap);
            log.debug("attributes.size: " + ((AttributeStatement) statement).getAttributes().size());
            for (Attribute attribute : ((AttributeStatement) statement).getAttributes()) {
                String attributeValue = null;
                for (XMLObject value : attribute.getAttributeValues()) {
                    if (value instanceof XSAny) {
                        // boolean attributes are the text "true" or "false"
                        attributeValue = (((XSAny) value).getTextContent());
                    }
                    if (value instanceof XSString) {
                        attributeValue = (((XSString) value).getValue());
                    }
                }
                assertionMap.put(attribute.getName(), attributeValue);
            }
            hostAssertionMap.put(assertionMap.get("Host_Name"), hostTrustAssertion);
        }
    }
}
Also used : HashMap(java.util.HashMap) Attribute(org.opensaml.saml2.core.Attribute) Statement(org.opensaml.saml2.core.Statement) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) XMLObject(org.opensaml.xml.XMLObject) XSString(org.opensaml.xml.schema.XSString) XSString(org.opensaml.xml.schema.XSString) XSAny(org.opensaml.xml.schema.XSAny)

Example 18 with Statement

use of org.opensaml.saml.saml2.core.Statement in project ddf by codice.

the class AttributeQueryClaimsHandler method createClaims.

/**
     * Creates claims from the extracted attributes.
     *
     * @param claimsCollection The collection of claims.
     * @param assertion        Assertion from the response.
     * @return The collection of claims.
     * @throws URISyntaxException
     */
protected ProcessedClaimCollection createClaims(ProcessedClaimCollection claimsCollection, Assertion assertion) throws URISyntaxException {
    // Should only contain one Attribute Statement.
    AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
    List<Attribute> attributeList = attributeStatement.getAttributes();
    // and create the claim, otherwise, create the claim using its original attribute value.
    for (Attribute attribute : attributeList) {
        for (String claimType : supportedClaims) {
            if (claimType.equalsIgnoreCase(attribute.getName())) {
                String claimValue = attribute.getDOM().getTextContent();
                if (attributeMap.containsKey(claimValue)) {
                    claimsCollection.add(createSingleValuedClaim(claimType, attributeMap.get(claimValue)));
                } else {
                    claimsCollection.add(createSingleValuedClaim(claimType, claimValue));
                }
                break;
            }
        }
    }
    return claimsCollection;
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)

Example 19 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class SamlProfileSamlAssertionBuilder method build.

@Override
public Assertion build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final List<Statement> statements = new ArrayList<>();
    final AuthnStatement authnStatement = this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
    statements.add(authnStatement);
    final AttributeStatement attrStatement = this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
    if (!attrStatement.getAttributes().isEmpty() || !attrStatement.getEncryptedAttributes().isEmpty()) {
        statements.add(attrStatement);
    }
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
    assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
    assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
    signAssertion(assertion, request, response, service, adaptor, binding);
    return assertion;
}
Also used : AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Statement(org.opensaml.saml.saml2.core.Statement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) ArrayList(java.util.ArrayList) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) Assertion(org.opensaml.saml.saml2.core.Assertion)

Example 20 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newAttributeStatement.

/**
 * New attribute statement.
 *
 * @param attributes             the attributes
 * @param attributeFriendlyNames the attribute friendly names
 * @param configuredNameFormats  the configured name formats
 * @param defaultNameFormat      the default name format
 * @return the attribute statement
 */
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final Map<String, String> attributeFriendlyNames, final Map<String, String> configuredNameFormats, final String defaultNameFormat) {
    final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
    for (final Map.Entry<String, Object> e : attributes.entrySet()) {
        if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
            LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
            continue;
        }
        final String friendlyName = attributeFriendlyNames.getOrDefault(e.getKey(), null);
        final Attribute attribute = newAttribute(friendlyName, e, configuredNameFormats, defaultNameFormat);
        attrStatement.getAttributes().add(attribute);
    }
    return attrStatement;
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) Map(java.util.Map)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)19 Attribute (org.opensaml.saml.saml2.core.Attribute)10 Assertion (org.opensaml.saml.saml2.core.Assertion)8 Map (java.util.Map)7 Test (org.junit.jupiter.api.Test)6 XMLObject (org.opensaml.core.xml.XMLObject)6 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)6 List (java.util.List)5 lombok.val (lombok.val)5 SamlProfileBuilderContext (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext)5 SamlProfileObjectBuilder (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder)5 NameIDType (org.opensaml.saml.saml2.core.NameIDType)5 UUID (java.util.UUID)4 BaseSamlIdPConfigurationTests (org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests)4 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)4 Assertions (org.junit.jupiter.api.Assertions)4 Tag (org.junit.jupiter.api.Tag)4 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)4 Autowired (org.springframework.beans.factory.annotation.Autowired)4 Qualifier (org.springframework.beans.factory.annotation.Qualifier)4