use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.
the class SamlProfileSamlAttributeStatementBuilderTests method verifyAttributeAsNameIDPersistent.
@Test
public void verifyAttributeAsNameIDPersistent() throws Exception {
val service = getSamlRegisteredServiceForTestShib();
service.getAttributeValueTypes().put("customNameId", NameIDType.PERSISTENT);
val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId()).get();
val buildContext = SamlProfileBuilderContext.builder().samlRequest(getAuthnRequestFor(service)).httpRequest(new MockHttpServletRequest()).httpResponse(new MockHttpServletResponse()).authenticatedAssertion(getAssertion(Map.of("customNameId", List.of(UUID.randomUUID().toString())))).registeredService(service).adaptor(adaptor).binding(SAMLConstants.SAML2_POST_BINDING_URI).build();
val statement = samlProfileSamlAttributeStatementBuilder.build(buildContext);
val attributes = statement.getAttributes();
assertFalse(attributes.isEmpty());
val result = attributes.stream().filter(a -> a.getName().equals("customNameId")).findFirst();
assertTrue(result.isPresent());
assertTrue(result.get().getAttributeValues().get(0) instanceof NameIDType);
}
use of org.opensaml.saml.saml2.core.Statement in project carbon-apimgt by wso2.
the class SystemScopeUtils method getRolesFromAssertion.
/**
* Get the role list from the SAML2 Assertion
*
* @param assertion SAML2 assertion
* @return Role list from the assertion
*/
public static String[] getRolesFromAssertion(Assertion assertion) {
List<String> roles = new ArrayList<String>();
String roleClaim = getRoleClaim();
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
if (attributeStatementList != null) {
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
String attributeName = attribute.getName();
if (attributeName != null && roleClaim.equals(attributeName)) {
List<XMLObject> attributeValues = attribute.getAttributeValues();
if (attributeValues != null && attributeValues.size() == 1) {
String attributeValueString = getAttributeValue(attributeValues.get(0));
String multiAttributeSeparator = getAttributeSeparator();
String[] attributeValuesArray = attributeValueString.split(multiAttributeSeparator);
if (log.isDebugEnabled()) {
log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + Arrays.toString(attributeValuesArray));
}
roles.addAll(Arrays.asList(attributeValuesArray));
} else if (attributeValues != null && attributeValues.size() > 1) {
for (XMLObject attributeValue : attributeValues) {
String attributeValueString = getAttributeValue(attributeValue);
if (log.isDebugEnabled()) {
log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + attributeValue);
}
roles.add(attributeValueString);
}
}
}
}
}
}
if (log.isDebugEnabled()) {
log.debug("Role list found for assertion: " + assertion + ", roles: " + roles);
}
return roles.toArray(new String[roles.size()]);
}
use of org.opensaml.saml.saml2.core.Statement in project cxf by apache.
the class SAMLUtils method getSaml1Subject.
private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper assertionW) {
for (Statement stmt : assertionW.getSaml1().getStatements()) {
final org.opensaml.saml.saml1.core.Subject samlSubject;
if (stmt instanceof AttributeStatement) {
AttributeStatement attrStmt = (AttributeStatement) stmt;
samlSubject = attrStmt.getSubject();
} else if (stmt instanceof AuthenticationStatement) {
AuthenticationStatement authStmt = (AuthenticationStatement) stmt;
samlSubject = authStmt.getSubject();
} else {
AuthorizationDecisionStatement authzStmt = (AuthorizationDecisionStatement) stmt;
samlSubject = authzStmt.getSubject();
}
if (samlSubject != null) {
return samlSubject;
}
}
return null;
}
use of org.opensaml.saml.saml2.core.Statement in project tesb-rt-se by Talend.
the class SAML2AuthorizingInterceptor method getRoleFromAssertion.
private String getRoleFromAssertion(SamlAssertionWrapper assertion) {
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
return null;
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
return null;
}
String nameFormat = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims";
for (AttributeStatement statement : attributeStatements) {
List<Attribute> attributes = statement.getAttributes();
for (Attribute attribute : attributes) {
if ("role".equals(attribute.getName()) && nameFormat.equals(attribute.getNameFormat())) {
Element attributeValueElement = attribute.getAttributeValues().get(0).getDOM();
return attributeValueElement.getTextContent();
}
}
}
return null;
}
use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.
the class OpenSamlDecryptionUtils method decryptAssertionElements.
static void decryptAssertionElements(Assertion assertion, RelyingPartyRegistration registration) {
Decrypter decrypter = decrypter(registration);
for (AttributeStatement statement : assertion.getAttributeStatements()) {
for (EncryptedAttribute encryptedAttribute : statement.getEncryptedAttributes()) {
try {
Attribute attribute = decrypter.decrypt(encryptedAttribute);
statement.getAttributes().add(attribute);
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
}
if (assertion.getSubject() == null) {
return;
}
if (assertion.getSubject().getEncryptedID() == null) {
return;
}
try {
assertion.getSubject().setNameID((NameID) decrypter.decrypt(assertion.getSubject().getEncryptedID()));
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Aggregations