Example 21 with Statement
use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.
the class SamlProfileSamlAttributeStatementBuilderTests method verifyAttributeAsNameIDPersistent.
@Test
public void verifyAttributeAsNameIDPersistent() throws Exception {
val service = getSamlRegisteredServiceForTestShib();
service.getAttributeValueTypes().put("customNameId", NameIDType.PERSISTENT);
val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId()).get();
val buildContext = SamlProfileBuilderContext.builder().samlRequest(getAuthnRequestFor(service)).httpRequest(new MockHttpServletRequest()).httpResponse(new MockHttpServletResponse()).authenticatedAssertion(getAssertion(Map.of("customNameId", List.of(UUID.randomUUID().toString())))).registeredService(service).adaptor(adaptor).binding(SAMLConstants.SAML2_POST_BINDING_URI).build();
val statement = samlProfileSamlAttributeStatementBuilder.build(buildContext);
val attributes = statement.getAttributes();
assertFalse(attributes.isEmpty());
val result = attributes.stream().filter(a -> a.getName().equals("customNameId")).findFirst();
assertTrue(result.isPresent());
assertTrue(result.get().getAttributeValues().get(0) instanceof NameIDType);
}
Also used :
lombok.val(lombok.val)
lombok.val(lombok.val)
Autowired(org.springframework.beans.factory.annotation.Autowired)
TestPropertySource(org.springframework.test.context.TestPropertySource)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
UUID(java.util.UUID)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
BaseSamlIdPConfigurationTests(org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests)
List(java.util.List)
SamlProfileBuilderContext(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext)
SamlProfileObjectBuilder(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Map(java.util.Map)
NameIDType(org.opensaml.saml.saml2.core.NameIDType)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
Assertions(org.junit.jupiter.api.Assertions)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
Tag(org.junit.jupiter.api.Tag)
SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
NameIDType(org.opensaml.saml.saml2.core.NameIDType)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 22 with Statement
use of org.opensaml.saml.saml2.core.Statement in project carbon-apimgt by wso2.
the class SystemScopeUtils method getRolesFromAssertion.
/**
* Get the role list from the SAML2 Assertion
*
* @param assertion SAML2 assertion
* @return Role list from the assertion
*/
public static String[] getRolesFromAssertion(Assertion assertion) {
List<String> roles = new ArrayList<String>();
String roleClaim = getRoleClaim();
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
if (attributeStatementList != null) {
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
String attributeName = attribute.getName();
if (attributeName != null && roleClaim.equals(attributeName)) {
List<XMLObject> attributeValues = attribute.getAttributeValues();
if (attributeValues != null && attributeValues.size() == 1) {
String attributeValueString = getAttributeValue(attributeValues.get(0));
String multiAttributeSeparator = getAttributeSeparator();
String[] attributeValuesArray = attributeValueString.split(multiAttributeSeparator);
if (log.isDebugEnabled()) {
log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + Arrays.toString(attributeValuesArray));
}
roles.addAll(Arrays.asList(attributeValuesArray));
} else if (attributeValues != null && attributeValues.size() > 1) {
for (XMLObject attributeValue : attributeValues) {
String attributeValueString = getAttributeValue(attributeValue);
if (log.isDebugEnabled()) {
log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + attributeValue);
}
roles.add(attributeValueString);
}
}
}
}
}
}
if (log.isDebugEnabled()) {
log.debug("Role list found for assertion: " + assertion + ", roles: " + roles);
}
return roles.toArray(new String[roles.size()]);
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
XSString(org.opensaml.core.xml.schema.XSString)
Example 23 with Statement
use of org.opensaml.saml.saml2.core.Statement in project cxf by apache.
the class SAMLUtils method getSaml1Subject.
private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper assertionW) {
for (Statement stmt : assertionW.getSaml1().getStatements()) {
final org.opensaml.saml.saml1.core.Subject samlSubject;
if (stmt instanceof AttributeStatement) {
AttributeStatement attrStmt = (AttributeStatement) stmt;
samlSubject = attrStmt.getSubject();
} else if (stmt instanceof AuthenticationStatement) {
AuthenticationStatement authStmt = (AuthenticationStatement) stmt;
samlSubject = authStmt.getSubject();
} else {
AuthorizationDecisionStatement authzStmt = (AuthorizationDecisionStatement) stmt;
samlSubject = authzStmt.getSubject();
}
if (samlSubject != null) {
return samlSubject;
}
}
return null;
}
Also used :
AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement)
Statement(org.opensaml.saml.saml1.core.Statement)
AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement)
AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)
AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement)
AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement)
AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)
Example 24 with Statement
use of org.opensaml.saml.saml2.core.Statement in project tesb-rt-se by Talend.
the class SAML2AuthorizingInterceptor method getRoleFromAssertion.
private String getRoleFromAssertion(SamlAssertionWrapper assertion) {
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
return null;
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
return null;
}
String nameFormat = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims";
for (AttributeStatement statement : attributeStatements) {
List<Attribute> attributes = statement.getAttributes();
for (Attribute attribute : attributes) {
if ("role".equals(attribute.getName()) && nameFormat.equals(attribute.getNameFormat())) {
Element attributeValueElement = attribute.getAttributeValues().get(0).getDOM();
return attributeValueElement.getTextContent();
}
}
}
return null;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Element(org.w3c.dom.Element)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Example 25 with Statement
use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.
the class OpenSamlDecryptionUtils method decryptAssertionElements.
static void decryptAssertionElements(Assertion assertion, RelyingPartyRegistration registration) {
Decrypter decrypter = decrypter(registration);
for (AttributeStatement statement : assertion.getAttributeStatements()) {
for (EncryptedAttribute encryptedAttribute : statement.getEncryptedAttributes()) {
try {
Attribute attribute = decrypter.decrypt(encryptedAttribute);
statement.getAttributes().add(attribute);
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
}
if (assertion.getSubject() == null) {
return;
}
if (assertion.getSubject().getEncryptedID() == null) {
return;
}
try {
assertion.getSubject().setNameID((NameID) decrypter.decrypt(assertion.getSubject().getEncryptedID()));
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Also used :
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Decrypter(org.opensaml.saml.saml2.encryption.Decrypter)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Aggregations
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)19
Attribute (org.opensaml.saml.saml2.core.Attribute)10
Assertion (org.opensaml.saml.saml2.core.Assertion)8
Map (java.util.Map)7
Test (org.junit.jupiter.api.Test)6
XMLObject (org.opensaml.core.xml.XMLObject)6
AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)6
List (java.util.List)5
lombok.val (lombok.val)5
SamlProfileBuilderContext (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext)5
SamlProfileObjectBuilder (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder)5
NameIDType (org.opensaml.saml.saml2.core.NameIDType)5
UUID (java.util.UUID)4
BaseSamlIdPConfigurationTests (org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests)4
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)4
Assertions (org.junit.jupiter.api.Assertions)4
Tag (org.junit.jupiter.api.Tag)4
SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)4
Autowired (org.springframework.beans.factory.annotation.Autowired)4
Qualifier (org.springframework.beans.factory.annotation.Qualifier)4
