Search in sources :

Example 21 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.

the class SamlProfileSamlAttributeStatementBuilderTests method verifyAttributeAsNameIDPersistent.

@Test
public void verifyAttributeAsNameIDPersistent() throws Exception {
    val service = getSamlRegisteredServiceForTestShib();
    service.getAttributeValueTypes().put("customNameId", NameIDType.PERSISTENT);
    val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId()).get();
    val buildContext = SamlProfileBuilderContext.builder().samlRequest(getAuthnRequestFor(service)).httpRequest(new MockHttpServletRequest()).httpResponse(new MockHttpServletResponse()).authenticatedAssertion(getAssertion(Map.of("customNameId", List.of(UUID.randomUUID().toString())))).registeredService(service).adaptor(adaptor).binding(SAMLConstants.SAML2_POST_BINDING_URI).build();
    val statement = samlProfileSamlAttributeStatementBuilder.build(buildContext);
    val attributes = statement.getAttributes();
    assertFalse(attributes.isEmpty());
    val result = attributes.stream().filter(a -> a.getName().equals("customNameId")).findFirst();
    assertTrue(result.isPresent());
    assertTrue(result.get().getAttributeValues().get(0) instanceof NameIDType);
}
Also used : lombok.val(lombok.val) lombok.val(lombok.val) Autowired(org.springframework.beans.factory.annotation.Autowired) TestPropertySource(org.springframework.test.context.TestPropertySource) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UUID(java.util.UUID) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test) BaseSamlIdPConfigurationTests(org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests) List(java.util.List) SamlProfileBuilderContext(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext) SamlProfileObjectBuilder(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Map(java.util.Map) NameIDType(org.opensaml.saml.saml2.core.NameIDType) Qualifier(org.springframework.beans.factory.annotation.Qualifier) Assertions(org.junit.jupiter.api.Assertions) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) Tag(org.junit.jupiter.api.Tag) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) NameIDType(org.opensaml.saml.saml2.core.NameIDType) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 22 with Statement

use of org.opensaml.saml.saml2.core.Statement in project carbon-apimgt by wso2.

the class SystemScopeUtils method getRolesFromAssertion.

/**
 * Get the role list from the SAML2 Assertion
 *
 * @param assertion SAML2 assertion
 * @return Role list from the assertion
 */
public static String[] getRolesFromAssertion(Assertion assertion) {
    List<String> roles = new ArrayList<String>();
    String roleClaim = getRoleClaim();
    List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
    if (attributeStatementList != null) {
        for (AttributeStatement statement : attributeStatementList) {
            List<Attribute> attributesList = statement.getAttributes();
            for (Attribute attribute : attributesList) {
                String attributeName = attribute.getName();
                if (attributeName != null && roleClaim.equals(attributeName)) {
                    List<XMLObject> attributeValues = attribute.getAttributeValues();
                    if (attributeValues != null && attributeValues.size() == 1) {
                        String attributeValueString = getAttributeValue(attributeValues.get(0));
                        String multiAttributeSeparator = getAttributeSeparator();
                        String[] attributeValuesArray = attributeValueString.split(multiAttributeSeparator);
                        if (log.isDebugEnabled()) {
                            log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + Arrays.toString(attributeValuesArray));
                        }
                        roles.addAll(Arrays.asList(attributeValuesArray));
                    } else if (attributeValues != null && attributeValues.size() > 1) {
                        for (XMLObject attributeValue : attributeValues) {
                            String attributeValueString = getAttributeValue(attributeValue);
                            if (log.isDebugEnabled()) {
                                log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + attributeValue);
                            }
                            roles.add(attributeValueString);
                        }
                    }
                }
            }
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Role list found for assertion: " + assertion + ", roles: " + roles);
    }
    return roles.toArray(new String[roles.size()]);
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) XSString(org.opensaml.core.xml.schema.XSString)

Example 23 with Statement

use of org.opensaml.saml.saml2.core.Statement in project cxf by apache.

the class SAMLUtils method getSaml1Subject.

private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper assertionW) {
    for (Statement stmt : assertionW.getSaml1().getStatements()) {
        final org.opensaml.saml.saml1.core.Subject samlSubject;
        if (stmt instanceof AttributeStatement) {
            AttributeStatement attrStmt = (AttributeStatement) stmt;
            samlSubject = attrStmt.getSubject();
        } else if (stmt instanceof AuthenticationStatement) {
            AuthenticationStatement authStmt = (AuthenticationStatement) stmt;
            samlSubject = authStmt.getSubject();
        } else {
            AuthorizationDecisionStatement authzStmt = (AuthorizationDecisionStatement) stmt;
            samlSubject = authzStmt.getSubject();
        }
        if (samlSubject != null) {
            return samlSubject;
        }
    }
    return null;
}
Also used : AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) Statement(org.opensaml.saml.saml1.core.Statement) AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement) AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)

Example 24 with Statement

use of org.opensaml.saml.saml2.core.Statement in project tesb-rt-se by Talend.

the class SAML2AuthorizingInterceptor method getRoleFromAssertion.

private String getRoleFromAssertion(SamlAssertionWrapper assertion) {
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        return null;
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        return null;
    }
    String nameFormat = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims";
    for (AttributeStatement statement : attributeStatements) {
        List<Attribute> attributes = statement.getAttributes();
        for (Attribute attribute : attributes) {
            if ("role".equals(attribute.getName()) && nameFormat.equals(attribute.getNameFormat())) {
                Element attributeValueElement = attribute.getAttributeValues().get(0).getDOM();
                return attributeValueElement.getTextContent();
            }
        }
    }
    return null;
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion)

Example 25 with Statement

use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.

the class OpenSamlDecryptionUtils method decryptAssertionElements.

static void decryptAssertionElements(Assertion assertion, RelyingPartyRegistration registration) {
    Decrypter decrypter = decrypter(registration);
    for (AttributeStatement statement : assertion.getAttributeStatements()) {
        for (EncryptedAttribute encryptedAttribute : statement.getEncryptedAttributes()) {
            try {
                Attribute attribute = decrypter.decrypt(encryptedAttribute);
                statement.getAttributes().add(attribute);
            } catch (Exception ex) {
                throw new Saml2Exception(ex);
            }
        }
    }
    if (assertion.getSubject() == null) {
        return;
    }
    if (assertion.getSubject().getEncryptedID() == null) {
        return;
    }
    try {
        assertion.getSubject().setNameID((NameID) decrypter.decrypt(assertion.getSubject().getEncryptedID()));
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)19 Attribute (org.opensaml.saml.saml2.core.Attribute)10 Assertion (org.opensaml.saml.saml2.core.Assertion)8 Map (java.util.Map)7 Test (org.junit.jupiter.api.Test)6 XMLObject (org.opensaml.core.xml.XMLObject)6 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)6 List (java.util.List)5 lombok.val (lombok.val)5 SamlProfileBuilderContext (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext)5 SamlProfileObjectBuilder (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder)5 NameIDType (org.opensaml.saml.saml2.core.NameIDType)5 UUID (java.util.UUID)4 BaseSamlIdPConfigurationTests (org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests)4 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)4 Assertions (org.junit.jupiter.api.Assertions)4 Tag (org.junit.jupiter.api.Tag)4 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)4 Autowired (org.springframework.beans.factory.annotation.Autowired)4 Qualifier (org.springframework.beans.factory.annotation.Qualifier)4