Examples with NameIDBuilder org.opensaml.saml.saml2.core.impl.NameIDBuilder used on opensource projects

Example 1 with NameIDBuilder

use of org.opensaml.saml.saml2.core.impl.NameIDBuilder in project pac4j by pac4j.

the class SAML2LogoutRequestBuilder method buildLogoutRequest.

@SuppressWarnings("unchecked")
protected final LogoutRequest buildLogoutRequest(final SAML2MessageContext context, final AssertionConsumerService assertionConsumerService, final SingleLogoutService ssoService) {
    final SAMLObjectBuilder<LogoutRequest> builder = (SAMLObjectBuilder<LogoutRequest>) this.builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
    final LogoutRequest request = builder.buildObject();
    final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext();
    request.setID(generateID());
    request.setIssuer(getIssuer(selfContext.getEntityId()));
    request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
    request.setVersion(SAMLVersion.VERSION_20);
    request.setDestination(ssoService.getLocation());
    // very very bad...
    ProfileManager manager = new ProfileManager(context.getWebContext());
    Optional<UserProfile> p = manager.get(true);
    if (p.isPresent() && p.get() instanceof SAML2Profile) {
        final SAML2Profile samlP = (SAML2Profile) p.get();
        // name id added (id of profile)
        final SAMLObjectBuilder<NameID> nameIdBuilder = (SAMLObjectBuilder<NameID>) this.builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
        final NameID nameId = nameIdBuilder.buildObject();
        nameId.setValue(samlP.getId());
        nameId.setFormat(samlP.getSamlNameIdFormat());
        nameId.setNameQualifier(samlP.getSamlNameIdNameQualifier());
        nameId.setSPNameQualifier(samlP.getSamlNameIdSpNameQualifier());
        nameId.setSPProvidedID(samlP.getSamlNameIdSpProviderId());
        request.setNameID(nameId);
        // session index added
        final String sessIdx = (String) samlP.getAttribute("sessionindex");
        final SAMLObjectBuilder<SessionIndex> sessionIndexBuilder = (SAMLObjectBuilder<SessionIndex>) this.builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
        final SessionIndex sessionIdx = sessionIndexBuilder.buildObject();
        sessionIdx.setSessionIndex(sessIdx);
        request.getSessionIndexes().add(sessionIdx);
    }
    return request;
}

Example 2 with NameIDBuilder

use of org.opensaml.saml.saml2.core.impl.NameIDBuilder in project syncope by apache.

the class SAML2SPLogic method createLogoutRequest.

@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))")
public SAML2RequestTO createLogoutRequest(final String accessToken, final String spEntityID) {
    check();
    // 1. fetch the current JWT used for Syncope authentication
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken);
    if (!consumer.verifySignatureWith(jwsSignatureVerifier)) {
        throw new IllegalArgumentException("Invalid signature found in Access Token");
    }
    // 2. look for IdP
    String idpEntityID = (String) consumer.getJwtClaims().getClaim(JWT_CLAIM_IDP_ENTITYID);
    if (idpEntityID == null) {
        throw new NotFoundException("No SAML 2.0 IdP information found in the access token");
    }
    SAML2IdPEntity idp = cache.get(idpEntityID);
    if (idp == null) {
        throw new NotFoundException("SAML 2.0 IdP '" + idpEntityID + "'");
    }
    if (idp.getSLOLocation(idp.getBindingType()) == null) {
        throw new IllegalArgumentException("No SingleLogoutService available for " + idp.getId());
    }
    // 3. create LogoutRequest
    LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
    logoutRequest.setID("_" + UUID_GENERATOR.generate().toString());
    logoutRequest.setDestination(idp.getSLOLocation(idp.getBindingType()).getLocation());
    DateTime now = new DateTime();
    logoutRequest.setIssueInstant(now);
    logoutRequest.setNotOnOrAfter(now.plusMinutes(5));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(spEntityID);
    logoutRequest.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_FORMAT));
    nameID.setValue((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_VALUE));
    logoutRequest.setNameID(nameID);
    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
    sessionIndex.setSessionIndex((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_SESSIONINDEX));
    logoutRequest.getSessionIndexes().add(sessionIndex);
    SAML2RequestTO requestTO = new SAML2RequestTO();
    requestTO.setIdpServiceAddress(logoutRequest.getDestination());
    requestTO.setBindingType(idp.getBindingType());
    try {
        // 3. generate relay state as JWT
        Map<String, Object> claims = new HashMap<>();
        claims.put(JWT_CLAIM_IDP_DEFLATE, idp.getBindingType() == SAML2BindingType.REDIRECT ? true : idp.isUseDeflateEncoding());
        Triple<String, String, Date> relayState = accessTokenDataBinder.generateJWT(logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims);
        requestTO.setRelayState(relayState.getMiddle());
        // 4. sign and encode AuthnRequest
        switch(idp.getBindingType()) {
            case REDIRECT:
                requestTO.setContent(saml2rw.encode(logoutRequest, true));
                requestTO.setSignAlg(saml2rw.getSigAlgo());
                requestTO.setSignature(saml2rw.sign(requestTO.getContent(), requestTO.getRelayState()));
                break;
            case POST:
            default:
                saml2rw.sign(logoutRequest);
                requestTO.setContent(saml2rw.encode(logoutRequest, idp.isUseDeflateEncoding()));
        }
    } catch (Exception e) {
        LOG.error("While generating LogoutRequest", e);
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
        sce.getElements().add(e.getMessage());
        throw sce;
    }
    return requestTO;
}

Example 3 with NameIDBuilder

use of org.opensaml.saml.saml2.core.impl.NameIDBuilder in project webcert by sklintyg.

the class FakeElegAuthenticationProvider method createSamlCredential.

private SAMLCredential createSamlCredential(Authentication token) {
    FakeElegCredentials fakeCredentials = (FakeElegCredentials) token.getCredentials();
    Assertion assertion = new AssertionBuilder().buildObject();
    attachAuthenticationContext(assertion, FAKE_AUTHENTICATION_ELEG_CONTEXT_REF);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.PERSON_ID_ATTRIBUTE, fakeCredentials.getPersonId()));
    attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.FORNAMN_ATTRIBUTE, fakeCredentials.getFirstName()));
    attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.MELLAN_OCH_EFTERNAMN_ATTRIBUTE, fakeCredentials.getLastName()));
    NameID nameId = new NameIDBuilder().buildObject();
    nameId.setValue(token.getCredentials().toString());
    return new SAMLCredential(nameId, assertion, "fake-idp", "webcert");
}

Example 4 with NameIDBuilder

use of org.opensaml.saml.saml2.core.impl.NameIDBuilder in project webcert by sklintyg.

the class CommonFakeAuthenticationProvider method createSamlCredential.

private SAMLCredential createSamlCredential(Authentication token) {
    FakeCredentials fakeCredentials = (FakeCredentials) token.getCredentials();
    Assertion assertion = new AssertionBuilder().buildObject();
    attachAuthenticationContext(assertion, FAKE_AUTHENTICATION_SITHS_CONTEXT_REF);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    addAttribute(attributeStatement, BaseSakerhetstjanstAssertion.HSA_ID_ATTRIBUTE, fakeCredentials.getHsaId());
    NameID nameId = new NameIDBuilder().buildObject();
    nameId.setValue(token.getCredentials().toString());
    return new SAMLCredential(nameId, assertion, "fake-idp", "webcert");
}

Example 5 with NameIDBuilder

use of org.opensaml.saml.saml2.core.impl.NameIDBuilder in project cloudstack by apache.

the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.

private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}