Examples with Assertion org.opensaml.saml2.core.Assertion used on opensource projects

Example 96 with Assertion

use of org.opensaml.saml2.core.Assertion in project ddf by codice.

the class TestAttributeQueryClient method testRetrieveResponse.

@Test
public void testRetrieveResponse() {
    setResponse(cannedResponse, false);
    Assertion assertion = attributeQueryClient.query(USERNAME);
    assertThat(assertion, is(notNullValue()));
    assertThat(assertion.getIssuer().getValue(), is(equalTo("localhost")));
    assertThat(assertion.getSubject().getNameID().getValue(), is(equalTo("admin")));
    assertThat(assertion.getAttributeStatements(), is(notNullValue()));
}

Example 97 with Assertion

use of org.opensaml.saml2.core.Assertion in project ddf by codice.

the class SimpleSign method signSamlObject.

public void signSamlObject(SignableSAMLObject samlObject) throws SignatureException {
    X509Certificate[] certificates = getSignatureCertificates();
    String sigAlgo = getSignatureAlgorithm(certificates[0]);
    PrivateKey privateKey = getSignaturePrivateKey();
    // Create the signature
    Signature signature = OpenSAMLUtil.buildSignature();
    if (signature == null) {
        throw new SignatureException("Unable to build signature.");
    }
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signature.setSignatureAlgorithm(sigAlgo);
    BasicX509Credential signingCredential = new BasicX509Credential(certificates[0]);
    signingCredential.setPrivateKey(privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
    try {
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
    } catch (org.opensaml.security.SecurityException e) {
        throw new SignatureException("Error generating KeyInfo from signing credential", e);
    }
    if (samlObject instanceof Response) {
        List<Assertion> assertions = ((Response) samlObject).getAssertions();
        for (Assertion assertion : assertions) {
            assertion.getSignature().setSigningCredential(signingCredential);
        }
    }
    samlObject.setSignature(signature);
    SAMLObjectContentReference contentRef = (SAMLObjectContentReference) signature.getContentReferences().get(0);
    contentRef.setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1);
    samlObject.releaseDOM();
    samlObject.releaseChildrenDOM(true);
}

Example 98 with Assertion

use of org.opensaml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSamlAssertionBuilder method build.

@Override
public Assertion build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final List<Statement> statements = new ArrayList<>();
    final AuthnStatement authnStatement = this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
    statements.add(authnStatement);
    final AttributeStatement attrStatement = this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
    if (!attrStatement.getAttributes().isEmpty() || !attrStatement.getEncryptedAttributes().isEmpty()) {
        statements.add(attrStatement);
    }
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
    assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
    assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
    signAssertion(assertion, request, response, service, adaptor, binding);
    return assertion;
}

Example 99 with Assertion

use of org.opensaml.saml2.core.Assertion in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method build.

@Audit(action = "SAML2_RESPONSE", actionResolverName = "SAML2_RESPONSE_ACTION_RESOLVER", resourceResolverName = "SAML2_RESPONSE_RESOURCE_RESOLVER")
@Override
public T build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor, binding);
    final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response, binding);
    return encodeFinalResponse(request, response, service, adaptor, finalResponse, binding, authnRequest, casAssertion);
}

Example 100 with Assertion

use of org.opensaml.saml2.core.Assertion in project cas by apereo.

the class WsFederationAction method handleWsFederationAuthenticationRequest.

private Event handleWsFederationAuthenticationRequest(final RequestContext context) {
    final Service service = wsFederationCookieManager.retrieve(context);
    LOGGER.debug("Retrieved service [{}] from the session cookie", service);
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    final String wResult = request.getParameter(WRESULT);
    LOGGER.debug("Parameter [{}] received: [{}]", WRESULT, wResult);
    if (StringUtils.isBlank(wResult)) {
        LOGGER.error("No [{}] parameter is found", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to create an assertion from the token parameter");
    final RequestedSecurityToken rsToken = this.wsFederationHelper.getRequestSecurityTokenFromResult(wResult);
    final Pair<Assertion, WsFederationConfiguration> assertion = this.wsFederationHelper.buildAndVerifyAssertion(rsToken, configurations);
    if (assertion == null) {
        LOGGER.error("Could not validate assertion via parsing the token from [{}]", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to validate the signature on the assertion");
    if (!this.wsFederationHelper.validateSignature(assertion)) {
        final String msg = "WS Requested Security Token is blank or the signature is not valid.";
        LOGGER.error(msg);
        throw new IllegalArgumentException(msg);
    }
    return buildCredentialsFromAssertion(context, assertion, service);
}