Example 6 with Attribute
use of org.opensaml.saml2.core.Attribute in project ddf by codice.
the class SecurityPluginTest method setupMockSubject.
private Subject setupMockSubject() {
XSString mockAttributeValue = mock(XSString.class);
when(mockAttributeValue.getValue()).thenReturn(TEST_USER);
List<XMLObject> listOfAttributeValues = Arrays.asList(mockAttributeValue);
Attribute mockAttribute = mock(Attribute.class);
when(mockAttribute.getName()).thenReturn(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI);
when(mockAttribute.getAttributeValues()).thenReturn(listOfAttributeValues);
List<Attribute> listOfAttributes = Arrays.asList(mockAttribute);
AttributeStatement mockAttributeStatement = mock(AttributeStatement.class);
when(mockAttributeStatement.getAttributes()).thenReturn(listOfAttributes);
List<AttributeStatement> listOfAttributeStatements = Arrays.asList(mockAttributeStatement);
Subject mockSubject = mock(Subject.class);
PrincipalCollection mockPrincipals = mock(PrincipalCollection.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
when(mockSecurityAssertion.getAttributeStatements()).thenReturn(listOfAttributeStatements);
when(mockPrincipals.oneByType(SecurityAssertion.class)).thenReturn(mockSecurityAssertion);
when(mockSubject.getPrincipals()).thenReturn(mockPrincipals);
return mockSubject;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
XSString(org.opensaml.core.xml.schema.XSString)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
Example 7 with Attribute
use of org.opensaml.saml2.core.Attribute in project ddf by codice.
the class SubjectUtils method getAttribute.
/**
* Get any attribute from a subject by key.
*
* @param subject
* @param key
* @return attribute values or an empty list if not found.
*/
public static List<String> getAttribute(@Nullable Subject subject, String key) {
Validate.notNull(key);
if (subject == null) {
LOGGER.debug("Incoming subject was null, cannot look up {}.", key);
return Collections.emptyList();
}
PrincipalCollection principals = subject.getPrincipals();
if (principals == null) {
LOGGER.debug("No principals located in the incoming subject, cannot look up {}.", key);
return Collections.emptyList();
}
SecurityAssertion assertion = principals.oneByType(SecurityAssertion.class);
if (assertion == null) {
LOGGER.debug("Could not find Security Assertion, cannot look up {}.", key);
return Collections.emptyList();
}
return assertion.getAttributeStatements().stream().flatMap(as -> as.getAttributes().stream()).filter(a -> a.getName().equals(key)).flatMap(a -> a.getAttributeValues().stream()).filter(o -> o instanceof XSString).map(o -> (XSString) o).map(XSString::getValue).collect(Collectors.toList());
}
Also used :
Arrays(java.util.Arrays)
X500Principal(javax.security.auth.x500.X500Principal)
SortedSet(java.util.SortedSet)
LoggerFactory(org.slf4j.LoggerFactory)
BCStyle(org.bouncycastle.asn1.x500.style.BCStyle)
TreeSet(java.util.TreeSet)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Attribute(org.opensaml.saml.saml2.core.Attribute)
Subject(org.apache.shiro.subject.Subject)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
StringTokenizer(java.util.StringTokenizer)
Map(java.util.Map)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
XSString(org.opensaml.core.xml.schema.XSString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Nullable(javax.annotation.Nullable)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Logger(org.slf4j.Logger)
RDN(org.bouncycastle.asn1.x500.RDN)
Predicate(java.util.function.Predicate)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Collection(java.util.Collection)
Collectors(java.util.stream.Collectors)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
List(java.util.List)
Principal(java.security.Principal)
Collections(java.util.Collections)
Validate(org.apache.commons.lang.Validate)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
XSString(org.opensaml.core.xml.schema.XSString)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Example 8 with Attribute
use of org.opensaml.saml2.core.Attribute in project ddf by codice.
the class SecurityAssertionImpl method toString.
/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder result = new StringBuilder();
result.append("Principal: ");
result.append(getPrincipal());
result.append(", Attributes: ");
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
result.append("[ ");
result.append(attr.getName());
result.append(" : ");
for (int i = 0; i < attr.getAttributeValues().size(); i++) {
result.append(((XSString) attr.getAttributeValues().get(i)).getValue());
}
result.append("] ");
}
}
// add this back in when we support parsing this information
result.append(", AuthnStatements: ");
for (AuthnStatement authStatement : getAuthnStatements()) {
result.append("[ ");
result.append(authStatement.getAuthnInstant());
result.append(" : ");
result.append(authStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
result.append("] ");
}
// }
return result.toString();
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
Example 9 with Attribute
use of org.opensaml.saml2.core.Attribute in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newAttribute.
/**
* New attribute.
*
* @param setFriendlyName the set friendly name
* @param e the entry to process and turn into a saml attribute
* @param configuredNameFormats the configured name formats. If an attribute is found in this collection, the linked name format
* will be used.
* @return the attribute
*/
protected Attribute newAttribute(final boolean setFriendlyName, final Map.Entry<String, Object> e, final Map<String, String> configuredNameFormats) {
final Attribute attribute = newSamlObject(Attribute.class);
attribute.setName(e.getKey());
if (setFriendlyName) {
attribute.setFriendlyName(e.getKey());
}
addAttributeValuesToSaml2Attribute(e.getKey(), e.getValue(), attribute.getAttributeValues());
if (!configuredNameFormats.isEmpty() && configuredNameFormats.containsKey(attribute.getName())) {
final String nameFormat = configuredNameFormats.get(attribute.getName());
LOGGER.debug("Found name format [{}] for attribute [{}]", nameFormat, attribute.getName());
switch(nameFormat.trim().toLowerCase()) {
case "basic":
attribute.setNameFormat(Attribute.BASIC);
break;
case "uri":
attribute.setNameFormat(Attribute.URI_REFERENCE);
break;
case "unspecified":
attribute.setNameFormat(Attribute.UNSPECIFIED);
break;
default:
attribute.setNameFormat(nameFormat);
break;
}
LOGGER.debug("Attribute [{}] is assigned the name format of [{}]", attribute.getName(), attribute.getNameFormat());
} else {
LOGGER.debug("Skipped name format, as no name formats are defined or none is found for attribute [{}]", attribute.getName());
}
LOGGER.debug("Attribute [{}] has [{}] value(s)", attribute.getName(), attribute.getAttributeValues().size());
return attribute;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
Example 10 with Attribute
use of org.opensaml.saml2.core.Attribute in project OpenAttestation by OpenAttestation.
the class TrustAssertion method populateAssertionMap.
/**
* Sample assertion statements that may appear in the XML: Trusted (boolean)
* Trusted_BIOS (boolean) Trusted_VMM (boolean) BIOS_Name (string)
* BIOS_Version (string) BIOS_OEM (string) VMM_Name (string) VMM_Version
* (string) VMM_OSName (string) VMM_OSVersion (string) The BIOS_* entries
* will only appear if Trusted_BIOS is true The VMM_* entries will only
* appear if Trusted_VMM is true
*/
private void populateAssertionMap() {
for (Statement statement : assertion.getStatements()) {
if (statement instanceof AttributeStatement) {
HashMap<String, String> assertionMap = new HashMap<String, String>();
HostTrustAssertion hostTrustAssertion = new HostTrustAssertion(assertion, assertionMap);
log.debug("attributes.size: " + ((AttributeStatement) statement).getAttributes().size());
for (Attribute attribute : ((AttributeStatement) statement).getAttributes()) {
String attributeValue = null;
for (XMLObject value : attribute.getAttributeValues()) {
if (value instanceof XSAny) {
// boolean attributes are the text "true" or "false"
attributeValue = (((XSAny) value).getTextContent());
}
if (value instanceof XSString) {
attributeValue = (((XSString) value).getValue());
}
}
assertionMap.put(attribute.getName(), attributeValue);
}
hostAssertionMap.put(assertionMap.get("Host_Name"), hostTrustAssertion);
}
}
}
Also used :
HashMap(java.util.HashMap)
Attribute(org.opensaml.saml2.core.Attribute)
Statement(org.opensaml.saml2.core.Statement)
AttributeStatement(org.opensaml.saml2.core.AttributeStatement)
AttributeStatement(org.opensaml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.xml.XMLObject)
XSString(org.opensaml.xml.schema.XSString)
XSString(org.opensaml.xml.schema.XSString)
XSAny(org.opensaml.xml.schema.XSAny)
Aggregations
Attribute (org.opensaml.saml.saml2.core.Attribute)9
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)7
SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)6
XMLObject (org.opensaml.core.xml.XMLObject)4
Attribute (org.opensaml.saml2.core.Attribute)4
XSString (org.opensaml.xml.schema.XSString)4
SecurityAssertion (ddf.security.assertion.SecurityAssertion)3
Map (java.util.Map)3
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3
XSString (org.opensaml.core.xml.schema.XSString)3
Assertion (org.opensaml.saml2.core.Assertion)3
GuestPrincipal (ddf.security.principal.GuestPrincipal)2
IOException (java.io.IOException)2
Principal (java.security.Principal)2
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2
X500Principal (javax.security.auth.x500.X500Principal)2
DateTime (org.joda.time.DateTime)2
AttributeStatement (org.opensaml.saml2.core.AttributeStatement)2
XMLObjectBuilder (org.opensaml.xml.XMLObjectBuilder)2
XSAny (org.opensaml.xml.schema.XSAny)2
