Example 26 with Attribute
use of org.opensaml.saml2.core.Attribute in project ddf by codice.
the class AttributeQueryClaimsHandler method createClaims.
/**
* Creates claims from the extracted attributes.
*
* @param claimsCollection The collection of claims.
* @param assertion Assertion from the response.
* @return The collection of claims.
* @throws URISyntaxException
*/
protected ClaimsCollection createClaims(ClaimsCollection claimsCollection, Assertion assertion) {
// Should only contain one Attribute Statement.
AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
List<Attribute> attributeList = attributeStatement.getAttributes();
// and create the claim, otherwise, create the claim using its original attribute value.
for (Attribute attribute : attributeList) {
for (String claimType : supportedClaims) {
if (claimType.equalsIgnoreCase(attribute.getName())) {
String claimValue = attribute.getDOM().getTextContent();
claimsCollection.add(createSingleValuedClaim(claimType, attributeMap.getOrDefault(claimValue, claimValue)));
break;
}
}
}
return claimsCollection;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Example 27 with Attribute
use of org.opensaml.saml2.core.Attribute in project ddf by codice.
the class SamlAssertionValidatorImplTest method createHolderOfKeyAssertion.
private Assertion createHolderOfKeyAssertion() throws Exception {
Assertion assertion = new AssertionBuilder().buildObject();
assertion.setID(UUID.randomUUID().toString());
assertion.setIssueInstant(new DateTime());
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(ISSUER);
assertion.setIssuer(issuer);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
nameID.setNameQualifier("http://cxf.apache.org/sts");
nameID.setValue("admin");
X509SubjectName x509SubjectName = new X509SubjectNameBuilder().buildObject();
x509SubjectName.setValue("EMAILADDRESS=localhost@example.org, CN=localhost, OU=Dev, O=DDF, ST=AZ, C=US");
org.opensaml.xmlsec.signature.X509Certificate x509Certificate = new X509CertificateBuilder().buildObject();
byte[] certBytes = certificate.getEncoded();
String certString = new String(Base64.encode(certBytes));
x509Certificate.setValue(certString);
X509Data x509Data = new X509DataBuilder().buildObject();
x509Data.getX509SubjectNames().add(x509SubjectName);
x509Data.getX509Certificates().add(x509Certificate);
KeyInfo keyInfo = new KeyInfoBuilder().buildObject();
keyInfo.getX509Datas().add(x509Data);
KeyInfoConfirmationDataType keyInfoConfirmationDataType = new KeyInfoConfirmationDataTypeBuilder().buildObject();
keyInfoConfirmationDataType.getKeyInfos().add(keyInfo);
SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
subjectConfirmation.setSubjectConfirmationData(keyInfoConfirmationDataType);
Subject subject = new SubjectBuilder().buildObject();
subject.setNameID(nameID);
subject.getSubjectConfirmations().add(subjectConfirmation);
assertion.setSubject(subject);
Conditions conditions = new ConditionsBuilder().buildObject();
conditions.setNotBefore(new DateTime().minusDays(3));
conditions.setNotOnOrAfter(new DateTime().plusDays(3));
assertion.setConditions(conditions);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setAuthnInstant(new DateTime());
AuthnContext authnContext = new AuthnContextBuilder().buildObject();
AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
authnContext.setAuthnContextClassRef(authnContextClassRef);
authnStatement.setAuthnContext(authnContext);
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
Attribute attribute = new AttributeBuilder().buildObject();
AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
attributeValue.setValue("admin");
attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
attribute.getAttributeValues().add(attributeValue);
attributeStatement.getAttributes().add(attribute);
assertion.getAttributeStatements().add(attributeStatement);
Signature signature = OpenSAMLUtil.buildSignature();
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(WSS4JConstants.RSA);
BasicX509Credential signingCredential;
signingCredential = new BasicX509Credential(certificate);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfo signatureKeyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(signatureKeyInfo);
assertion.setSignature(signature);
return assertion;
}
Also used :
Issuer(org.opensaml.saml.saml2.core.Issuer)
KeyInfoBuilder(org.opensaml.xmlsec.signature.impl.KeyInfoBuilder)
Attribute(org.opensaml.saml.saml2.core.Attribute)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
AuthnStatementBuilder(org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder)
AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)
X509Data(org.opensaml.xmlsec.signature.X509Data)
DateTime(org.joda.time.DateTime)
Conditions(org.opensaml.saml.saml2.core.Conditions)
AuthnContext(org.opensaml.saml.saml2.core.AuthnContext)
NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder)
X509DataBuilder(org.opensaml.xmlsec.signature.impl.X509DataBuilder)
SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SubjectBuilder(org.opensaml.saml.saml2.core.impl.SubjectBuilder)
SubjectConfirmationBuilder(org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder)
X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)
AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
X509SubjectNameBuilder(org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder)
KeyInfoConfirmationDataTypeBuilder(org.opensaml.saml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder)
NameID(org.opensaml.saml.saml2.core.NameID)
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
AuthnContextBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextBuilder)
Assertion(org.opensaml.saml.saml2.core.Assertion)
X509CertificateBuilder(org.opensaml.xmlsec.signature.impl.X509CertificateBuilder)
KeyInfoConfirmationDataType(org.opensaml.saml.saml2.core.KeyInfoConfirmationDataType)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AssertionBuilder(org.opensaml.saml.saml2.core.impl.AssertionBuilder)
Subject(org.opensaml.saml.saml2.core.Subject)
ConditionsBuilder(org.opensaml.saml.saml2.core.impl.ConditionsBuilder)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Signature(org.opensaml.xmlsec.signature.Signature)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
X509SubjectName(org.opensaml.xmlsec.signature.X509SubjectName)
IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder)
AttributeValueTypeImplBuilder(org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder)
Example 28 with Attribute
use of org.opensaml.saml2.core.Attribute in project open-kilda by telstra.
the class SamlService method create.
/**
* Creates the provider.
*
* @param file the metadata file
* @param url the metadata url
* @param name the provider name
* @param entityId the entityId
* @param status the provider status
* @param attribute the attribute
* @param userCreation the userCreation
* @param roleIds the role Ids
* @return the SamlConfig
*/
public SamlConfig create(MultipartFile file, String name, String url, String entityId, boolean status, boolean userCreation, List<Long> roleIds, String attribute) {
samlValidator.validateCreateProvider(file, name, entityId, url, userCreation, roleIds);
Set<RoleEntity> roleEntities = roleService.getRolesById(roleIds);
SamlConfigEntity samlConfigEntity = SamlConversionUtil.toSamlConfigEntity(file, name, url, entityId, status, attribute, userCreation, roleEntities);
samlRepository.save(samlConfigEntity);
try {
metadataManager.loadProviderMetadata(samlConfigEntity.getUuid(), samlConfigEntity.getType().name());
} catch (MetadataProviderException e) {
LOGGER.error("Error occurred while loading provider" + e);
}
return SamlConversionUtil.toSamlConfig(samlConfigEntity);
}
Also used :
RoleEntity(org.usermanagement.dao.entity.RoleEntity)
SamlConfigEntity(org.openkilda.saml.dao.entity.SamlConfigEntity)
MetadataProviderException(org.opensaml.saml2.metadata.provider.MetadataProviderException)
Example 29 with Attribute
use of org.opensaml.saml2.core.Attribute in project tesb-rt-se by Talend.
the class ServerSamlValidator method validate.
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
if (!"alice".equals(assertion.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
String confirmationMethod = assertion.getConfirmationMethods().get(0);
if (!OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
boolean authenticatedClient = false;
for (AttributeStatement attributeStatement : saml2Assertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
if (!"attribute-role".equals(attribute.getName())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if ("authenticated-client".equals(text)) {
authenticatedClient = true;
}
}
}
}
if (!authenticatedClient) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
return validatedCredential;
}
Also used :
Credential(org.apache.wss4j.dom.validate.Credential)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Element(org.w3c.dom.Element)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 30 with Attribute
use of org.opensaml.saml2.core.Attribute in project spring-security by spring-projects.
the class TestOpenSamlObjects method attributeStatements.
static List<AttributeStatement> attributeStatements() {
List<AttributeStatement> attributeStatements = new ArrayList<>();
AttributeStatementBuilder attributeStatementBuilder = new AttributeStatementBuilder();
AttributeBuilder attributeBuilder = new AttributeBuilder();
AttributeStatement attrStmt1 = attributeStatementBuilder.buildObject();
Attribute emailAttr = attributeBuilder.buildObject();
emailAttr.setName("email");
// gh-8864
XSAny email1 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
email1.setTextContent("john.doe@example.com");
emailAttr.getAttributeValues().add(email1);
XSAny email2 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
email2.setTextContent("doe.john@example.com");
emailAttr.getAttributeValues().add(email2);
attrStmt1.getAttributes().add(emailAttr);
Attribute nameAttr = attributeBuilder.buildObject();
nameAttr.setName("name");
XSString name = new XSStringBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
name.setValue("John Doe");
nameAttr.getAttributeValues().add(name);
attrStmt1.getAttributes().add(nameAttr);
Attribute ageAttr = attributeBuilder.buildObject();
ageAttr.setName("age");
XSInteger age = new XSIntegerBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
age.setValue(21);
ageAttr.getAttributeValues().add(age);
attrStmt1.getAttributes().add(ageAttr);
attributeStatements.add(attrStmt1);
AttributeStatement attrStmt2 = attributeStatementBuilder.buildObject();
Attribute websiteAttr = attributeBuilder.buildObject();
websiteAttr.setName("website");
XSURI uri = new XSURIBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSURI.TYPE_NAME);
uri.setValue("https://johndoe.com/");
websiteAttr.getAttributeValues().add(uri);
attrStmt2.getAttributes().add(websiteAttr);
Attribute registeredAttr = attributeBuilder.buildObject();
registeredAttr.setName("registered");
XSBoolean registered = new XSBooleanBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSBoolean.TYPE_NAME);
registered.setValue(new XSBooleanValue(true, false));
registeredAttr.getAttributeValues().add(registered);
attrStmt2.getAttributes().add(registeredAttr);
attributeStatements.add(attrStmt2);
return attributeStatements;
}
Also used :
AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
XSIntegerBuilder(org.opensaml.core.xml.schema.impl.XSIntegerBuilder)
XSBooleanBuilder(org.opensaml.core.xml.schema.impl.XSBooleanBuilder)
XSAnyBuilder(org.opensaml.core.xml.schema.impl.XSAnyBuilder)
Attribute(org.opensaml.saml.saml2.core.Attribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
ArrayList(java.util.ArrayList)
XSString(org.opensaml.core.xml.schema.XSString)
XSStringBuilder(org.opensaml.core.xml.schema.impl.XSStringBuilder)
XSURI(org.opensaml.core.xml.schema.XSURI)
XSAny(org.opensaml.core.xml.schema.XSAny)
XSBooleanValue(org.opensaml.core.xml.schema.XSBooleanValue)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XSInteger(org.opensaml.core.xml.schema.XSInteger)
XSBoolean(org.opensaml.core.xml.schema.XSBoolean)
XSURIBuilder(org.opensaml.core.xml.schema.impl.XSURIBuilder)
Aggregations
Attribute (org.opensaml.saml.saml2.core.Attribute)63
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)39
Test (org.junit.jupiter.api.Test)21
Assertion (org.opensaml.saml.saml2.core.Assertion)19
XMLObject (org.opensaml.core.xml.XMLObject)16
AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)13
List (java.util.List)10
EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)10
XSString (org.opensaml.core.xml.schema.XSString)9
SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9
Element (org.w3c.dom.Element)8
SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8
ArrayList (java.util.ArrayList)7
AttributeStatementLogData (uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData)7
AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)7
Map (java.util.Map)6
SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)6
AttributeValue (org.opensaml.saml.saml2.core.AttributeValue)6
NameID (org.opensaml.saml.saml2.core.NameID)6
VerifiedAttributeLogData (uk.gov.ida.hub.samlengine.logging.data.VerifiedAttributeLogData)6
