Examples with AttributeStatement org.opensaml.saml2.core.AttributeStatement used on opensource projects

Search in sources :

Example 46 with AttributeStatement

use of org.opensaml.saml2.core.AttributeStatement in project cxf by apache.

the class OnBehalfOfValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    Subject subject = saml2Assertion.getSubject();
    NameID nameID = subject.getNameID();
    String subjectName = nameID.getValue();
    if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
        return validatedCredential;
    }
    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) NameID(org.opensaml.saml.saml2.core.NameID) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Assertion(org.opensaml.saml.saml2.core.Assertion) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Subject(org.opensaml.saml.saml2.core.Subject)

Example 47 with AttributeStatement

use of org.opensaml.saml2.core.AttributeStatement in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorServiceTest method setup.

@BeforeEach
public void setup() {
    final String idpEntityId = TestEntityIds.STUB_IDP_ONE;
    final String assertionId1 = randomUUID().toString();
    final String assertionId2 = randomUUID().toString();
    final SignatureAlgorithm signatureAlgorithm = new SignatureRSASHA1();
    final DigestAlgorithm digestAlgorithm = new DigestSHA256();
    final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
    final AttributeStatement ipAddress = anAttributeStatement().addAttribute(IPAddressAttributeBuilder.anIPAddress().build()).build();
    final Optional<Signature> signature = of(SignatureBuilder.aSignature().build());
    final SignatureImpl signatureImpl = ((SignatureImpl) signature.get());
    signatureImpl.setXMLSignature(BuilderHelper.createXMLSignature(signatureAlgorithm, digestAlgorithm));
    authnStatementAssertion = AssertionBuilder.anAssertion().withId(assertionId1).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).addAttributeStatement(ipAddress).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build()).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId1, digestAlgorithm).build()).buildUnencrypted();
    matchingDatasetAssertion = AssertionBuilder.anAssertion().withId(assertionId2).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).addAttributeStatement(matchingDatasetAttributeStatement).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId2, digestAlgorithm).build()).buildUnencrypted();
    when(responseContainer.getSamlResponse()).thenReturn(saml);
    when(assertionBlobEncrypter.encryptAssertionBlob(any(), eq(authStatementUnderlyingAssertionBlob))).thenReturn(encryptedAuthnAssertion);
    when(stringToOpenSamlResponseTransformer.apply(saml)).thenReturn(samlResponse);
    when(samlResponseToIdaResponseIssuedByIdpTransformer.apply(samlResponse)).thenReturn(responseFromIdp);
    when(authStatementAssertion.getUnderlyingAssertionBlob()).thenReturn(authStatementUnderlyingAssertionBlob);
    when(authStatementAssertion.getAuthnContext()).thenReturn(Optional.empty());
    when(authStatementAssertion.getFraudDetectedDetails()).thenReturn(Optional.empty());
    when(authStatementAssertion.getPrincipalIpAddressAsSeenByIdp()).thenReturn(Optional.of(principalIpAddressSeenByIdp));
    when(authnStatementPersistentId.getNameId()).thenReturn("a name id");
    when(authnStatementPersistentId.getNameId()).thenReturn(persistentIdName);
    when(authStatementAssertion.getPersistentId()).thenReturn(authnStatementPersistentId);
    when(responseFromIdp.getIssuer()).thenReturn(responseIssuer);
    when(responseFromIdp.getStatus()).thenReturn(status);
    when(responseFromIdp.getMatchingDatasetAssertion()).thenReturn(empty());
    when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(empty());
    when(responseFromIdp.getSignature()).thenReturn(signature);
    when(samlResponse.getIssuer()).thenReturn(issuer);
    when(stringToAssertionTransformer.apply(authStatementUnderlyingAssertionBlob)).thenReturn(authnStatementAssertion);
    when(stringToAssertionTransformer.apply(matchingDatasetUnderlyingAssertionBlob)).thenReturn(matchingDatasetAssertion);
    InboundResponseFromIdpDataGenerator inboundResponseFromIdpDataGenerator = new InboundResponseFromIdpDataGenerator(assertionBlobEncrypter);
    service = new IdpAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, stringToAssertionTransformer, samlResponseToIdaResponseIssuedByIdpTransformer, inboundResponseFromIdpDataGenerator, idpAssertionMetricsCollector, transactionsConfigProxy);
}
Also used : DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256) SignatureRSASHA1(org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA1) AttributeStatementBuilder.anAttributeStatement(uk.gov.ida.saml.core.test.builders.AttributeStatementBuilder.anAttributeStatement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Signature(org.opensaml.xmlsec.signature.Signature) SignatureAlgorithm(org.opensaml.xmlsec.algorithm.SignatureAlgorithm) SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl) InboundResponseFromIdpDataGenerator(uk.gov.ida.saml.hub.transformers.inbound.InboundResponseFromIdpDataGenerator) DigestAlgorithm(org.opensaml.xmlsec.algorithm.DigestAlgorithm) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 48 with AttributeStatement

use of org.opensaml.saml2.core.AttributeStatement in project verify-hub by alphagov.

the class MatchingDatasetAssertionValidatorTest method validate_shouldNotThrowAnExceptionWhenCurrentAddressIsPresent_ProfileV1_1.

@Test
public void validate_shouldNotThrowAnExceptionWhenCurrentAddressIsPresent_ProfileV1_1() {
    AttributeStatement attributeStatement = anEmptyMatchingDatasetAttributeStatement_1_1().withCurrentAddress().build();
    Assertion matchingDatasetAssertion = anAssertion().addAttributeStatement(attributeStatement).buildUnencrypted();
    validator.validate(matchingDatasetAssertion, RESPONSE_ISSUER_ID);
}
Also used : AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Test(org.junit.jupiter.api.Test)

Example 49 with AttributeStatement

use of org.opensaml.saml2.core.AttributeStatement in project verify-hub by alphagov.

the class MatchingDatasetAssertionValidatorTest method validate_shouldThrowExceptionWhenMultipleAttributeStatementsArePresent.

@Test
public void validate_shouldThrowExceptionWhenMultipleAttributeStatementsArePresent() {
    AttributeStatement attributeStatement = anEmptyMatchingDatasetAttributeStatement_1_1().build();
    Assertion matchingDatasetAssertion = anAssertion().addAttributeStatement(attributeStatement).addAttributeStatement(attributeStatement).buildUnencrypted();
    validateFail(() -> validator.validate(matchingDatasetAssertion, RESPONSE_ISSUER_ID), mdsMultipleStatements());
}
Also used : AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Test(org.junit.jupiter.api.Test)

Example 50 with AttributeStatement

use of org.opensaml.saml2.core.AttributeStatement in project verify-hub by alphagov.

the class MatchingDatasetAssertionValidatorTest method validate_shouldNotThrowAnExceptionWhenPreviousAddressIsPresent_ProfileV1_1.

@Test
public void validate_shouldNotThrowAnExceptionWhenPreviousAddressIsPresent_ProfileV1_1() {
    AttributeStatement attributeStatement = anEmptyMatchingDatasetAttributeStatement_1_1().addPreviousAddress().build();
    Assertion matchingDatasetAssertion = anAssertion().addAttributeStatement(attributeStatement).buildUnencrypted();
    validator.validate(matchingDatasetAssertion, RESPONSE_ISSUER_ID);
}
Also used : AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Test(org.junit.jupiter.api.Test)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)61 Attribute (org.opensaml.saml.saml2.core.Attribute)38 Assertion (org.opensaml.saml.saml2.core.Assertion)36 Test (org.junit.jupiter.api.Test)24 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)17 XMLObject (org.opensaml.core.xml.XMLObject)14 EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)10 SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9 SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8 ArrayList (java.util.ArrayList)7 XSString (org.opensaml.core.xml.schema.XSString)7 NameID (org.opensaml.saml.saml2.core.NameID)7 Response (org.opensaml.saml.saml2.core.Response)7 Subject (org.opensaml.saml.saml2.core.Subject)7 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)6 AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)6 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)6 Map (java.util.Map)5 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)5 AttributeStatementBuilder (org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial