Example 36 with AttributeStatement
use of org.opensaml.saml2.core.AttributeStatement in project ddf by codice.
the class SecurityAssertionImpl method getPrincipals.
@Override
public Set<Principal> getPrincipals() {
Set<Principal> principals = new HashSet<>();
Principal primary = getPrincipal();
principals.add(primary);
principals.add(new RolePrincipal(primary.getName()));
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
if (StringUtils.containsIgnoreCase(attr.getName(), "role")) {
for (final XMLObject obj : attr.getAttributeValues()) {
principals.add(new RolePrincipal(((XSString) obj).getValue()));
}
}
}
}
return principals;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
XSString(org.opensaml.core.xml.schema.XSString)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
X500Principal(javax.security.auth.x500.X500Principal)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
HashSet(java.util.HashSet)
Example 37 with AttributeStatement
use of org.opensaml.saml2.core.AttributeStatement in project cas by apereo.
the class SamlProfileSamlAssertionBuilder method build.
@Override
public Assertion build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
final List<Statement> statements = new ArrayList<>();
final AuthnStatement authnStatement = this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
statements.add(authnStatement);
final AttributeStatement attrStatement = this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
if (!attrStatement.getAttributes().isEmpty() || !attrStatement.getEncryptedAttributes().isEmpty()) {
statements.add(attrStatement);
}
final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
signAssertion(assertion, request, response, service, adaptor, binding);
return assertion;
}
Also used :
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Statement(org.opensaml.saml.saml2.core.Statement)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
ArrayList(java.util.ArrayList)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Example 38 with AttributeStatement
use of org.opensaml.saml2.core.AttributeStatement in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newAttributeStatement.
/**
* New attribute statement.
*
* @param attributes the attributes
* @param attributeFriendlyNames the attribute friendly names
* @param configuredNameFormats the configured name formats
* @param defaultNameFormat the default name format
* @return the attribute statement
*/
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final Map<String, String> attributeFriendlyNames, final Map<String, String> configuredNameFormats, final String defaultNameFormat) {
final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
for (final Map.Entry<String, Object> e : attributes.entrySet()) {
if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
continue;
}
final String friendlyName = attributeFriendlyNames.getOrDefault(e.getKey(), null);
final Attribute attribute = newAttribute(friendlyName, e, configuredNameFormats, defaultNameFormat);
attrStatement.getAttributes().add(attribute);
}
return attrStatement;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
Map(java.util.Map)
Example 39 with AttributeStatement
use of org.opensaml.saml2.core.AttributeStatement in project verify-hub by alphagov.
the class EidasAttributeStatementAssertionValidator method validateAttributes.
private void validateAttributes(Assertion assertion) {
final List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements.isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsStatementMissing();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attributeStatements.size() > 1) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsMultipleStatements();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
final List<Attribute> attributes = attributeStatements.get(0).getAttributes();
if (attributes.isEmpty()) {
SamlValidationSpecificationFailure failure = attributeStatementEmpty(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
Set<String> attributeNames = attributes.stream().map(Attribute::getName).collect(Collectors.toSet());
if (!attributeNames.containsAll(MANDATORY_ATTRIBUTES.keySet())) {
throw new SamlTransformationErrorException(String.format("Mandatory attributes not provided. Expected %s but got %s", MANDATORY_ATTRIBUTES.values().stream().collect(Collectors.joining(",")), attributes.stream().map(Attribute::getFriendlyName).collect(Collectors.joining(","))), Level.ERROR);
}
for (Attribute attribute : attributes) {
final String attributeName = attribute.getName();
if (!VALID_EIDAS_ATTRIBUTE_NAMES.contains(attributeName)) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsAttributeNotRecognised(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attribute.getAttributeValues().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyAttribute(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_TYPE_FOR_ATTRIBUTE.get(attributeName).equals(attribute.getAttributeValues().get(0).getSchemaType())) {
final QName schemaType = attribute.getAttributeValues().get(0).getSchemaType();
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.attributeWithIncorrectType(attributeName, VALID_TYPE_FOR_ATTRIBUTE.get(attributeName), schemaType);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_ATTRIBUTE_NAME_FORMATS.contains(attribute.getNameFormat())) {
SamlTransformationErrorManager.warn(invalidAttributeNameFormat(attribute.getNameFormat()));
}
}
}
Also used :
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
QName(javax.xml.namespace.QName)
Example 40 with AttributeStatement
use of org.opensaml.saml2.core.AttributeStatement in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method buildSAML2Credentials.
protected final SAML2Credentials buildSAML2Credentials(final SAML2MessageContext context) {
final NameID nameId = context.getSAMLSubjectNameIdentifierContext().getSAML2SubjectNameID();
final Assertion subjectAssertion = context.getSubjectAssertion();
final String sessionIndex = getSessionIndex(subjectAssertion);
final String issuerEntityId = subjectAssertion.getIssuer().getValue();
List<AuthnStatement> authnStatements = subjectAssertion.getAuthnStatements();
List<String> authnContexts = new ArrayList<String>();
for (AuthnStatement authnStatement : authnStatements) {
authnContexts.add(authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
}
final List<Attribute> attributes = new ArrayList<Attribute>();
for (final AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) {
for (final Attribute attribute : attributeStatement.getAttributes()) {
attributes.add(attribute);
}
if (!attributeStatement.getEncryptedAttributes().isEmpty()) {
if (decrypter == null) {
logger.warn("Encrypted attributes returned, but no keystore was provided.");
} else {
for (final EncryptedAttribute encryptedAttribute : attributeStatement.getEncryptedAttributes()) {
try {
attributes.add(decrypter.decrypt(encryptedAttribute));
} catch (final DecryptionException e) {
logger.warn("Decryption of attribute failed, continue with the next one", e);
}
}
}
}
}
return new SAML2Credentials(nameId, issuerEntityId, attributes, subjectAssertion.getConditions(), sessionIndex, authnContexts);
}
Also used :
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
NameID(org.opensaml.saml.saml2.core.NameID)
Attribute(org.opensaml.saml.saml2.core.Attribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
SAML2Credentials(org.pac4j.saml.credentials.SAML2Credentials)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
ArrayList(java.util.ArrayList)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
DecryptionException(org.opensaml.xmlsec.encryption.support.DecryptionException)
SAMLNameIdDecryptionException(org.pac4j.saml.exceptions.SAMLNameIdDecryptionException)
Aggregations
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)61
Attribute (org.opensaml.saml.saml2.core.Attribute)38
Assertion (org.opensaml.saml.saml2.core.Assertion)36
Test (org.junit.jupiter.api.Test)24
AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)17
XMLObject (org.opensaml.core.xml.XMLObject)14
EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)10
SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9
SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8
ArrayList (java.util.ArrayList)7
XSString (org.opensaml.core.xml.schema.XSString)7
NameID (org.opensaml.saml.saml2.core.NameID)7
Response (org.opensaml.saml.saml2.core.Response)7
Subject (org.opensaml.saml.saml2.core.Subject)7
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)6
AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)6
AttributeStatement (org.opensaml.saml2.core.AttributeStatement)6
Map (java.util.Map)5
AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)5
AttributeStatementBuilder (org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder)5
