Example 11 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project verify-hub by alphagov.
the class PassthroughAssertionUnmarshallerTest method transform_shouldHandleFraudAuthnStatementAndSetThatAssertionIsForFraudulentEventAndSetFraudDetails.
@Test
public void transform_shouldHandleFraudAuthnStatementAndSetThatAssertionIsForFraudulentEventAndSetFraudDetails() {
final AuthnContextClassRef authnContextClassRef = anAuthnContextClassRef().withAuthnContextClasRefValue(IdaAuthnContext.LEVEL_X_AUTHN_CTX).build();
Assertion theAssertion = anAssertion().addAuthnStatement(anAuthnStatement().withAuthnContext(anAuthnContext().withAuthnContextClassRef(authnContextClassRef).build()).build()).addAttributeStatement(anAttributeStatement().addAttribute(anIdpFraudEventIdAttribute().build()).addAttribute(aGpg45StatusAttribute().build()).build()).buildUnencrypted();
when(authnContextFactory.authnContextForLevelOfAssurance(IdaAuthnContext.LEVEL_X_AUTHN_CTX)).thenReturn(AuthnContext.LEVEL_X);
when(assertionStringTransformer.apply(theAssertion)).thenReturn("AUTHN_ASSERTION");
PassthroughAssertion authnStatementAssertion = unmarshaller.fromAssertion(theAssertion);
assertThat(authnStatementAssertion.isFraudulent()).isEqualTo(true);
assertThat(authnStatementAssertion.getFraudDetectedDetails().isPresent()).isEqualTo(true);
}
Also used :
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AuthnContextClassRefBuilder.anAuthnContextClassRef(uk.gov.ida.saml.core.test.builders.AuthnContextClassRefBuilder.anAuthnContextClassRef)
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
Test(org.junit.jupiter.api.Test)
Example 12 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project cxf by apache.
the class SamlpRequestComponentBuilder method createRequestedAuthnCtxPolicy.
@SuppressWarnings("unchecked")
public static RequestedAuthnContext createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration comparison, List<AuthnContextClassRef> authnCtxClassRefList, List<AuthnContextDeclRef> authnCtxDeclRefList) {
if (requestedAuthnCtxBuilder == null) {
requestedAuthnCtxBuilder = (SAMLObjectBuilder<RequestedAuthnContext>) builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
}
RequestedAuthnContext authnCtx = requestedAuthnCtxBuilder.buildObject();
authnCtx.setComparison(comparison);
if (authnCtxClassRefList != null) {
List<AuthnContextClassRef> classRefList = authnCtx.getAuthnContextClassRefs();
classRefList.addAll(authnCtxClassRefList);
}
if (authnCtxDeclRefList != null) {
List<AuthnContextDeclRef> declRefList = authnCtx.getAuthnContextDeclRefs();
declRefList.addAll(authnCtxDeclRefList);
}
return authnCtx;
}
Also used :
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AuthnContextDeclRef(org.opensaml.saml.saml2.core.AuthnContextDeclRef)
Example 13 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project cxf by apache.
the class SAML2PResponseComponentBuilder method createAuthnContextClassRef.
@SuppressWarnings("unchecked")
public static AuthnContextClassRef createAuthnContextClassRef(String newAuthnContextClassRef) {
if (authnContextClassRefBuilder == null) {
authnContextClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>) builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
}
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
authnContextClassRef.setAuthnContextClassRef(newAuthnContextClassRef);
return authnContextClassRef;
}
Also used :
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
Example 14 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method build.
@Override
public String build(final Object assertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) {
if (StringUtils.isNotBlank(service.getRequiredAuthenticationContextClass())) {
LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", service.getRequiredAuthenticationContextClass(), service.getName());
return service.getRequiredAuthenticationContextClass();
}
final String defClass = StringUtils.defaultIfBlank(casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX);
final RequestedAuthnContext requestedAuthnContext = (authnRequest instanceof AuthnRequest) ? AuthnRequest.class.cast(authnRequest).getRequestedAuthnContext() : null;
if (requestedAuthnContext == null) {
LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass);
return defClass;
}
final List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass);
return defClass;
}
final String finalCtx = StringUtils.defaultIfBlank(getAuthenticationContextByAssertion(assertion, requestedAuthnContext, authnContextClassRefs), defClass);
LOGGER.debug("Returning authN context [{}]", finalCtx);
return finalCtx;
}
Also used :
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
Example 15 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project pac4j by pac4j.
the class SAML2AuthnRequestBuilder method buildAuthnRequest.
@SuppressWarnings("unchecked")
protected final AuthnRequest buildAuthnRequest(final SAML2MessageContext context, final AssertionConsumerService assertionConsumerService, final SingleSignOnService ssoService) {
final SAMLObjectBuilder<AuthnRequest> builder = (SAMLObjectBuilder<AuthnRequest>) this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
final AuthnRequest request = builder.buildObject();
if (comparisonType != null) {
final RequestedAuthnContext authnContext = new RequestedAuthnContextBuilder().buildObject();
authnContext.setComparison(comparisonType);
if (authnContextClassRef != null) {
final AuthnContextClassRef classRef = new AuthnContextClassRefBuilder().buildObject();
classRef.setAuthnContextClassRef(authnContextClassRef);
authnContext.getAuthnContextClassRefs().add(classRef);
}
request.setRequestedAuthnContext(authnContext);
}
final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext();
request.setID(generateID());
request.setIssuer(getIssuer(selfContext.getEntityId()));
request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
request.setVersion(SAMLVersion.VERSION_20);
request.setIsPassive(this.passive);
request.setForceAuthn(this.forceAuth);
request.setProviderName("pac4j-saml");
if (nameIdPolicyFormat != null) {
final NameIDPolicy nameIdPolicy = new NameIDPolicyBuilder().buildObject();
nameIdPolicy.setAllowCreate(true);
nameIdPolicy.setFormat(nameIdPolicyFormat);
request.setNameIDPolicy(nameIdPolicy);
}
request.setDestination(ssoService.getLocation());
if (assertionConsumerServiceIndex >= 0) {
request.setAssertionConsumerServiceIndex(assertionConsumerServiceIndex);
} else {
request.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
}
request.setProtocolBinding(assertionConsumerService.getBinding());
if (attributeConsumingServiceIndex >= 0) {
request.setAttributeConsumingServiceIndex(attributeConsumingServiceIndex);
}
return request;
}
Also used :
RequestedAuthnContextBuilder(org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
SAMLSelfEntityContext(org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext)
NameIDPolicyBuilder(org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)
Aggregations
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)21
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)13
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7
Test (org.junit.jupiter.api.Test)6
Issuer (org.opensaml.saml.saml2.core.Issuer)6
AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)6
DateTime (org.joda.time.DateTime)5
Assertion (org.opensaml.saml.saml2.core.Assertion)5
AuthnContext (org.opensaml.saml.saml2.core.AuthnContext)4
lombok.val (lombok.val)3
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)3
AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)3
NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)3
IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)3
XMLObject (org.opensaml.core.xml.XMLObject)2
MessageContext (org.opensaml.messaging.context.MessageContext)2
RequestedAuthnContextBuilder (org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)2
AuthnContextClassRef (org.opensaml.saml2.core.AuthnContextClassRef)2
AuthnContextClassRefBuilder (org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder)2
JEEContext (org.pac4j.core.context.JEEContext)2
