use of org.opensaml.saml2.core.AuthnContextClassRef in project syncope by apache.
the class SAML2PResponseComponentBuilder method createAuthnContextClassRef.
public static AuthnContextClassRef createAuthnContextClassRef(final String newAuthnContextClassRef) {
if (authnContextClassRefBuilder == null) {
authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
}
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
authnContextClassRef.setAuthnContextClassRef(newAuthnContextClassRef);
return authnContextClassRef;
}
use of org.opensaml.saml2.core.AuthnContextClassRef in project ddf by codice.
the class SamlAssertionValidatorImplTest method createAssertion.
private Assertion createAssertion(boolean sign, boolean validSignature, String issuerString, DateTime notOnOrAfter) throws Exception {
Assertion assertion = new AssertionBuilder().buildObject();
assertion.setID(UUID.randomUUID().toString());
assertion.setIssueInstant(new DateTime());
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(issuerString);
assertion.setIssuer(issuer);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
nameID.setNameQualifier("http://cxf.apache.org/sts");
nameID.setValue("admin");
SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
Subject subject = new SubjectBuilder().buildObject();
subject.setNameID(nameID);
subject.getSubjectConfirmations().add(subjectConfirmation);
assertion.setSubject(subject);
Conditions conditions = new ConditionsBuilder().buildObject();
conditions.setNotBefore(new DateTime().minusDays(3));
conditions.setNotOnOrAfter(notOnOrAfter);
assertion.setConditions(conditions);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setAuthnInstant(new DateTime());
AuthnContext authnContext = new AuthnContextBuilder().buildObject();
AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
authnContext.setAuthnContextClassRef(authnContextClassRef);
authnStatement.setAuthnContext(authnContext);
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
Attribute attribute = new AttributeBuilder().buildObject();
AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
attributeValue.setValue("admin");
attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
attribute.getAttributeValues().add(attributeValue);
attributeStatement.getAttributes().add(attribute);
assertion.getAttributeStatements().add(attributeStatement);
if (sign) {
Signature signature = OpenSAMLUtil.buildSignature();
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(WSS4JConstants.RSA);
BasicX509Credential signingCredential;
if (validSignature) {
signingCredential = new BasicX509Credential(certificate);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
} else {
try (InputStream inputStream = getClass().getResourceAsStream("/localhost.crt")) {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inputStream);
signingCredential = new BasicX509Credential(cert);
signature.setSigningCredential(signingCredential);
}
}
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
assertion.setSignature(signature);
}
return assertion;
}
use of org.opensaml.saml2.core.AuthnContextClassRef in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method getAuthenticationContextByAssertion.
/**
* Gets authentication context by assertion.
* This is more of a template method for the time being,
* and may be enhanced later to support more advanced parsing of classes
* from the assertion.
*
* @param context the context
* @param requestedAuthnContext the requested authn context
* @param authnContextClassRefs the authn context class refs
* @return the authentication context by assertion
*/
protected String getAuthenticationContextByAssertion(final SamlProfileBuilderContext context, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) {
LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getURI()));
val authnContexts = casProperties.getAuthn().getSamlIdp().getCore().getAuthenticationContextClassMappings();
val definedContexts = CollectionUtils.convertDirectedListToMap(authnContexts);
val mappedMethod = authnContextClassRefs.stream().filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> definedContexts.containsKey(ref.getURI())).map(ref -> Pair.of(ref, definedContexts.get(ref.getURI()))).findFirst().orElse(null);
val attributes = context.getAuthenticatedAssertion().getAttributes();
val contextAttribute = casProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute();
if (attributes.containsKey(contextAttribute) && mappedMethod != null) {
val authnContext = attributes.get(contextAttribute);
val satisfiedContext = CollectionUtils.firstElement(authnContext).map(Object::toString).orElse(null);
if (StringUtils.equals(mappedMethod.getValue(), satisfiedContext)) {
return mappedMethod.getLeft().getURI();
}
}
return null;
}
use of org.opensaml.saml2.core.AuthnContextClassRef in project cxf by apache.
the class DefaultAuthnRequestBuilder method createAuthnRequest.
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(Message message, String issuerId, String assertionConsumerServiceAddress) throws Exception {
Issuer issuer = SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
// CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(assertionConsumerServiceAddress, forceAuthn, isPassive, protocolBinding, SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
}
use of org.opensaml.saml2.core.AuthnContextClassRef in project cxf by apache.
the class AuthnRequestBuilderTest method testCreateAuthnRequest.
@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
Document doc = DOMUtils.createDocument();
Issuer issuer = SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer");
AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest("http://localhost:9001/sso", false, false, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
doc.appendChild(policyElement);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
Aggregations