Examples with AuthnContextClassRef org.opensaml.saml2.core.AuthnContextClassRef used on opensource projects

Example 16 with AuthnContextClassRef

use of org.opensaml.saml2.core.AuthnContextClassRef in project syncope by apache.

the class SAML2PResponseComponentBuilder method createAuthnContextClassRef.

public static AuthnContextClassRef createAuthnContextClassRef(final String newAuthnContextClassRef) {
    if (authnContextClassRefBuilder == null) {
        authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    }
    AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
    authnContextClassRef.setAuthnContextClassRef(newAuthnContextClassRef);
    return authnContextClassRef;
}

Example 17 with AuthnContextClassRef

use of org.opensaml.saml2.core.AuthnContextClassRef in project ddf by codice.

the class SamlAssertionValidatorImplTest method createAssertion.

private Assertion createAssertion(boolean sign, boolean validSignature, String issuerString, DateTime notOnOrAfter) throws Exception {
    Assertion assertion = new AssertionBuilder().buildObject();
    assertion.setID(UUID.randomUUID().toString());
    assertion.setIssueInstant(new DateTime());
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(issuerString);
    assertion.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    nameID.setNameQualifier("http://cxf.apache.org/sts");
    nameID.setValue("admin");
    SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
    Subject subject = new SubjectBuilder().buildObject();
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    assertion.setSubject(subject);
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(new DateTime().minusDays(3));
    conditions.setNotOnOrAfter(notOnOrAfter);
    assertion.setConditions(conditions);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setAuthnInstant(new DateTime());
    AuthnContext authnContext = new AuthnContextBuilder().buildObject();
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    authnStatement.setAuthnContext(authnContext);
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    Attribute attribute = new AttributeBuilder().buildObject();
    AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
    attributeValue.setValue("admin");
    attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    attribute.getAttributeValues().add(attributeValue);
    attributeStatement.getAttributes().add(attribute);
    assertion.getAttributeStatements().add(attributeStatement);
    if (sign) {
        Signature signature = OpenSAMLUtil.buildSignature();
        signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        signature.setSignatureAlgorithm(WSS4JConstants.RSA);
        BasicX509Credential signingCredential;
        if (validSignature) {
            signingCredential = new BasicX509Credential(certificate);
            signingCredential.setPrivateKey(privateKey);
            signature.setSigningCredential(signingCredential);
        } else {
            try (InputStream inputStream = getClass().getResourceAsStream("/localhost.crt")) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inputStream);
                signingCredential = new BasicX509Credential(cert);
                signature.setSigningCredential(signingCredential);
            }
        }
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
        assertion.setSignature(signature);
    }
    return assertion;
}

Example 18 with AuthnContextClassRef

use of org.opensaml.saml2.core.AuthnContextClassRef in project cas by apereo.

the class DefaultAuthnContextClassRefBuilder method getAuthenticationContextByAssertion.

/**
 * Gets authentication context by assertion.
 * This is more of a template method for the time being,
 * and may be enhanced later to support more advanced parsing of classes
 * from the assertion.
 *
 * @param context               the context
 * @param requestedAuthnContext the requested authn context
 * @param authnContextClassRefs the authn context class refs
 * @return the authentication context by assertion
 */
protected String getAuthenticationContextByAssertion(final SamlProfileBuilderContext context, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) {
    LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
    authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getURI()));
    val authnContexts = casProperties.getAuthn().getSamlIdp().getCore().getAuthenticationContextClassMappings();
    val definedContexts = CollectionUtils.convertDirectedListToMap(authnContexts);
    val mappedMethod = authnContextClassRefs.stream().filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> definedContexts.containsKey(ref.getURI())).map(ref -> Pair.of(ref, definedContexts.get(ref.getURI()))).findFirst().orElse(null);
    val attributes = context.getAuthenticatedAssertion().getAttributes();
    val contextAttribute = casProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute();
    if (attributes.containsKey(contextAttribute) && mappedMethod != null) {
        val authnContext = attributes.get(contextAttribute);
        val satisfiedContext = CollectionUtils.firstElement(authnContext).map(Object::toString).orElse(null);
        if (StringUtils.equals(mappedMethod.getValue(), satisfiedContext)) {
            return mappedMethod.getLeft().getURI();
        }
    }
    return null;
}

Example 19 with AuthnContextClassRef

use of org.opensaml.saml2.core.AuthnContextClassRef in project cxf by apache.

the class DefaultAuthnRequestBuilder method createAuthnRequest.

/**
 * Create a SAML 2.0 Protocol AuthnRequest
 */
public AuthnRequest createAuthnRequest(Message message, String issuerId, String assertionConsumerServiceAddress) throws Exception {
    Issuer issuer = SamlpRequestComponentBuilder.createIssuer(issuerId);
    NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
    AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
    RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
    // CHECKSTYLE:OFF
    return SamlpRequestComponentBuilder.createAuthnRequest(assertionConsumerServiceAddress, forceAuthn, isPassive, protocolBinding, SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
}

Example 20 with AuthnContextClassRef

use of org.opensaml.saml2.core.AuthnContextClassRef in project cxf by apache.

the class AuthnRequestBuilderTest method testCreateAuthnRequest.

@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
    Document doc = DOMUtils.createDocument();
    Issuer issuer = SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
    NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer");
    AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
    RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
    AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest("http://localhost:9001/sso", false, false, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
    Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
    doc.appendChild(policyElement);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}