use of org.opensaml.saml2.core.NameID in project cas by apereo.
the class AbstractSaml20ObjectBuilder method getNameID.
/**
* Gets name id.
*
* @param nameIdFormat the name id format
* @param nameIdValue the name id value
* @return the name iD
*/
protected NameID getNameID(final String nameIdFormat, final String nameIdValue) {
final NameID nameId = newSamlObject(NameID.class);
nameId.setFormat(nameIdFormat);
nameId.setValue(nameIdValue);
return nameId;
}
use of org.opensaml.saml2.core.NameID in project cloudstack by apache.
the class SAMLUtilsTest method testBuildLogoutRequest.
@Test
public void testBuildLogoutRequest() throws Exception {
String logoutUrl = "http://logoutUrl";
String spId = "cloudstack";
String nameId = "_12345";
LogoutRequest req = SAMLUtils.buildLogoutRequest(logoutUrl, spId, nameId);
assertEquals(req.getDestination(), logoutUrl);
assertEquals(req.getIssuer().getValue(), spId);
}
use of org.opensaml.saml2.core.NameID in project cas by apereo.
the class SamlProfileSamlNameIdBuilder method buildNameId.
/**
* Build name id.
* If there are no explicitly defined NameIDFormats, include the default format.
* see: http://saml2int.org/profile/current/#section92
*
* @param authnRequest the authn request
* @param assertion the assertion
* @param service the service
* @param adaptor the adaptor
* @return the name id
* @throws SamlException the saml exception
*/
private NameID buildNameId(final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final List<String> supportedNameFormats = adaptor.getSupportedNameIdFormats();
LOGGER.debug("Metadata for [{}] declares support for the following NameIDs [{}]", adaptor.getEntityId(), supportedNameFormats);
if (supportedNameFormats.isEmpty()) {
supportedNameFormats.add(NameIDType.TRANSIENT);
LOGGER.debug("No supported nameId formats could be determined from metadata. Added default [{}]", NameIDType.TRANSIENT);
}
if (StringUtils.isNotBlank(service.getRequiredNameIdFormat())) {
final String fmt = parseAndBuildRequiredNameIdFormat(service);
supportedNameFormats.add(0, fmt);
LOGGER.debug("Added required nameId format [{}] based on saml service configuration for [{}]", fmt, service.getServiceId());
}
String requiredNameFormat = null;
if (authnRequest.getNameIDPolicy() != null) {
requiredNameFormat = authnRequest.getNameIDPolicy().getFormat();
LOGGER.debug("AuthN request indicates [{}] is the required NameID format", requiredNameFormat);
if (NameID.ENCRYPTED.equals(requiredNameFormat)) {
LOGGER.warn("Encrypted NameID formats are not supported");
requiredNameFormat = null;
}
}
if (StringUtils.isNotBlank(requiredNameFormat) && !supportedNameFormats.contains(requiredNameFormat)) {
LOGGER.warn("Required NameID format [{}] in the AuthN request issued by [{}] is not supported based on the metadata for [{}]", requiredNameFormat, SamlIdPUtils.getIssuerFromSamlRequest(authnRequest), adaptor.getEntityId());
throw new SamlException("Required NameID format cannot be provided because it is not supported");
}
for (final String nameFormat : supportedNameFormats) {
try {
LOGGER.debug("Evaluating NameID format [{}]", nameFormat);
final SAML2StringNameIDEncoder encoder = new SAML2StringNameIDEncoder();
encoder.setNameFormat(nameFormat);
if (authnRequest.getNameIDPolicy() != null) {
final String qualifier = authnRequest.getNameIDPolicy().getSPNameQualifier();
LOGGER.debug("NameID qualifier is set to [{}]", qualifier);
encoder.setNameQualifier(qualifier);
}
final IdPAttribute attribute = new IdPAttribute(AttributePrincipal.class.getName());
final IdPAttributeValue<String> value = new StringAttributeValue(assertion.getPrincipal().getName());
LOGGER.debug("NameID attribute value is set to [{}]", assertion.getPrincipal().getName());
attribute.setValues(Collections.singletonList(value));
LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
final NameID nameid = encoder.encode(attribute);
LOGGER.debug("Final NameID encoded is [{}] with value [{}]", nameid.getFormat(), nameid.getValue());
return nameid;
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
}
return null;
}
use of org.opensaml.saml2.core.NameID in project cas by apereo.
the class SamlProfileSamlSubjectBuilder method buildSubject.
private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final NameID nameID = this.ssoPostProfileSamlNameIdBuilder.build(authnRequest, request, response, assertion, service, adaptor);
final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
final Subject subject = newSubject(nameID.getFormat(), nameID.getValue(), authnRequest.getAssertionConsumerServiceURL(), validFromDate.plusSeconds(this.skewAllowance), authnRequest.getID());
subject.setNameID(nameID);
return subject;
}
use of org.opensaml.saml2.core.NameID in project OpenAttestation by OpenAttestation.
the class SamlGenerator method createSubjectConfirmation.
// create the Subject and Subject Confirmation
private SubjectConfirmation createSubjectConfirmation(TxtHost host) throws ConfigurationException, UnknownHostException {
SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmationBuilder.buildObject();
subjectConfirmation.setMethod(SubjectConfirmation.METHOD_SENDER_VOUCHES);
subjectConfirmation.setSubjectConfirmationData(createSubjectConfirmationData(host));
// Create the NameIdentifier
SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
NameID nameId = (NameID) nameIdBuilder.buildObject();
nameId.setValue(issuerServiceName);
// nameId.setNameQualifier(input.getStrNameQualifier()); optional:
// !!! CAN ALSO USE X509 SUBJECT FROM HOST CERTIFICATE instead of host name in database
nameId.setFormat(NameID.UNSPECIFIED);
subjectConfirmation.setNameID(nameId);
return subjectConfirmation;
}
Aggregations