Examples with NameID org.opensaml.saml2.core.NameID used on opensource projects

Search in sources :

Example 6 with NameID

use of org.opensaml.saml2.core.NameID in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createSubjectConfirmation.

// create the Subject and Subject Confirmation
private SubjectConfirmation createSubjectConfirmation(TxtHost host) throws ConfigurationException, UnknownHostException {
    SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
    SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmationBuilder.buildObject();
    subjectConfirmation.setMethod(SubjectConfirmation.METHOD_SENDER_VOUCHES);
    subjectConfirmation.setSubjectConfirmationData(createSubjectConfirmationData(host));
    // Create the NameIdentifier
    SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
    NameID nameId = (NameID) nameIdBuilder.buildObject();
    nameId.setValue(issuerServiceName);
    //            nameId.setNameQualifier(input.getStrNameQualifier()); optional:  
    // !!! CAN ALSO USE X509 SUBJECT FROM HOST CERTIFICATE instead of host name in database   
    nameId.setFormat(NameID.UNSPECIFIED);
    subjectConfirmation.setNameID(nameId);
    return subjectConfirmation;
}
Also used : SubjectConfirmation(org.opensaml.saml2.core.SubjectConfirmation) SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) NameID(org.opensaml.saml2.core.NameID)

Example 7 with NameID

use of org.opensaml.saml2.core.NameID in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createNameID.

// create the Subject Name
private NameID createNameID(String hostName) {
    // Create the NameIdentifier
    SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
    NameID nameId = (NameID) nameIdBuilder.buildObject();
    nameId.setValue(hostName);
    //            nameId.setNameQualifier(input.getStrNameQualifier()); optional:  
    // !!! CAN ALSO USE X509 SUBJECT FROM HOST CERTIFICATE instead of host name in database   
    nameId.setFormat(NameID.UNSPECIFIED);
    return nameId;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) NameID(org.opensaml.saml2.core.NameID)

Example 8 with NameID

use of org.opensaml.saml2.core.NameID in project cloudstack by apache.

the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.

private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}
Also used : Status(org.opensaml.saml2.core.Status) AttributeStatementBuilder(org.opensaml.saml2.core.impl.AttributeStatementBuilder) StatusCodeBuilder(org.opensaml.saml2.core.impl.StatusCodeBuilder) Issuer(org.opensaml.saml2.core.Issuer) NameID(org.opensaml.saml2.core.NameID) Assertion(org.opensaml.saml2.core.Assertion) AssertionBuilder(org.opensaml.saml2.core.impl.AssertionBuilder) AuthnStatementBuilder(org.opensaml.saml2.core.impl.AuthnStatementBuilder) StatusCode(org.opensaml.saml2.core.StatusCode) DateTime(org.joda.time.DateTime) Subject(org.opensaml.saml2.core.Subject) Response(org.opensaml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) AuthnStatement(org.opensaml.saml2.core.AuthnStatement) StatusBuilder(org.opensaml.saml2.core.impl.StatusBuilder) IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder) ResponseBuilder(org.opensaml.saml2.core.impl.ResponseBuilder) SubjectBuilder(org.opensaml.saml2.core.impl.SubjectBuilder)

Example 9 with NameID

use of org.opensaml.saml2.core.NameID in project cloudstack by apache.

the class SAMLUtils method buildLogoutRequest.

public static LogoutRequest buildLogoutRequest(String logoutUrl, String spId, String nameIdString) {
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(spId);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue(nameIdString);
    LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
    logoutRequest.setID(generateSecureRandomId());
    logoutRequest.setDestination(logoutUrl);
    logoutRequest.setVersion(SAMLVersion.VERSION_20);
    logoutRequest.setIssueInstant(new DateTime());
    logoutRequest.setIssuer(issuer);
    logoutRequest.setNameID(nameID);
    return logoutRequest;
}
Also used : NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder) LogoutRequestBuilder(org.opensaml.saml2.core.impl.LogoutRequestBuilder) Issuer(org.opensaml.saml2.core.Issuer) NameID(org.opensaml.saml2.core.NameID) LogoutRequest(org.opensaml.saml2.core.LogoutRequest) IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder) DateTime(org.joda.time.DateTime)

Example 10 with NameID

use of org.opensaml.saml2.core.NameID in project cloudstack by apache.

the class SAML2LogoutAPIAuthenticatorCmd method authenticate.

@Override
public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
    auditTrailSb.append("=== SAML SLO Logging out ===");
    LogoutCmdResponse response = new LogoutCmdResponse();
    response.setDescription("success");
    response.setResponseName(getCommandName());
    String responseString = ApiResponseSerializer.toSerializedString(response, responseType);
    if (session == null) {
        try {
            resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
        } catch (IOException ignored) {
            s_logger.info("[ignored] sending redirected failed.", ignored);
        }
        return responseString;
    }
    try {
        DefaultBootstrap.bootstrap();
    } catch (ConfigurationException | FactoryConfigurationError e) {
        s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
        throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "OpenSAML Bootstrapping error while creating SP MetaData", params, responseType));
    }
    if (params != null && params.containsKey("SAMLResponse")) {
        try {
            final String samlResponse = ((String[]) params.get(SAMLPluginConstants.SAML_RESPONSE))[0];
            Response processedSAMLResponse = SAMLUtils.decodeSAMLResponse(samlResponse);
            String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue();
            if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(), "SAML SLO LogoutResponse status is not Success", params, responseType));
            }
        } catch (ConfigurationException | FactoryConfigurationError | ParserConfigurationException | SAXException | IOException | UnmarshallingException e) {
            s_logger.error("SAMLResponse processing error: " + e.getMessage());
        }
        try {
            resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
        } catch (IOException ignored) {
            s_logger.info("[ignored] second redirected sending failed.", ignored);
        }
        return responseString;
    }
    String idpId = (String) session.getAttribute(SAMLPluginConstants.SAML_IDPID);
    SAMLProviderMetadata idpMetadata = _samlAuthManager.getIdPMetadata(idpId);
    String nameId = (String) session.getAttribute(SAMLPluginConstants.SAML_NAMEID);
    if (idpMetadata == null || nameId == null || nameId.isEmpty()) {
        try {
            resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
        } catch (IOException ignored) {
            s_logger.info("[ignored] final redirected failed.", ignored);
        }
        return responseString;
    }
    LogoutRequest logoutRequest = SAMLUtils.buildLogoutRequest(idpMetadata.getSloUrl(), _samlAuthManager.getSPMetadata().getEntityId(), nameId);
    try {
        String redirectUrl = idpMetadata.getSloUrl() + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(logoutRequest);
        resp.sendRedirect(redirectUrl);
    } catch (MarshallingException | IOException e) {
        s_logger.error("SAML SLO error: " + e.getMessage());
        throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "SAML Single Logout Error", params, responseType));
    }
    return responseString;
}
Also used : IOException(java.io.IOException) SAXException(org.xml.sax.SAXException) Response(org.opensaml.saml2.core.Response) LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServerApiException(org.apache.cloudstack.api.ServerApiException) MarshallingException(org.opensaml.xml.io.MarshallingException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) ConfigurationException(org.opensaml.xml.ConfigurationException) LogoutRequest(org.opensaml.saml2.core.LogoutRequest) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SAMLProviderMetadata(org.apache.cloudstack.saml.SAMLProviderMetadata) LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse) FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError) UnmarshallingException(org.opensaml.xml.io.UnmarshallingException)

Aggregations

NameID (org.opensaml.saml.saml2.core.NameID)12 Subject (org.opensaml.saml.saml2.core.Subject)4 NameID (org.opensaml.saml2.core.NameID)4 LogoutRequest (org.opensaml.saml2.core.LogoutRequest)3 ZonedDateTime (java.time.ZonedDateTime)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 IdPAttribute (net.shibboleth.idp.attribute.IdPAttribute)2 SAML2StringNameIDEncoder (net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringNameIDEncoder)2 SamlException (org.apereo.cas.support.saml.SamlException)2 DateTime (org.joda.time.DateTime)2 SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)2 Assertion (org.opensaml.saml.saml2.core.Assertion)2 Issuer (org.opensaml.saml2.core.Issuer)2 Response (org.opensaml.saml2.core.Response)2 IssuerBuilder (org.opensaml.saml2.core.impl.IssuerBuilder)2 NameIDBuilder (org.opensaml.saml2.core.impl.NameIDBuilder)2 Strings.isNullOrEmpty (com.google.common.base.Strings.isNullOrEmpty)1 IOException (java.io.IOException)1 List (java.util.List)1 Optional (java.util.Optional)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial