Examples with NameID org.opensaml.saml2.core.NameID used on opensource projects

Example 11 with NameID

use of org.opensaml.saml2.core.NameID in project ddf by codice.

the class SamlProtocol method createNameID.

public static NameID createNameID(String nameIdValue) {
    NameID nameId = nameIdBuilder.buildObject();
    nameId.setValue(nameIdValue);
    return nameId;
}

Example 12 with NameID

use of org.opensaml.saml2.core.NameID in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method encodeNameIdBasedOnNameFormat.

/**
 * Encode name id based on name format name id.
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param nameFormat   the name format
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the name id
 */
protected NameID encodeNameIdBasedOnNameFormat(final RequestAbstractType authnRequest, final Object assertion, final String nameFormat, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    try {
        if (authnRequest instanceof AttributeQuery) {
            final AttributeQuery query = AttributeQuery.class.cast(authnRequest);
            final NameID nameID = query.getSubject().getNameID();
            nameID.detach();
            return nameID;
        }
        final IdPAttribute attribute = prepareNameIdAttribute(assertion, nameFormat, adaptor);
        final SAML2StringNameIDEncoder encoder = prepareNameIdEncoder(authnRequest, nameFormat, attribute, service, adaptor);
        LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
        final NameID nameid = encoder.encode(attribute);
        LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameid.getFormat(), nameid.getValue());
        return nameid;
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}

Example 13 with NameID

use of org.opensaml.saml2.core.NameID in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method buildNameId.

/**
 * Build name id.
 * If there are no explicitly defined NameIDFormats, include the default format.
 * see: http://saml2int.org/profile/current/#section92
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the name id
 * @throws SamlException the saml exception
 */
private NameID buildNameId(final RequestAbstractType authnRequest, final Object assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final List<String> supportedNameFormats = getSupportedNameIdFormats(service, adaptor);
    final String requiredNameFormat = getRequiredNameIdFormatIfAny(authnRequest);
    validateRequiredNameIdFormatIfAny(authnRequest, adaptor, supportedNameFormats, requiredNameFormat);
    final NameID nameid = determineNameId(authnRequest, assertion, supportedNameFormats, service, adaptor);
    return finalizeNameId(nameid, authnRequest, assertion, supportedNameFormats, service, adaptor);
}

Example 14 with NameID

use of org.opensaml.saml2.core.NameID in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method determineNameId.

/**
 * Determine name id name id.
 *
 * @param authnRequest         the authn request
 * @param assertion            the assertion
 * @param supportedNameFormats the supported name formats
 * @param service              the service
 * @param adaptor              the adaptor
 * @return the name id
 */
protected NameID determineNameId(final RequestAbstractType authnRequest, final Object assertion, final List<String> supportedNameFormats, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    for (final String nameFormat : supportedNameFormats) {
        LOGGER.debug("Evaluating NameID format [{}]", nameFormat);
        final NameID nameid = encodeNameIdBasedOnNameFormat(authnRequest, assertion, nameFormat, service, adaptor);
        if (nameid != null) {
            return nameid;
        }
    }
    return null;
}

Example 15 with NameID

use of org.opensaml.saml2.core.NameID in project cas by apereo.

the class SamlProfileSamlSubjectBuilder method buildSubject.

private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final RequestAbstractType authnRequest, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Assertion assertion = Assertion.class.cast(casAssertion);
    final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
    LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
    @NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
    final String location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
    if (StringUtils.isBlank(location)) {
        LOGGER.warn("Subject recipient is not defined from either authentication request or metadata for [{}]", adaptor.getEntityId());
    }
    final NameID nameId = getNameIdForService(request, response, authnRequest, service, adaptor, binding, assertion);
    final Subject subject = newSubject(nameId, service.isSkipGeneratingSubjectConfirmationRecipient() ? null : location, service.isSkipGeneratingSubjectConfirmationNotOnOrAfter() ? null : validFromDate.plusSeconds(this.skewAllowance), service.isSkipGeneratingSubjectConfirmationInResponseTo() ? null : authnRequest.getID(), service.isSkipGeneratingSubjectConfirmationNotBefore() ? null : ZonedDateTime.now());
    LOGGER.debug("Created SAML subject [{}]", subject);
    return subject;
}