Search in sources :

Example 6 with Subject

use of org.opensaml.saml2.core.Subject in project cas by apereo.

the class Saml10SuccessResponseView method prepareResponse.

@Override
protected void prepareResponse(final Response response, final Map<String, Object> model) {
    final ZonedDateTime issuedAt = DateTimeUtils.zonedDateTimeOf(response.getIssueInstant());
    final Service service = getAssertionFrom(model).getService();
    LOGGER.debug("Preparing SAML response for service [{}]", service);
    final Authentication authentication = getPrimaryAuthenticationFrom(model);
    final Collection<Object> authnMethods = CollectionUtils.toCollection(authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
    LOGGER.debug("Authentication methods found are [{}]", authnMethods);
    final Principal principal = getPrincipal(model);
    final AuthenticationStatement authnStatement = this.samlObjectBuilder.newAuthenticationStatement(authentication.getAuthenticationDate(), authnMethods, principal.getId());
    LOGGER.debug("Built authentication statement for [{}] dated at [{}]", principal, authentication.getAuthenticationDate());
    final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, this.issuer, issuedAt, this.samlObjectBuilder.generateSecureRandomId());
    LOGGER.debug("Built assertion for issuer [{}] dated at [{}]", this.issuer, issuedAt);
    final Conditions conditions = this.samlObjectBuilder.newConditions(issuedAt, service.getId(), this.skewAllowance);
    assertion.setConditions(conditions);
    LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId());
    final Subject subject = this.samlObjectBuilder.newSubject(principal.getId());
    LOGGER.debug("Built subject for principal [{}]", principal);
    final Map<String, Object> attributesToSend = prepareSamlAttributes(model, service);
    LOGGER.debug("Authentication statement shall include these attributes [{}]", attributesToSend);
    if (!attributesToSend.isEmpty()) {
        assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement(subject, attributesToSend, this.defaultAttributeNamespace));
    }
    response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
    LOGGER.debug("Set response status code to [{}]", response.getStatus());
    response.getAssertions().add(assertion);
}
Also used : ZonedDateTime(java.time.ZonedDateTime) Authentication(org.apereo.cas.authentication.Authentication) Assertion(org.opensaml.saml.saml1.core.Assertion) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) Principal(org.apereo.cas.authentication.principal.Principal) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement) Conditions(org.opensaml.saml.saml1.core.Conditions) Subject(org.opensaml.saml.saml1.core.Subject)

Example 7 with Subject

use of org.opensaml.saml2.core.Subject in project cas by apereo.

the class SamlProfileSamlSubjectBuilder method buildSubject.

private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final NameID nameID = this.ssoPostProfileSamlNameIdBuilder.build(authnRequest, request, response, assertion, service, adaptor);
    final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
    final Subject subject = newSubject(nameID.getFormat(), nameID.getValue(), authnRequest.getAssertionConsumerServiceURL(), validFromDate.plusSeconds(this.skewAllowance), authnRequest.getID());
    subject.setNameID(nameID);
    return subject;
}
Also used : NameID(org.opensaml.saml.saml2.core.NameID) ZonedDateTime(java.time.ZonedDateTime) Subject(org.opensaml.saml.saml2.core.Subject)

Example 8 with Subject

use of org.opensaml.saml2.core.Subject in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createSubjectConfirmation.

// create the Subject and Subject Confirmation
private SubjectConfirmation createSubjectConfirmation(TxtHost host) throws ConfigurationException, UnknownHostException {
    SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
    SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmationBuilder.buildObject();
    subjectConfirmation.setMethod(SubjectConfirmation.METHOD_SENDER_VOUCHES);
    subjectConfirmation.setSubjectConfirmationData(createSubjectConfirmationData(host));
    // Create the NameIdentifier
    SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
    NameID nameId = (NameID) nameIdBuilder.buildObject();
    nameId.setValue(issuerServiceName);
    //            nameId.setNameQualifier(input.getStrNameQualifier()); optional:  
    // !!! CAN ALSO USE X509 SUBJECT FROM HOST CERTIFICATE instead of host name in database   
    nameId.setFormat(NameID.UNSPECIFIED);
    subjectConfirmation.setNameID(nameId);
    return subjectConfirmation;
}
Also used : SubjectConfirmation(org.opensaml.saml2.core.SubjectConfirmation) SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) NameID(org.opensaml.saml2.core.NameID)

Example 9 with Subject

use of org.opensaml.saml2.core.Subject in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createAssertion.

/**
         * Differences from createAssertion:
         * - the assertion ID is "MultipleHostTrustAssertion" instead of "HostTrustAssertion"
         * - there is no overall Subject for the assertion because it's for multiple host
         * - each host is identified with host attributes within its own attribute statement
         * 
         * @param hosts
         * @return
         * @throws ConfigurationException
         * @throws UnknownHostException 
         */
private Assertion createAssertion(Collection<TxtHostWithAssetTag> hosts) throws ConfigurationException, UnknownHostException {
    // Create the assertion
    SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
    Assertion assertion = (Assertion) assertionBuilder.buildObject();
    // ID is arbitrary, only needs to be unique WITHIN THE DOCUMENT, and is required so that the Signature element can refer to it, for example #HostTrustAssertion
    assertion.setID("MultipleHostTrustAssertion");
    assertion.setIssuer(createIssuer());
    DateTime now = new DateTime();
    assertion.setIssueInstant(now);
    assertion.setVersion(SAMLVersion.VERSION_20);
    //            assertion.setSubject(createSubject(host));
    for (TxtHostWithAssetTag host : hosts) {
        assertion.getAttributeStatements().add(createHostAttributes(host.getHost(), host.getTagCertificate(), null));
    }
    return assertion;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Assertion(org.opensaml.saml2.core.Assertion) DateTime(org.joda.time.DateTime)

Example 10 with Subject

use of org.opensaml.saml2.core.Subject in project OpenAttestation by OpenAttestation.

the class SamlGenerator method generateHostAssertions.

/**
     * Generates a multi-host SAML assertion which contains an AttributeStatement
     * for each host containing a Host_Address attribute with the host IP address
     * or hostname and the trust attributes as for a single-host assertion.
     * The Subject of the multi-host SAML assertion should not be used because
     * it is simply the collection hosts in the assertion and no statements
     * are made about the collection as a whole.
     * 
     * @param hosts
     * @return
     * @throws SamlException 
     */
public SamlAssertion generateHostAssertions(Collection<TxtHostWithAssetTag> hosts) throws SamlException {
    try {
        samlAssertion = new SamlAssertion();
        Assertion assertion = createAssertion(hosts);
        AssertionMarshaller marshaller = new AssertionMarshaller();
        Element plaintextElement = marshaller.marshall(assertion);
        String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
        System.out.println("Assertion String: " + originalAssertionString);
        // add signatures and/or encryption
        signAssertion(plaintextElement);
        samlAssertion.assertion = XMLHelper.nodeToString(plaintextElement);
        System.out.println("Signed Assertion String: " + samlAssertion.assertion);
        return samlAssertion;
    } catch (Exception e) {
        throw new SamlException(e);
    }
}
Also used : AssertionMarshaller(org.opensaml.saml2.core.impl.AssertionMarshaller) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml2.core.Assertion) XSString(org.opensaml.xml.schema.XSString) MarshalException(javax.xml.crypto.MarshalException) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) MarshallingException(org.opensaml.xml.io.MarshallingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnknownHostException(java.net.UnknownHostException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ConfigurationException(org.opensaml.xml.ConfigurationException)

Aggregations

SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)4 Subject (org.opensaml.saml.saml2.core.Subject)4 ZonedDateTime (java.time.ZonedDateTime)3 Assertion (org.opensaml.saml2.core.Assertion)3 NameID (org.opensaml.saml2.core.NameID)3 RegisteredService (org.apereo.cas.services.RegisteredService)2 DateTime (org.joda.time.DateTime)2 Subject (org.opensaml.saml.saml1.core.Subject)2 Subject (org.opensaml.saml2.core.Subject)2 IOException (java.io.IOException)1 StringWriter (java.io.StringWriter)1 UnknownHostException (java.net.UnknownHostException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SecureRandom (java.security.SecureRandom)1 UnrecoverableEntryException (java.security.UnrecoverableEntryException)1 CertificateException (java.security.cert.CertificateException)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 MarshalException (javax.xml.crypto.MarshalException)1