Search in sources :

Example 6 with AuthnContextClassRefBuilder

use of org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder in project syncope by apache.

the class SAML2PResponseComponentBuilder method createAuthnContextClassRef.

public static AuthnContextClassRef createAuthnContextClassRef(final String newAuthnContextClassRef) {
    if (authnContextClassRefBuilder == null) {
        authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    }
    AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
    authnContextClassRef.setAuthnContextClassRef(newAuthnContextClassRef);
    return authnContextClassRef;
}
Also used : AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)

Example 7 with AuthnContextClassRefBuilder

use of org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder in project ddf by codice.

the class SamlAssertionValidatorImplTest method createAssertion.

private Assertion createAssertion(boolean sign, boolean validSignature, String issuerString, DateTime notOnOrAfter) throws Exception {
    Assertion assertion = new AssertionBuilder().buildObject();
    assertion.setID(UUID.randomUUID().toString());
    assertion.setIssueInstant(new DateTime());
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(issuerString);
    assertion.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    nameID.setNameQualifier("http://cxf.apache.org/sts");
    nameID.setValue("admin");
    SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
    Subject subject = new SubjectBuilder().buildObject();
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    assertion.setSubject(subject);
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(new DateTime().minusDays(3));
    conditions.setNotOnOrAfter(notOnOrAfter);
    assertion.setConditions(conditions);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setAuthnInstant(new DateTime());
    AuthnContext authnContext = new AuthnContextBuilder().buildObject();
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    authnStatement.setAuthnContext(authnContext);
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    Attribute attribute = new AttributeBuilder().buildObject();
    AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
    attributeValue.setValue("admin");
    attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    attribute.getAttributeValues().add(attributeValue);
    attributeStatement.getAttributes().add(attribute);
    assertion.getAttributeStatements().add(attributeStatement);
    if (sign) {
        Signature signature = OpenSAMLUtil.buildSignature();
        signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        signature.setSignatureAlgorithm(WSS4JConstants.RSA);
        BasicX509Credential signingCredential;
        if (validSignature) {
            signingCredential = new BasicX509Credential(certificate);
            signingCredential.setPrivateKey(privateKey);
            signature.setSigningCredential(signingCredential);
        } else {
            try (InputStream inputStream = getClass().getResourceAsStream("/localhost.crt")) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inputStream);
                signingCredential = new BasicX509Credential(cert);
                signature.setSigningCredential(signingCredential);
            }
        }
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
        assertion.setSignature(signature);
    }
    return assertion;
}
Also used : Issuer(org.opensaml.saml.saml2.core.Issuer) Attribute(org.opensaml.saml.saml2.core.Attribute) AuthnStatementBuilder(org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder) CertificateFactory(java.security.cert.CertificateFactory) DateTime(org.joda.time.DateTime) Conditions(org.opensaml.saml.saml2.core.Conditions) AuthnContext(org.opensaml.saml.saml2.core.AuthnContext) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SubjectBuilder(org.opensaml.saml.saml2.core.impl.SubjectBuilder) SubjectConfirmationBuilder(org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory) AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder) AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder) NameID(org.opensaml.saml.saml2.core.NameID) AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType) InputStream(java.io.InputStream) AuthnContextBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextBuilder) Assertion(org.opensaml.saml.saml2.core.Assertion) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AssertionBuilder(org.opensaml.saml.saml2.core.impl.AssertionBuilder) Subject(org.opensaml.saml.saml2.core.Subject) X509Certificate(java.security.cert.X509Certificate) ConditionsBuilder(org.opensaml.saml.saml2.core.impl.ConditionsBuilder) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Signature(org.opensaml.xmlsec.signature.Signature) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) AttributeValueTypeImplBuilder(org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder)

Example 8 with AuthnContextClassRefBuilder

use of org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder in project ddf by codice.

the class IdpHandler method createAndSignAuthnRequest.

private String createAndSignAuthnRequest(boolean isPost, boolean wantSigned) throws AuthenticationFailureException {
    String spIssuerId = getSpIssuerId();
    String spAssertionConsumerServiceUrl = getSpAssertionConsumerServiceUrl(spIssuerId);
    AuthnRequest authnRequest = authnRequestBuilder.buildObject();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(spIssuerId);
    authnRequest.setIssuer(issuer);
    authnRequest.setAssertionConsumerServiceURL(spAssertionConsumerServiceUrl);
    authnRequest.setID("_" + UUID.randomUUID().toString());
    authnRequest.setVersion(SAMLVersion.VERSION_20);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setDestination(idpMetadata.getSingleSignOnLocation());
    authnRequest.setProtocolBinding(SamlProtocol.POST_BINDING);
    authnRequest.setNameIDPolicy(SamlpRequestComponentBuilder.createNameIDPolicy(true, SAML2Constants.NAMEID_FORMAT_PERSISTENT, spIssuerId));
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
    RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
    AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    for (String authContextClass : authContextClasses) {
        if (StringUtils.isNotEmpty(authContextClass)) {
            AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
            authnContextClassRef.setAuthnContextClassRef(authContextClass);
            requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
        }
    }
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);
    return serializeAndSign(isPost, wantSigned, authnRequest);
}
Also used : RequestedAuthnContextBuilder(org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Issuer(org.opensaml.saml.saml2.core.Issuer) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder) DateTime(org.joda.time.DateTime)

Aggregations

AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)6 AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)6 DateTime (org.joda.time.DateTime)5 Issuer (org.opensaml.saml.saml2.core.Issuer)4 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)3 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)3 IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)3 Assertion (org.opensaml.saml.saml2.core.Assertion)2 Attribute (org.opensaml.saml.saml2.core.Attribute)2 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)2 AuthnContext (org.opensaml.saml.saml2.core.AuthnContext)2 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)2 Conditions (org.opensaml.saml.saml2.core.Conditions)2 NameID (org.opensaml.saml.saml2.core.NameID)2 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)2 Subject (org.opensaml.saml.saml2.core.Subject)2 SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)2 AssertionBuilder (org.opensaml.saml.saml2.core.impl.AssertionBuilder)2 AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)2 AttributeStatementBuilder (org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder)2