Example 1 with SAML2Profile
use of org.pac4j.saml.profile.SAML2Profile in project pac4j by pac4j.
the class SAML2LogoutRequestBuilder method buildLogoutRequest.
@SuppressWarnings("unchecked")
protected final LogoutRequest buildLogoutRequest(final SAML2MessageContext context, final AssertionConsumerService assertionConsumerService, final SingleLogoutService ssoService) {
final SAMLObjectBuilder<LogoutRequest> builder = (SAMLObjectBuilder<LogoutRequest>) this.builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
final LogoutRequest request = builder.buildObject();
final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext();
request.setID(generateID());
request.setIssuer(getIssuer(selfContext.getEntityId()));
request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
request.setVersion(SAMLVersion.VERSION_20);
request.setDestination(ssoService.getLocation());
// very very bad...
ProfileManager manager = new ProfileManager(context.getWebContext());
Optional<UserProfile> p = manager.get(true);
if (p.isPresent() && p.get() instanceof SAML2Profile) {
final SAML2Profile samlP = (SAML2Profile) p.get();
// name id added (id of profile)
final SAMLObjectBuilder<NameID> nameIdBuilder = (SAMLObjectBuilder<NameID>) this.builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
final NameID nameId = nameIdBuilder.buildObject();
nameId.setValue(samlP.getId());
nameId.setFormat(samlP.getSamlNameIdFormat());
nameId.setNameQualifier(samlP.getSamlNameIdNameQualifier());
nameId.setSPNameQualifier(samlP.getSamlNameIdSpNameQualifier());
nameId.setSPProvidedID(samlP.getSamlNameIdSpProviderId());
request.setNameID(nameId);
// session index added
final String sessIdx = (String) samlP.getAttribute("sessionindex");
final SAMLObjectBuilder<SessionIndex> sessionIndexBuilder = (SAMLObjectBuilder<SessionIndex>) this.builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
final SessionIndex sessionIdx = sessionIndexBuilder.buildObject();
sessionIdx.setSessionIndex(sessIdx);
request.getSessionIndexes().add(sessionIdx);
}
return request;
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
SAMLSelfEntityContext(org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext)
UserProfile(org.pac4j.core.profile.UserProfile)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
NameID(org.opensaml.saml.saml2.core.NameID)
SAML2Profile(org.pac4j.saml.profile.SAML2Profile)
SessionIndex(org.opensaml.saml.saml2.core.SessionIndex)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Example 2 with SAML2Profile
use of org.pac4j.saml.profile.SAML2Profile in project pac4j by pac4j.
the class RunTestshib method verifyProfile.
@Override
protected void verifyProfile(final CommonProfile userProfile) {
final SAML2Profile profile = (SAML2Profile) userProfile;
assertEquals("[Member, Staff]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.1").toString());
assertEquals("[myself]", profile.getAttribute("urn:oid:0.9.2342.19200300.100.1.1").toString());
assertEquals("[Me Myself And I]", profile.getAttribute("urn:oid:2.5.4.3").toString());
assertEquals("[myself@testshib.org]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.6").toString());
assertEquals("[555-5555]", profile.getAttribute("urn:oid:2.5.4.20").toString());
assertEquals("[Member@testshib.org, Staff@testshib.org]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.9").toString());
assertEquals("[urn:mace:dir:entitlement:common-lib-terms]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.7").toString());
assertEquals("[Me Myself]", profile.getAttribute("urn:oid:2.5.4.42").toString());
assertEquals("[And I]", profile.getAttribute("urn:oid:2.5.4.4").toString());
}
Also used :
SAML2Profile(org.pac4j.saml.profile.SAML2Profile)
Example 3 with SAML2Profile
use of org.pac4j.saml.profile.SAML2Profile in project pac4j by pac4j.
the class SAML2Authenticator method validate.
@Override
public void validate(final SAML2Credentials credentials, final WebContext context) {
init();
final SAML2Profile profile = getProfileDefinition().newProfile();
final NameID nameId = credentials.getNameId();
profile.setId(nameId.getValue());
profile.addAttribute(SESSION_INDEX, credentials.getSessionIndex());
profile.addAuthenticationAttribute(SAML_NAME_ID_FORMAT, nameId.getFormat());
profile.addAuthenticationAttribute(SAML_NAME_ID_NAME_QUALIFIER, nameId.getNameQualifier());
profile.addAuthenticationAttribute(SAML_NAME_ID_SP_NAME_QUALIFIER, nameId.getSPNameQualifier());
profile.addAuthenticationAttribute(SAML_NAME_ID_SP_PROVIDED_ID, nameId.getSPProvidedID());
for (final Attribute attribute : credentials.getAttributes()) {
logger.debug("Processing profile attribute {}", attribute);
final String name = attribute.getName();
final String friendlyName = attribute.getFriendlyName();
final List<String> values = new ArrayList<>();
for (final XMLObject attributeValue : attribute.getAttributeValues()) {
final Element attributeValueElement = attributeValue.getDOM();
if (attributeValueElement != null) {
final String value = attributeValueElement.getTextContent();
logger.debug("Adding attribute value {} for attribute {} / {}", value, name, friendlyName);
values.add(value);
} else {
logger.warn("Attribute value DOM element is null for {}", attribute);
}
}
if (!values.isEmpty()) {
getProfileDefinition().convertAndAdd(profile, PROFILE_ATTRIBUTE, name, values);
if (CommonHelper.isNotBlank(friendlyName)) {
getProfileDefinition().convertAndAdd(profile, PROFILE_ATTRIBUTE, friendlyName, values);
}
} else {
logger.debug("No attribute values found for {}", name);
}
}
// Add in issuerID and authnContexts
profile.addAuthenticationAttribute(ISSUER_ID, credentials.getIssuerId());
profile.addAuthenticationAttribute(AUTHN_CONTEXT, credentials.getAuthnContexts());
// Retrieve conditions attributes
// Adding them to both the "regular" and authentication attributes so we don't break anyone currently using it.
Conditions conditions = credentials.getConditions();
if (conditions != null) {
profile.addAttribute(SAML_CONDITION_NOT_BEFORE_ATTRIBUTE, conditions.getNotBefore());
profile.addAuthenticationAttribute(SAML_CONDITION_NOT_BEFORE_ATTRIBUTE, conditions.getNotBefore());
profile.addAttribute(SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE, conditions.getNotOnOrAfter());
profile.addAuthenticationAttribute(SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE, conditions.getNotOnOrAfter());
}
credentials.setUserProfile(profile);
}
Also used :
NameID(org.opensaml.saml.saml2.core.NameID)
Attribute(org.opensaml.saml.saml2.core.Attribute)
SAML2Profile(org.pac4j.saml.profile.SAML2Profile)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
XMLObject(org.opensaml.core.xml.XMLObject)
Conditions(org.opensaml.saml.saml2.core.Conditions)
Aggregations
SAML2Profile (org.pac4j.saml.profile.SAML2Profile)3
NameID (org.opensaml.saml.saml2.core.NameID)2
ArrayList (java.util.ArrayList)1
XMLObject (org.opensaml.core.xml.XMLObject)1
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)1
SAMLSelfEntityContext (org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext)1
Attribute (org.opensaml.saml.saml2.core.Attribute)1
Conditions (org.opensaml.saml.saml2.core.Conditions)1
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)1
SessionIndex (org.opensaml.saml.saml2.core.SessionIndex)1
ProfileManager (org.pac4j.core.profile.ProfileManager)1
UserProfile (org.pac4j.core.profile.UserProfile)1
Element (org.w3c.dom.Element)1
