Search in sources :

Example 1 with SAML2Profile

use of org.pac4j.saml.profile.SAML2Profile in project pac4j by pac4j.

the class SAML2LogoutRequestBuilder method buildLogoutRequest.

@SuppressWarnings("unchecked")
protected final LogoutRequest buildLogoutRequest(final SAML2MessageContext context, final AssertionConsumerService assertionConsumerService, final SingleLogoutService ssoService) {
    final SAMLObjectBuilder<LogoutRequest> builder = (SAMLObjectBuilder<LogoutRequest>) this.builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
    final LogoutRequest request = builder.buildObject();
    final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext();
    request.setID(generateID());
    request.setIssuer(getIssuer(selfContext.getEntityId()));
    request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
    request.setVersion(SAMLVersion.VERSION_20);
    request.setDestination(ssoService.getLocation());
    // very very bad...
    ProfileManager manager = new ProfileManager(context.getWebContext());
    Optional<UserProfile> p = manager.get(true);
    if (p.isPresent() && p.get() instanceof SAML2Profile) {
        final SAML2Profile samlP = (SAML2Profile) p.get();
        // name id added (id of profile)
        final SAMLObjectBuilder<NameID> nameIdBuilder = (SAMLObjectBuilder<NameID>) this.builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
        final NameID nameId = nameIdBuilder.buildObject();
        nameId.setValue(samlP.getId());
        nameId.setFormat(samlP.getSamlNameIdFormat());
        nameId.setNameQualifier(samlP.getSamlNameIdNameQualifier());
        nameId.setSPNameQualifier(samlP.getSamlNameIdSpNameQualifier());
        nameId.setSPProvidedID(samlP.getSamlNameIdSpProviderId());
        request.setNameID(nameId);
        // session index added
        final String sessIdx = (String) samlP.getAttribute("sessionindex");
        final SAMLObjectBuilder<SessionIndex> sessionIndexBuilder = (SAMLObjectBuilder<SessionIndex>) this.builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
        final SessionIndex sessionIdx = sessionIndexBuilder.buildObject();
        sessionIdx.setSessionIndex(sessIdx);
        request.getSessionIndexes().add(sessionIdx);
    }
    return request;
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) SAMLSelfEntityContext(org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext) UserProfile(org.pac4j.core.profile.UserProfile) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) NameID(org.opensaml.saml.saml2.core.NameID) SAML2Profile(org.pac4j.saml.profile.SAML2Profile) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)

Example 2 with SAML2Profile

use of org.pac4j.saml.profile.SAML2Profile in project pac4j by pac4j.

the class RunTestshib method verifyProfile.

@Override
protected void verifyProfile(final CommonProfile userProfile) {
    final SAML2Profile profile = (SAML2Profile) userProfile;
    assertEquals("[Member, Staff]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.1").toString());
    assertEquals("[myself]", profile.getAttribute("urn:oid:0.9.2342.19200300.100.1.1").toString());
    assertEquals("[Me Myself And I]", profile.getAttribute("urn:oid:2.5.4.3").toString());
    assertEquals("[myself@testshib.org]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.6").toString());
    assertEquals("[555-5555]", profile.getAttribute("urn:oid:2.5.4.20").toString());
    assertEquals("[Member@testshib.org, Staff@testshib.org]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.9").toString());
    assertEquals("[urn:mace:dir:entitlement:common-lib-terms]", profile.getAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.7").toString());
    assertEquals("[Me Myself]", profile.getAttribute("urn:oid:2.5.4.42").toString());
    assertEquals("[And I]", profile.getAttribute("urn:oid:2.5.4.4").toString());
}
Also used : SAML2Profile(org.pac4j.saml.profile.SAML2Profile)

Example 3 with SAML2Profile

use of org.pac4j.saml.profile.SAML2Profile in project pac4j by pac4j.

the class SAML2Authenticator method validate.

@Override
public void validate(final SAML2Credentials credentials, final WebContext context) {
    init();
    final SAML2Profile profile = getProfileDefinition().newProfile();
    final NameID nameId = credentials.getNameId();
    profile.setId(nameId.getValue());
    profile.addAttribute(SESSION_INDEX, credentials.getSessionIndex());
    profile.addAuthenticationAttribute(SAML_NAME_ID_FORMAT, nameId.getFormat());
    profile.addAuthenticationAttribute(SAML_NAME_ID_NAME_QUALIFIER, nameId.getNameQualifier());
    profile.addAuthenticationAttribute(SAML_NAME_ID_SP_NAME_QUALIFIER, nameId.getSPNameQualifier());
    profile.addAuthenticationAttribute(SAML_NAME_ID_SP_PROVIDED_ID, nameId.getSPProvidedID());
    for (final Attribute attribute : credentials.getAttributes()) {
        logger.debug("Processing profile attribute {}", attribute);
        final String name = attribute.getName();
        final String friendlyName = attribute.getFriendlyName();
        final List<String> values = new ArrayList<>();
        for (final XMLObject attributeValue : attribute.getAttributeValues()) {
            final Element attributeValueElement = attributeValue.getDOM();
            if (attributeValueElement != null) {
                final String value = attributeValueElement.getTextContent();
                logger.debug("Adding attribute value {} for attribute {} / {}", value, name, friendlyName);
                values.add(value);
            } else {
                logger.warn("Attribute value DOM element is null for {}", attribute);
            }
        }
        if (!values.isEmpty()) {
            getProfileDefinition().convertAndAdd(profile, PROFILE_ATTRIBUTE, name, values);
            if (CommonHelper.isNotBlank(friendlyName)) {
                getProfileDefinition().convertAndAdd(profile, PROFILE_ATTRIBUTE, friendlyName, values);
            }
        } else {
            logger.debug("No attribute values found for {}", name);
        }
    }
    // Add in issuerID and authnContexts
    profile.addAuthenticationAttribute(ISSUER_ID, credentials.getIssuerId());
    profile.addAuthenticationAttribute(AUTHN_CONTEXT, credentials.getAuthnContexts());
    // Retrieve conditions attributes
    // Adding them to both the "regular" and authentication attributes so we don't break anyone currently using it.
    Conditions conditions = credentials.getConditions();
    if (conditions != null) {
        profile.addAttribute(SAML_CONDITION_NOT_BEFORE_ATTRIBUTE, conditions.getNotBefore());
        profile.addAuthenticationAttribute(SAML_CONDITION_NOT_BEFORE_ATTRIBUTE, conditions.getNotBefore());
        profile.addAttribute(SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE, conditions.getNotOnOrAfter());
        profile.addAuthenticationAttribute(SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE, conditions.getNotOnOrAfter());
    }
    credentials.setUserProfile(profile);
}
Also used : NameID(org.opensaml.saml.saml2.core.NameID) Attribute(org.opensaml.saml.saml2.core.Attribute) SAML2Profile(org.pac4j.saml.profile.SAML2Profile) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) XMLObject(org.opensaml.core.xml.XMLObject) Conditions(org.opensaml.saml.saml2.core.Conditions)

Aggregations

SAML2Profile (org.pac4j.saml.profile.SAML2Profile)3 NameID (org.opensaml.saml.saml2.core.NameID)2 ArrayList (java.util.ArrayList)1 XMLObject (org.opensaml.core.xml.XMLObject)1 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)1 SAMLSelfEntityContext (org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext)1 Attribute (org.opensaml.saml.saml2.core.Attribute)1 Conditions (org.opensaml.saml.saml2.core.Conditions)1 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)1 SessionIndex (org.opensaml.saml.saml2.core.SessionIndex)1 ProfileManager (org.pac4j.core.profile.ProfileManager)1 UserProfile (org.pac4j.core.profile.UserProfile)1 Element (org.w3c.dom.Element)1