Examples with SubjectConfirmationType xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType used on opensource projects

Example 1 with SubjectConfirmationType

use of xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType in project keycloak by keycloak.

the class BaseWriter method write.

/**
 * write an {@code SubjectType} to stream
 *
 * @param subject
 * @param out
 *
 * @throws ProcessingException
 */
public void write(SubjectType subject) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(), ASSERTION_NSURI.get());
    SubjectType.STSubType subType = subject.getSubType();
    if (subType != null) {
        BaseIDAbstractType baseID = subType.getBaseID();
        if (baseID instanceof NameIDType) {
            NameIDType nameIDType = (NameIDType) baseID;
            write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
        }
        EncryptedElementType enc = subType.getEncryptedID();
        if (enc != null)
            throw new RuntimeException("NYI");
        List<SubjectConfirmationType> confirmations = subType.getConfirmation();
        if (confirmations != null) {
            for (SubjectConfirmationType confirmation : confirmations) {
                write(confirmation);
            }
        }
    }
    List<SubjectConfirmationType> subjectConfirmations = subject.getConfirmation();
    if (subjectConfirmations != null) {
        for (SubjectConfirmationType subjectConfirmationType : subjectConfirmations) {
            write(subjectConfirmationType);
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 2 with SubjectConfirmationType

use of xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20AuthnResponseNonAsciiNameDefaultLatin2.

@Test
public void testSaml20AuthnResponseNonAsciiNameDefaultLatin2() throws Exception {
    ResponseType rt = assertParsed("KEYCLOAK-3971-8859-2-in-header-authnresponse.xml", ResponseType.class);
    assertThat(rt.getAssertions().size(), is(1));
    final AssertionType assertion = rt.getAssertions().get(0).getAssertion();
    final SubjectType subject = assertion.getSubject();
    assertThat(subject.getConfirmation(), hasSize(1));
    SubjectConfirmationType confirmation = subject.getConfirmation().get(0);
    assertThat(confirmation.getMethod(), is(JBossSAMLURIConstants.SUBJECT_CONFIRMATION_BEARER.get()));
    assertThat(confirmation.getSubjectConfirmationData(), notNullValue());
    assertThat(confirmation.getSubjectConfirmationData().getInResponseTo(), is("ID_cc0ff6f7-b481-4c98-9a79-481d50958290"));
    assertThat(confirmation.getSubjectConfirmationData().getRecipient(), is("http://localhost:8080/sales-post-sig/saml"));
    assertThat(subject.getSubType().getBaseID(), instanceOf(NameIDType.class));
    NameIDType nameId = (NameIDType) subject.getSubType().getBaseID();
    assertThat(nameId.getValue(), is("ročéíöüßäöü"));
}

Example 3 with SubjectConfirmationType

use of xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType in project keycloak by keycloak.

the class SAMLAssertionFactory method createSubjectConfirmation.

/**
 * <p>
 * Creates a {@code SubjectConfirmationType} object with the specified values.
 * </p>
 *
 * @param nameID the identifier of the confirmation.
 * @param confirmationMethod a {@code String} representing the confirmation method.
 * @param keyInfoData the {@code KeyInfoConfirmationDataType} instance that contains the proof of possession key.
 *
 * @return the constructed {@code SubjectConfirmationType} instance.
 */
public static SubjectConfirmationType createSubjectConfirmation(NameIDType nameID, String confirmationMethod, KeyInfoConfirmationDataType keyInfoData) {
    SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
    subjectConfirmation.setNameID(nameID);
    subjectConfirmation.setMethod(confirmationMethod);
    subjectConfirmation.setSubjectConfirmationData(keyInfoData);
    return subjectConfirmation;
}

Example 4 with SubjectConfirmationType

use of xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType in project keycloak by keycloak.

the class SAMLSubjectConfirmationParser method instantiateElement.

@Override
protected SubjectConfirmationType instantiateElement(XMLEventReader xmlEventReader, StartElement element) throws ParsingException {
    final SubjectConfirmationType res = new SubjectConfirmationType();
    res.setMethod(StaxParserUtil.getAttributeValue(element, SAMLAssertionQNames.ATTR_METHOD));
    return res;
}

Example 5 with SubjectConfirmationType

use of xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType in project keycloak by keycloak.

the class SAMLEndpoint method validateInResponseToAttribute.

private boolean validateInResponseToAttribute(ResponseType responseType, String expectedRequestId) {
    // If we are not expecting a request ID, don't bother
    if (expectedRequestId == null || expectedRequestId.isEmpty())
        return true;
    // We are expecting a request ID so we are in SP-initiated login, attribute InResponseTo must be present
    if (responseType.getInResponseTo() == null) {
        logger.error("Response Validation Error: InResponseTo attribute was expected but not present in received response");
        return false;
    }
    // Attribute is present, proceed with validation
    // 1) Attribute Response > InResponseTo must not be empty
    String responseInResponseToValue = responseType.getInResponseTo();
    if (responseInResponseToValue.isEmpty()) {
        logger.error("Response Validation Error: InResponseTo attribute was expected but it is empty in received response");
        return false;
    }
    // 2) Attribute Response > InResponseTo must match request ID
    if (!responseInResponseToValue.equals(expectedRequestId)) {
        logger.error("Response Validation Error: received InResponseTo attribute does not match the expected request ID");
        return false;
    }
    // If present, Assertion > Subject > Confirmation > SubjectConfirmationData > InResponseTo must also be validated
    if (responseType.getAssertions().isEmpty())
        return true;
    SubjectType subjectElement = responseType.getAssertions().get(0).getAssertion().getSubject();
    if (subjectElement != null) {
        if (subjectElement.getConfirmation() != null && !subjectElement.getConfirmation().isEmpty()) {
            SubjectConfirmationType subjectConfirmationElement = subjectElement.getConfirmation().get(0);
            if (subjectConfirmationElement != null) {
                SubjectConfirmationDataType subjectConfirmationDataElement = subjectConfirmationElement.getSubjectConfirmationData();
                if (subjectConfirmationDataElement != null) {
                    if (subjectConfirmationDataElement.getInResponseTo() != null) {
                        // 3) Assertion > Subject > Confirmation > SubjectConfirmationData > InResponseTo is empty
                        String subjectConfirmationDataInResponseToValue = subjectConfirmationDataElement.getInResponseTo();
                        if (subjectConfirmationDataInResponseToValue.isEmpty()) {
                            logger.error("Response Validation Error: SubjectConfirmationData InResponseTo attribute was expected but it is empty in received response");
                            return false;
                        }
                        // 4) Assertion > Subject > Confirmation > SubjectConfirmationData > InResponseTo does not match request ID
                        if (!subjectConfirmationDataInResponseToValue.equals(expectedRequestId)) {
                            logger.error("Response Validation Error: received SubjectConfirmationData InResponseTo attribute does not match the expected request ID");
                            return false;
                        }
                    }
                }
            }
        }
    }
    return true;
}