Package org.jboss.identity.federation.saml.v2.assertion

Examples of org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationDataType

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
      //Look for unauthorized status
      if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
      {
         try
         {
            ResponseType errorResponseType =
              webRequestUtil.getErrorResponse(referer,
                  JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                  this.identityURL);
        
            if(this.supportSignature)
               webRequestUtil.send(errorResponseType, relayState, response, true,
                     this.keyManager.getSigningKey());
            else
               webRequestUtil.send(errorResponseType, relayState, response, false,null);
           
         }
         catch (GeneralSecurityException e)
         {
            throw new ServletException(e);
        
         return;
     
     
      if(userPrincipal != null)
      {
         /**
          * Since the container has finished the authentication,
          * we can retrieve the original saml message as well as
          * any relay state from the SP
          */
         samlMessage = (String) session.getNote("SAMLRequest");
         relayState = (String) session.getNote("RelayState");
         signature = (String) session.getNote("Signature");
         sigAlg = (String) session.getNote("sigAlg");
        
         log.trace("Retrieved saml message and relay state from session");
         log.trace("saml message=" + samlMessage + "::relay state="+ relayState);
         log.trace("Signature=" + signature + "::sigAlg="+ sigAlg);
        
        
         session.removeNote("SAMLRequest");
        
         if(relayState != null && relayState.length() > 0)
            session.removeNote("RelayState");
        
         if(signature != null && signature.length() > 0)
            session.removeNote("Signature");
         if(sigAlg != null && sigAlg.length() > 0)
            session.removeNote("sigAlg");
        
         //Send valid saml response after processing the request
         if(samlMessage != null)
         {
            //Get the SAML Request Message
            RequestAbstractType requestAbstractType =  null;
            ResponseType responseType = null;
           
               try
               {
                  requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
                  boolean isValid = validate(request.getRemoteAddr(),
View Full Code Here
291
292
293
294
295
296
297
298
299
300
301
   protected void sendErrorResponseToSP(String referrer, Response response, String relayState,
         IDPWebRequestUtil webRequestUtil) throws ServletException, IOException, ConfigurationException
   {
      log.trace("About to send error response to SP:" + referrer);
     
      ResponseType errorResponseType =
         webRequestUtil.getErrorResponse(referrer, JBossSAMLURIConstants.STATUS_RESPONDER.get(),
               this.identityURL);
      try
      {
         if(this.supportSignature)
View Full Code Here
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
         byte[] base64DecodedResponse = Base64.decode(samlResponse);
         InputStream is = DeflateUtil.decode(base64DecodedResponse);

         SAML2Response saml2Response = new SAML2Response();
        
         ResponseType responseType;
         try
         {
            responseType = saml2Response.getResponseType(is);
         }
         catch (JAXBException e)
         {
            throw new ParsingException(e);
         }
         catch (SAXException e)
         {
            throw new ParsingException(e);
         }
                 
         this.isTrusted(responseType.getIssuer().getValue());
        
         List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
         if(assertions.size() == 0)
            throw new IllegalStateException("No assertions in reply from IDP");
        
         Object assertion = assertions.get(0);
         if(assertion instanceof EncryptedElementType)
View Full Code Here
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
   protected ResponseType getResponse(Request request, Principal userPrincipal)
   throws ParsingException, ConfigurationException, ProcessingException
   {
      SAML2Response saml2Response = new SAML2Response();
     
      ResponseType responseType =  super.getResponse(request, userPrincipal);
    
      //If there is a configuration to encrypt
      if(this.idpConfiguration.isEncrypt())
      {
         //Need to encrypt the assertion
         String sp = responseType.getDestination();
         if(sp == null)
            throw new IllegalStateException("Unable to handle encryption as SP url is null");
         try
         {
            URL spurl = new URL(sp);
            PublicKey publicKey = keyManager.getValidatingKey(spurl.getHost());
            EncryptionType enc = idpConfiguration.getEncryption();
            if(enc == null)
               throw new IllegalStateException("EncryptionType not configured");
            String encAlgo = enc.getEncAlgo().value();
            int keyLength = enc.getKeySize();
            //Generate a key on the fly
            SecretKey sk = keyManager.getEncryptionKey(spurl.getHost(), encAlgo, keyLength);
           
            StringWriter sw = new StringWriter();
            saml2Response.marshall(responseType, sw);
           
            Document responseDoc = DocumentUtil.getDocument(new StringReader(sw.toString()))
     
            String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
           
            QName assertionQName = new QName(assertionNS, "EncryptedAssertion", "saml");
           
            Element encAssertion = XMLEncryptionUtil.encryptElementInDocument(responseDoc,
                            publicKey, sk, keyLength, assertionQName, true);
           
           
            EncryptedElementType eet = saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
            responseType.getAssertionOrEncryptedAssertion().set(0, eet);
         }
         catch (MalformedURLException e)
         {
            // TODO Auto-generated catch block
            e.printStackTrace();
View Full Code Here
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
         long assertionValidity)
   throws ConfigurationException, IssueInstantMissingException
   {
      log.trace("AssertionConsumerURL=" + assertionConsumerURL +
            "::assertion validity=" + assertionValidity);
      ResponseType responseType = null;    
     
      SAML2Response saml2Response = new SAML2Response();
           
      //Create a response type
      String id = IDGenerator.create("ID_");

      IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
      issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());

      IDPInfoHolder idp = new IDPInfoHolder();
      idp.setNameIDFormatValue(userPrincipal.getName());
      idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

      SPInfoHolder sp = new SPInfoHolder();
      sp.setResponseDestinationURI(assertionConsumerURL);
      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
     
     
      //Add information on the roles
      AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

      AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
      assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
     
      //Add timed conditions
View Full Code Here
342
343
344
345
346
347
348
349
350
351
352
    * @throws ConfigurationException  
    */
   public ResponseType getErrorResponse(String responseURL, String status,
         String identityURL)
   {
      ResponseType responseType = null;

      SAML2Response saml2Response = new SAML2Response();

      //Create a response type
      String id = IDGenerator.create("ID_");
View Full Code Here
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
         byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
         InputStream is = new ByteArrayInputStream(base64DecodedResponse);

         SAML2Response saml2Response = new SAML2Response();
        
         ResponseType responseType = saml2Response.getResponseType(is);
                 
         this.isTrusted(responseType.getIssuer().getValue());
        
         List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
         if(assertions.size() == 0)
            throw new IllegalStateException("No assertions in reply from IDP");
        
         Object assertion = assertions.get(0);
         if(assertion instanceof EncryptedElementType)
View Full Code Here
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
            try
            {
               SAML2Response saml2Response = new SAML2Response();
              
               ResponseType responseType = saml2Response.getResponseType(is);
              
               SAMLDocumentHolder samlDocumentHolder = saml2Response.getSamlDocumentHolder();
              
               boolean validSignature = this.verifySignature(samlDocumentHolder);
              
               if(validSignature == false)
                  throw new IssuerNotTrustedException("Signature in saml document is invalid");
              
               this.isTrusted(responseType.getIssuer().getValue());
              
               List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
               if(assertions.size() == 0)
                  throw new IllegalStateException("No assertions in reply from IDP");
              
               Object assertion = assertions.get(0);
               if(assertion instanceof EncryptedElementType)
View Full Code Here
337
338
339
340
341
342
343
344
345
346
347
348
349
   }
   
   protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
   {  
      Document samlResponse = samlDocumentHolder.getSamlDocument();
      ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
     
      String issuerID = response.getIssuer().getValue();
     
      if(issuerID == null)
         throw new IssuerNotTrustedException("Issue missing");
     
      URL issuerURL;
View Full Code Here
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
      Document samlResponseDocument = null;
     
      if(trace)
         log.trace("AssertionConsumerURL=" + assertionConsumerURL +
            "::assertion validity=" + assertionValidity);
      ResponseType responseType = null;    
     
      SAML2Response saml2Response = new SAML2Response();
           
      //Create a response type
      String id = IDGenerator.create("ID_");

      IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
      issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());

      IDPInfoHolder idp = new IDPInfoHolder();
      idp.setNameIDFormatValue(userPrincipal.getName());
      idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

      SPInfoHolder sp = new SPInfoHolder();
      sp.setResponseDestinationURI(assertionConsumerURL);
      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
     
     
      //Add information on the roles
      AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

      AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
      assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
     
      //Add timed conditions
View Full Code Here
TOP

Related Classes of org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationDataType

  • org.jboss.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder
  • org.jboss.identity.federation.api.saml.v2.metadata.MetaDataBuilder
  • org.jboss.identity.federation.api.saml.v2.metadata.MetaDataExtractor
  • org.jboss.identity.federation.api.saml.v2.request.SAML2Request
  • org.jboss.identity.federation.api.saml.v2.response.SAML2Response
  • org.jboss.identity.federation.api.soap.SOAPSAMLXACML
  • org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider
  • org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil
  • org.jboss.identity.federation.bindings.providers.FileBasedEntityMetadataProvider
  • org.jboss.identity.federation.bindings.servlets.CircleOfTrustServlet
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.