Package org.opensaml.saml2.core

Examples of org.opensaml.saml2.core.Assertion

125
126
127
128
129
130
131
132
133
134
135
136
                    "OpenSaml engine not initialized. Please make sure to initialize the OpenSaml engine "
                    + "prior using it"
                );
            }
        }
        Assertion assertion =
            assertionBuilder.buildObject(Assertion.DEFAULT_ELEMENT_NAME, Assertion.TYPE_NAME);
        assertion.setID(UUIDGenerator.getUUID());
        assertion.setVersion(SAMLVersion.VERSION_20);
        assertion.setIssueInstant(new DateTime());
        return assertion;
    }
View Full Code Here
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
    final String target = openSAMLContext.getIdpUrl();

    Endpoint endpoint = endpointGenerator.generateEndpoint(
            SingleSignOnService.DEFAULT_ELEMENT_NAME, target, openSAMLContext.assertionConsumerUri());

    AuthnRequest authnRequest = authnRequestGenerator.generateAuthnRequest(target, openSAMLContext.assertionConsumerUri());

    Client client = getClientByRequest(authState);
    String spEntityIdBy = client.getAttributes().get(CLIENT_SAML_ENTITY_NAME);

    if (StringUtils.isNotEmpty(spEntityIdBy)) {
      Scoping scoping = scopingBuilder.buildObject();
      scoping.getRequesterIDs().add(createRequesterID(spEntityIdBy));
      authnRequest.setScoping(scoping);
    } else {
      LOG.warn("For Client {} there is no key CLIENT_SAML_ENTITY_NAME configured to identify the SP entity name. NO SCOPING IS APPLIED", client.getClientId());
    }

    CriteriaSet criteriaSet = new CriteriaSet();
View Full Code Here
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
                    builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
        }

        if (decisionData != null && decisionData.size() > 0) {
            for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
                AuthzDecisionStatement authDecision =
                    authorizationDecisionStatementBuilder.buildObject();
                authDecision.setResource(decisionStatementBean.getResource());
                authDecision.setDecision(
                    transformDecisionType(decisionStatementBean.getDecision())
                );

                for (ActionBean actionBean : decisionStatementBean.getActions()) {
                    Action actionElement = createSamlAction(actionBean);
                    authDecision.getActions().add(actionElement);
                }

                if (decisionStatementBean.getEvidence() instanceof Evidence) {                                   
                    authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
                }
               
                authDecisionStatements.add(authDecision);
            }
        }
View Full Code Here
61
62
63
64
65
66
67
68
69
70
71
        issuer = value;
    }
   
    public void validate(Message message, AssertionWrapper wrapper) {
       
        Conditions cs = wrapper.getSaml2().getConditions();
        validateAudience(message, cs);
       
        if (issuer != null) {
            String actualIssuer = getIssuer(wrapper);
            String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer)
View Full Code Here
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
        if (conditionsBuilder == null) {
            conditionsBuilder = (SAMLObjectBuilder<Conditions>)
                builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
        }
       
        Conditions conditions = conditionsBuilder.buildObject();
       
        if (conditionsBean == null) {
            DateTime newNotBefore = new DateTime();
            conditions.setNotBefore(newNotBefore);
            conditions.setNotOnOrAfter(newNotBefore.plusMinutes(5));
            return conditions;
        }
       
        int tokenPeriodMinutes = conditionsBean.getTokenPeriodMinutes();
        DateTime notBefore = conditionsBean.getNotBefore();
        DateTime notAfter = conditionsBean.getNotAfter();
       
        if (notBefore != null && notAfter != null) {
            if (notBefore.isAfter(notAfter)) {
                throw new IllegalStateException(
                    "The value of notBefore may not be after the value of notAfter"
                );
            }
            conditions.setNotBefore(notBefore);
            conditions.setNotOnOrAfter(notAfter);
        } else {
            DateTime newNotBefore = new DateTime();
            conditions.setNotBefore(newNotBefore);
            if (tokenPeriodMinutes <= 0) {
                tokenPeriodMinutes = 5;
            }
            conditions.setNotOnOrAfter(newNotBefore.plusMinutes(tokenPeriodMinutes));
        }
       
        if (conditionsBean.getAudienceURI() != null) {
            AudienceRestriction audienceRestriction =
                createAudienceRestriction(conditionsBean.getAudienceURI());
            conditions.getAudienceRestrictions().add(audienceRestriction);
        }
       
        return conditions;
    }
View Full Code Here
702
703
704
705
706
707
708
709
710
711
712
     * @return a DecisionTypeEnumeration object
     */
    private static DecisionTypeEnumeration transformDecisionType(
        AuthDecisionStatementBean.Decision decision
    ) {
        DecisionTypeEnumeration decisionTypeEnum = DecisionTypeEnumeration.DENY;
        if (decision.equals(AuthDecisionStatementBean.Decision.PERMIT)) {
            decisionTypeEnum = DecisionTypeEnumeration.PERMIT;
        } else if (decision.equals(AuthDecisionStatementBean.Decision.INDETERMINATE)) {
            decisionTypeEnum = DecisionTypeEnumeration.INDETERMINATE;
        }
View Full Code Here
78
79
80
81
82
83
84
85
            throw ExceptionUtils.toNotAuthorizedException(null, null);
        }
    }
   
    private String getIssuer(AssertionWrapper assertionW) {
        Issuer samlIssuer = assertionW.getSaml2().getIssuer();
        return samlIssuer == null ? null : samlIssuer.getValue();
    }
View Full Code Here
156
157
158
159
160
161
162
163
164
165
166
167
        if (issuerBuilder == null) {
            issuerBuilder = (SAMLObjectBuilder<Issuer>)
                builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
           
        }
        Issuer issuer = issuerBuilder.buildObject();
        //
        // The SAML authority that is making the claim(s) in the assertion. The issuer SHOULD
        // be unambiguous to the intended relying parties.
        issuer.setValue(issuerValue);
        return issuer;
    }
View Full Code Here
51
52
53
54
55
56
57
58
59
60
61
62
        if (attributeStatements == null || attributeStatements.isEmpty()) {
            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
        }
       
        Subject subject = saml2Assertion.getSubject();
        NameID nameID = subject.getNameID();
        String subjectName = nameID.getValue();
        if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
            return validatedCredential;
        }
       
        throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
View Full Code Here
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
    }
   
    public static Subject getSubject(Message message, AssertionWrapper assertionW) {
        org.opensaml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
        Subject subject = new Subject();
        NameID nameId = s.getNameID();
        subject.setNameQualifier(nameId.getNameQualifier());
        // if format is transient then we may need to use STSClient
        // to request an alternate name from IDP
        subject.setNameFormat(nameId.getFormat());
       
        subject.setName(nameId.getValue());
        subject.setSpId(nameId.getSPProvidedID());
        subject.setSpQualifier(nameId.getSPNameQualifier());
        return subject;
    }
View Full Code Here
TOP

Related Classes of org.opensaml.saml2.core.Assertion

  • demo.sts.provider.token.Saml2TokenProvider
  • org.apache.cxf.rs.security.oauth2.saml.SamlOAuthValidator
  • org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter
  • org.apache.cxf.rs.security.saml.sso.AuthnRequestBuilderTest
  • org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest
  • org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidatorTest
  • org.apache.cxf.rt.security.xacml.SamlRequestComponentBuilder
  • org.apache.cxf.systest.sts.intermediary_transformation.OnBehalfOfValidator
  • org.apache.cxf.systest.sts.realms.DifferentRealmValidator
  • org.apache.cxf.systest.sts.username_actas.ActAsValidator
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.