Java Code Examples for org.opensaml.saml2.core.Response#getAssertions()
The following examples show how to use
org.opensaml.saml2.core.Response#getAssertions() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SAML2SSOAuthenticator.java From carbon-identity with Apache License 2.0 | 8 votes |
|
/**
* Get the Assertion from the SAML2 Response
*
* @param response SAML2 Response
* @return assertion
*/
private Assertion getAssertionFromResponse(Response response) {
Assertion assertion = null;
if (response != null) {
List<Assertion> assertions = response.getAssertions();
if (assertions != null && assertions.size() > 0) {
assertion = assertions.get(0);
} else {
log.error("SAML2 Response doesn't contain Assertions");
}
}
return assertion;
}
Example 2
| Source File: SAML2SSOUIAuthenticator.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Get the username from the SAML2 Response
*
* @param response SAML2 Response
* @return username username contained in the SAML Response
*/
private String getUsernameFromResponse(Response response) {
List<Assertion> assertions = response.getAssertions();
Assertion assertion = null;
if (assertions != null && assertions.size() > 0) {
// There can be only one assertion in a SAML Response, so get the first one
assertion = assertions.get(0);
return assertion.getSubject().getNameID().getValue();
}
return null;
}
Example 3
| Source File: SAML2SSOUIAuthenticator.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Read the session index from a Response
*
* @param response SAML Response
* @return Session Index value contained in the Response
*/
private String getSessionIndexFromResponse(Response response) {
List<Assertion> assertions = response.getAssertions();
String sessionIndex = null;
if (assertions != null && assertions.size() > 0) {
// There can be only one assertion in a SAML Response, so get the first one
List<AuthnStatement> authnStatements = assertions.get(0).getAuthnStatements();
if (authnStatements != null && authnStatements.size() > 0) {
// There can be only one authentication stmt inside the SAML assertion of a SAML Response
AuthnStatement authStmt = authnStatements.get(0);
sessionIndex = authStmt.getSessionIndex();
}
}
return sessionIndex;
}
Example 4
| Source File: Util.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Get the username from the SAML2 Response
*
* @param response SAML2 Response
* @return username username contained in the SAML Response
*/
public static String getUsernameFromResponse(Response response) {
List<Assertion> assertions = response.getAssertions();
Assertion assertion = null;
if (assertions != null && assertions.size() > 0) {
// There can be only one assertion in a SAML Response, so get the
// first one
assertion = assertions.get(0);
return getUsernameFromAssertion(assertion);
}
return null;
}
Example 5
| Source File: SAML2SSOAuthenticator.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Get roles from the SAML2 Response
*
* @param response SAML2 Response
* @return roles array
*/
private String[] getRolesFromResponse(Response response) {
List<Assertion> assertions = response.getAssertions();
Assertion assertion = null;
if (assertions != null && assertions.size() > 0) {
assertion = assertions.get(0);
return getRolesFromAssertion(assertion);
}
return null;
}
Example 6
| Source File: SAMLSSORelyingPartyObject.java From carbon-commons with Apache License 2.0 | 5 votes |
|
/**
* Extract the name of authenticated user from SAML response.
*
* @param cx
* @param thisObj
* @param args
* @param funObj
* @return
* @throws Exception
*/
public static String jsFunction_getSAMLResponseNameId(Context cx, Scriptable thisObj,
Object[] args,
Function funObj)
throws Exception {
int argLength = args.length;
if (argLength != 1 || !(args[0] instanceof String)) {
throw new ScriptException("Invalid argument. The SAML response is missing.");
}
String decodedString = Util.decode((String) args[0]);
XMLObject samlObject = Util.unmarshall(decodedString);
String username = null;
if (samlObject instanceof Response) {
Response samlResponse = (Response) samlObject;
List<Assertion> assertions = samlResponse.getAssertions();
// extract the username
if (assertions != null && assertions.size() > 0) {
Subject subject = assertions.get(0).getSubject();
if (subject != null) {
if (subject.getNameID() != null) {
username = subject.getNameID().getValue();
}
}
}
}
if (username == null) {
throw new Exception("Failed to get subject assertion from SAML response.");
}
return username;
}
Example 7
| Source File: DefaultSAML2SSOManager.java From carbon-identity with Apache License 2.0 | 4 votes |
|
private void processSSOResponse(HttpServletRequest request) throws SAMLSSOException {
Response samlResponse = (Response) unmarshall(new String(Base64.decode(request.getParameter(
SSOConstants.HTTP_POST_PARAM_SAML2_RESP))));
Assertion assertion = null;
if (SSOUtils.isAssertionEncryptionEnabled(properties)) {
List<EncryptedAssertion> encryptedAssertions = samlResponse.getEncryptedAssertions();
EncryptedAssertion encryptedAssertion = null;
if (CollectionUtils.isNotEmpty(encryptedAssertions)) {
encryptedAssertion = encryptedAssertions.get(0);
try {
assertion = getDecryptedAssertion(encryptedAssertion);
} catch (Exception e) {
throw new SAMLSSOException("Unable to decrypt the SAML Assertion", e);
}
}
} else {
List<Assertion> assertions = samlResponse.getAssertions();
if (CollectionUtils.isNotEmpty(assertions)) {
assertion = assertions.get(0);
}
}
if (assertion == null) {
if (samlResponse.getStatus() != null &&
samlResponse.getStatus().getStatusCode() != null &&
samlResponse.getStatus().getStatusCode().getValue().equals(
SSOConstants.StatusCodes.IDENTITY_PROVIDER_ERROR) &&
samlResponse.getStatus().getStatusCode().getStatusCode() != null &&
samlResponse.getStatus().getStatusCode().getStatusCode().getValue().equals(
SSOConstants.StatusCodes.NO_PASSIVE)) {
return;
}
throw new SAMLSSOException("SAML Assertion not found in the Response");
}
// Get the subject name from the Response Object and forward it to login_action.jsp
String subject = null;
String nameQualifier = null;
String spNameQualifier = null;
if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) {
subject = assertion.getSubject().getNameID().getValue();
}
if (subject == null) {
throw new SAMLSSOException("SAML Response does not contain the name of the subject");
}
request.getSession().setAttribute("username", subject); // get the subject
nameQualifier = assertion.getSubject().getNameID().getNameQualifier();
spNameQualifier = assertion.getSubject().getNameID().getSPNameQualifier();
// validate audience restriction
validateAudienceRestriction(assertion);
// validate signature this SP only looking for assertion signature
validateSignature(samlResponse, assertion);
request.getSession(false).setAttribute("samlssoAttributes", getAssertionStatements(assertion));
//For removing the session when the single sign out request made by the SP itself
if (SSOUtils.isLogoutEnabled(properties)) {
String sessionId = assertion.getAuthnStatements().get(0).getSessionIndex();
if (sessionId == null) {
throw new SAMLSSOException("Single Logout is enabled but IdP Session ID not found in SAML Assertion");
}
request.getSession().setAttribute(SSOConstants.IDP_SESSION, sessionId);
request.getSession().setAttribute(SSOConstants.LOGOUT_USERNAME, nameQualifier);
request.getSession().setAttribute(SSOConstants.SP_NAME_QUALIFIER, spNameQualifier);
}
}
Example 8
| Source File: SAML2SSOManager.java From carbon-identity with Apache License 2.0 | 4 votes |
|
protected void processSSOResponse(HttpServletRequest request) throws SSOAgentException {
LoggedInSessionBean sessionBean = new LoggedInSessionBean();
sessionBean.setSAML2SSO(sessionBean.new SAML2SSO());
String saml2ResponseString =
new String(Base64.decode(request.getParameter(
SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_RESP)), Charset.forName("UTF-8"));
Response saml2Response = (Response) SSOAgentUtils.unmarshall(saml2ResponseString);
sessionBean.getSAML2SSO().setResponseString(saml2ResponseString);
sessionBean.getSAML2SSO().setSAMLResponse(saml2Response);
Assertion assertion = null;
if (ssoAgentConfig.getSAML2().isAssertionEncrypted()) {
List<EncryptedAssertion> encryptedAssertions = saml2Response.getEncryptedAssertions();
EncryptedAssertion encryptedAssertion = null;
if (!CollectionUtils.isEmpty(encryptedAssertions)) {
encryptedAssertion = encryptedAssertions.get(0);
try {
assertion = getDecryptedAssertion(encryptedAssertion);
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Assertion decryption failure : ", e);
}
throw new SSOAgentException("Unable to decrypt the SAML2 Assertion");
}
}
} else {
List<Assertion> assertions = saml2Response.getAssertions();
if (assertions != null && !assertions.isEmpty()) {
assertion = assertions.get(0);
}
}
if (assertion == null) {
if (isNoPassive(saml2Response)) {
LOGGER.log(Level.FINE, "Cannot authenticate in passive mode");
return;
}
throw new SSOAgentException("SAML2 Assertion not found in the Response");
}
String idPEntityIdValue = assertion.getIssuer().getValue();
if (idPEntityIdValue == null || idPEntityIdValue.isEmpty()) {
throw new SSOAgentException("SAML2 Response does not contain an Issuer value");
} else if (!idPEntityIdValue.equals(ssoAgentConfig.getSAML2().getIdPEntityId())) {
throw new SSOAgentException("SAML2 Response Issuer verification failed");
}
sessionBean.getSAML2SSO().setAssertion(assertion);
// Cannot marshall SAML assertion here, before signature validation due to a weird issue in OpenSAML
// Get the subject name from the Response Object and forward it to login_action.jsp
String subject = null;
if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) {
subject = assertion.getSubject().getNameID().getValue();
}
if (subject == null) {
throw new SSOAgentException("SAML2 Response does not contain the name of the subject");
}
sessionBean.getSAML2SSO().setSubjectId(subject); // set the subject
request.getSession().setAttribute(SSOAgentConstants.SESSION_BEAN_NAME, sessionBean);
// validate audience restriction
validateAudienceRestriction(assertion);
// validate signature
validateSignature(saml2Response, assertion);
// Marshalling SAML2 assertion after signature validation due to a weird issue in OpenSAML
sessionBean.getSAML2SSO().setAssertionString(marshall(assertion));
((LoggedInSessionBean) request.getSession().getAttribute(
SSOAgentConstants.SESSION_BEAN_NAME)).getSAML2SSO().
setSubjectAttributes(getAssertionStatements(assertion));
//For removing the session when the single sign out request made by the SP itself
if (ssoAgentConfig.getSAML2().isSLOEnabled()) {
String sessionId = assertion.getAuthnStatements().get(0).getSessionIndex();
if (sessionId == null) {
throw new SSOAgentException("Single Logout is enabled but IdP Session ID not found in SAML2 Assertion");
}
((LoggedInSessionBean) request.getSession().getAttribute(
SSOAgentConstants.SESSION_BEAN_NAME)).getSAML2SSO().setSessionIndex(sessionId);
SSOAgentSessionManager.addAuthenticatedSession(request.getSession(false));
}
request.getSession().setAttribute(SSOAgentConstants.SESSION_BEAN_NAME, sessionBean);
}
Example 9
| Source File: SAMLSSORelyingPartyObject.java From carbon-commons with Apache License 2.0 | 4 votes |
|
/**
* Set the current session as authenticated by mapping with current session id to session index.
*
* @param cx
* @param thisObj
* @param args -args[0]- current session id, args[1]-SAML response
* @param funObj
* @throws Exception
*/
public static void jsFunction_setSessionAuthenticated(Context cx, Scriptable thisObj,
Object[] args,
Function funObj)
throws Exception {
int argLength = args.length;
if (argLength != 2 || !(args[0] instanceof String) || !(args[1] instanceof String)) {
throw new ScriptException("Invalid argument. Current session id and SAML response are missing.");
}
String decodedString = Util.decode((String) args[1]);
SAMLSSORelyingPartyObject relyingPartyObject = (SAMLSSORelyingPartyObject) thisObj;
XMLObject samlObject = Util.unmarshall(decodedString);
String sessionIndex = null;
String username = null;
if (samlObject instanceof Response) {
Response samlResponse = (Response) samlObject;
List<Assertion> assertions = samlResponse.getAssertions();
// extract the session index
if (assertions != null && assertions.size() > 0) {
List<AuthnStatement> authenticationStatements = assertions.get(0).getAuthnStatements();
AuthnStatement authnStatement = authenticationStatements.get(0);
if (authnStatement != null) {
if (authnStatement.getSessionIndex() != null) {
sessionIndex = authnStatement.getSessionIndex();
}
}
}
// extract the username
if (assertions != null && assertions.size() > 0) {
Subject subject = assertions.get(0).getSubject();
if (subject != null) {
if (subject.getNameID() != null) {
username = subject.getNameID().getValue();
}
}
}
}
if (sessionIndex == null) {
throw new Exception("Failed to get session index from authentication statement in SAML response.");
}
if (username == null) {
throw new Exception("Failed to get subject assertion from SAML response.");
}
SessionInfo sessionInfo = new SessionInfo((String) args[0]);
sessionInfo.setSessionIndex(sessionIndex);
sessionInfo.setLoggedInUser(username);
sessionInfo.setSamlToken((String) args[1]);//We expect an encoded SamlToken here.
relyingPartyObject.addSessionInfo(sessionInfo);
}
