Java Code Examples for org.apache.wss4j.common.saml.builder.SAML2Constants#CONF_BEARER

The following examples show how to use org.apache.wss4j.common.saml.builder.SAML2Constants#CONF_BEARER . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultSubjectProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * Get the SubjectConfirmation method given a tokenType and keyType
 */
protected String getSubjectConfirmationMethod(String tokenType, String keyType) {
    if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
        || WSS4JConstants.SAML_NS.equals(tokenType)) {
        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
            || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            return SAML1Constants.CONF_HOLDER_KEY;
        }
        return SAML1Constants.CONF_BEARER;
    }
    if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
        || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
        return SAML2Constants.CONF_HOLDER_KEY;
    }
    return SAML2Constants.CONF_BEARER;
}
 
Example 2
Source File: Saml2CallbackHandler.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {

            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_20);

            callback.setIssuer("sts");
            String subjectName = "uid=alice";
            String confirmationMethod = SAML2Constants.CONF_BEARER;

            SubjectBean subjectBean =
                new SubjectBean(subjectName, null, confirmationMethod);
            callback.setSubject(subjectBean);

            AttributeStatementBean attrBean = new AttributeStatementBean();
            if (subjectBean != null) {
                attrBean.setSubject(subjectBean);
            }
            AttributeBean attributeBean = new AttributeBean();
            attributeBean.setQualifiedName("role");
            attributeBean.addAttributeValue("user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
        }
    }
}
 
Example 3
Source File: SVSubjectProvider.java    From cxf with Apache License 2.0 5 votes vote down vote up
/**
 * Get the SubjectConfirmation method given a tokenType and keyType
 */
@Override
protected String getSubjectConfirmationMethod(String tokenType, String keyType) {
    if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
        || WSS4JConstants.SAML2_NS.equals(tokenType)) {
        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
            || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            return SAML2Constants.CONF_SENDER_VOUCHES;
        }
        return SAML2Constants.CONF_BEARER;
    }
    return extracted(keyType);
}
 
Example 4
Source File: CustomSubjectProvider.java    From cxf with Apache License 2.0 5 votes vote down vote up
/**
 * Get the SubjectConfirmation method given a tokenType and keyType
 */
private String getSubjectConfirmationMethod(String tokenType, String keyType) {
    if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
        || WSS4JConstants.SAML2_NS.equals(tokenType)) {
        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
            || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            return SAML2Constants.CONF_HOLDER_KEY;
        }
        return SAML2Constants.CONF_BEARER;
    }
    return extracted(keyType);
}
 
Example 5
Source File: SAML2CallbackHandler.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public SAML2CallbackHandler() {
    // Required for Holder-Of-Key. Commented out.
    /*
    if (certs == null) {
        Crypto crypto = CryptoFactory.getInstance("wss40.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        certs = crypto.getX509Certificates(cryptoType);
    }
    */

    subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
    subjectQualifier = "www.example.com";
    confirmationMethod = SAML2Constants.CONF_BEARER;
}
 
Example 6
Source File: SAML1CallbackHandler.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public SAML1CallbackHandler() throws Exception {
    // Required for Holder-Of-Key. Commented out.
    /*
    if (certs == null) {
        Crypto crypto = CryptoFactory.getInstance("wss40.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        certs = crypto.getX509Certificates(cryptoType);
    }
    */

    subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
    subjectQualifier = "www.example.com";
    confirmationMethod = SAML2Constants.CONF_BEARER;
}
 
Example 7
Source File: SamlCallbackHandler.java    From cxf with Apache License 2.0 4 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (!saml2) {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";

            String subjectConfMethod = confirmationMethod;
            if (subjectConfMethod == null && !saml2) {
                subjectConfMethod = SAML1Constants.CONF_BEARER;
            } else if (subjectConfMethod == null && saml2) {
                subjectConfMethod = SAML2Constants.CONF_BEARER;
            }

            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, subjectConfMethod
                );
            if (SAML2Constants.CONF_HOLDER_KEY.equals(subjectConfMethod)
                || SAML1Constants.CONF_HOLDER_KEY.equals(subjectConfMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }

            callback.setSubject(subjectBean);

            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);

            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));

            try {
                String file = "alice.properties";
                Crypto crypto = CryptoFactory.getInstance(file);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName("alice");
                callback.setIssuerKeyPassword("password");
                callback.setSignAssertion(signed);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
 
Example 8
Source File: AbstractTrustedIdpOAuth2ProtocolHandler.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
protected SamlAssertionWrapper createSamlAssertion(Idp idp, TrustedIdp trustedIdp, JsonMapObject claims, 
                                                 String subjectName,
                                                 Instant notBefore,
                                                 Instant expires) throws Exception {
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    String issuer = idp.getServiceDisplayName();
    if (issuer == null) {
        issuer = idp.getRealm();
    }
    if (issuer != null) {
        callbackHandler.setIssuer(issuer);
    }

    // Subject
    SubjectBean subjectBean =
        new SubjectBean(subjectName, SAML2Constants.NAMEID_FORMAT_UNSPECIFIED, SAML2Constants.CONF_BEARER);
    callbackHandler.setSubjectBean(subjectBean);

    // Conditions
    ConditionsBean conditionsBean = new ConditionsBean();
    conditionsBean.setNotAfter(new DateTime(Date.from(expires)));
    if (notBefore != null) {
        DateTime notBeforeDT = new DateTime(Date.from(notBefore));
        conditionsBean.setNotBefore(notBeforeDT);
    } else {
        conditionsBean.setNotBefore(new DateTime());
    }
    callbackHandler.setConditionsBean(conditionsBean);

    // Claims
    String claimsHandler = getProperty(trustedIdp, CLAIMS_HANDLER);
    if (claimsHandler != null) {
        ClaimsHandler claimsHandlerImpl = (ClaimsHandler)Loader.loadClass(claimsHandler).newInstance();
        AttributeStatementBean attrStatementBean = claimsHandlerImpl.handleClaims(claims);
        callbackHandler.setAttrBean(attrStatementBean);
    }

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);

    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    Crypto crypto = CertsUtils.getCryptoFromCertificate(idp.getCertificate());
    assertion.signAssertion(crypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
                            crypto, false);

    return assertion;
}