org.opensaml.saml.saml2.core.SubjectConfirmationData Java Examples
The following examples show how to use
org.opensaml.saml.saml2.core.SubjectConfirmationData.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AbstractSaml20ObjectBuilder.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
|
/**
* New subject element.
*
* @param nameIdFormat the name id format
* @param nameIdValue the name id value
* @param recipient the recipient
* @param notOnOrAfter the not on or after
* @param inResponseTo the in response to
* @return the subject
*/
public Subject newSubject(final String nameIdFormat, final String nameIdValue,
final String recipient, final DateTime notOnOrAfter,
final String inResponseTo) {
final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class);
confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
final SubjectConfirmationData data = newSamlObject(SubjectConfirmationData.class);
data.setRecipient(recipient);
data.setNotOnOrAfter(notOnOrAfter);
data.setInResponseTo(inResponseTo);
confirmation.setSubjectConfirmationData(data);
final Subject subject = newSamlObject(Subject.class);
subject.setNameID(getNameID(nameIdFormat, nameIdValue));
subject.getSubjectConfirmations().add(confirmation);
return subject;
}
Example #2
| Source File: MockSamlIdpServer.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private SubjectConfirmation createSubjectConfirmation(String method, DateTime notOnOrAfter, String inResponseTo,
String recipient) {
SubjectConfirmation result = createSamlElement(SubjectConfirmation.class);
result.setMethod(method);
SubjectConfirmationData subjectConfirmationData = createSamlElement(SubjectConfirmationData.class);
result.setSubjectConfirmationData(subjectConfirmationData);
subjectConfirmationData.setInResponseTo(inResponseTo);
subjectConfirmationData.setNotOnOrAfter(notOnOrAfter);
subjectConfirmationData.setRecipient(recipient);
return result;
}
Example #3
| Source File: SamlOAuthValidator.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Validate a (Bearer) Subject Confirmation
*/
private void validateSubjectConfirmation(Message m,
Conditions cs,
SubjectConfirmationData subjectConfData) {
if (subjectConfData == null) {
if (!subjectConfirmationDataRequired
&& cs.getNotOnOrAfter() != null && !cs.getNotOnOrAfter().isBeforeNow()) {
return;
}
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
// Recipient must match assertion consumer URL
String recipient = subjectConfData.getRecipient();
if (recipient == null || !recipient.equals(getAbsoluteTargetAddress(m))) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
// We must have a NotOnOrAfter timestamp
if (subjectConfData.getNotOnOrAfter() == null
|| subjectConfData.getNotOnOrAfter().isBeforeNow()) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
//TODO: replay cache, same as with SAML SSO case
// Check address
if (subjectConfData.getAddress() != null
&& (clientAddress == null || !subjectConfData.getAddress().equals(clientAddress))) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}
Example #4
| Source File: SubjectValidator.java From verify-service-provider with MIT License | 4 votes |
|
public void validate(Subject subject, String expectedInResponseTo) {
if (subject == null) {
throw new SamlResponseValidationException("Subject is missing from the assertion.");
}
if (subject.getSubjectConfirmations().size() != 1) {
throw new SamlResponseValidationException("Exactly one subject confirmation is expected.");
}
SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0);
if (!METHOD_BEARER.equals(subjectConfirmation.getMethod())) {
throw new SamlResponseValidationException("Subject confirmation method must be 'bearer'.");
}
SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
if (subjectConfirmationData == null) {
throw new SamlResponseValidationException("Subject confirmation data is missing from the assertion.");
}
timeRestrictionValidator.validateNotBefore(subjectConfirmationData.getNotBefore());
DateTime notOnOrAfter = subjectConfirmationData.getNotOnOrAfter();
if (notOnOrAfter == null) {
throw new SamlResponseValidationException("Subject confirmation data must contain 'NotOnOrAfter'.");
}
timeRestrictionValidator.validateNotOnOrAfter(notOnOrAfter);
String actualInResponseTo = subjectConfirmationData.getInResponseTo();
if (actualInResponseTo == null) {
throw new SamlResponseValidationException("Subject confirmation data must contain 'InResponseTo'.");
}
if (!expectedInResponseTo.equals(actualInResponseTo)) {
throw new SamlResponseValidationException(String.format("'InResponseTo' must match requestId. Expected %s but was %s", expectedInResponseTo, actualInResponseTo));
}
if (subject.getNameID() == null) {
throw new SamlResponseValidationException("NameID is missing from the subject of the assertion.");
}
}
Example #5
| Source File: SamlServiceProviderTest.java From armeria with Apache License 2.0 | 4 votes |
|
private static Response getAuthResponse(String recipient) throws Exception {
// IdP entity ID
final Issuer issuer = build(Issuer.DEFAULT_ELEMENT_NAME);
issuer.setValue("http://idp.example.com/post");
final Assertion assertion = build(Assertion.DEFAULT_ELEMENT_NAME);
final Subject subject = build(Subject.DEFAULT_ELEMENT_NAME);
final SubjectConfirmation subjectConfirmation = build(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
final SubjectConfirmationData data = build(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
data.setInResponseTo(requestIdManager.newId());
data.setNotOnOrAfter(DateTime.now().plusMinutes(1));
data.setRecipient(recipient);
subjectConfirmation.setSubjectConfirmationData(data);
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
subject.getSubjectConfirmations().add(subjectConfirmation);
assertion.setSubject(subject);
assertion.setIssuer(XMLObjectSupport.cloneXMLObject(issuer));
assertion.setIssueInstant(DateTime.now());
assertion.setID(requestIdManager.newId());
final AuthnStatement authnStatement = build(AuthnStatement.DEFAULT_ELEMENT_NAME);
authnStatement.setSessionIndex("1");
assertion.getAuthnStatements().add(authnStatement);
final Conditions conditions = build(Conditions.DEFAULT_ELEMENT_NAME);
conditions.setNotBefore(DateTime.now().minusMinutes(1));
conditions.setNotOnOrAfter(DateTime.now().plusMinutes(1));
final AudienceRestriction audienceRestriction = build(AudienceRestriction.DEFAULT_ELEMENT_NAME);
final Audience audience = build(Audience.DEFAULT_ELEMENT_NAME);
// Set SP entity ID as an audience.
audience.setAudienceURI(spEntityId);
audienceRestriction.getAudiences().add(audience);
conditions.getAudienceRestrictions().add(audienceRestriction);
assertion.setConditions(conditions);
sign(assertion, idpCredential, signatureAlgorithm);
final Response response = build(Response.DEFAULT_ELEMENT_NAME);
response.getAssertions().add(assertion);
response.setID(requestIdManager.newId());
response.setIssuer(issuer);
response.setIssueInstant(DateTime.now());
final Status status = build(Status.DEFAULT_ELEMENT_NAME);
final StatusCode statusCode = build(StatusCode.DEFAULT_ELEMENT_NAME);
statusCode.setValue(StatusCode.SUCCESS);
status.setStatusCode(statusCode);
response.setStatus(status);
return response;
}
