Java Code Examples for org.opensaml.saml.saml2.core.Assertion#getSubject()
The following examples show how to use
org.opensaml.saml.saml2.core.Assertion#getSubject() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OnBehalfOfValidator.java From cxf with Apache License 2.0 | 6 votes |
@Override public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion(); Assertion saml2Assertion = assertion.getSaml2(); if (saml2Assertion == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } Subject subject = saml2Assertion.getSubject(); NameID nameID = subject.getNameID(); String subjectName = nameID.getValue(); if ("alice".equals(subjectName) || "bob".equals(subjectName)) { return validatedCredential; } throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); }
Example 2
Source File: Util.java From carbon-apimgt with Apache License 2.0 | 5 votes |
/** * Get the username from the SAML2 Assertion * * @param assertion SAML2 assertion * @return username */ public static String getUsernameFromAssertion(Assertion assertion, String usernameAttribute) { String username = null; if (!StringUtils.isEmpty(usernameAttribute)) { // There can be multiple AttributeStatements in Assertion List<AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements != null) { for (AttributeStatement attributeStatement : attributeStatements) { // There can be multiple Attributes in an attributeStatement List<Attribute> attributes = attributeStatement.getAttributes(); if (attributes != null) { for (Attribute attribute : attributes) { String attributeName = attribute.getDOM().getAttribute(SSOConstants.SAML_NAME_ATTRIBUTE); if (attributeName.equals(usernameAttribute)) { List<XMLObject> attributeValues = attribute.getAttributeValues(); // There can be multiple attribute values in an attribute, but get the first one username = attributeValues.get(0).getDOM().getTextContent(); if (log.isDebugEnabled()) { log.debug("Name of authenticated user from SAML response : " + username); } } } } } } } else { Subject subject = assertion.getSubject(); if (subject != null) { if (subject.getNameID() != null) { username = subject.getNameID().getValue(); if (log.isDebugEnabled()) { log.debug("Name of authenticated user from SAML response : " + username); } } } } return username; }
Example 3
Source File: ActAsValidator.java From cxf with Apache License 2.0 | 5 votes |
@Override public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion(); Assertion saml2Assertion = assertion.getSaml2(); if (saml2Assertion == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } // The technical user should be in the Subject Subject subject = saml2Assertion.getSubject(); if (subject == null || subject.getNameID() == null || !subject.getNameID().getValue().contains("www.client.com")) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } for (AttributeStatement statement : attributeStatements) { List<Attribute> attributes = statement.getAttributes(); for (Attribute attribute : attributes) { if (!"CustomActAs".equals(attribute.getName()) && !"ActAs".equals(attribute.getName())) { continue; } for (XMLObject attributeValue : attribute.getAttributeValues()) { Element attributeValueElement = attributeValue.getDOM(); String text = attributeValueElement.getTextContent(); if (text.contains("alice") || text.contains("bob")) { return validatedCredential; } } } } throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); }