org.opensaml.saml1.core.NameIdentifier Java Examples
The following examples show how to use
org.opensaml.saml1.core.NameIdentifier.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SAML1ArtifactType0001Builder.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** {@inheritDoc} */
public SAML1ArtifactType0001 buildArtifact(
SAMLMessageContext<RequestAbstractType, Response, NameIdentifier> requestContext, Assertion assertion) {
try {
MessageDigest sha1Digester = MessageDigest.getInstance("SHA-1");
byte[] source = sha1Digester.digest(requestContext.getLocalEntityId().getBytes());
SecureRandom handleGenerator = SecureRandom.getInstance("SHA1PRNG");
byte[] assertionHandle = new byte[20];
handleGenerator.nextBytes(assertionHandle);
return new SAML1ArtifactType0001(source, assertionHandle);
} catch (NoSuchAlgorithmException e) {
log.error("JVM does not support required cryptography algorithms.", e);
throw new InternalError("JVM does not support required cryptography algorithms: SHA-1 and/or SHA1PRNG.");
}
}
Example #2
| Source File: SAML1ArtifactType0002Builder.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** {@inheritDoc} */
public SAML1ArtifactType0002 buildArtifact(
SAMLMessageContext<RequestAbstractType, Response, NameIdentifier> requestContext, Assertion assertion) {
try {
String sourceLocation = getSourceLocation(requestContext);
if (sourceLocation == null) {
return null;
}
SecureRandom handleGenerator = SecureRandom.getInstance("SHA1PRNG");
byte[] assertionHandle = new byte[20];
handleGenerator.nextBytes(assertionHandle);
return new SAML1ArtifactType0002(assertionHandle, sourceLocation);
} catch (NoSuchAlgorithmException e) {
log.error("JVM does not support required cryptography algorithms: SHA1PRNG.", e);
throw new InternalError("JVM does not support required cryptography algorithms: SHA1PRNG.");
}
}
Example #3
| Source File: SAML1ArtifactType0002Builder.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Gets the source location used to for the artifacts created by this encoder.
*
* @param requestContext current request context
*
* @return source location used to for the artifacts created by this encoder
*/
protected String getSourceLocation(SAMLMessageContext<RequestAbstractType, Response, NameIdentifier> requestContext) {
BasicEndpointSelector selector = new BasicEndpointSelector();
selector.setEndpointType(ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
selector.getSupportedIssuerBindings().add(SAMLConstants.SAML1_SOAP11_BINDING_URI);
selector.setMetadataProvider(requestContext.getMetadataProvider());
selector.setEntityMetadata(requestContext.getLocalEntityMetadata());
selector.setEntityRoleMetadata(requestContext.getLocalEntityRoleMetadata());
Endpoint acsEndpoint = selector.selectEndpoint();
if (acsEndpoint == null) {
log.error("Unable to select source location for artifact. No artifact resolution service defined for issuer.");
return null;
}
return acsEndpoint.getLocation();
}
Example #4
| Source File: Saml10SuccessResponseView.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
private Subject newSubject(final String identifier) {
final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class);
final ConfirmationMethod method = newSamlObject(ConfirmationMethod.class);
method.setConfirmationMethod(CONFIRMATION_METHOD);
confirmation.getConfirmationMethods().add(method);
final NameIdentifier nameIdentifier = newSamlObject(NameIdentifier.class);
nameIdentifier.setNameIdentifier(identifier);
final Subject subject = newSamlObject(Subject.class);
subject.setNameIdentifier(nameIdentifier);
subject.setSubjectConfirmation(confirmation);
return subject;
}
Example #5
| Source File: AuthenticationRequestBuilder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Generate an authentication request with passive support.
*
* @return AuthnRequest Object
* @throws Exception
*/
public AuthnRequest buildAuthenticationRequest(String subjectName, String nameIdPolicyFormat, boolean isPassive)
throws Exception {
if (log.isDebugEnabled()) {
log.debug("Building Authentication Request");
}
Util.doBootstrap();
AuthnRequest authnRequest = (AuthnRequest) Util
.buildXMLObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
authnRequest.setID(Util.createID());
authnRequest.setVersion(SAMLVersion.VERSION_20);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setIssuer(buildIssuer());
authnRequest.setNameIDPolicy(buildNameIDPolicy(nameIdPolicyFormat));
authnRequest.setIsPassive(isPassive);
authnRequest.setDestination(Util.getIdentityProviderSSOServiceURL());
String acs = Util.getAssertionConsumerServiceURL();
if (acs != null && acs.trim().length() > 0) {
authnRequest.setAssertionConsumerServiceURL(acs);
} else {
authnRequest.setAssertionConsumerServiceURL(CarbonUIUtil.getAdminConsoleURL("").replace("carbon/", "acs"));
}
if (subjectName != null) {
Subject subject = new SubjectBuilder().buildObject();
NameID nameId = new NameIDBuilder().buildObject();
nameId.setValue(subjectName);
nameId.setFormat(NameIdentifier.EMAIL);
subject.setNameID(nameId);
authnRequest.setSubject(subject);
}
Util.setSignature(authnRequest, XMLSignature.ALGO_ID_SIGNATURE_RSA, new SignKeyDataHolder());
return authnRequest;
}
Example #6
| Source File: NameIdentifierMarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException {
NameIdentifier nameIdentifier = (NameIdentifier) samlElement;
if (nameIdentifier.getNameQualifier() != null) {
domElement
.setAttributeNS(null, NameIdentifier.NAMEQUALIFIER_ATTRIB_NAME, nameIdentifier.getNameQualifier());
}
if (nameIdentifier.getFormat() != null) {
domElement.setAttributeNS(null, NameIdentifier.FORMAT_ATTRIB_NAME, nameIdentifier.getFormat());
}
}
Example #7
| Source File: NameIdentifierMarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
NameIdentifier nameIdentifier = (NameIdentifier) samlObject;
if (nameIdentifier.getNameIdentifier() != null) {
XMLHelper.appendTextContent(domElement, nameIdentifier.getNameIdentifier());
}
}
Example #8
| Source File: SubjectUnmarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
throws UnmarshallingException {
Subject subject = (Subject) parentSAMLObject;
if (childSAMLObject instanceof NameIdentifier) {
subject.setNameIdentifier((NameIdentifier) childSAMLObject);
} else if (childSAMLObject instanceof SubjectConfirmation) {
subject.setSubjectConfirmation((SubjectConfirmation) childSAMLObject);
} else {
super.processChildElement(parentSAMLObject, childSAMLObject);
}
}
Example #9
| Source File: NameIdentifierUnmarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
NameIdentifier nameIdentifier = (NameIdentifier) samlObject;
if (NameIdentifier.FORMAT_ATTRIB_NAME.equals(attribute.getLocalName())) {
nameIdentifier.setFormat(attribute.getValue());
} else if (NameIdentifier.NAMEQUALIFIER_ATTRIB_NAME.equals(attribute.getLocalName())) {
nameIdentifier.setNameQualifier(attribute.getValue());
} else {
super.processAttribute(samlObject, attribute);
}
}
Example #10
| Source File: SAMLSSOConfigAdmin.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* Retrieve all the relying party service providers
*
* @return set of RP Service Providers + file path of pub. key of generated key pair
*/
public SAMLSSOServiceProviderInfoDTO getServiceProviders() throws IdentityException {
SAMLSSOServiceProviderDTO[] serviceProviders = null;
try {
IdentityPersistenceManager persistenceManager = IdentityPersistenceManager
.getPersistanceManager();
SAMLSSOServiceProviderDO[] providersSet = persistenceManager.
getServiceProviders(registry);
serviceProviders = new SAMLSSOServiceProviderDTO[providersSet.length];
for (int i = 0; i < providersSet.length; i++) {
SAMLSSOServiceProviderDO providerDO = providersSet[i];
SAMLSSOServiceProviderDTO providerDTO = new SAMLSSOServiceProviderDTO();
providerDTO.setIssuer(providerDO.getIssuer());
providerDTO.setAssertionConsumerUrls(providerDO.getAssertionConsumerUrls());
providerDTO.setDefaultAssertionConsumerUrl(providerDO.getDefaultAssertionConsumerUrl());
providerDTO.setSigningAlgorithmURI(providerDO.getSigningAlgorithmUri());
providerDTO.setDigestAlgorithmURI(providerDO.getDigestAlgorithmUri());
providerDTO.setCertAlias(providerDO.getCertAlias());
providerDTO.setAttributeConsumingServiceIndex(providerDO.getAttributeConsumingServiceIndex());
providerDTO.setDoSignResponse(providerDO.isDoSignResponse());
providerDTO.setDoSignAssertions(providerDO.isDoSignAssertions());
providerDTO.setDoSingleLogout(providerDO.isDoSingleLogout());
if (providerDO.getLoginPageURL() == null || "null".equals(providerDO.getLoginPageURL())) {
providerDTO.setLoginPageURL("");
} else {
providerDTO.setLoginPageURL(providerDO.getLoginPageURL());
}
providerDTO.setSloResponseURL(providerDO.getSloResponseURL());
providerDTO.setSloRequestURL(providerDO.getSloRequestURL());
providerDTO.setRequestedClaims(providerDO.getRequestedClaims());
providerDTO.setRequestedAudiences(providerDO.getRequestedAudiences());
providerDTO.setRequestedRecipients(providerDO.getRequestedRecipients());
providerDTO.setEnableAttributesByDefault(providerDO.isEnableAttributesByDefault());
providerDTO.setNameIdClaimUri(providerDO.getNameIdClaimUri());
providerDTO.setNameIDFormat(providerDO.getNameIDFormat());
if (providerDTO.getNameIDFormat() == null) {
providerDTO.setNameIDFormat(NameIdentifier.EMAIL);
}
providerDTO.setNameIDFormat(providerDTO.getNameIDFormat().replace(":", "/"));
providerDTO.setIdPInitSSOEnabled(providerDO.isIdPInitSSOEnabled());
providerDTO.setIdPInitSLOEnabled(providerDO.isIdPInitSLOEnabled());
providerDTO.setIdpInitSLOReturnToURLs(providerDO.getIdpInitSLOReturnToURLs());
providerDTO.setDoEnableEncryptedAssertion(providerDO.isDoEnableEncryptedAssertion());
providerDTO.setDoValidateSignatureInRequests(providerDO.isDoValidateSignatureInRequests());
serviceProviders[i] = providerDTO;
}
} catch (IdentityException e) {
log.error("Error obtaining a registry intance for reading service provider list", e);
throw IdentityException.error("Error obtaining a registry intance for reading service provider list", e);
}
SAMLSSOServiceProviderInfoDTO serviceProviderInfoDTO = new SAMLSSOServiceProviderInfoDTO();
serviceProviderInfoDTO.setServiceProviders(serviceProviders);
//if it is tenant zero
if (registry.getTenantId() == 0) {
serviceProviderInfoDTO.setTenantZero(true);
}
return serviceProviderInfoDTO;
}
Example #11
| Source File: NameIdentifierBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public NameIdentifier buildObject(String namespaceURI, String localName, String namespacePrefix) {
return new NameIdentifierImpl(namespaceURI, localName, namespacePrefix);
}
Example #12
| Source File: NameIdentifierBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public NameIdentifier buildObject() {
return buildObject(SAMLConstants.SAML1_NS, NameIdentifier.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML1_PREFIX);
}
Example #13
| Source File: NameIdentifierUnmarshaller.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
protected void processElementContent(XMLObject samlObject, String elementContent) {
NameIdentifier nameIdentifier = (NameIdentifier) samlObject;
nameIdentifier.setNameIdentifier(elementContent);
}
Example #14
| Source File: SubjectImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public void setNameIdentifier(NameIdentifier nameIdentifier) throws IllegalArgumentException {
this.nameIdentifier = prepareForAssignment(this.nameIdentifier, nameIdentifier);
}
Example #15
| Source File: SubjectImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public NameIdentifier getNameIdentifier() {
return nameIdentifier;
}
Example #16
| Source File: HTTPArtifactEncoder.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
protected void doEncode(MessageContext messageContext) throws MessageEncodingException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Invalid message context type, this encoder only support SAMLMessageContext");
throw new MessageEncodingException(
"Invalid message context type, this encoder only support SAMLMessageContext");
}
if (!(messageContext.getOutboundMessageTransport() instanceof HTTPOutTransport)) {
log.error("Invalid outbound message transport type, this encoder only support HTTPOutTransport");
throw new MessageEncodingException(
"Invalid outbound message transport type, this encoder only support HTTPOutTransport");
}
SAMLMessageContext<SAMLObject, Response, NameIdentifier> artifactContext = (SAMLMessageContext) messageContext;
HTTPOutTransport outTransport = (HTTPOutTransport) artifactContext.getOutboundMessageTransport();
URLBuilder urlBuilder = getEndpointURL(artifactContext);
List<Pair<String, String>> params = urlBuilder.getQueryParams();
params.add(new Pair<String, String>("TARGET", artifactContext.getRelayState()));
SAML1ArtifactBuilder artifactBuilder;
if (artifactContext.getOutboundMessageArtifactType() != null) {
artifactBuilder = Configuration.getSAML1ArtifactBuilderFactory().getArtifactBuilder(
artifactContext.getOutboundMessageArtifactType());
} else {
artifactBuilder = Configuration.getSAML1ArtifactBuilderFactory().getArtifactBuilder(defaultArtifactType);
artifactContext.setOutboundMessageArtifactType(defaultArtifactType);
}
AbstractSAML1Artifact artifact;
String artifactString;
for (Assertion assertion : artifactContext.getOutboundSAMLMessage().getAssertions()) {
artifact = artifactBuilder.buildArtifact(artifactContext, assertion);
if(artifact == null){
log.error("Unable to build artifact for message to relying party");
throw new MessageEncodingException("Unable to builder artifact for message to relying party");
}
try {
artifactMap.put(artifact.base64Encode(), messageContext.getInboundMessageIssuer(), messageContext
.getOutboundMessageIssuer(), assertion);
} catch (MarshallingException e) {
log.error("Unable to marshall assertion to be represented as an artifact", e);
throw new MessageEncodingException("Unable to marshall assertion to be represented as an artifact", e);
}
artifactString = artifact.base64Encode();
params.add(new Pair<String, String>("SAMLart", artifactString));
}
String redirectUrl = urlBuilder.buildURL();
log.debug("Sending redirect to URL {} to relying party {}", redirectUrl, artifactContext
.getInboundMessageIssuer());
outTransport.sendRedirect(urlBuilder.buildURL());
}
Example #17
| Source File: SAML1ArtifactBuilder.java From lams with GNU General Public License v2.0 | 2 votes |
|
/**
* Builds an artifact, for the given assertion, destined for the outbound message recipient.
*
* @param requestContext request context
* @param assertion assertion to build artifact for
*
* @return constructed artifcate
*/
public ArtifactType buildArtifact(SAMLMessageContext<RequestAbstractType, Response, NameIdentifier> requestContext,
Assertion assertion);
