org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration Java Examples
The following examples show how to use
org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: RequestedAuthnContextUnmarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
RequestedAuthnContext rac = (RequestedAuthnContext) samlObject;
if (attribute.getLocalName().equals(RequestedAuthnContext.COMPARISON_ATTRIB_NAME)) {
if ("exact".equals(attribute.getValue())) {
rac.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
} else if ("minimum".equals(attribute.getValue())) {
rac.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
} else if ("maximum".equals(attribute.getValue())) {
rac.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
} else if ("better".equals(attribute.getValue())) {
rac.setComparison(AuthnContextComparisonTypeEnumeration.BETTER);
} else {
throw new UnmarshallingException("Saw an invalid value for Comparison attribute: "
+ attribute.getValue());
}
} else {
super.processAttribute(samlObject, attribute);
}
}
Example #2
| Source File: SAMLUtils.java From cloudstack with Apache License 2.0 | 5 votes |
|
public static AuthnRequest buildAuthnRequestObject(final String authnId, final String spId, final String idpUrl, final String consumerUrl) {
// Issuer object
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(spId);
// AuthnContextClass
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(
SAMLConstants.SAML20_NS,
"AuthnContextClassRef", "saml");
authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
// AuthnContext
RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
// Creation of AuthRequestObject
AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
AuthnRequest authnRequest = authRequestBuilder.buildObject();
authnRequest.setID(authnId);
authnRequest.setDestination(idpUrl);
authnRequest.setVersion(SAMLVersion.VERSION_20);
authnRequest.setForceAuthn(false);
authnRequest.setIsPassive(false);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
authnRequest.setAssertionConsumerServiceURL(consumerUrl);
authnRequest.setProviderName(spId);
authnRequest.setIssuer(issuer);
authnRequest.setRequestedAuthnContext(requestedAuthnContext);
return authnRequest;
}
Example #3
| Source File: RequestedAuthnContextImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public AuthnContextComparisonTypeEnumeration getComparison() {
return this.comparison;
}
Example #4
| Source File: RequestedAuthnContextImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public void setComparison(AuthnContextComparisonTypeEnumeration newComparison) {
this.comparison = prepareForAssignment(this.comparison, newComparison);
}
Example #5
| Source File: WebSSOProfileOptionProperties.java From spring-boot-security-saml with MIT License | 4 votes |
|
AuthnContextComparisonType(AuthnContextComparisonTypeEnumeration typeEnumeration) {
this.typeEnumeration = typeEnumeration;
}
Example #6
| Source File: WebSSOProfileOptionProperties.java From spring-boot-security-saml with MIT License | 4 votes |
|
public AuthnContextComparisonTypeEnumeration getType() {
return this.typeEnumeration;
}
Example #7
| Source File: SSOConfigurerTest.java From spring-boot-security-saml with MIT License | 4 votes |
|
@SuppressWarnings("unchecked")
@Test
public void configure_custom_entry_point() throws Exception {
SSOConfigurer configurer = spy(new SSOConfigurer());
SAMLProcessingFilter ssoFilter = mock(SAMLProcessingFilter.class);
when(configurer.createDefaultSamlProcessingFilter()).thenReturn(ssoFilter);
SAMLWebSSOHoKProcessingFilter ssoHoKFilter = mock(SAMLWebSSOHoKProcessingFilter.class);
when(configurer.createDefaultSamlHoKProcessingFilter()).thenReturn(ssoHoKFilter);
SAMLDiscovery discoveryFilter = mock(SAMLDiscovery.class);
when(configurer.createDefaultSamlDiscoveryFilter()).thenReturn(discoveryFilter);
when(configurer.createDefaultSamlEntryPoint()).thenThrow(IllegalStateException.class);
SavedRequestAwareAuthenticationSuccessHandler successHandler = mock(SavedRequestAwareAuthenticationSuccessHandler.class);
SimpleUrlAuthenticationFailureHandler failureHandler = mock(SimpleUrlAuthenticationFailureHandler.class);
WebSSOProfileOptions profileOptions = new WebSSOProfileOptions();
profileOptions.setAllowCreate(true);
profileOptions.setAllowedIDPs(Collections.singleton("allowedIdps"));
profileOptions.setAssertionConsumerIndex(999);
profileOptions.setAuthnContextComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
profileOptions.setAuthnContexts(Collections.singleton("contexts"));
profileOptions.setBinding("binding");
profileOptions.setForceAuthN(true);
profileOptions.setIncludeScoping(true);
profileOptions.setNameID("nameId");
profileOptions.setPassive(true);
profileOptions.setProviderName("providerName");
profileOptions.setProxyCount(null);
profileOptions.setRelayState("relayState");
SAMLEntryPoint customEntryPoint = mock(SAMLEntryPoint.class);
configurer.init(builder);
configurer
.defaultSuccessURL("/success")
.failureHandler(failureHandler)
.successHandler(successHandler)
.defaultFailureURL("/failure")
.discoveryProcessingURL("/discovery")
.enableSsoHoK(true)
.idpSelectionPageURL("/idp")
.profileOptions(profileOptions)
.ssoHoKProcessingURL("/hok")
.ssoLoginURL("/login")
.ssoProcessingURL("/sso")
.samlEntryPoint(customEntryPoint);
configurer.configure(builder);
verify(properties, never()).getDefaultFailureUrl();
verify(properties, never()).getDefaultSuccessUrl();
verify(properties, never()).getDiscoveryProcessingUrl();
verify(properties, never()).getIdpSelectionPageUrl();
verify(properties, never()).getSsoHokProcessingUrl();
verify(properties, never()).getSsoLoginUrl();
verify(properties, never()).getSsoProcessingUrl();
verify(properties, never()).getProfileOptions();
verify(successHandler, never()).setDefaultTargetUrl(eq("/success"));
verify(failureHandler, never()).setDefaultFailureUrl(eq("/failure"));
verify(ssoFilter).setAuthenticationManager(eq(authenticationManager));
verify(ssoFilter).setAuthenticationSuccessHandler(eq(successHandler));
verify(ssoFilter).setAuthenticationFailureHandler(eq(failureHandler));
verify(ssoFilter).setFilterProcessesUrl(eq("/sso"));
verify(ssoHoKFilter).setAuthenticationManager(eq(authenticationManager));
verify(ssoHoKFilter).setAuthenticationSuccessHandler(eq(successHandler));
verify(ssoHoKFilter).setAuthenticationFailureHandler(eq(failureHandler));
verify(ssoHoKFilter).setFilterProcessesUrl(eq("/hok"));
verify(serviceProviderEndpoints).setSsoProcessingURL("/sso");
verify(serviceProviderEndpoints).setSsoHoKProcessingURL("/hok");
verify(serviceProviderEndpoints).setDefaultFailureURL("/failure");
verify(serviceProviderEndpoints).setDiscoveryProcessingURL("/discovery");
verify(serviceProviderEndpoints).setIdpSelectionPageURL("/idp");
verify(serviceProviderEndpoints).setSsoLoginURL("/login");
verify(discoveryFilter).setFilterProcessesUrl(eq("/discovery"));
verify(discoveryFilter).setIdpSelectionPath(eq("/idp"));
verify(customEntryPoint).setFilterProcessesUrl(eq("/login"));
ArgumentCaptor<WebSSOProfileOptions> optionsCaptor = ArgumentCaptor.forClass(WebSSOProfileOptions.class);
verify(customEntryPoint).setDefaultProfileOptions(optionsCaptor.capture());
WebSSOProfileOptions options = optionsCaptor.getValue();
Assertions.assertThat(options.isAllowCreate()).isEqualTo(true);
Assertions.assertThat(options.getAllowedIDPs()).containsExactly("allowedIdps");
Assertions.assertThat(options.getAssertionConsumerIndex()).isEqualTo(999);
Assertions.assertThat(options.getAuthnContextComparison()).isEqualTo(AuthnContextComparisonTypeEnumeration.MINIMUM);
Assertions.assertThat(options.getAuthnContexts()).containsExactly("contexts");
Assertions.assertThat(options.getBinding()).isEqualTo("binding");
Assertions.assertThat(options.getForceAuthN()).isEqualTo(true);
Assertions.assertThat(options.isIncludeScoping()).isEqualTo(true);
Assertions.assertThat(options.getNameID()).isEqualTo("nameId");
Assertions.assertThat(options.getPassive()).isEqualTo(true);
Assertions.assertThat(options.getProviderName()).isEqualTo("providerName");
Assertions.assertThat(options.getProxyCount()).isEqualTo(null);
Assertions.assertThat(options.getRelayState()).isEqualTo("relayState");
verify(builder).setSharedObject(eq(SAMLProcessingFilter.class), eq(ssoFilter));
verify(builder).setSharedObject(eq(SAMLWebSSOHoKProcessingFilter.class), eq(ssoHoKFilter));
verify(builder).setSharedObject(eq(SAMLDiscovery.class), eq(discoveryFilter));
verify(builder).setSharedObject(eq(SAMLEntryPoint.class), eq(customEntryPoint));
}
Example #8
| Source File: DefaultSAML2SSOManager.java From carbon-identity with Apache License 2.0 | 4 votes |
|
private RequestedAuthnContext buildRequestedAuthnContext(AuthnRequest inboundAuthnRequest) throws SAMLSSOException {
/* AuthnContext */
RequestedAuthnContextBuilder requestedAuthnContextBuilder = null;
RequestedAuthnContext requestedAuthnContext = null;
String includeAuthnContext = properties
.get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_AUTHN_CONTEXT);
if (StringUtils.isNotEmpty(includeAuthnContext) && "as_request".equalsIgnoreCase(includeAuthnContext)) {
if (inboundAuthnRequest != null) {
RequestedAuthnContext incomingRequestedAuthnContext = inboundAuthnRequest.getRequestedAuthnContext();
if (incomingRequestedAuthnContext != null) {
requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
requestedAuthnContext.setDOM(incomingRequestedAuthnContext.getDOM());
}
}
} else if (StringUtils.isEmpty(includeAuthnContext) || "yes".equalsIgnoreCase(includeAuthnContext)) {
requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
/* AuthnContextClass */
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder
.buildObject(SAMLConstants.SAML20_NS,
AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME,
SAMLConstants.SAML20_PREFIX);
String authnContextClassProp = properties
.get(IdentityApplicationConstants.Authenticator.SAML2SSO.AUTHENTICATION_CONTEXT_CLASS);
if (StringUtils.isNotEmpty(authnContextClassProp)) {
authnContextClassRef.setAuthnContextClassRef(IdentityApplicationManagementUtil
.getSAMLAuthnContextClasses().get(authnContextClassProp));
} else {
authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
}
/* Authentication Context Comparison Level */
String authnContextComparison = properties
.get(IdentityApplicationConstants.Authenticator.SAML2SSO.AUTHENTICATION_CONTEXT_COMPARISON_LEVEL);
if (StringUtils.isNotEmpty(authnContextComparison)) {
if (AuthnContextComparisonTypeEnumeration.EXACT.toString().equalsIgnoreCase(
authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
} else if (AuthnContextComparisonTypeEnumeration.MINIMUM.toString().equalsIgnoreCase(
authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
} else if (AuthnContextComparisonTypeEnumeration.MAXIMUM.toString().equalsIgnoreCase(
authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
} else if (AuthnContextComparisonTypeEnumeration.BETTER.toString().equalsIgnoreCase(
authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.BETTER);
}
} else {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
}
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
}
return requestedAuthnContext;
}
Example #9
| Source File: SAML2SSOManager.java From carbon-identity with Apache License 2.0 | 4 votes |
|
protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOAgentException {
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer =
issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion",
"Issuer", "samlp");
issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());
/* NameIDPolicy */
NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
nameIdPolicy.setSPNameQualifier("Issuer");
nameIdPolicy.setAllowCreate(true);
/* AuthnContextClass */
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
AuthnContextClassRef authnContextClassRef =
authnContextClassRefBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion",
"AuthnContextClassRef",
"saml");
authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
/* AuthnContex */
RequestedAuthnContextBuilder requestedAuthnContextBuilder =
new RequestedAuthnContextBuilder();
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
DateTime issueInstant = new DateTime();
/* Creation of AuthRequestObject */
AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
AuthnRequest authRequest =
authRequestBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:protocol",
"AuthnRequest", "samlp");
authRequest.setForceAuthn(ssoAgentConfig.getSAML2().isForceAuthn());
authRequest.setIsPassive(ssoAgentConfig.getSAML2().isPassiveAuthn());
authRequest.setIssueInstant(issueInstant);
authRequest.setProtocolBinding(ssoAgentConfig.getSAML2().getHttpBinding());
authRequest.setAssertionConsumerServiceURL(ssoAgentConfig.getSAML2().getACSURL());
authRequest.setIssuer(issuer);
authRequest.setNameIDPolicy(nameIdPolicy);
authRequest.setRequestedAuthnContext(requestedAuthnContext);
authRequest.setID(SSOAgentUtils.createID());
authRequest.setVersion(SAMLVersion.VERSION_20);
authRequest.setDestination(ssoAgentConfig.getSAML2().getIdPURL());
if (request.getAttribute(Extensions.LOCAL_NAME) != null) {
authRequest.setExtensions((Extensions) request.getAttribute(Extensions.LOCAL_NAME));
}
/* Requesting Attributes. This Index value is registered in the IDP */
if (ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex() != null &&
ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex().trim().length() > 0) {
authRequest.setAttributeConsumingServiceIndex(Integer.parseInt(
ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex()));
}
return authRequest;
}
