org.opensaml.saml.saml2.core.Status Java Examples

The following examples show how to use org.opensaml.saml.saml2.core.Status. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenInResponseToDoesNotMatchRequestId() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage(String.format("Expected InResponseTo to be some-incorrect-request-id, but was %s", DEFAULT_REQUEST_ID));

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        "some-incorrect-request-id",
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #2
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public static LogoutResponse createSAMLLogoutResponse(
    String inResponseTo,
    String issuer,
    Status status,
    String destination
) {
    if (logoutResponseBuilder == null) {
        logoutResponseBuilder = (SAMLObjectBuilder<LogoutResponse>)
            builderFactory.getBuilder(LogoutResponse.DEFAULT_ELEMENT_NAME);
    }
    LogoutResponse response = logoutResponseBuilder.buildObject();

    response.setID(UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);
    response.setDestination(destination);

    return response;
}
 
Example #3
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
    String inResponseTo,
    Issuer issuer,
    Status status
) {
    if (responseBuilder == null) {
        responseBuilder = (SAMLObjectBuilder<Response>)
            builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
    }
    Response response = responseBuilder.buildObject();

    response.setID(UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(issuer);
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);

    return response;
}
 
Example #4
Source File: SAML2PResponseComponentBuilder.java    From cxf with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
    String inResponseTo,
    String issuer,
    Status status
) {
    if (responseBuilder == null) {
        responseBuilder = (SAMLObjectBuilder<Response>)
            builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
    }
    Response response = responseBuilder.buildObject();

    response.setID(UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);

    return response;
}
 
Example #5
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public static LogoutResponse createSAMLLogoutResponse(
    String inResponseTo,
    String issuer,
    Status status,
    String destination
) {
    if (logoutResponseBuilder == null) {
        logoutResponseBuilder = (SAMLObjectBuilder<LogoutResponse>)
            builderFactory.getBuilder(LogoutResponse.DEFAULT_ELEMENT_NAME);
    }
    LogoutResponse response = logoutResponseBuilder.buildObject();

    response.setID("_" + UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);
    response.setDestination(destination);

    return response;
}
 
Example #6
Source File: SAML2PResponseComponentBuilder.java    From syncope with Apache License 2.0 6 votes vote down vote up
public static Status createStatus(final String statusCodeValue, final String statusMessage) {
    if (statusBuilder == null) {
        statusBuilder = new StatusBuilder();
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = new StatusCodeBuilder();
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = new StatusMessageBuilder();
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}
 
Example #7
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
    String inResponseTo,
    String issuer,
    Status status
) {
    if (responseBuilder == null) {
        responseBuilder = (SAMLObjectBuilder<Response>)
            builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
    }
    Response response = responseBuilder.buildObject();

    response.setID("_" + UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);

    return response;
}
 
Example #8
Source File: SAMLResponseTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private Element createLogoutResponse(String statusValue, String destination,
                                     boolean sign, String requestID) throws Exception {
    DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
    Document doc = docBuilder.newDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(statusValue, null);
    LogoutResponse response =
        SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, TEST_IDP_ISSUER, status, destination);

    // Sign the LogoutResponse
    if (sign) {
        signResponse(response, "mystskey");
    }

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);

    return policyElement;
}
 
Example #9
Source File: SamlSingleLogoutFunction.java    From armeria with Apache License 2.0 6 votes vote down vote up
private LogoutResponse createLogoutResponse(LogoutRequest logoutRequest,
                                            String statusCode) {
    final StatusCode success = build(StatusCode.DEFAULT_ELEMENT_NAME);
    success.setValue(statusCode);

    final Status status = build(Status.DEFAULT_ELEMENT_NAME);
    status.setStatusCode(success);

    final Issuer me = build(Issuer.DEFAULT_ELEMENT_NAME);
    me.setValue(entityId);

    final LogoutResponse logoutResponse = build(LogoutResponse.DEFAULT_ELEMENT_NAME);
    logoutResponse.setIssuer(me);
    logoutResponse.setID(requestIdManager.newId());
    logoutResponse.setIssueInstant(DateTime.now());
    logoutResponse.setStatus(status);
    logoutResponse.setInResponseTo(logoutRequest.getID());

    return logoutResponse;
}
 
Example #10
Source File: SamlResponseCreator.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
protected Element createResponse(Idp idp, String requestID, Assertion assertion) throws Exception {
    Document doc = DOMUtils.newDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            "urn:oasis:names:tc:SAML:2.0:status:Success", null
        );
    String issuer = isUseRealmForIssuer() ? idp.getRealm() : idp.getIdpUrl().toString();
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status);

    response.getAssertions().add(assertion);

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);

    return policyElement;
}
 
Example #11
Source File: AbstractSamlResponseCreator.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
protected Element createLogoutResponse(Idp idp, String statusValue,
                                       String destination, String requestID) throws Exception {
    Document doc = DOMUtils.newDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(statusValue, null);
    String issuer = useRealmForIssuer ? idp.getRealm() : idp.getIdpUrl().toString();
    LogoutResponse response =
        SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, issuer, status, destination);

    // Sign the LogoutResponse
    signResponse(response, idp);

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);

    return policyElement;
}
 
Example #12
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
private ResponseBuilder createAttributeResponseBuilder(Status samlStatus) {
    return aResponse()
        .withStatus(samlStatus)
        .withNoDefaultAssertion()
        .addEncryptedAssertion(aDefaultAssertion()
            .addAttributeStatement(
                anAttributeStatement()
                    .addAttribute(new SimpleStringAttributeBuilder()
                        .withName("FIRST_NAME")
                        .withSimpleStringValue("Bob")
                        .build())
                    .addAttribute(createVerifiedAttribute("FIRST_NAME_VERIFIED", true))
                    .build())
            .buildWithEncrypterCredential(encryptionCredentialFactory.getEncryptingCredential())
        );
}
 
Example #13
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
    String inResponseTo,
    String issuer,
    Status status
) {
    if (responseBuilder == null) {
        responseBuilder = (SAMLObjectBuilder<Response>)
            builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
    }
    Response response = responseBuilder.buildObject();

    response.setID("_" + UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);

    return response;
}
 
Example #14
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailValidationWhenHubResponseIsNotSigned() throws Exception {
    expectedException.expect(SamlTransformationErrorException.class);
    expectedException.expectMessage("SAML Validation Specification: Message signature is not signed");

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = createNoAttributeResponseBuilder(successStatus).withoutSigning().build();
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);

    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #15
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailValidationWhenHubMetadataDoesNotContainCorrectCertificate() throws Exception {
    expectedException.expect(SamlTransformationErrorException.class);
    expectedException.expectMessage("SAML Validation Specification: Signature was not valid.");

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_PUBLIC_CERT);

    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #16
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenUnrecognizedSubStatus() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Unknown SAML sub-status: UNKNOWN");

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue("UNKNOWN").build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #17
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenUnrecognizedStatus() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Unknown SAML status: UNKNOWN");

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue("UNKNOWN")
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #18
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleAuthenticationFailedSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.AUTHN_FAILED).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(AUTHENTICATION_FAILED);
}
 
Example #19
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleNoAuthnContextSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.NO_AUTHN_CONTEXT).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(CANCELLATION);
}
 
Example #20
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleRequestErrorSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.REQUESTER).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(REQUEST_ERROR);
}
 
Example #21
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleNoMatchSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(SamlStatusCode.NO_MATCH).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(NO_MATCH);
}
 
Example #22
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void matchingResponseServiceShouldHandleAccountCreationSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createAttributeResponseBuilder(successStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(ACCOUNT_CREATION);
    assertThat(result.getAttributes()).isNotNull();
}
 
Example #23
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void matchingResponseServiceShouldHandleSuccessMatchSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);

    TranslatedResponseBody result = matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result).isEqualTo(new TranslatedMatchingResponseBody(
        SUCCESS_MATCH,
        "some-pid",
        LevelOfAssurance.LEVEL_2,
        null
    ));
}
 
Example #24
Source File: SAMLLogoutTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private Element createLogoutResponse(String statusValue, String destination,
                                     boolean sign, String requestID) throws Exception {
    DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
    Document doc = docBuilder.newDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(statusValue, null);
    LogoutResponse response =
        SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, TEST_IDP_ISSUER, status, destination);

    // Sign the LogoutResponse
    if (sign) {
        signResponse(response, "mystskey");
    }

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);

    return policyElement;
}
 
Example #25
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static Status createStatus(
    String statusCodeValue,
    String statusMessage
) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>)
            builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>)
            builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
            builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}
 
Example #26
Source File: SamlResponseErrorCreator.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public String createSAMLResponse(RequestContext context, boolean logout, boolean requestor,
                                 Idp idp, String requestID, String destination) throws ProcessingException {
    Document doc = DOMUtils.newDocument();

    String statusValue = "urn:oasis:names:tc:SAML:2.0:status:Responder";
    if (requestor) {
        statusValue = "urn:oasis:names:tc:SAML:2.0:status:Requester";
    }

    Status status =
        SAML2PResponseComponentBuilder.createStatus(statusValue, null);
    Element responseElement = null;
    try {
        if (logout) {
            responseElement = createLogoutResponse(idp, statusValue, destination, requestID);
        } else {
            Response response =
                SAML2PResponseComponentBuilder.createSAMLResponse(requestID, idp.getRealm(), status);
            Element policyElement = OpenSAMLUtil.toDom(response, doc);
            doc.appendChild(policyElement);

            responseElement = policyElement;
        }

        return encodeResponse(responseElement);
    } catch (Exception e) {
        LOG.warn("Error marshalling SAML Token: {}", e.getMessage());
        throw new ProcessingException(TYPE.BAD_REQUEST);
    }
}
 
Example #27
Source File: SAMLResponseConformanceTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
                                  boolean sign, String requestID, Issuer issuer)
    throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (sign) {
        assertion.signAssertion(alias, password, crypto, false);
    }

    DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
    Document doc = docBuilder.newDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            "urn:oasis:names:tc:SAML:2.0:status:Success", null
        );

    Issuer responseIssuer = issuer;
    if (responseIssuer == null) {
        responseIssuer = SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString());
    }
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
                                                          responseIssuer,
                                                          status);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);

    return policyElement;
}
 
Example #28
Source File: SAMLSSOResponseValidatorTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
private Response createResponse(
    SubjectConfirmationDataBean subjectConfirmationData,
    SAML2CallbackHandler callbackHandler
) throws Exception {
    Document doc = DOMUtils.createDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null
        );
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(
            "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
        );

    // Create an AuthenticationAssertion
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);

    return (Response)OpenSAMLUtil.fromDom(policyElement);
}
 
Example #29
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static Status createStatus(
    String statusCodeValue,
    String statusMessage
) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>)
            builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>)
            builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
            builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}
 
Example #30
Source File: SAMLResponseValidatorTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void testCreateAndValidateResponse() throws Exception {
    Document doc = DOMUtils.createDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null
        );
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(
            "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
        );

    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);

    Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);

    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    validator.validateSamlResponse(marshalledResponse, null, null);
}