org.opensaml.saml2.core.RequestedAuthnContext Java Examples

The following examples show how to use org.opensaml.saml2.core.RequestedAuthnContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RequestedAuthnContextUnmarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    RequestedAuthnContext rac = (RequestedAuthnContext) samlObject;

    if (attribute.getLocalName().equals(RequestedAuthnContext.COMPARISON_ATTRIB_NAME)) {
        if ("exact".equals(attribute.getValue())) {
            rac.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
        } else if ("minimum".equals(attribute.getValue())) {
            rac.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
        } else if ("maximum".equals(attribute.getValue())) {
            rac.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
        } else if ("better".equals(attribute.getValue())) {
            rac.setComparison(AuthnContextComparisonTypeEnumeration.BETTER);
        } else {
            throw new UnmarshallingException("Saw an invalid value for Comparison attribute: "
                    + attribute.getValue());
        }
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 
Example #2
Source File: AuthnRequestUnmarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    AuthnRequest req = (AuthnRequest) parentSAMLObject;

    if (childSAMLObject instanceof Subject) {
        req.setSubject((Subject) childSAMLObject);
    } else if (childSAMLObject instanceof NameIDPolicy) {
        req.setNameIDPolicy((NameIDPolicy) childSAMLObject);
    } else if (childSAMLObject instanceof Conditions) {
        req.setConditions((Conditions) childSAMLObject);
    } else if (childSAMLObject instanceof RequestedAuthnContext) {
        req.setRequestedAuthnContext((RequestedAuthnContext) childSAMLObject);
    } else if (childSAMLObject instanceof Scoping) {
        req.setScoping((Scoping) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 
Example #3
Source File: RequestedAuthnContextSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Validates the presence and combination of child elements.
 * 
 * @param rac
 * @throws ValidationException 
 */
protected void validateChildren(RequestedAuthnContext rac) throws ValidationException {
    int classRefCount = rac.getAuthnContextClassRefs().size();
    int declRefCount = rac.getAuthnContextDeclRefs().size();
    
    if (classRefCount == 0 && declRefCount == 0){
        throw new ValidationException("At least one of either AuthnContextClassRef or AuthnContextDeclRef is required");
    }
    
    if (classRefCount > 0 && declRefCount > 0) {
        throw new ValidationException("AuthnContextClassRef and AuthnContextDeclRef are mutually exclusive");
    }
}
 
Example #4
Source File: SAMLUtils.java    From cloudstack with Apache License 2.0 5 votes vote down vote up
public static AuthnRequest buildAuthnRequestObject(final String authnId, final String spId, final String idpUrl, final String consumerUrl) {
    // Issuer object
    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(spId);

    // AuthnContextClass
    AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(
            SAMLConstants.SAML20_NS,
            "AuthnContextClassRef", "saml");
    authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);

    // AuthnContext
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
    RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
    requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);

    // Creation of AuthRequestObject
    AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
    AuthnRequest authnRequest = authRequestBuilder.buildObject();
    authnRequest.setID(authnId);
    authnRequest.setDestination(idpUrl);
    authnRequest.setVersion(SAMLVersion.VERSION_20);
    authnRequest.setForceAuthn(false);
    authnRequest.setIsPassive(false);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
    authnRequest.setAssertionConsumerServiceURL(consumerUrl);
    authnRequest.setProviderName(spId);
    authnRequest.setIssuer(issuer);
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);

    return authnRequest;
}
 
Example #5
Source File: RequestedAuthnContextUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    RequestedAuthnContext rac = (RequestedAuthnContext) parentSAMLObject;
    if (childSAMLObject instanceof AuthnContextClassRef) {
        rac.getAuthnContextClassRefs().add((AuthnContextClassRef) childSAMLObject);
    } else if (childSAMLObject instanceof AuthnContextDeclRef) {
        rac.getAuthnContextDeclRefs().add((AuthnContextDeclRef) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 
Example #6
Source File: RequestedAuthnContextMarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
    RequestedAuthnContext rac = (RequestedAuthnContext) samlObject;

    if (rac.getComparison() != null) {
        domElement.setAttributeNS(null, RequestedAuthnContext.COMPARISON_ATTRIB_NAME, rac.getComparison()
                .toString());
    }
}
 
Example #7
Source File: AuthnQueryUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    AuthnQuery query = (AuthnQuery) parentSAMLObject;

    if (childSAMLObject instanceof RequestedAuthnContext) {
        query.setRequestedAuthnContext((RequestedAuthnContext) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 
Example #8
Source File: AuthnQueryImpl.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public RequestedAuthnContext getRequestedAuthnContext() {
    return this.requestedAuthnContext;
}
 
Example #9
Source File: AuthnQueryImpl.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void setRequestedAuthnContext(RequestedAuthnContext newRequestedAuthnContext) {
    this.requestedAuthnContext = prepareForAssignment(this.requestedAuthnContext, newRequestedAuthnContext);
}
 
Example #10
Source File: RequestedAuthnContextBuilder.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public RequestedAuthnContext buildObject(String namespaceURI, String localName, String namespacePrefix) {
    return new RequestedAuthnContextImpl(namespaceURI, localName, namespacePrefix);
}
 
Example #11
Source File: RequestedAuthnContextBuilder.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public RequestedAuthnContext buildObject() {
    return buildObject(SAMLConstants.SAML20P_NS, RequestedAuthnContext.DEFAULT_ELEMENT_LOCAL_NAME,
            SAMLConstants.SAML20P_PREFIX);
}
 
Example #12
Source File: AuthnRequestImpl.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void setRequestedAuthnContext(RequestedAuthnContext newRequestedAuthnContext) {
    this.requestedAuthnContext = prepareForAssignment(this.requestedAuthnContext, newRequestedAuthnContext);
}
 
Example #13
Source File: AuthnRequestImpl.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public RequestedAuthnContext getRequestedAuthnContext() {
    return this.requestedAuthnContext;
}
 
Example #14
Source File: DefaultSAML2SSOManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private AuthnRequest buildAuthnRequest(HttpServletRequest request,
                                         boolean isPassive, String idpUrl, AuthenticationContext context) throws SAMLSSOException {

      IssuerBuilder issuerBuilder = new IssuerBuilder();
      Issuer issuer = issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer", "samlp");

      String spEntityId = properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID);

      if (spEntityId != null && !spEntityId.isEmpty()) {
          issuer.setValue(spEntityId);
      } else {
          issuer.setValue("carbonServer");
      }

      DateTime issueInstant = new DateTime();

/* Creation of AuthRequestObject */
      AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
      AuthnRequest authRequest = authRequestBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:protocol",
              "AuthnRequest", "samlp");
      authRequest.setForceAuthn(isForceAuthenticate(context));
      authRequest.setIsPassive(isPassive);
      authRequest.setIssueInstant(issueInstant);

String includeProtocolBindingProp = properties
              .get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_PROTOCOL_BINDING);
      if (StringUtils.isEmpty(includeProtocolBindingProp) || Boolean.parseBoolean(includeProtocolBindingProp)) {
          authRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
      }

      String acsUrl = null;
      AuthenticatorConfig authenticatorConfig =
              FileBasedConfigurationBuilder.getInstance().getAuthenticatorConfigMap()
                      .get(SSOConstants.AUTHENTICATOR_NAME);
      if (authenticatorConfig != null){
          String tmpAcsUrl = authenticatorConfig.getParameterMap().get(SSOConstants.ServerConfig.SAML_SSO_ACS_URL);
          if(StringUtils.isNotBlank(tmpAcsUrl)){
              acsUrl = tmpAcsUrl;
          }
      }

      if(acsUrl == null) {
          acsUrl = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
      }

      authRequest.setAssertionConsumerServiceURL(acsUrl);
      authRequest.setIssuer(issuer);
      authRequest.setID(SSOUtils.createID());
      authRequest.setVersion(SAMLVersion.VERSION_20);
      authRequest.setDestination(idpUrl);

String attributeConsumingServiceIndexProp = properties
              .get(IdentityApplicationConstants.Authenticator.SAML2SSO.ATTRIBUTE_CONSUMING_SERVICE_INDEX);
      if (StringUtils.isNotEmpty(attributeConsumingServiceIndexProp)) {
          try {	
              authRequest.setAttributeConsumingServiceIndex(Integer
                      .valueOf(attributeConsumingServiceIndexProp));
          } catch (NumberFormatException e) {
              log.error(
                      "Error while populating SAMLRequest with AttributeConsumingServiceIndex: "
                              + attributeConsumingServiceIndexProp, e);
          }
      }
      
      String includeNameIDPolicyProp = properties
              .get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_NAME_ID_POLICY);
      if (StringUtils.isEmpty(includeNameIDPolicyProp) || Boolean.parseBoolean(includeNameIDPolicyProp)) {
          NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
          NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
          nameIdPolicy.setFormat(NameIDType.UNSPECIFIED);
          //nameIdPolicy.setSPNameQualifier("Issuer");
          nameIdPolicy.setAllowCreate(true);
          authRequest.setNameIDPolicy(nameIdPolicy);
      }

//Get the inbound SAMLRequest
      AuthnRequest inboundAuthnRequest = getAuthnRequest(context);
      
      RequestedAuthnContext requestedAuthnContext = buildRequestedAuthnContext(inboundAuthnRequest);
      if (requestedAuthnContext != null) {
          authRequest.setRequestedAuthnContext(requestedAuthnContext);
      }

      Extensions extensions = getSAMLExtensions(request);
      if (extensions != null) {
          authRequest.setExtensions(extensions);
      }

      return authRequest;
  }
 
Example #15
Source File: DefaultSAML2SSOManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private RequestedAuthnContext buildRequestedAuthnContext(AuthnRequest inboundAuthnRequest) throws SAMLSSOException {
    
    /* AuthnContext */
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = null;
    RequestedAuthnContext requestedAuthnContext = null;
    
    String includeAuthnContext = properties
            .get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_AUTHN_CONTEXT);
    
    if (StringUtils.isNotEmpty(includeAuthnContext) && "as_request".equalsIgnoreCase(includeAuthnContext)) {
        if (inboundAuthnRequest != null) {
            RequestedAuthnContext incomingRequestedAuthnContext = inboundAuthnRequest.getRequestedAuthnContext();
            if (incomingRequestedAuthnContext != null) {
                requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
                requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
                requestedAuthnContext.setDOM(incomingRequestedAuthnContext.getDOM());
            }
        }
    } else if (StringUtils.isEmpty(includeAuthnContext) || "yes".equalsIgnoreCase(includeAuthnContext)) {
        requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
        requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
        /* AuthnContextClass */
        AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
        AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder
                .buildObject(SAMLConstants.SAML20_NS,
                        AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME,
                        SAMLConstants.SAML20_PREFIX);

        String authnContextClassProp = properties
                .get(IdentityApplicationConstants.Authenticator.SAML2SSO.AUTHENTICATION_CONTEXT_CLASS);

        if (StringUtils.isNotEmpty(authnContextClassProp)) {
            authnContextClassRef.setAuthnContextClassRef(IdentityApplicationManagementUtil
                    .getSAMLAuthnContextClasses().get(authnContextClassProp));
        } else {
            authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
        }

        /* Authentication Context Comparison Level */
        String authnContextComparison = properties
                .get(IdentityApplicationConstants.Authenticator.SAML2SSO.AUTHENTICATION_CONTEXT_COMPARISON_LEVEL);

        if (StringUtils.isNotEmpty(authnContextComparison)) {
            if (AuthnContextComparisonTypeEnumeration.EXACT.toString().equalsIgnoreCase(
                    authnContextComparison)) {
                requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
            } else if (AuthnContextComparisonTypeEnumeration.MINIMUM.toString().equalsIgnoreCase(
                    authnContextComparison)) {
                requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
            } else if (AuthnContextComparisonTypeEnumeration.MAXIMUM.toString().equalsIgnoreCase(
                    authnContextComparison)) {
                requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
            } else if (AuthnContextComparisonTypeEnumeration.BETTER.toString().equalsIgnoreCase(
                    authnContextComparison)) {
                requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.BETTER);
            }
        } else {
            requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
        }
        requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
    }
    return requestedAuthnContext;
}
 
Example #16
Source File: SAML2SSOManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOAgentException {

        IssuerBuilder issuerBuilder = new IssuerBuilder();
        Issuer issuer =
                issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion",
                        "Issuer", "samlp");
        issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());

		/* NameIDPolicy */
        NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
        NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
        nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        nameIdPolicy.setSPNameQualifier("Issuer");
        nameIdPolicy.setAllowCreate(true);

		/* AuthnContextClass */
        AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
        AuthnContextClassRef authnContextClassRef =
                authnContextClassRefBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion",
                        "AuthnContextClassRef",
                        "saml");
        authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");

		/* AuthnContex */
        RequestedAuthnContextBuilder requestedAuthnContextBuilder =
                new RequestedAuthnContextBuilder();
        RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
        requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
        requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);

        DateTime issueInstant = new DateTime();

		/* Creation of AuthRequestObject */
        AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
        AuthnRequest authRequest =
                authRequestBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:protocol",
                        "AuthnRequest", "samlp");

        authRequest.setForceAuthn(ssoAgentConfig.getSAML2().isForceAuthn());
        authRequest.setIsPassive(ssoAgentConfig.getSAML2().isPassiveAuthn());
        authRequest.setIssueInstant(issueInstant);
        authRequest.setProtocolBinding(ssoAgentConfig.getSAML2().getHttpBinding());
        authRequest.setAssertionConsumerServiceURL(ssoAgentConfig.getSAML2().getACSURL());
        authRequest.setIssuer(issuer);
        authRequest.setNameIDPolicy(nameIdPolicy);
        authRequest.setRequestedAuthnContext(requestedAuthnContext);
        authRequest.setID(SSOAgentUtils.createID());
        authRequest.setVersion(SAMLVersion.VERSION_20);
        authRequest.setDestination(ssoAgentConfig.getSAML2().getIdPURL());
        if (request.getAttribute(Extensions.LOCAL_NAME) != null) {
            authRequest.setExtensions((Extensions) request.getAttribute(Extensions.LOCAL_NAME));
        }

		/* Requesting Attributes. This Index value is registered in the IDP */
        if (ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex() != null &&
                ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex().trim().length() > 0) {
            authRequest.setAttributeConsumingServiceIndex(Integer.parseInt(
                    ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex()));
        }

        return authRequest;
    }
 
Example #17
Source File: RequestedAuthnContextSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(RequestedAuthnContext requestedAuthnContext) throws ValidationException {
    validateChildren(requestedAuthnContext);
}