org.opensaml.saml2.core.NameIDType Java Examples

The following examples show how to use org.opensaml.saml2.core.NameIDType. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractNameIDTypeMarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
    NameIDType nameID = (NameIDType) samlObject;

    if (nameID.getNameQualifier() != null) {
        domElement.setAttributeNS(null, NameID.NAME_QUALIFIER_ATTRIB_NAME, nameID.getNameQualifier());
    }

    if (nameID.getSPNameQualifier() != null) {
        domElement.setAttributeNS(null, NameID.SP_NAME_QUALIFIER_ATTRIB_NAME, nameID.getSPNameQualifier());
    }

    if (nameID.getFormat() != null) {
        domElement.setAttributeNS(null, NameID.FORMAT_ATTRIB_NAME, nameID.getFormat());
    }

    if (nameID.getSPProvidedID() != null) {
        domElement.setAttributeNS(null, NameID.SPPROVIDED_ID_ATTRIB_NAME, nameID.getSPProvidedID());
    }
}
 
Example #2
Source File: OAuth2SAMLUtil.java    From jam-collaboration-sample with Apache License 2.0 6 votes vote down vote up
public static NameID makeEmailFormatName(final String subjectNameId, final String subjectNameIdFormat, final String subjectNameIdQualifier) {
    NameID nameID = (new NameIDBuilder().buildObject());

    if (subjectNameIdFormat.equals("email")) {
        nameID.setFormat(NameIDType.EMAIL);
    } else if (subjectNameIdFormat.equals("unspecified")) {
        nameID.setFormat(NameIDType.UNSPECIFIED);
    } else {
        throw new IllegalArgumentException("subjectNameIdFormat must be 'email' or 'unspecified'.");
    }
    
    if (subjectNameIdQualifier != null) {
        nameID.setNameQualifier(subjectNameIdQualifier);
    }
    
    nameID.setValue(subjectNameId);
    
    return nameID;
}
 
Example #3
Source File: BaseSAML2MessageDecoder.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Extracts the entity ID from the SAML 2 Issuer.
 * 
 * @param issuer issuer to extract the entityID from
 * 
 * @return entity ID of the issuer
 * 
 * @throws MessageDecodingException thrown if the given issuer has a format other than {@link NameIDType#ENTITY}
 */
protected String extractEntityId(Issuer issuer) throws MessageDecodingException {
    if (issuer != null) {
        if (issuer.getFormat() == null || issuer.getFormat().equals(NameIDType.ENTITY)) {
            return issuer.getValue();
        } else {
            throw new MessageDecodingException("SAML 2 Issuer is not of ENTITY format type");
        }
    }

    return null;
}
 
Example #4
Source File: AbstractNameIDTypeUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    NameIDType nameID = (NameIDType) samlObject;
    if (attribute.getLocalName().equals(NameID.NAME_QUALIFIER_ATTRIB_NAME)) {
        nameID.setNameQualifier(attribute.getValue());
    } else if (attribute.getLocalName().equals(NameID.SP_NAME_QUALIFIER_ATTRIB_NAME)) {
        nameID.setSPNameQualifier(attribute.getValue());
    } else if (attribute.getLocalName().equals(NameID.FORMAT_ATTRIB_NAME)) {
        nameID.setFormat(attribute.getValue());
    } else if (attribute.getLocalName().equals(NameID.SPPROVIDED_ID_ATTRIB_NAME)) {
        nameID.setSPProvidedID(attribute.getValue());
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 
Example #5
Source File: IssuerGenerator.java    From MaxKey with Apache License 2.0 5 votes vote down vote up
public Issuer generateIssuer() {
	///Issuer
	Issuer issuer = new IssuerBuilder().buildObject();

	issuer.setValue(issuerName);
	issuer.setFormat(NameIDType.ENTITY);
	
	return issuer;
}
 
Example #6
Source File: SubjectGenerator.java    From MaxKey with Apache License 2.0 5 votes vote down vote up
public NameID builderNameID(String value,String strSPNameQualifier){
	//Response/Assertion/Subject/NameID	
	NameID nameID = new NameIDBuilder().buildObject();
	nameID.setValue(value);
	//nameID.setFormat(NameIDType.PERSISTENT);
	nameID.setFormat(NameIDType.UNSPECIFIED);
	//nameID.setSPNameQualifier(strSPNameQualifier);
	
	return nameID;
}
 
Example #7
Source File: SAML2LoginAPIAuthenticatorCmdTest.java    From cloudstack with Apache License 2.0 5 votes vote down vote up
private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}
 
Example #8
Source File: AbstractNameIDTypeUnmarshaller.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
protected void processElementContent(XMLObject samlObject, String elementContent) {
    NameIDType nameID = (NameIDType) samlObject;
    nameID.setValue(elementContent);
}
 
Example #9
Source File: AbstractNameIDTypeMarshaller.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
    NameIDType nameID = (NameIDType) samlObject;
    XMLHelper.appendTextContent(domElement, nameID.getValue());
}
 
Example #10
Source File: OAuth2SAMLWorkflowSample.java    From jam-collaboration-sample with Apache License 2.0 4 votes vote down vote up
private static Assertion buildSAML2Assertion(boolean includeClientKeyAttribute)
{
    // Bootstrap the OpenSAML library
    try {
        DefaultBootstrap.bootstrap();
    } catch (ConfigurationException e) {
    }

    DateTime issueInstant = new DateTime();
    DateTime notOnOrAfter = issueInstant.plusMinutes(10);
    DateTime notBefore = issueInstant.minusMinutes(10);
    
    NameID nameID = (new NameIDBuilder().buildObject());
    if (SUBJECT_NAME_ID_FORMAT.equals("email")) {
        nameID.setFormat(NameIDType.EMAIL);
    } else if (SUBJECT_NAME_ID_FORMAT.equals("unspecified")) {
        nameID.setFormat(NameIDType.UNSPECIFIED);
    } else {
        throw new IllegalArgumentException("SUBJECT_NAME_ID_FORMAT must be 'email' or 'unspecified'.");
    }
    if (subjectNameIdQualifier != null) {
        nameID.setNameQualifier(subjectNameIdQualifier);
    }
    nameID.setValue(SUBJECT_NAME_ID);
    
    SubjectConfirmationData subjectConfirmationData = (new SubjectConfirmationDataBuilder().buildObject());
    subjectConfirmationData.setRecipient(BASE_URL + ACCESS_TOKEN_URL_PATH);
    subjectConfirmationData.setNotOnOrAfter(notOnOrAfter);
    
    SubjectConfirmation subjectConfirmation = (new SubjectConfirmationBuilder().buildObject());
    subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
    subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

    Subject subject = (new SubjectBuilder().buildObject());
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    
    Issuer issuer = (new IssuerBuilder().buildObject());
    issuer.setValue(IDP_ID);
    
    Audience audience = (new AudienceBuilder().buildObject());
    audience.setAudienceURI(SP_ID_JAM);
    
    AudienceRestriction audienceRestriction = (new AudienceRestrictionBuilder().buildObject());
    audienceRestriction.getAudiences().add(audience);
    
    Conditions conditions = (new ConditionsBuilder().buildObject());
    conditions.setNotBefore(notBefore);
    conditions.setNotOnOrAfter(notOnOrAfter);
    conditions.getAudienceRestrictions().add(audienceRestriction);
   
    Assertion assertion = (new AssertionBuilder().buildObject());
    assertion.setID(UUID.randomUUID().toString());
    assertion.setVersion(SAMLVersion.VERSION_20);
    assertion.setIssueInstant(issueInstant);
    assertion.setIssuer(issuer);
    assertion.setSubject(subject);
    assertion.setConditions(conditions);
    
    if (includeClientKeyAttribute) {
        XSString attributeValue = (XSString)Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        attributeValue.setValue(CLIENT_KEY);

        Attribute attribute = (new AttributeBuilder().buildObject());
        attribute.setName("client_id");
        attribute.getAttributeValues().add(attributeValue);

        AttributeStatement attributeStatement = (new AttributeStatementBuilder().buildObject());
        attributeStatement.getAttributes().add(attribute);
        assertion.getAttributeStatements().add(attributeStatement);
    }

    return assertion;
}
 
Example #11
Source File: OAuth2SAMLWorkflowSample.java    From jam-collaboration-sample with Apache License 2.0 4 votes vote down vote up
private static Assertion buildSAML2Assertion(
        String baseUrl,
        String subjectNameId,
        String subjectNameIdFormat,
        String subjectNameIdQualifier,
        String idpId,
        String clientKey,
        boolean includeClientKeyAttribute)
{
    // Bootstrap the OpenSAML library
    try {
        DefaultBootstrap.bootstrap();
    } catch (ConfigurationException e) {
    }

    DateTime issueInstant = new DateTime();
    DateTime notOnOrAfter = issueInstant.plusMinutes(10);
    DateTime notBefore = issueInstant.minusMinutes(10);
    
    NameID nameID = (new NameIDBuilder().buildObject());
    if (subjectNameIdFormat.equals("email")) {
        nameID.setFormat(NameIDType.EMAIL);
    } else if (subjectNameIdFormat.equals("unspecified")) {
        nameID.setFormat(NameIDType.UNSPECIFIED);
    } else {
        throw new IllegalArgumentException("subjectNameIdFormat must be 'email' or 'unspecified'.");
    }
    if (subjectNameIdQualifier != null) {
        nameID.setNameQualifier(subjectNameIdQualifier);
    }
    nameID.setValue(subjectNameId);
    
    SubjectConfirmationData subjectConfirmationData = (new SubjectConfirmationDataBuilder().buildObject());
    subjectConfirmationData.setRecipient(baseUrl + ACCESS_TOKEN_URL_PATH);
    subjectConfirmationData.setNotOnOrAfter(notOnOrAfter);
    
    SubjectConfirmation subjectConfirmation = (new SubjectConfirmationBuilder().buildObject());
    subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
    subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

    Subject subject = (new SubjectBuilder().buildObject());
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    
    Issuer issuer = (new IssuerBuilder().buildObject());
    issuer.setValue(idpId);
    
    Audience audience = (new AudienceBuilder().buildObject());
    audience.setAudienceURI(SP_ID_JAM);
    
    AudienceRestriction audienceRestriction = (new AudienceRestrictionBuilder().buildObject());
    audienceRestriction.getAudiences().add(audience);
    
    Conditions conditions = (new ConditionsBuilder().buildObject());
    conditions.setNotBefore(notBefore);
    conditions.setNotOnOrAfter(notOnOrAfter);
    conditions.getAudienceRestrictions().add(audienceRestriction);
   
    Assertion assertion = (new AssertionBuilder().buildObject());
    assertion.setID(UUID.randomUUID().toString());
    assertion.setVersion(SAMLVersion.VERSION_20);
    assertion.setIssueInstant(issueInstant);
    assertion.setIssuer(issuer);
    assertion.setSubject(subject);
    assertion.setConditions(conditions);
    
    if (includeClientKeyAttribute) {
        XSString attributeValue = (XSString)Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        attributeValue.setValue(clientKey);

        Attribute attribute = (new AttributeBuilder().buildObject());
        attribute.setName("client_id");
        attribute.getAttributeValues().add(attributeValue);

        AttributeStatement attributeStatement = (new AttributeStatementBuilder().buildObject());
        attributeStatement.getAttributes().add(attribute);
        assertion.getAttributeStatements().add(attributeStatement);
    }

    return assertion;
}
 
Example #12
Source File: DefaultSAML2SSOManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private LogoutRequest buildLogoutRequest(String user, String sessionIndexStr, String idpUrl, String nameQualifier, String spNameQualifier)
        throws SAMLSSOException {

    LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();

    logoutReq.setID(SSOUtils.createID());
    logoutReq.setDestination(idpUrl);

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();

    String spEntityId = properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID);

    if (spEntityId != null && !spEntityId.isEmpty()) {
        issuer.setValue(spEntityId);
    } else {
        issuer.setValue("carbonServer");
    }

    logoutReq.setIssuer(issuer);

    NameID nameId = new NameIDBuilder().buildObject();
    nameId.setFormat(NameIDType.UNSPECIFIED);
    nameId.setValue(user);
    nameId.setNameQualifier(nameQualifier);
    nameId.setSPNameQualifier(spNameQualifier);
    logoutReq.setNameID(nameId);

    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();

    if (sessionIndexStr != null) {
        sessionIndex.setSessionIndex(sessionIndexStr);
    } else {
        sessionIndex.setSessionIndex(UUID.randomUUID().toString());
    }

    logoutReq.getSessionIndexes().add(sessionIndex);
    logoutReq.setReason("Single Logout");

    return logoutReq;
}
 
Example #13
Source File: DefaultSAML2SSOManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private AuthnRequest buildAuthnRequest(HttpServletRequest request,
                                         boolean isPassive, String idpUrl, AuthenticationContext context) throws SAMLSSOException {

      IssuerBuilder issuerBuilder = new IssuerBuilder();
      Issuer issuer = issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer", "samlp");

      String spEntityId = properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID);

      if (spEntityId != null && !spEntityId.isEmpty()) {
          issuer.setValue(spEntityId);
      } else {
          issuer.setValue("carbonServer");
      }

      DateTime issueInstant = new DateTime();

/* Creation of AuthRequestObject */
      AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
      AuthnRequest authRequest = authRequestBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:protocol",
              "AuthnRequest", "samlp");
      authRequest.setForceAuthn(isForceAuthenticate(context));
      authRequest.setIsPassive(isPassive);
      authRequest.setIssueInstant(issueInstant);

String includeProtocolBindingProp = properties
              .get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_PROTOCOL_BINDING);
      if (StringUtils.isEmpty(includeProtocolBindingProp) || Boolean.parseBoolean(includeProtocolBindingProp)) {
          authRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
      }

      String acsUrl = null;
      AuthenticatorConfig authenticatorConfig =
              FileBasedConfigurationBuilder.getInstance().getAuthenticatorConfigMap()
                      .get(SSOConstants.AUTHENTICATOR_NAME);
      if (authenticatorConfig != null){
          String tmpAcsUrl = authenticatorConfig.getParameterMap().get(SSOConstants.ServerConfig.SAML_SSO_ACS_URL);
          if(StringUtils.isNotBlank(tmpAcsUrl)){
              acsUrl = tmpAcsUrl;
          }
      }

      if(acsUrl == null) {
          acsUrl = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
      }

      authRequest.setAssertionConsumerServiceURL(acsUrl);
      authRequest.setIssuer(issuer);
      authRequest.setID(SSOUtils.createID());
      authRequest.setVersion(SAMLVersion.VERSION_20);
      authRequest.setDestination(idpUrl);

String attributeConsumingServiceIndexProp = properties
              .get(IdentityApplicationConstants.Authenticator.SAML2SSO.ATTRIBUTE_CONSUMING_SERVICE_INDEX);
      if (StringUtils.isNotEmpty(attributeConsumingServiceIndexProp)) {
          try {	
              authRequest.setAttributeConsumingServiceIndex(Integer
                      .valueOf(attributeConsumingServiceIndexProp));
          } catch (NumberFormatException e) {
              log.error(
                      "Error while populating SAMLRequest with AttributeConsumingServiceIndex: "
                              + attributeConsumingServiceIndexProp, e);
          }
      }
      
      String includeNameIDPolicyProp = properties
              .get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_NAME_ID_POLICY);
      if (StringUtils.isEmpty(includeNameIDPolicyProp) || Boolean.parseBoolean(includeNameIDPolicyProp)) {
          NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
          NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
          nameIdPolicy.setFormat(NameIDType.UNSPECIFIED);
          //nameIdPolicy.setSPNameQualifier("Issuer");
          nameIdPolicy.setAllowCreate(true);
          authRequest.setNameIDPolicy(nameIdPolicy);
      }

//Get the inbound SAMLRequest
      AuthnRequest inboundAuthnRequest = getAuthnRequest(context);
      
      RequestedAuthnContext requestedAuthnContext = buildRequestedAuthnContext(inboundAuthnRequest);
      if (requestedAuthnContext != null) {
          authRequest.setRequestedAuthnContext(requestedAuthnContext);
      }

      Extensions extensions = getSAMLExtensions(request);
      if (extensions != null) {
          authRequest.setExtensions(extensions);
      }

      return authRequest;
  }