org.apache.wss4j.common.saml.SAMLCallback Java Examples

The following examples show how to use org.apache.wss4j.common.saml.SAMLCallback. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractTrustedIdpOAuth2ProtocolHandler.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;

            // Set the Subject
            if (subjectBean != null) {
                samlCallback.setSubject(subjectBean);
            }
            samlCallback.setSamlVersion(Version.SAML_20);

            // Set the issuer
            samlCallback.setIssuer(issuer);

            // Set the conditions
            samlCallback.setConditions(conditionsBean);

            // Set the attributes
            if (attrBean != null) {
                samlCallback.setAttributeStatementData(Collections.singletonList(attrBean));
            }
        }
    }
}
 
Example #2
Source File: SCTSAMLTokenProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
private SamlAssertionWrapper createSamlToken(
    TokenProviderParameters tokenParameters, byte[] secret, Document doc
) throws Exception {
    SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, doc);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    if (signToken) {
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();

        // Get the password
        String alias = stsProperties.getSignatureUsername();
        WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
        LOG.fine("Creating SAML Token");
        stsProperties.getCallbackHandler().handle(cb);
        String password = cb[0].getPassword();

        LOG.fine("Signing SAML Token");
        boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
        assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
    }

    return assertion;
}
 
Example #3
Source File: SAMLUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static SamlAssertionWrapper createAssertion(CallbackHandler handler,
                                               SelfSignInfo info) throws Fault {

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);

    try {
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        assertion.signAssertion(info.getUser(),
                                info.getPassword(),
                                info.getCrypto(),
                                false);
        return assertion;
    } catch (Exception ex) {
        StringWriter sw = new StringWriter();
        ex.printStackTrace(new PrintWriter(sw));
        LOG.warning(sw.toString());
        throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
    }

}
 
Example #4
Source File: SAMLResponseTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private String createSamlResponseStr(AbstractSAMLCallbackHandler saml2CallbackHandler,
                                     String requestId) throws Exception {
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    saml2CallbackHandler.setConditions(cp);

    // Subject Confirmation Data
    SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
    subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
    subjectConfirmationData.setInResponseTo(requestId);
    subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
    subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
    saml2CallbackHandler.setSubjectConfirmationData(subjectConfirmationData);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(saml2CallbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    Element response = createSamlResponse(assertion, "mystskey", true, requestId);
    return encodeResponse(response);
}
 
Example #5
Source File: OAuth2TestUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static String createToken(String audRestr, boolean saml2, boolean sign)
    throws WSSecurityException {
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(sign);
    samlCallbackHandler.setAudience(audRestr);
    if (!saml2) {
        samlCallbackHandler.setSaml2(false);
        samlCallbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
    }

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);

    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    if (samlCallback.isSignAssertion()) {
        samlAssertion.signAssertion(
            samlCallback.getIssuerKeyName(),
            samlCallback.getIssuerKeyPassword(),
            samlCallback.getIssuerCrypto(),
            samlCallback.isSendKeyValue(),
            samlCallback.getCanonicalizationAlgorithm(),
            samlCallback.getSignatureAlgorithm()
        );
    }

    return samlAssertion.assertionToString();
}
 
Example #6
Source File: SAML2CallbackHandler.java    From syncope with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;
            samlCallback.setSamlVersion(Version.SAML_20);
            samlCallback.setIssuer(issuer);
            if (conditions != null) {
                samlCallback.setConditions(conditions);
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfirmationMethod);
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);
            samlCallback.setSubject(subjectBean);
            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setAuthenticationMethod("Password");
            samlCallback.setAuthenticationStatementData(List.of(authBean));
        } else {
            throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
        }
    }
}
 
Example #7
Source File: SAMLEncryptedResponseTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private String createSamlResponseStr(AbstractSAMLCallbackHandler saml2CallbackHandler,
                                     String requestId,
                                     boolean signAssertion) throws Exception {
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    saml2CallbackHandler.setConditions(cp);

    // Subject Confirmation Data
    SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
    subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
    subjectConfirmationData.setInResponseTo(requestId);
    subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
    subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
    saml2CallbackHandler.setSubjectConfirmationData(subjectConfirmationData);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(saml2CallbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    Element response = createEncryptedSamlResponse(assertion, "mystskey", signAssertion, requestId);
    return encodeResponse(response);
}
 
Example #8
Source File: SAML2CallbackHandler.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private void createAndSetStatement(SAMLCallback callback) {
    AuthenticationStatementBean authBean = new AuthenticationStatementBean();
    authBean.setAuthenticationMethod("Password");
    callback.setAuthenticationStatementData(Collections.singletonList(authBean));

    // Add roles for certain users
    List<Object> roles = new ArrayList<>();
    if ("alice".equals(subjectName)) {
        roles.add("boss");
        roles.add("employee");
        roles.add("User");
    } else if ("bob".equals(subjectName)) {
        roles.add("employee");
    }

    if (!roles.isEmpty()) {
        AttributeStatementBean attrBean = new AttributeStatementBean();
        AttributeBean attributeBean = new AttributeBean();
        attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
        attributeBean.setAttributeValues(roles);

        attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
        callback.setAttributeStatementData(Collections.singletonList(attrBean));
    }
}
 
Example #9
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate SAML 2 token which doesn't include the role SAML attribute
 */
@org.junit.Test
public void validateSAML2TokenWithoutRoles() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    callbackHandler.setRoles(null);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("ROOT");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("No roles must be found", null, wfRes.getRoles());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
 
Example #10
Source File: Saml2CallbackHandler.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {

            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_20);

            callback.setIssuer("sts");
            String subjectName = "uid=alice";
            String confirmationMethod = SAML2Constants.CONF_BEARER;

            SubjectBean subjectBean =
                new SubjectBean(subjectName, null, confirmationMethod);
            callback.setSubject(subjectBean);

            AttributeStatementBean attrBean = new AttributeStatementBean();
            if (subjectBean != null) {
                attrBean.setSubject(subjectBean);
            }
            AttributeBean attributeBean = new AttributeBean();
            attributeBean.setQualifiedName("role");
            attributeBean.addAttributeValue("user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
        }
    }
}
 
Example #11
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate SAML 1.1 token which includes the role attribute with 2 values
 * Roles are encoded as a multi-value saml attribute
 * Token embedded in RSTR 2005/02 - WS Federation 1.0
 */
@org.junit.Test
public void validateSAML1TokenWSFed10() throws Exception {
    SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
    callbackHandler.setStatement(SAML1CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_2005_02_MSG);
    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("ROOT");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                        .size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
 
Example #12
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * "Validate" SAML 2 token with a custom token validator
 * If a validator is configured it precedes the SAMLTokenValidator as part of Fediz
 */
@org.junit.Test
public void validateSAML2TokenCustomValidator() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("CUSTTOK");
    Protocol protocol = config.getProtocol();
    List<TokenValidator> validators = protocol.getTokenValidators();
    Assert.assertEquals("Two validators must be found", 2, validators.size());
    Assert.assertEquals("First validator must be custom validator",
                        CustomValidator.class.getName(), validators.get(0).getClass().getName());

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
}
 
Example #13
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate SAML 2 token which includes the role attribute with 2 values
 * Roles are encoded as a multiple saml attributes with the same name
 */
@org.junit.Test
public void validateSAML2TokenRoleMultiAttributes() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    callbackHandler.setMultiValueType(MultiValue.MULTI_ATTR);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("ROOT");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                        .size());
    assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
 
Example #14
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * "Validate" SAML 2 token with a custom token validator
 * If a validator is configured it precedes the SAMLTokenValidator as part of Fediz
 */
@org.junit.Test
public void validateSAML2TokenMaxClockSkewNotDefined() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("NOCLOCKSKEW");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                        .size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
 
Example #15
Source File: SAMLClaimsTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void testSAML1Claims() throws Exception {
    AttributeBean attributeBean = new AttributeBean();
    attributeBean.setSimpleName("role");
    attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims");
    attributeBean.addAttributeValue("employee");

    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
    samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));

    // Create the SAML Assertion via the CallbackHandler
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);

    Document doc = DOMUtils.newDocument();
    samlAssertion.toDOM(doc);

    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    assertEquals(claims.getDialect().toString(),
            "http://schemas.xmlsoap.org/ws/2005/05/identity");
    assertEquals(1, claims.size());

    // Check Claim values
    Claim claim = claims.get(0);
    assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    assertEquals(1, claim.getValues().size());
    assertTrue(claim.getValues().contains("employee"));

    // Check SAMLClaim values
    assertTrue(claim instanceof SAMLClaim);
    assertEquals("role", ((SAMLClaim)claim).getName());

    // Check roles
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, "role", null);
    assertEquals(1, roles.size());
    Principal p = roles.iterator().next();
    assertEquals("employee", p.getName());

}
 
Example #16
Source File: SAMLUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static SamlAssertionWrapper createAssertion(Message message,
                                               CallbackHandler handler) throws Fault {

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);

    try {
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        if (samlCallback.isSignAssertion()) {
            //--- This code will be moved to a common utility class
            Crypto crypto = new CryptoLoader().getCrypto(message,
                                      SecurityConstants.SIGNATURE_CRYPTO,
                                      SecurityConstants.SIGNATURE_PROPERTIES);

            String user =
                RSSecurityUtils.getUserName(message, crypto, SecurityConstants.SIGNATURE_USERNAME);
            if (StringUtils.isEmpty(user)) {
                return assertion;
            }

            String password =
                RSSecurityUtils.getSignaturePassword(message, user, SAMLUtils.class);

            assertion.signAssertion(user, password, crypto, false,
                                    samlCallback.getCanonicalizationAlgorithm(),
                                    samlCallback.getSignatureAlgorithm(),
                                    samlCallback.getSignatureDigestAlgorithm());
        }
        return assertion;
    } catch (Exception ex) {
        StringWriter sw = new StringWriter();
        ex.printStackTrace(new PrintWriter(sw));
        LOG.warning(sw.toString());
        throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
    }

}
 
Example #17
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void validateSAML2TokenNoRoleValue() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    callbackHandler.setAddRoleValue(false);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
    Protocol protocol = config.getProtocol();
    protocol.setRoleDelimiter(",");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals(null, wfRes.getRoles());
}
 
Example #18
Source File: SAMLResponseValidatorTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void testCreateAndValidateResponse() throws Exception {
    Document doc = DOMUtils.createDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null
        );
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(
            "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
        );

    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);

    Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);

    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    validator.validateSamlResponse(marshalledResponse, null, null);
}
 
Example #19
Source File: SAMLResponseValidatorTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void testInvalidStatusCode() throws Exception {
    Document doc = DOMUtils.createDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            SAMLProtocolResponseValidator.SAML1_STATUSCODE_SUCCESS, null
        );
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(
            "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
        );

    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);

    Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);

    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        validator.validateSamlResponse(marshalledResponse, null, null);
        fail("Expected failure on an invalid SAML code");
    } catch (WSSecurityException ex) {
        // expected
    }
}
 
Example #20
Source File: SAMLResponseValidatorTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void testRequestDeniedStatusCode() throws Exception {
    Document doc = DOMUtils.createDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            "urn:oasis:names:tc:SAML:2.0:status:RequestDenied", null
        );
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(
            "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
        );

    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);

    Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);

    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        validator.validateSamlResponse(marshalledResponse, null, null);
        fail("Expected failure on an invalid SAML code");
    } catch (WSSecurityException ex) {
        // expected
    }
}
 
Example #21
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void validateSAML2TokenSubjectWithComment() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    String subject = "alice<!---->o=example.com";
    callbackHandler.setSubjectName(subject);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("ROOT");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", subject,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                        .size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
 
Example #22
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate SAML 2 token which includes the role attribute with 2 values
 * Roles are encoded as a multi-value saml attribute
 * Not RequestedSecurityTokenCollection in this test, default in all others
 */
@org.junit.Test
public void validateSAML2TokenRSTR() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("ROOT");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                        .size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
 
Example #23
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate an encrypted SAML 2 token which includes the role attribute with 2 values
 * Roles are encoded as a multi-value saml attribute
 */
@org.junit.Test
public void validateEncryptedSAML2Token() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    String rstr = encryptAndSignToken(assertion);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config =
        getFederationConfigurator().getFedizContext("ROOT_DECRYPTION");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                        .size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
    assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
 
Example #24
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate SAML 2 token which includes the role attribute with 2 values
 * Roles are encoded as a multi-value saml attribute
 */
@org.junit.Test
public void validateSAML2Token() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("ROOT");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER,
                        wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                        .size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
    assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());

}
 
Example #25
Source File: SAMLTokenValidatorOldTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate SAML 2 token where role information is provided
 * within another SAML attribute
 */
@org.junit.Test
public void validateSAML1TokenDifferentRoleURI() throws Exception {
    SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
    callbackHandler.setStatement(SAML1CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    callbackHandler.setUseNameFormatAsNamespace(true);
    callbackHandler.setAttributeNameFormat(ClaimTypes.URI_BASE.toString());
    callbackHandler.setRoleAttributeName("http://schemas.mycompany.com/claims/role");
    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles().size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
    assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
 
Example #26
Source File: SAMLResponseValidatorTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
private Response createResponse(
    SubjectConfirmationDataBean subjectConfirmationData,
    SAML2CallbackHandler callbackHandler
) throws Exception {
    Document doc = DOMUtils.createDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null
        );
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(
            "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
        );

    // Create an AuthenticationAssertion
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);

    return (Response)OpenSAMLUtil.fromDom(policyElement);
}
 
Example #27
Source File: SAMLTokenValidatorOldTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
/**
 * Validate SAML 2 token where role information is provided
 * within another SAML attribute
 */
@org.junit.Test
public void validateSAML2TokenDifferentRoleURI() throws Exception {
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setIssuer(TEST_RSTR_ISSUER);
    callbackHandler.setSubjectName(TEST_USER);
    callbackHandler.setAttributeNameFormat(ClaimTypes.URI_BASE.toString());
    callbackHandler.setCountryClaimName("country");
    callbackHandler.setRoleAttributeName("http://schemas.mycompany.com/claims/role");

    ConditionsBean cp = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
    cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(cp);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    String rstr = createSamlToken(assertion, "mystskey", true);

    FedizRequest wfReq = new FedizRequest();
    wfReq.setAction(FederationConstants.ACTION_SIGNIN);
    wfReq.setResponseToken(rstr);

    configurator = null;
    FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");

    FedizProcessor wfProc = new FederationProcessorImpl();
    FedizResponse wfRes = wfProc.processRequest(wfReq, config);

    Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
    Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
    Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles().size());
    Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
    assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
 
Example #28
Source File: SAML1CallbackHandler.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_11);
            callback.setIssuer(issuer);
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (subjectNameIDFormat != null) {
                subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
            }
            if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            createAndSetStatement(subjectBean, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 
Example #29
Source File: SAMLSSOResponseValidatorTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
private Response createResponse(
    SubjectConfirmationDataBean subjectConfirmationData,
    SAML2CallbackHandler callbackHandler
) throws Exception {
    Document doc = DOMUtils.createDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null
        );
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(
            "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
        );

    // Create an AuthenticationAssertion
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);

    return (Response)OpenSAMLUtil.fromDom(policyElement);
}
 
Example #30
Source File: SAML2CallbackHandler.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
private void createAndSetStatement(SAMLCallback callback) {
    AuthenticationStatementBean authBean = new AuthenticationStatementBean();
    authBean.setAuthenticationMethod("Password");
    callback.setAuthenticationStatementData(Collections.singletonList(authBean));

    if (attributeStatements != null && !attributeStatements.isEmpty()) {
        List<AttributeStatementBean> attrStatementBeans = new ArrayList<>();

        for (AttributeStatement attrStatement : attributeStatements) {
            AttributeStatementBean attrStatementBean = new AttributeStatementBean();
            List<AttributeBean> attrBeans = new ArrayList<>();

            for (Attribute attribute : attrStatement.getAttributes()) {
                AttributeBean attributeBean = new AttributeBean();
                attributeBean.setQualifiedName(attribute.getName());
                attributeBean.setNameFormat(attribute.getNameFormat());
                List<Object> attributeValues = new ArrayList<>();
                for (XMLObject attrVal : attribute.getAttributeValues()) {
                    attributeValues.add(attrVal.getDOM().getTextContent());
                }
                attributeBean.setAttributeValues(attributeValues);
                attrBeans.add(attributeBean);
            }
            attrStatementBean.setSamlAttributes(attrBeans);
            attrStatementBeans.add(attrStatementBean);
        }
        callback.setAttributeStatementData(attrStatementBeans);
    }
}