Java Code Examples for org.apache.wss4j.common.saml.SAMLCallback#setConditions()

The following examples show how to use org.apache.wss4j.common.saml.SAMLCallback#setConditions() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SAML2CallbackHandler.java    From syncope with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;
            samlCallback.setSamlVersion(Version.SAML_20);
            samlCallback.setIssuer(issuer);
            if (conditions != null) {
                samlCallback.setConditions(conditions);
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfirmationMethod);
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);
            samlCallback.setSubject(subjectBean);
            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setAuthenticationMethod("Password");
            samlCallback.setAuthenticationStatementData(List.of(authBean));
        } else {
            throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
        }
    }
}
 
Example 2
Source File: AbstractTrustedIdpOAuth2ProtocolHandler.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;

            // Set the Subject
            if (subjectBean != null) {
                samlCallback.setSubject(subjectBean);
            }
            samlCallback.setSamlVersion(Version.SAML_20);

            // Set the issuer
            samlCallback.setIssuer(issuer);

            // Set the conditions
            samlCallback.setConditions(conditionsBean);

            // Set the attributes
            if (attrBean != null) {
                samlCallback.setAttributeStatementData(Collections.singletonList(attrBean));
            }
        }
    }
}
 
Example 3
Source File: SAML2CallbackHandler.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_20);
            callback.setIssuer(issuer);
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            SubjectBean subjectBean =
                new SubjectBean(
                    subject.getNameID().getValue(), subject.getNameID().getNameQualifier(), confirmationMethod
                );
            subjectBean.setSubjectNameIDFormat(subject.getNameID().getFormat());
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);

            callback.setSubject(subjectBean);
            createAndSetStatement(callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 
Example 4
Source File: SAML2CallbackHandler.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_20);
            callback.setIssuer(issuer);
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (subjectNameIDFormat != null) {
                subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
            }
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 
Example 5
Source File: SAML2CallbackHandler.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_20);
            callback.setIssuer(issuer);
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (subjectNameIDFormat != null) {
                subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
            }
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);

            callback.setSubject(subjectBean);
            createAndSetStatement(callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 
Example 6
Source File: SAML2CallbackHandler.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_20);
            callback.setIssuer(issuer);
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (subjectNameIDFormat != null) {
                subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
            }
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 
Example 7
Source File: SAML1CallbackHandler.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_11);
            callback.setIssuer(issuer);
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (subjectNameIDFormat != null) {
                subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
            }
            if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            createAndSetStatement(subjectBean, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 
Example 8
Source File: SamlCallbackHandler.java    From cxf with Apache License 2.0 4 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)
                || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);

            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);

            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);

            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
 
Example 9
Source File: SamlCallbackHandler.java    From cxf with Apache License 2.0 4 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    Message m = PhaseInterceptorChain.getCurrentMessage();

    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer(issuer);

            String subject = m != null ? (String)m.getContextualProperty("saml.subject.name") : null;
            if (subject == null) {
                subject = subjectName;
            }
            String subjectQualifier = "www.mock-sts.com";
            SubjectBean subjectBean =
                new SubjectBean(
                    subject, subjectQualifier, confirmationMethod
                );
            callback.setSubject(subjectBean);

            ConditionsBean conditions = new ConditionsBean();

            AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
            audienceRestriction.setAudienceURIs(Collections.singletonList(audience));
            conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));

            callback.setConditions(conditions);

            AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
            authDecBean.setDecision(Decision.INDETERMINATE);
            authDecBean.setResource("https://sp.example.com/SAML2");
            authDecBean.setSubject(subjectBean);

            ActionBean actionBean = new ActionBean();
            actionBean.setContents("Read");
            authDecBean.setActions(Collections.singletonList(actionBean));
            callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));

            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setSubject(subjectBean);
            authBean.setAuthenticationInstant(new DateTime());
            authBean.setSessionIndex("123456");
            authBean.setSubject(subjectBean);

            // AuthnContextClassRef is not set
            authBean.setAuthenticationMethod(
                    "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
            callback.setAuthenticationStatementData(
                Collections.singletonList(authBean));

            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);

            List<String> roles = m != null
                ? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.roles")) : null;
            if (roles == null) {
                roles = Collections.singletonList("user");
            }
            List<AttributeBean> claims = new ArrayList<>();
            AttributeBean roleClaim = new AttributeBean();
            roleClaim.setSimpleName("subject-role");
            roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
            roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            roleClaim.setAttributeValues(new ArrayList<>(roles));
            claims.add(roleClaim);

            List<String> authMethods =
                m != null ? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.auth")) : null;
            if (authMethods == null) {
                authMethods = Collections.singletonList("password");
            }

            AttributeBean authClaim = new AttributeBean();
            authClaim.setSimpleName("http://claims/authentication");
            authClaim.setQualifiedName("http://claims/authentication");
            authClaim.setNameFormat("http://claims/authentication-format");
            authClaim.setAttributeValues(new ArrayList<>(authMethods));
            claims.add(authClaim);

            attrBean.setSamlAttributes(claims);
            callback.setAttributeStatementData(Collections.singletonList(attrBean));

            if (signAssertion) {
                try {
                    Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                    callback.setIssuerCrypto(crypto);
                    callback.setIssuerKeyName(issuerKeyName);
                    callback.setIssuerKeyPassword(issuerKeyPassword);
                    callback.setSignAssertion(true);
                } catch (WSSecurityException e) {
                    throw new IOException(e);
                }
            }
        }
    }
}
 
Example 10
Source File: SamlCallbackHandler.java    From cxf with Apache License 2.0 4 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            if (conditions != null) {
                callback.setConditions(conditions);
            }

            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean =
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)
                || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);

            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);

            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);

            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
 
Example 11
Source File: SamlCallbackHandler.java    From cxf with Apache License 2.0 4 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;

            // Set the Subject
            if (subjectBean != null) {
                samlCallback.setSubject(subjectBean);
            }

            // Set the token Type.
            TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
            String tokenType = tokenRequirements.getTokenType();
            boolean saml1 = false;
            if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
                || WSS4JConstants.SAML_NS.equals(tokenType)) {
                samlCallback.setSamlVersion(Version.SAML_11);
                saml1 = true;
                setSubjectOnBeans();
            } else {
                samlCallback.setSamlVersion(Version.SAML_20);
            }

            // Set the issuer
            if (issuer == null) {
                STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
                samlCallback.setIssuer(stsProperties.getIssuer());
            } else {
                samlCallback.setIssuer(issuer);
            }

            // Set the statements
            boolean statementAdded = false;
            if (attributeBeans != null && !attributeBeans.isEmpty()) {
                samlCallback.setAttributeStatementData(attributeBeans);
                statementAdded = true;
            }
            if (authBeans != null && !authBeans.isEmpty()) {
                samlCallback.setAuthenticationStatementData(authBeans);
                statementAdded = true;
            }
            if (authDecisionBeans != null && !authDecisionBeans.isEmpty()) {
                samlCallback.setAuthDecisionStatementData(authDecisionBeans);
                statementAdded = true;
            }

            // If SAML 1.1 we *must* add a Statement
            if (saml1 && !statementAdded) {
                AttributeStatementBean defaultStatement =
                    new DefaultAttributeStatementProvider().getStatement(tokenParameters);
                defaultStatement.setSubject(subjectBean);
                samlCallback.setAttributeStatementData(Collections.singletonList(defaultStatement));
            }

            // Set the conditions
            samlCallback.setConditions(conditionsBean);
        }
    }
}