org.opensaml.saml.saml2.core.AttributeStatement Java Examples
The following examples show how to use
org.opensaml.saml.saml2.core.AttributeStatement.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: OnBehalfOfValidator.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Subject subject = saml2Assertion.getSubject();
NameID nameID = subject.getNameID();
String subjectName = nameID.getValue();
if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
return validatedCredential;
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Example #2
| Source File: CustomSaml2Validator.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
if (!"sts".equals(assertion.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
return validatedCredential;
}
Example #3
| Source File: SamlClient.java From saml-client with MIT License | 6 votes |
|
/**
* Gets attributes from the IDP Response
*
* @param response the response
* @return the attributes
*/
public static Map<String, String> getAttributes(SamlResponse response) {
HashMap<String, String> map = new HashMap<>();
if (response == null) {
return map;
}
List<AttributeStatement> attributeStatements = response.getAssertion().getAttributeStatements();
if (attributeStatements == null) {
return map;
}
for (AttributeStatement statement : attributeStatements) {
for (Attribute attribute : statement.getAttributes()) {
XMLObject xmlObject = attribute.getAttributeValues().get(0);
if (xmlObject instanceof XSStringImpl) {
map.put(attribute.getName(), ((XSStringImpl) xmlObject).getValue());
} else {
map.put(attribute.getName(), ((XSAnyImpl) xmlObject).getTextContent());
}
}
}
return map;
}
Example #4
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 6 votes |
|
@Test
public void shouldReturnAddressAttribute() {
Attribute addressAttribute = new AddressAttributeBuilder_1_1()
.addAddress(new AddressAttributeValueBuilder_1_1()
.addLines(Arrays.asList("10 Whitechapel High St", "London"))
.withPostcode("E1 8DX")
.withFrom(DateTime.parse("2017-07-03"))
.withTo(DateTime.parse("2017-07-30"))
.build())
.buildCurrentAddress();
addressAttribute.setName("currentaddress");
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(addressAttribute)
.addAttribute(createVerifiedAttribute("currentaddress_verified", true))
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
assertThat(result.getAddress()).isNotNull();
}
Example #5
| Source File: AttributeTranslator.java From verify-service-provider with MIT License | 5 votes |
|
public static Attributes translateAttributes(AttributeStatement attributeStatement) {
List<Attribute> statementAttributes = attributeStatement.getAttributes();
VerifiableAttribute<String> verifiableFirstName = getVerifiableStringAttribute(statementAttributes, "firstname", "firstname_verified");
VerifiableAttribute<String> verifiableMiddleName = getVerifiableStringAttribute(statementAttributes, "middlename", "middlename_verified");
VerifiableAttribute<String> verifiableSurname = getVerifiableStringAttribute(statementAttributes, "surname", "surname_verified");
VerifiableAttribute<LocalDate> verifiableDob = getVerifiableDateAttribute(statementAttributes, "dateofbirth", "dateofbirth_verified");
VerifiableAttribute<Address> verifiableAddress = getVerifiableAddressAttribute(statementAttributes, "currentaddress", "currentaddress_verified");
Optional<List<VerifiableAttribute<Address>>> addressHistory = getVerifiableAddressListAttribute(statementAttributes, "addresshistory");
Optional<String> cycle3 = getStringAttributeValue(statementAttributes, "cycle_3");
return new Attributes(verifiableFirstName, verifiableMiddleName, verifiableSurname, verifiableDob, verifiableAddress, addressHistory.orElse(null), cycle3.orElse(null));
}
Example #6
| Source File: SAML2CallbackHandler.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
private void createAndSetStatement(SAMLCallback callback) {
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setAuthenticationMethod("Password");
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
if (attributeStatements != null && !attributeStatements.isEmpty()) {
List<AttributeStatementBean> attrStatementBeans = new ArrayList<>();
for (AttributeStatement attrStatement : attributeStatements) {
AttributeStatementBean attrStatementBean = new AttributeStatementBean();
List<AttributeBean> attrBeans = new ArrayList<>();
for (Attribute attribute : attrStatement.getAttributes()) {
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName(attribute.getName());
attributeBean.setNameFormat(attribute.getNameFormat());
List<Object> attributeValues = new ArrayList<>();
for (XMLObject attrVal : attribute.getAttributeValues()) {
attributeValues.add(attrVal.getDOM().getTextContent());
}
attributeBean.setAttributeValues(attributeValues);
attrBeans.add(attributeBean);
}
attrStatementBean.setSamlAttributes(attrBeans);
attrStatementBeans.add(attrStatementBean);
}
callback.setAttributeStatementData(attrStatementBeans);
}
}
Example #7
| Source File: ActAsValidator.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// The technical user should be in the Subject
Subject subject = saml2Assertion.getSubject();
if (subject == null || subject.getNameID() == null
|| !subject.getNameID().getValue().contains("www.client.com")) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (AttributeStatement statement : attributeStatements) {
List<Attribute> attributes = statement.getAttributes();
for (Attribute attribute : attributes) {
if (!"CustomActAs".equals(attribute.getName()) && !"ActAs".equals(attribute.getName())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (text.contains("alice") || text.contains("bob")) {
return validatedCredential;
}
}
}
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Example #8
| Source File: SAMLGroupIDExtractorImpl.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
/**
* Get the organization list from the SAML2 Assertion
*
* @param assertions SAML2 assertions returned in SAML response
* @return Organization list from the assertion
*/
private String getOrganizationFromSamlAssertion(List<Assertion> assertions) {
List<String> attributeValueArray = new ArrayList<>();
String organizationAttributeName = getOrganizationClaim();
for (Assertion assertion : assertions) {
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
if (attributeStatementList != null) {
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
String attributeName = attribute.getName();
if (organizationAttributeName.equals(attributeName)) {
List<XMLObject> attributeValues = attribute.getAttributeValues();
if (attributeValues != null) {
for (XMLObject attributeValue : attributeValues) {
attributeValueArray.add(getAttributeValue(attributeValue));
}
}
}
}
}
}
}
if (log.isDebugEnabled()) {
log.debug("Organization list found in assertion: " + attributeValueArray);
}
return String.join(",", attributeValueArray);
}
Example #9
| Source File: Util.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
/**
* Get the username from the SAML2 Assertion
*
* @param assertion SAML2 assertion
* @return username
*/
public static String getUsernameFromAssertion(Assertion assertion, String usernameAttribute) {
String username = null;
if (!StringUtils.isEmpty(usernameAttribute)) {
// There can be multiple AttributeStatements in Assertion
List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements != null) {
for (AttributeStatement attributeStatement : attributeStatements) {
// There can be multiple Attributes in an attributeStatement
List<Attribute> attributes = attributeStatement.getAttributes();
if (attributes != null) {
for (Attribute attribute : attributes) {
String attributeName = attribute.getDOM().getAttribute(SSOConstants.SAML_NAME_ATTRIBUTE);
if (attributeName.equals(usernameAttribute)) {
List<XMLObject> attributeValues = attribute.getAttributeValues();
// There can be multiple attribute values in an attribute, but get the first one
username = attributeValues.get(0).getDOM().getTextContent();
if (log.isDebugEnabled()) {
log.debug("Name of authenticated user from SAML response : " + username);
}
}
}
}
}
}
} else {
Subject subject = assertion.getSubject();
if (subject != null) {
if (subject.getNameID() != null) {
username = subject.getNameID().getValue();
if (log.isDebugEnabled()) {
log.debug("Name of authenticated user from SAML response : " + username);
}
}
}
}
return username;
}
Example #10
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test(expected = RequestedOnlyVerifiedException.class)
public void shouldThrowExceptionWhenOnlyRequestingVerified() {
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(createVerifiedAttribute("firstname_verified", true))
.build();
AttributeTranslator.translateAttributes(attributeStatement);
}
Example #11
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test(expected = FailedToRequestVerifiedException.class)
public void shouldThrowExceptionWhenVerifiedNotRequested() {
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(new SimpleStringAttributeBuilder()
.withName("firstname")
.withSimpleStringValue("Bob")
.build())
.build();
AttributeTranslator.translateAttributes(attributeStatement);
}
Example #12
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void shouldReturnCorrectValuesForAddressAttribute() {
List<String> lines = Arrays.asList("10 Whitechapel High St", "London");
String postCode = "E1 8DX";
DateTime from = DateTime.parse("2017-07-03T12:00:00+01:00");
DateTime to = DateTime.parse("2017-07-30T12:00:00+01:00");
Attribute addressAttribute = new AddressAttributeBuilder_1_1()
.addAddress(new AddressAttributeValueBuilder_1_1()
.addLines(lines)
.withPostcode(postCode)
.withFrom(from)
.withTo(to)
.build())
.buildCurrentAddress();
addressAttribute.setName("currentaddress");
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(addressAttribute)
.addAttribute(createVerifiedAttribute("currentaddress_verified", true))
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
assertThat(result.getAddress().getValue().getLines()).isEqualTo(lines);
assertThat(result.getAddress().getValue().getPostCode()).isEqualTo(postCode);
assertThat(result.getAddress().getValue().getFromDate()).hasToString(from.toLocalDate().toString());
assertThat(result.getAddress().getValue().getToDate()).hasToString(to.toLocalDate().toString());
}
Example #13
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void shouldNotReturnUnrequestedAttributes() {
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(new SimpleStringAttributeBuilder()
.withName("firstname")
.withSimpleStringValue("Bob")
.build())
.addAttribute(createVerifiedAttribute("firstname_verified", true))
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
assertThat(result.getSurname()).isNull();
}
Example #14
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void shouldIncludeEmptyAttributes() {
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(new SimpleStringAttributeBuilder()
.withName("firstname")
.withSimpleStringValue("")
.build())
.addAttribute(createVerifiedAttribute("firstname_verified", true))
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
assertThat(result.getFirstName().getValue()).isEmpty();
}
Example #15
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void shouldReturnAddressHistoryAttribute() {
Attribute addressHistoryAttribute = new AddressAttributeBuilder_1_1()
.addAddress(new AddressAttributeValueBuilder_1_1()
.addLines(Arrays.asList("10 Whitechapel High St", "London"))
.withPostcode("E1 8DX")
.withFrom(DateTime.parse("2017-07-03"))
.withTo(DateTime.parse("2017-07-30"))
.withVerified(true)
.build())
.addAddress(new AddressAttributeValueBuilder_1_1()
.addLines(Arrays.asList("42 Old Road", "London"))
.withPostcode("W1 0AA")
.withFrom(DateTime.parse("2015-01-01"))
.withTo(DateTime.parse("2017-07-03"))
.withVerified(true)
.build())
.buildPreviousAddress();
addressHistoryAttribute.setName("addresshistory");
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(addressHistoryAttribute)
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
assertThat(result.getAddressHistory()).isNotNull();
assertThat(result.getAddressHistory().size()).isEqualTo(2);
}
Example #16
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void shouldReturnAllSimpleRequestedAttributes() {
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(new SimpleStringAttributeBuilder()
.withName("firstname")
.withSimpleStringValue("Joe")
.build())
.addAttribute(createVerifiedAttribute("firstname_verified", true))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("middlename")
.withSimpleStringValue("Bob")
.build())
.addAttribute(createVerifiedAttribute("middlename_verified", false))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("surname")
.withSimpleStringValue("Bloggs")
.build())
.addAttribute(createVerifiedAttribute("surname_verified", true))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("dateofbirth")
.withSimpleStringValue("1977-07-21")
.build())
.addAttribute(createVerifiedAttribute("dateofbirth_verified", true))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("cycle_3")
.withSimpleStringValue("1")
.build())
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
assertThat(result.getFirstName()).isNotNull();
assertThat(result.getMiddleName()).isNotNull();
assertThat(result.getSurname()).isNotNull();
assertThat(result.getDateOfBirth()).isNotNull();
assertThat(result.getCycle3()).isNotEmpty();
}
Example #17
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void shouldReturnCorrectRequestedAttributes() {
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(new SimpleStringAttributeBuilder()
.withName("firstname")
.withSimpleStringValue("Bob")
.build())
.addAttribute(createVerifiedAttribute("firstname_verified", false))
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
assertThat(result.getFirstName()).isNotNull();
}
Example #18
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 5 votes |
|
private static AttributeStatement anAttributeStatementContainingAnEidasUnsignedResponse(String countrySamlResponseValue, List<String> encryptedKeys) {
CountrySamlResponse countrySamlAttributeValue = new CountrySamlResponseBuilder().buildObject();
countrySamlAttributeValue.setValue(countrySamlResponseValue);
Attribute countrySamlAttribute = (Attribute) XMLObjectSupport.buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
countrySamlAttribute.setName(IdaConstants.Eidas_Attributes.UnsignedAssertions.EidasSamlResponse.NAME);
countrySamlAttribute.setFriendlyName(IdaConstants.Eidas_Attributes.UnsignedAssertions.EidasSamlResponse.FRIENDLY_NAME);
countrySamlAttribute.setNameFormat(Attribute.URI_REFERENCE);
countrySamlAttribute.getAttributeValues().add(countrySamlAttributeValue);
List<EncryptedAssertionKeys> assertionKeysValues = new ArrayList<>();
for (String key : encryptedKeys) {
EncryptedAssertionKeys keysAttribtueValue = new EncryptedAssertionKeysBuilder().buildObject();
keysAttribtueValue.setValue(key);
assertionKeysValues.add(keysAttribtueValue);
}
Attribute keysAttribute = (Attribute) XMLObjectSupport.buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
keysAttribute.setName(IdaConstants.Eidas_Attributes.UnsignedAssertions.EncryptedSecretKeys.NAME);
keysAttribute.setFriendlyName(IdaConstants.Eidas_Attributes.UnsignedAssertions.EncryptedSecretKeys.FRIENDLY_NAME);
keysAttribute.setNameFormat(Attribute.URI_REFERENCE);
keysAttribute.getAttributeValues().addAll(assertionKeysValues);
return anAttributeStatement()
.addAttribute(countrySamlAttribute)
.addAttribute(keysAttribute)
.build();
}
Example #19
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 5 votes |
|
public static ResponseBuilder aValidEidasResponse(String requestId, String assertionIssuerId, AttributeStatement attributeStatement) {
return ResponseBuilder.aResponse()
.withId(requestId)
.withInResponseTo(requestId)
.withIssuer(anIssuer().withIssuerId(HUB_ENTITY_ID).build())
.addEncryptedAssertion(anEidasEncryptedAssertion(requestId, assertionIssuerId, anEidasSignature(), attributeStatement))
.withSigningCredential(
new TestCredentialFactory(
HUB_TEST_PUBLIC_SIGNING_CERT,
HUB_TEST_PRIVATE_SIGNING_KEY
).getSigningCredential());
}
Example #20
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 5 votes |
|
public static EncryptedAssertion anEidasEncryptedAssertion(String requestId,
String issuerId,
Signature assertionSignature,
AttributeStatement attributeStatement,
boolean shouldSign,
String encryptionAlgorithm)
{
AssertionBuilder assertionBuilder = anAssertion()
.withSubject(
aSubject().withSubjectConfirmation(
aSubjectConfirmation().withSubjectConfirmationData(
aSubjectConfirmationData()
.withInResponseTo(requestId)
.build())
.build())
.build())
.withIssuer(
anIssuer()
.withIssuerId(issuerId)
.build())
.addAttributeStatement(attributeStatement)
.addAuthnStatement(anEidasAuthnStatement().build())
.withConditions(aConditionsForEidas());
if (shouldSign) {
assertionBuilder.withSignature(assertionSignature);
} else {
assertionBuilder.withoutSigning();
assertionBuilder.withSignature(null);
}
return assertionBuilder.buildWithEncrypterCredential(
new TestCredentialFactory(
TEST_RP_PUBLIC_ENCRYPTION_CERT,
TEST_RP_PRIVATE_ENCRYPTION_KEY
).getEncryptingCredential(),
encryptionAlgorithm
);
}
Example #21
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 5 votes |
|
public static EncryptedAssertion anEidasEncryptedAssertion(String requestId,
String issuerId,
Signature assertionSignature,
AttributeStatement attributeStatement) {
return anEidasEncryptedAssertion(
requestId,
issuerId,
assertionSignature,
attributeStatement,
true,
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128
);
}
Example #22
| Source File: ResponseService.java From verify-service-provider with MIT License | 5 votes |
|
private boolean assertionsContainEidasUnsignedAssertionsResponse(List<Assertion> assertions) {
if (assertions == null || assertions.size() != 1) { return false; }
List<AttributeStatement> attributeStatements = assertions.get(ONLY_ONE_PRESENT).getAttributeStatements();
if (attributeStatements.isEmpty() || attributeStatements.size() != 1) { return false; }
return attributeStatements.get(ONLY_ONE_PRESENT).getAttributes()
.stream()
.anyMatch(
attribute -> attribute.getName().equals(
IdaConstants.Eidas_Attributes.UnsignedAssertions.EidasSamlResponse.NAME
)
);
}
Example #23
| Source File: MatchingAssertionTranslator.java From verify-service-provider with MIT License | 5 votes |
|
@Override
public TranslatedResponseBody translateSuccessResponse(
List<Assertion> assertions,
String expectedInResponseTo,
LevelOfAssurance expectedLevelOfAssurance,
String entityId
) {
// 1. check saml has assertions
checkSamlhasAssertions(assertions);
// 2. validate assertions
Assertion assertion = assertions.get(0);
assertionValidator.validate(assertion, expectedInResponseTo, entityId);
assertionsSignatureValidator.validate(assertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
// 3. validate levelOfAssurance
AuthnStatement authnStatement = assertion.getAuthnStatements().get(0);
LevelOfAssurance levelOfAssurance = extractLevelOfAssurance(authnStatement);
levelOfAssuranceValidator.validate(levelOfAssurance, expectedLevelOfAssurance);
// 4. translateAssertions
String nameID = assertion.getSubject().getNameID().getValue();
List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (isUserAccountCreation(attributeStatements)) {
return new TranslatedMatchingResponseBody(
ACCOUNT_CREATION,
nameID,
levelOfAssurance,
AttributeTranslator.translateAttributes(attributeStatements.get(0))
);
}
return new TranslatedMatchingResponseBody(SUCCESS_MATCH, nameID, levelOfAssurance, null);
}
Example #24
| Source File: MockSamlIdpServer.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private String createSamlAuthResponse(AuthnRequest authnRequest) {
try {
Response response = createSamlElement(Response.class);
response.setID(nextId());
if (authnRequest != null) {
response.setInResponseTo(authnRequest.getID());
}
response.setVersion(SAMLVersion.VERSION_20);
response.setStatus(createStatus(StatusCode.SUCCESS));
response.setIssueInstant(new DateTime());
Assertion assertion = createSamlElement(Assertion.class);
response.getAssertions().add(assertion);
assertion.setID(nextId());
assertion.setIssueInstant(new DateTime());
assertion.setIssuer(createIssuer());
AuthnStatement authnStatement = createSamlElement(AuthnStatement.class);
assertion.getAuthnStatements().add(authnStatement);
authnStatement.setAuthnInstant(new DateTime());
authnStatement.setSessionIndex(nextId());
authnStatement.setAuthnContext(createAuthnCotext());
Subject subject = createSamlElement(Subject.class);
assertion.setSubject(subject);
subject.setNameID(createNameID(NameIDType.UNSPECIFIED, authenticateUser));
if (authnRequest != null) {
subject.getSubjectConfirmations()
.add(createSubjectConfirmation("urn:oasis:names:tc:SAML:2.0:cm:bearer",
new DateTime().plusMinutes(1), authnRequest.getID(),
authnRequest.getAssertionConsumerServiceURL()));
} else {
subject.getSubjectConfirmations().add(createSubjectConfirmation("urn:oasis:names:tc:SAML:2.0:cm:bearer",
new DateTime().plusMinutes(1), null, defaultAssertionConsumerService));
}
Conditions conditions = createSamlElement(Conditions.class);
assertion.setConditions(conditions);
conditions.setNotBefore(new DateTime());
conditions.setNotOnOrAfter(new DateTime().plusMinutes(1));
if (authenticateUserRoles != null) {
AttributeStatement attributeStatement = createSamlElement(AttributeStatement.class);
assertion.getAttributeStatements().add(attributeStatement);
Attribute attribute = createSamlElement(Attribute.class);
attributeStatement.getAttributes().add(attribute);
attribute.setName("roles");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
for (String role : authenticateUserRoles) {
attribute.getAttributeValues().add(createXSAny(AttributeValue.DEFAULT_ELEMENT_NAME, role));
}
}
if (signResponses) {
Signature signature = createSamlElement(Signature.class);
assertion.setSignature(signature);
signature.setSigningCredential(this.signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
Signer.signObject(signature);
}
String marshalledXml = marshallSamlXml(response);
return Base64Support.encode(marshalledXml.getBytes("UTF-8"), Base64Support.UNCHUNKED);
} catch (MarshallingException | SignatureException | UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}
Example #25
| Source File: AttributeTranslatorTests.java From verify-service-provider with MIT License | 4 votes |
|
@Test
public void shouldReturnCorrectValuesForSimpleAttributes() {
String firstName = "Joe";
String middleName = "Bob";
String surname = "Bloggs";
String cycle3 = "123456";
AttributeStatement attributeStatement = anAttributeStatement()
.addAttribute(new SimpleStringAttributeBuilder()
.withName("firstname")
.withSimpleStringValue(firstName)
.build())
.addAttribute(createVerifiedAttribute("firstname_verified", true))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("middlename")
.withSimpleStringValue(middleName)
.build())
.addAttribute(createVerifiedAttribute("middlename_verified", false))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("surname")
.withSimpleStringValue(surname)
.build())
.addAttribute(createVerifiedAttribute("surname_verified", true))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("dateofbirth")
.withSimpleStringValue("1977-07-21")
.build())
.addAttribute(createVerifiedAttribute("dateofbirth_verified", true))
.addAttribute(new SimpleStringAttributeBuilder()
.withName("cycle_3")
.withSimpleStringValue(cycle3)
.build())
.build();
Attributes result = AttributeTranslator.translateAttributes(attributeStatement);
DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");
assertThat(result.getFirstName().getValue()).isEqualTo(firstName);
assertThat(result.getMiddleName().getValue()).isEqualTo(middleName);
assertThat(result.getSurname().getValue()).isEqualTo(surname);
assertThat(result.getDateOfBirth().getValue().format(formatter)).isEqualTo("1977-07-21");
assertThat(result.getCycle3()).isEqualTo(cycle3);
}
Example #26
| Source File: SAMLGroupIDExtractorImplTest.java From carbon-apimgt with Apache License 2.0 | 4 votes |
|
@Test
public void getGroupingIdentifierListTestCase() throws ParserConfigurationException, IOException, SAXException,
UnmarshallingException, UserStoreException {
String claim = "http://wso2.org/claims/organization";
String organizationValue = "organization";
SAMLGroupIDExtractorImpl samlGroupIDExtractor = new SAMLGroupIDExtractorImplWrapper();
Mockito.when(DocumentBuilderFactory.newInstance()).thenReturn(documentBuilderFactory);
Mockito.when(documentBuilderFactory.newDocumentBuilder()).
thenReturn(documentBuilder);
Mockito.when(documentBuilder.parse(samlGroupIDExtractor.getByteArrayInputStream("test"))).
thenReturn(document);
Mockito.when(document.getDocumentElement()).thenReturn(element);
ServiceReferenceHolder serviceReferenceHolder = Mockito.mock(ServiceReferenceHolder.class);
PowerMockito.mockStatic(ServiceReferenceHolder.class);
PowerMockito.mockStatic(XMLObjectProviderRegistrySupport.class);
Response response = Mockito.mock(Response.class);
List<Assertion> assertion = new ArrayList();
Subject subject = Mockito.mock(Subject.class);
NameID nameID = Mockito.mock(NameID.class);
Assertion assertion1 = Mockito.mock(Assertion.class);
assertion.add(assertion1);
Mockito.when(XMLObjectProviderRegistrySupport.getUnmarshallerFactory()).thenReturn(unmarshallerFactory);
Mockito.when(unmarshallerFactory.getUnmarshaller(element)).thenReturn(unmarshaller);
Mockito.when(unmarshaller.unmarshall(element)).thenReturn(response);
Mockito.when(response.getAssertions()).thenReturn(assertion);
Mockito.when(assertion.get(0).getSubject()).thenReturn(subject);
Mockito.when(subject.getNameID()).thenReturn(nameID);
Mockito.when(nameID.getValue()).thenReturn("user");
System.setProperty(APIConstants.READ_ORGANIZATION_FROM_SAML_ASSERTION, "true");
APIManagerConfigurationService apiManagerConfigService = Mockito.mock(APIManagerConfigurationService.class);
Mockito.when(ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
Mockito.when(serviceReferenceHolder.getAPIManagerConfigurationService()).thenReturn(apiManagerConfigService);
APIManagerConfiguration apiManagerConfig = Mockito.mock(APIManagerConfiguration.class);
Mockito.when(apiManagerConfigService.getAPIManagerConfiguration()).thenReturn(apiManagerConfig);
Mockito.when(apiManagerConfig.getFirstProperty(APIConstants.API_STORE_GROUP_EXTRACTOR_CLAIM_URI)).
thenReturn("http://wso2.org/claims/organization");
System.setProperty("carbon.home", "");
PrivilegedCarbonContext carbonContext;
carbonContext = Mockito.mock(PrivilegedCarbonContext.class);
PowerMockito.mockStatic(PrivilegedCarbonContext.class);
PowerMockito.when(PrivilegedCarbonContext.getThreadLocalCarbonContext()).thenReturn(carbonContext);
PowerMockito.when(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()).thenReturn(-1234);
PowerMockito.doNothing().when(carbonContext).setTenantDomain("carbon.super", true);
AttributeStatement mockAttributeStatement = PowerMockito.mock(AttributeStatement.class);
List<AttributeStatement> attributeStatementList = Collections.singletonList(mockAttributeStatement);
PowerMockito.when(assertion1.getAttributeStatements()).thenReturn(attributeStatementList);
Attribute mockAttribute = PowerMockito.mock(Attribute.class);
List<Attribute> attributesList = Collections.singletonList(mockAttribute);
PowerMockito.when(mockAttributeStatement.getAttributes()).thenReturn(attributesList);
XMLObject rawAttribute = PowerMockito.mock(XMLObject.class);
PowerMockito.when(rawAttribute.toString()).thenReturn(organizationValue);
List<XMLObject> mockedAttributeValues = Collections.singletonList(rawAttribute);
AttributedStringImpl mockedAttributedStringImpl = new AttributedStringImpl("nameSpaceURI", "elementLocalName",
"namespacePrefix");
String sampleAttrValue = "MockedAuthParamSampleAttribute";
mockedAttributedStringImpl.setValue(sampleAttrValue);
List<XMLObject> mockedXSSAttributeValues = Collections.singletonList((XMLObject) mockedAttributedStringImpl);
XSAnyImpl mockedXSAnyImpl = Mockito.mock(XSAnyImpl.class);
PowerMockito.when(mockedXSAnyImpl.getTextContent()).thenReturn(sampleAttrValue);
List<XMLObject> mockedXSAnyImplAttributeValues = Collections.singletonList((XMLObject) mockedXSAnyImpl);
List<XMLObject> multiMockedAttributeValues = Arrays.asList(rawAttribute, PowerMockito.mock(XMLObject.class));
AuthenticatorsConfiguration.AuthenticatorConfig mockedAuthenticatorConfig = Mockito
.mock(AuthenticatorsConfiguration.AuthenticatorConfig.class);
PowerMockito.when(mockAttribute.getAttributeValues())
.thenReturn(mockedAttributeValues, multiMockedAttributeValues, mockedXSSAttributeValues,
mockedXSAnyImplAttributeValues);
PowerMockito.mockStatic(AuthenticatorsConfiguration.class);
AuthenticatorsConfiguration mockedAuthenticatorsConfiguration = PowerMockito
.mock(AuthenticatorsConfiguration.class);
PowerMockito.when(AuthenticatorsConfiguration.getInstance()).thenReturn(mockedAuthenticatorsConfiguration);
Map<String, String> mockedConfigParameters = new HashMap<String, String>();
mockedConfigParameters.put(APIConstants.ORGANIZATION_CLAIM_ATTRIBUTE, claim);
PowerMockito.when(mockedAuthenticatorConfig.getParameters()).thenReturn(mockedConfigParameters);
PowerMockito.when(mockedAuthenticatorsConfiguration
.getAuthenticatorConfig(APIConstants.SAML2_SSO_AUTHENTICATOR_NAME))
.thenReturn(mockedAuthenticatorConfig);
PowerMockito.when(mockAttribute.getName()).thenReturn(claim);
String[] organizations = samlGroupIDExtractor.
getGroupingIdentifierList("test");
Assert.assertEquals(organizationValue, organizations[0]);
}
Example #27
| Source File: MatchingAssertionTranslator.java From verify-service-provider with MIT License | 4 votes |
|
private boolean isUserAccountCreation(List<AttributeStatement> attributeStatements) {
return !attributeStatements.isEmpty();
}
Example #28
| Source File: SAML2CallbackHandler.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
public List<AttributeStatement> getAttributeStatements() {
return attributeStatements;
}
Example #29
| Source File: SAML2CallbackHandler.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
public void setAttributeStatements(List<AttributeStatement> attributeStatements) {
this.attributeStatements = attributeStatements;
}
