org.opensaml.saml.saml2.core.AuthnContextClassRef Java Examples
The following examples show how to use
org.opensaml.saml.saml2.core.AuthnContextClassRef.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SamlpRequestComponentBuilder.java From cxf with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
public static RequestedAuthnContext createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration comparison,
List<AuthnContextClassRef> authnCtxClassRefList,
List<AuthnContextDeclRef> authnCtxDeclRefList
) {
if (requestedAuthnCtxBuilder == null) {
requestedAuthnCtxBuilder = (SAMLObjectBuilder<RequestedAuthnContext>)
builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
}
RequestedAuthnContext authnCtx = requestedAuthnCtxBuilder.buildObject();
authnCtx.setComparison(comparison);
if (authnCtxClassRefList != null) {
List<AuthnContextClassRef> classRefList = authnCtx.getAuthnContextClassRefs();
classRefList.addAll(authnCtxClassRefList);
}
if (authnCtxDeclRefList != null) {
List<AuthnContextDeclRef> declRefList = authnCtx.getAuthnContextDeclRefs();
declRefList.addAll(authnCtxDeclRefList);
}
return authnCtx;
}
Example #2
| Source File: SamlpRequestComponentBuilder.java From cxf-fediz with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
public static RequestedAuthnContext createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration comparison,
List<AuthnContextClassRef> authnCtxClassRefList,
List<AuthnContextDeclRef> authnCtxDeclRefList
) {
if (requestedAuthnCtxBuilder == null) {
requestedAuthnCtxBuilder = (SAMLObjectBuilder<RequestedAuthnContext>)
builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
}
RequestedAuthnContext authnCtx = requestedAuthnCtxBuilder.buildObject();
authnCtx.setComparison(comparison);
if (authnCtxClassRefList != null) {
List<AuthnContextClassRef> classRefList = authnCtx.getAuthnContextClassRefs();
classRefList.addAll(authnCtxClassRefList);
}
if (authnCtxDeclRefList != null) {
List<AuthnContextDeclRef> declRefList = authnCtx.getAuthnContextDeclRefs();
declRefList.addAll(authnCtxDeclRefList);
}
return authnCtx;
}
Example #3
| Source File: MockSamlIdpServer.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private AuthnContext createAuthnCotext() {
AuthnContext authnContext = createSamlElement(AuthnContext.class);
AuthnContextClassRef authnContextClassRef = createSamlElement(AuthnContextClassRef.class);
authnContextClassRef.setAuthnContextClassRef(AuthnContext.UNSPECIFIED_AUTHN_CTX);
authnContext.setAuthnContextClassRef(authnContextClassRef);
return authnContext;
}
Example #4
| Source File: AbstractSaml20ObjectBuilder.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
/**
* New authn statement.
*
* @param contextClassRef the context class ref such as {@link AuthnContext#PASSWORD_AUTHN_CTX}
* @param authnInstant the authn instant
* @return the authn statement
*/
public AuthnStatement newAuthnStatement(final String contextClassRef, final DateTime authnInstant) {
final AuthnStatement stmt = newSamlObject(AuthnStatement.class);
final AuthnContext ctx = newSamlObject(AuthnContext.class);
final AuthnContextClassRef classRef = newSamlObject(AuthnContextClassRef.class);
classRef.setAuthnContextClassRef(contextClassRef);
ctx.setAuthnContextClassRef(classRef);
stmt.setAuthnContext(ctx);
stmt.setAuthnInstant(authnInstant);
return stmt;
}
Example #5
| Source File: IdentityAssertionTranslator.java From verify-service-provider with MIT License | 5 votes |
|
String extractLevelOfAssuranceUriFrom(Assertion assertion) {
AuthnStatement authnStatement = getAuthnStatementFrom(assertion);
return ofNullable(authnStatement.getAuthnContext())
.map(AuthnContext::getAuthnContextClassRef)
.map(AuthnContextClassRef::getAuthnContextClassRef)
.orElseThrow(() -> new SamlResponseValidationException("Expected a level of assurance."));
}
Example #6
| Source File: MatchingAssertionTranslator.java From verify-service-provider with MIT License | 5 votes |
|
private LevelOfAssurance extractLevelOfAssurance(AuthnStatement authnStatement) {
String levelOfAssuranceString = ofNullable(authnStatement.getAuthnContext())
.map(AuthnContext::getAuthnContextClassRef)
.map(AuthnContextClassRef::getAuthnContextClassRef)
.orElseThrow(() -> new SamlResponseValidationException("Expected a level of assurance."));
try {
return LevelOfAssurance.fromSamlValue(levelOfAssuranceString);
} catch (Exception ex) {
throw new SamlResponseValidationException(String.format("Level of assurance '%s' is not supported.", levelOfAssuranceString));
}
}
Example #7
| Source File: SAML2PResponseComponentBuilder.java From syncope with Apache License 2.0 | 5 votes |
|
public static AuthnContextClassRef createAuthnContextClassRef(final String newAuthnContextClassRef) {
if (authnContextClassRefBuilder == null) {
authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
}
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
authnContextClassRef.setAuthnContextClassRef(newAuthnContextClassRef);
return authnContextClassRef;
}
Example #8
| Source File: DefaultRequestedAuthnContextProvider.java From syncope with Apache License 2.0 | 5 votes |
|
@Override
public RequestedAuthnContext provide() {
AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
RequestedAuthnContext requestedAuthnContext = new RequestedAuthnContextBuilder().buildObject();
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
return requestedAuthnContext;
}
Example #9
| Source File: SamlpRequestComponentBuilder.java From cxf with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public static AuthnContextClassRef createAuthnCtxClassRef(
String authnCtxClassRefValue
) {
if (requestedAuthnCtxClassRefBuilder == null) {
requestedAuthnCtxClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>)
builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
}
AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject();
authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue);
return authnCtxClassRef;
}
Example #10
| Source File: DefaultAuthnRequestBuilder.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(
Message message,
String issuerId,
String assertionConsumerServiceAddress
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(
assertionConsumerServiceAddress,
forceAuthn,
isPassive,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
}
Example #11
| Source File: AuthnRequestBuilderTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
Document doc = DOMUtils.createDocument();
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer"
);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
AuthnRequest authnRequest =
SamlpRequestComponentBuilder.createAuthnRequest(
"http://localhost:9001/sso", false, false,
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20,
issuer, nameIDPolicy, authnCtx
);
Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
doc.appendChild(policyElement);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
Example #12
| Source File: SAML2PResponseComponentBuilder.java From cxf with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public static AuthnContextClassRef createAuthnContextClassRef(String newAuthnContextClassRef) {
if (authnContextClassRefBuilder == null) {
authnContextClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>)
builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
}
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
authnContextClassRef.setAuthnContextClassRef(newAuthnContextClassRef);
return authnContextClassRef;
}
Example #13
| Source File: SamlpRequestComponentBuilder.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public static AuthnContextClassRef createAuthnCtxClassRef(
String authnCtxClassRefValue
) {
if (requestedAuthnCtxClassRefBuilder == null) {
requestedAuthnCtxClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>)
builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
}
AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject();
authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue);
return authnCtxClassRef;
}
Example #14
| Source File: DefaultSAMLPRequestBuilder.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(
String issuerId,
String assertionConsumerServiceAddress
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, nameIDFormat, issuerId
);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(
assertionConsumerServiceAddress,
forceAuthn,
isPassive,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
}
Example #15
| Source File: CustomSAMLPRequestBuilder.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(
String issuerId,
String assertionConsumerServiceAddress
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", issuerId
);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(
assertionConsumerServiceAddress,
forceAuthn,
isPassive,
protocolBinding,
SAMLVersion.VERSION_11,
issuer,
nameIDPolicy,
authnCtx
);
}
Example #16
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testBadIssuerFormat() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
String issuerId = "urn:org:apache:cxf:fediz:fedizhelloworld";
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
issuer.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest(
consumerURL,
false,
false,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
