/** * Returns a {@link NameID} that its name format equals to the specified {@code expectedFormat}, * from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, SamlNameIdFormat expectedFormat) { return getNameId(response, nameId -> nameId.getFormat().equals(expectedFormat.urn())); }
private LogoutRequest getLogoutRequest(String destination, String issuerId) { final LogoutRequest logoutRequest = build(LogoutRequest.DEFAULT_ELEMENT_NAME); logoutRequest.setID(requestIdManager.newId()); logoutRequest.setDestination(destination); final Issuer issuer = build(Issuer.DEFAULT_ELEMENT_NAME); issuer.setValue(issuerId); logoutRequest.setIssuer(issuer); logoutRequest.setIssueInstant(DateTime.now()); final NameID nameID = build(NameID.DEFAULT_ELEMENT_NAME); nameID.setFormat(SamlNameIdFormat.EMAIL.urn()); logoutRequest.setNameID(nameID); return logoutRequest; }
/** * Create an efficient field-wise copy of a {@link NameID}. * * @return the copy */ @Nonnull private NameID cloneNameID() { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
/** * Return true iff the two input {@link NameID} objects are equivalent for SAML 2.0 purposes. * * @param name1 first NameID to check * @param name2 second NameID to check * @return true iff the two values should be viewed as equivalent */ public static boolean areNameIDsEquivalent(@Nonnull final NameID name1, @Nonnull final NameID name2) { return areNameIDFormatsEquivalent(name1.getFormat(), name2.getFormat()) && Objects.equals(name1.getValue(), name2.getValue()) && Objects.equals(name1.getNameQualifier(), name2.getNameQualifier()) && Objects.equals(name1.getSPNameQualifier(), name2.getSPNameQualifier()); }
@SuppressWarnings("unchecked") public static NameID createNameID(NameIDBean nameIDBean) { if (nameIdBuilder == null) { nameIdBuilder = (SAMLObjectBuilder<NameID>) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME); } NameID nameID = nameIdBuilder.buildObject(); nameID.setNameQualifier(nameIDBean.getNameQualifier()); nameID.setFormat(nameIDBean.getNameIDFormat()); nameID.setValue(nameIDBean.getNameValue()); nameID.setSPNameQualifier(nameIDBean.getSPNameQualifier()); nameID.setSPProvidedID(nameIDBean.getSPProvidedID()); return nameID; }
/** {@inheritDoc} */ @Override @Nullable public String decode(@Nonnull final SubjectCanonicalizationContext c14nContext, @Nonnull final NameID nameIdentifier) throws NameDecoderException { return decode(nameIdentifier.getValue()); }
/** * Gets name id. * * @param nameIdFormat the name id format * @param nameIdValue the name id value * @return the name iD */ protected NameID getNameID(final String nameIdFormat, final String nameIdValue) { final NameID nameId = newSamlObject(NameID.class); nameId.setFormat(nameIdFormat); nameId.setValue(nameIdValue); return nameId; }
try { if (subject != null && subject.getNameID() != null && subject.getNameID().getFormat() != null && super.getSsoIdpConfig().getNameIDFormat() != null && subject.getNameID().getFormat().equals(super.getSsoIdpConfig().getNameIDFormat())) { UserStoreManager userStoreManager = SAMLQueryServiceComponent.getRealmservice(). getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId()). getUserStoreManager(); String user = subject.getNameID().getValue(); if (userStoreManager.isExistingUser(MultitenantUtils.getTenantAwareUsername(user))) { log.debug("Request with id:" + subjectQuery.getID() + " contain valid subject");
nameId.setFormat(format); nameId.setNameQualifier(qualifier); continue; nameId.setValue((String) value); return nameId; } else {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; callback.setSamlVersion(Version.SAML_20); callback.setIssuer(issuer); if (conditions != null) { callback.setConditions(conditions); } SubjectBean subjectBean = new SubjectBean( subject.getNameID().getValue(), subject.getNameID().getNameQualifier(), confirmationMethod ); subjectBean.setSubjectNameIDFormat(subject.getNameID().getFormat()); subjectBean.setSubjectConfirmationData(subjectConfirmationData); callback.setSubject(subjectBean); createAndSetStatement(callback); } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } }
/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameID target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameID.UNSPECIFIED)) { log.debug("Applying policy to NameID with Format {}", format != null ? format : NameID.UNSPECIFIED); return doApply(requesterId, responderId, format, target.getNameQualifier(), target.getSPNameQualifier()); } else { log.debug("Policy checking disabled for NameID Format {}", format != null ? format : NameID.UNSPECIFIED); return true; } }
val query = AttributeQuery.class.cast(authnRequest); val nameID = query.getSubject().getNameID(); nameID.detach(); LOGGER.debug("Choosing NameID format [{}] with value [{}] for attribute query", nameID.getFormat(), nameID.getValue()); return nameID; LOGGER.debug("Encoding NameID based on [{}]", nameFormat); var nameId = encoder.encode(attribute); LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameId.getFormat(), nameId.getValue()); return nameId; } catch (final Exception e) {
ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); if (nameID.getValue() == null) { throw new NameDecoderException("Persistent NameID was empty"); String recipientID = nameID.getSPNameQualifier(); if (recipientID == null) { recipientID = c14nContext.getRequesterId(); String issuerID = nameID.getNameQualifier(); if (issuerID == null) { issuerID = c14nContext.getResponderId(); final PersistentIdEntry entry = pidStore.getByIssuedValue(issuerID, recipientID, nameID.getValue()); if (entry == null || entry.getPrincipalName() == null) { log.info("No entry found for persistent ID {}", nameID.getValue()); return null;
nid.setValue(request.getSubject().getPrincipal().getValue()); nid.setFormat(principal.getFormat().toString()); nid.setSPNameQualifier(principal.getSpNameQualifier());
/** * Finalize name id name id. * * @param nameid the nameid * @param authnRequest the authn request * @param assertion the assertion * @param supportedNameFormats the supported name formats * @param service the service * @param adaptor the adaptor * @return the name id */ protected NameID finalizeNameId(final NameID nameid, final RequestAbstractType authnRequest, final Object assertion, final List<String> supportedNameFormats, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) { if (StringUtils.isNotBlank(service.getNameIdQualifier())) { nameid.setNameQualifier(service.getNameIdQualifier()); } else { val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest); nameid.setNameQualifier(issuer); } if (StringUtils.isNotBlank(service.getServiceProviderNameIdQualifier())) { nameid.setSPNameQualifier(service.getServiceProviderNameIdQualifier()); } else { nameid.setSPNameQualifier(adaptor.getEntityId()); } return nameid; }
public static NameID createNameID(String nameIdValue) { NameID nameId = nameIdBuilder.buildObject(); nameId.setValue(nameIdValue); return nameId; }
/** {@inheritDoc} */ public String apply(final ProfileRequestContext input) { // First attempt to resolve SPNameQualifier from delegated Assertion's Subject NameID, if present if (nameID.getSPNameQualifier() != null) { log.debug("Saw delegated Assertion Subject NameID SPNameQualifier: {}", nameID.getSPNameQualifier()); return nameID.getSPNameQualifier(); } // Second attempt to resolve entityID of entity in SAML presenter role if (input != null && input.getInboundMessageContext() != null) { final SAMLPresenterEntityContext presenterContext = input.getInboundMessageContext().getSubcontext(SAMLPresenterEntityContext.class); if (presenterContext != null) { log.debug("Saw SAML presenter entityID: {}", presenterContext.getEntityId()); return presenterContext.getEntityId(); } else { return null; } } return null; }
/** * Create an efficient field-wise copy of a {@link NameID}. * * @param nameId the object to clone * * @return the copy */ @Nonnull private NameID cloneNameID(@Nonnull final NameID nameId) { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
protected NameIdPrincipal getNameIdPrincipal(NameID p) { return new NameIdPrincipal() .setSpNameQualifier(p.getSPNameQualifier()) .setNameQualifier(p.getNameQualifier()) .setFormat(NameId.fromUrn(p.getFormat())) .setSpProvidedId(p.getSPProvidedID()) .setValue(p.getValue()); }
/** {@inheritDoc} */ @Override @Nullable protected NameID doGenerate(@Nonnull final ProfileRequestContext profileRequestContext) throws SAMLException { final String identifier = getIdentifier(profileRequestContext); if (identifier == null) { log.debug("No identifier to use"); return null; } log.debug("Generating NameID {} with Format {}", identifier, getFormat()); final NameID nameIdentifier = nameBuilder.buildObject(); nameIdentifier.setValue(identifier); nameIdentifier.setFormat(getFormat()); nameIdentifier.setNameQualifier(getEffectiveIdPNameQualifier(profileRequestContext)); nameIdentifier.setSPNameQualifier(getEffectiveSPNameQualifier(profileRequestContext)); nameIdentifier.setSPProvidedID(getSPProvidedID()); return nameIdentifier; }