@Override protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } }
assertion.setIssuer(issuerName); assertion.setConditions(SAMLUtils.createConditions(notBefore, notOnOrAfter)); assertion.getStatements().addAll(statements); assertion.setID(UIDGenerator.generateUID()); assertion.setIssueInstant(new DateTime()); return assertion;
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException { Assertion assertion = (Assertion) samlElement; if (assertion.getID() != null) { domElement.setAttributeNS(null, Assertion.ID_ATTRIB_NAME, assertion.getID()); if (assertion.getMinorVersion() != 0) { domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } } if (assertion.getIssuer() != null) { domElement.setAttributeNS(null, Assertion.ISSUER_ATTRIB_NAME, assertion.getIssuer()); } if (assertion.getIssueInstant() != null) { String date = ISODateTimeFormat.dateTime().print(assertion.getIssueInstant()); domElement.setAttributeNS(null, Assertion.ISSUEINSTANT_ATTRIB_NAME, date); } domElement.setAttributeNS(null, Assertion.MAJORVERSION_ATTRIB_NAME, "1"); if (assertion.getMinorVersion() == 0) { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "0"); } else { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "1"); } } }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { Assertion assertion = (Assertion) parentSAMLObject; if (childSAMLObject instanceof Signature) { assertion.setSignature((Signature) childSAMLObject); } else if (childSAMLObject instanceof Conditions) { assertion.setConditions((Conditions) childSAMLObject); } else if (childSAMLObject instanceof Advice) { assertion.setAdvice((Advice) childSAMLObject); } else if (childSAMLObject instanceof Statement) { assertion.getStatements().add((Statement) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
protected void validateDoNotCache(Assertion assertion) throws ValidationException { if (assertion.getMinorVersion() == 0) { Conditions conditions = assertion.getConditions(); if (conditions != null) { for (Condition condition : conditions.getConditions()) { if (condition instanceof DoNotCacheCondition) { throw new ValidationException("DoNotCacheCondition not valid in SAML1.0"); } } } } } }
@Override public void createSAMLAssertion(DateTime notAfter, DateTime notBefore, String assertionId) throws IdentityProviderException { assertion = (Assertion) buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME); Conditions conditions = (Conditions) buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME); conditions.setNotBefore(notBefore); conditions.setNotOnOrAfter(notAfter); ServerConfiguration config = ServerConfiguration.getInstance(); String host = "http://" + config.getFirstProperty("HostName"); assertion.setIssuer(host); assertion.setIssueInstant(new DateTime()); if (appilesTo != null) { Audience audience = (Audience) buildXMLObject(Audience.DEFAULT_ELEMENT_NAME); audience.setUri(appilesTo); AudienceRestrictionCondition audienceRestrictions = (AudienceRestrictionCondition) buildXMLObject(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME); audienceRestrictions.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestrictions); } assertion.setConditions(conditions); assertion.getAttributeStatements().add(this.attributeStmt); assertion.setID(assertionId); }
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { Assertion assertion = (Assertion) samlObject; if (Assertion.ID_ATTRIB_NAME.equals(attribute.getLocalName())) { assertion.setID(attribute.getValue()); } else if (Assertion.ISSUER_ATTRIB_NAME.equals(attribute.getLocalName())) { assertion.setIssuer(attribute.getValue()); } else if (Assertion.ISSUEINSTANT_ATTRIB_NAME.equals(attribute.getLocalName()) && !DatatypeHelper.isEmpty(attribute.getValue())) { assertion.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else if (Assertion.MINORVERSION_ATTRIB_NAME.equals(attribute.getLocalName())) { if (attribute.getValue().equals("0")) { assertion.setVersion(SAMLVersion.VERSION_10); } else { assertion.setVersion(SAMLVersion.VERSION_11); } } else { super.processAttribute(samlObject, attribute); } }
List<AuthenticationStatement> authenticationStatements = assertion.getAuthenticationStatements(); Subject subject; if (authenticationStatements != null && authenticationStatements.size() > 0) { if (assertion.getIssuer() == null || assertion.getIssuer().isEmpty()) { if (log.isDebugEnabled()) { log.debug("Issuer is empty in the SAML assertion"); try { if (log.isDebugEnabled()) { log.debug("Issuer is :" + assertion.getIssuer()); assertion.getIssuer(), tenantDomain, false); if (idpEntityId == null || !assertion.getIssuer().equals(idpEntityId)) { if (log.isDebugEnabled()) { log.debug("SAML Token Issuer verification failed or Issuer not registered"); Conditions conditions = assertion.getConditions(); if (conditions != null) { List<AudienceRestrictionCondition> audienceRestrictions = conditions.getAudienceRestrictionConditions(); if (assertion.getConditions() != null && assertion.getConditions().getNotOnOrAfter() != null) { notOnOrAfterFromConditions = assertion.getConditions().getNotOnOrAfter(); profileValidator.validate(assertion.getSignature()); } catch (ValidationException e) {
samlCallback.getAuthenticationStatementData() ); saml1.getAuthenticationStatements().addAll(authenticationStatements); samlCallback.getAttributeStatementData() ); saml1.getAttributeStatements().addAll(attributeStatements); samlCallback.getAuthDecisionStatementData() ); saml1.getAuthorizationDecisionStatements().addAll(authDecisionStatements); saml1.setConditions(conditions); } catch (org.opensaml.xml.security.SecurityException ex) { throw new WSSecurityException(
subjectStatements.addAll(saml1.getSubjectStatements()); subjectStatements.addAll(saml1.getAuthenticationStatements()); subjectStatements.addAll(saml1.getAttributeStatements()); subjectStatements.addAll(saml1.getAuthorizationDecisionStatements()); for (SubjectStatement subjectStatement : subjectStatements) { Subject subject = subjectStatement.getSubject();
if (samlAssertion.getConditions() == null) { samlAssertion.setConditions((Conditions) CommonUtil.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME)); samlAssertion.getConditions().setNotBefore(new DateTime(creationTime)); samlAssertion.getConditions().setNotOnOrAfter(new DateTime(expirationTime)); .createRequestedSecurityTokenElement(wstVersion, rstrElem); Node tempNode = samlAssertion.getDOM(); reqSecTokenElem.addChild((OMNode) ((Element) rstrElem) .getOwnerDocument().importNode(tempNode, true));
/** * @return the SAML signature. */ @Override public Signature getSAMLSignature() { return assertion.getSignature(); }
/** * Method getId returns the id of this AssertionWrapper object. * * @return the id (type String) of this AssertionWrapper object. */ public String getId() { String id = null; if (saml2 != null) { id = saml2.getID(); } else if (saml1 != null) { id = saml1.getID(); } else { LOG.error("AssertionWrapper: unable to return ID - no saml assertion object"); } if (id == null || id.length() == 0) { LOG.error("AssertionWrapper: ID was null, seeting a new ID value"); id = "_" + UUIDGenerator.getUUID(); if (saml2 != null) { saml2.setID(id); } else if (saml1 != null) { saml1.setID(id); } } return id; }
issueInstant = assertion.getSaml2().getIssueInstant(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) { validFrom = assertion.getSaml1().getConditions().getNotBefore(); validTill = assertion.getSaml1().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml1().getIssueInstant();
validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) { validFrom = assertion.getSaml1().getConditions().getNotBefore(); validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
/** * Issuer of the SAML token * * @return */ @Override public String getIssuerName() { return assertion.getIssuer(); }
) throws WSSecurityException { byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler()); if (key != null && key.length > 0) { return new SAMLKeyInfo(key); for (org.opensaml.saml1.core.Statement stmt : assertion.getStatements()) { org.opensaml.saml1.core.Subject samlSubject = null; if (stmt instanceof org.opensaml.saml1.core.AttributeStatement) {
/** * Method isSigned returns the signed of this AssertionWrapper object. * * @return the signed (type boolean) of this AssertionWrapper object. */ public boolean isSigned() { if (saml2 != null) { return saml2.isSigned() || saml2.getSignature() != null; } else if (saml1 != null) { return saml1.isSigned() || saml1.getSignature() != null; } return false; }
TrustUtil.createRequestedAttachedRef(rstrElem, assertion.getID(),wstVersion); TrustUtil.createRequestedUnattachedRef(rstrElem, assertion.getID(),wstVersion); Token assertionToken; Node tempNode = assertion.getDOM(); reqSecTokenElem.addChild((OMNode) ((Element) rstrElem) .getOwnerDocument().importNode(tempNode, true)); assertionToken = new Token(assertion.getID(), (OMElement) assertion.getDOM(), creationTime.toDate(), expirationTime.toDate());
/** {@inheritDoc} */ public XMLObject unmarshall(Element domElement) throws UnmarshallingException { // After regular unmarshalling, check the minor version and set ID-ness if not SAML 1.0 Assertion assertion = (Assertion) super.unmarshall(domElement); if (assertion.getMinorVersion() != 0 && !DatatypeHelper.isEmpty(assertion.getID())) { domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } return assertion; }