Lifetime lifetime = context.getRequestSecurityToken().getLifetime(); AudienceRestrictionType restriction = null; AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo(); if (appliesTo != null) restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo)); Principal principal = context.getCallerPrincipal(); if (context.getOnBehalfOfPrincipal() != null) { principal = context.getOnBehalfOfPrincipal(); confirmationMethod = SAMLUtil.SAML2_SENDER_VOUCHES_URI; else if (context.getProofTokenInfo() != null) { confirmationMethod = SAMLUtil.SAML2_HOLDER_OF_KEY_URI; keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo()); } else confirmationMethod = SAMLUtil.SAML2_BEARER_URI; Map<String, Object> claimedAttributes = context.getClaimedAttributes(); if (claimedAttributes != null) { statements.add(StatementUtil.createAttributeStatement(claimedAttributes)); NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer()); AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(), conditions, subject, statements); SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), assertionElement, assertionID); context.setSecurityToken(token);
Element token = context.getRequestSecurityToken().getRenewTargetElement(); if (token == null) throw logger.wsTrustNullRenewTargetError(); conditions.setNotBefore(context.getRequestSecurityToken().getLifetime().getCreated()); conditions.setNotOnOrAfter(context.getRequestSecurityToken().getLifetime().getExpires()); .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(), statements); throw logger.samlAssertionMarshallError(e); SecurityToken securityToken = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), assertionElement, assertionID); context.setSecurityToken(securityToken); attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML2_TOKEN_TYPE); RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); context.setAttachedReference(attachedReference);
WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); requestContext.setTokenIssuer(this.configuration.getSTSName()); if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) requestContext.setServiceProviderPublicKey(providerPublicKey); requestContext.setClaimedAttributes(processor.processClaims(claims, callerPrincipal)); else if (log.isDebugEnabled()) log.debug("Claims have been specified in the request but no processor was found for dialect " requestContext.setOnBehalfOfPrincipal(onBehalfOfPrincipal); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(combinedSecret, providerPublicKey, keyWrapAlgo)); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(serverBinarySecret.getValue(), providerPublicKey, keyWrapAlgo)); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(certificate)); requestContext.setProofTokenInfo(keyInfo); requestContext.setTokenType(request.getTokenType().toString()); PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.initialize(configuration); if (requestContext.getSecurityToken() == null) throw new WSTrustException(ErrorCodes.NULL_VALUE + "Token issued by STS"); SecurityToken contextSecurityToken = requestContext.getSecurityToken();
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); context.setTokenIssuer(this.configuration.getSTSName()); context.setOnBehalfOfPrincipal(onBehalfOfPrincipal); context.setQName(new QName(ns, securityToken.getLocalName())); SecurityToken contextSecurityToken = context.getSecurityToken(); if (contextSecurityToken == null) throw new WSTrustException(ErrorCodes.NULL_VALUE + "Security Token from context"); response.setLifetime(request.getLifetime()); response.setRequestedSecurityToken(requestedSecurityToken); if (context.getAttachedReference() != null) response.setRequestedAttachedReference(context.getAttachedReference()); if (context.getUnattachedReference() != null) response.setRequestedUnattachedReference(context.getUnattachedReference()); return response;
Element token = wstContext.getRequestSecurityToken().getRenewTargetElement(); if (token == null) throw logger.wsTrustNullRenewTargetError(); conditions.setNotBefore(wstContext.getRequestSecurityToken().getLifetime().getCreated()); conditions.setNotOnOrAfter(wstContext.getRequestSecurityToken().getLifetime().getExpires()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions); newAssertion.setIssuer(wstContext.getTokenIssuer()); throw logger.samlAssertionMarshallError(e); SecurityToken securityToken = new StandardSecurityToken(wstContext.getRequestSecurityToken().getTokenType().toString(), assertionElement, assertionID); wstContext.setSecurityToken(securityToken); attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML11_TOKEN_TYPE); RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); wstContext.setAttachedReference(attachedReference);
throw new WSTrustException(ErrorCodes.NULL_VALUE + "security token:Unable to validate token"); WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); context.setOnBehalfOfPrincipal(onBehalfOfPrincipal); context.setQName(new QName(securityToken.getNamespaceURI(), securityToken.getLocalName())); PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.initialize(configuration); status = context.getStatus();
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); context.setOnBehalfOfPrincipal(onBehalfOfPrincipal); context.setQName(new QName(securityToken.getNamespaceURI(), securityToken.getLocalName())); PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.initialize(configuration);
Element token = context.getRequestSecurityToken().getValidateTargetElement(); if (token == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Bad validate request: missing required ValidateTarget"); status.setCode(code); status.setReason(reason); context.setStatus(status);
public void cancelToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof WSTrustRequestContext)) return; WSTrustRequestContext wstContext = (WSTrustRequestContext) context; // get the SAML assertion that will be canceled. Element token = wstContext.getRequestSecurityToken().getCancelTargetElement(); if (token == null) throw logger.wsTrustNullCancelTargetError(); Element assertionElement = (Element) token.getFirstChild(); if (!this.isSAMLAssertion(assertionElement)) throw logger.assertionInvalidError(); // get the assertion ID and add it to the canceled assertions set. String assertionId = assertionElement.getAttribute("AssertionID"); this.revocationRegistry.revokeToken(SAMLUtil.SAML11_TOKEN_TYPE, assertionId); String absoluteKI = this.properties.get(USE_ABSOLUTE_KEYIDENTIFIER); if (absoluteKI != null && "true".equalsIgnoreCase(absoluteKI)) { useAbsoluteKeyIdentifier = true; } }
WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); requestContext.setTokenIssuer(this.configuration.getSTSName()); if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) requestContext.setServiceProviderPublicKey(providerPublicKey); requestContext.setClaimedAttributes(processor.processClaims(claims, callerPrincipal)); else if (log.isDebugEnabled()) log.debug("Claims have been specified in the request but no processor was found for dialect " requestContext.setOnBehalfOfPrincipal(onBehalfOfPrincipal); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(combinedSecret, providerPublicKey, keyWrapAlgo)); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(serverBinarySecret.getValue(), providerPublicKey, keyWrapAlgo)); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(certificate)); requestContext.setProofTokenInfo(keyInfo); requestContext.setTokenType(request.getTokenType().toString()); PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.initialize(configuration); if (requestContext.getSecurityToken() == null) throw new WSTrustException(ErrorCodes.NULL_VALUE + "Token issued by STS"); SecurityToken contextSecurityToken = requestContext.getSecurityToken();
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); context.setTokenIssuer(this.configuration.getSTSName()); context.setOnBehalfOfPrincipal(onBehalfOfPrincipal); context.setQName(new QName(ns, securityToken.getLocalName())); SecurityToken contextSecurityToken = context.getSecurityToken(); if (contextSecurityToken == null) throw new WSTrustException(ErrorCodes.NULL_VALUE + "Security Token from context"); response.setLifetime(request.getLifetime()); response.setRequestedSecurityToken(requestedSecurityToken); if (context.getAttachedReference() != null) response.setRequestedAttachedReference(context.getAttachedReference()); if (context.getUnattachedReference() != null) response.setRequestedUnattachedReference(context.getUnattachedReference()); return response;
Element token = wstContext.getRequestSecurityToken().getRenewTargetElement(); if (token == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Invalid renew request: missing required RenewTarget"); conditions.setNotBefore(wstContext.getRequestSecurityToken().getLifetime().getCreated()); conditions.setNotOnOrAfter(wstContext.getRequestSecurityToken().getLifetime().getExpires()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions); newAssertion.setIssuer(wstContext.getTokenIssuer()); SecurityToken securityToken = new StandardSecurityToken(wstContext.getRequestSecurityToken().getTokenType() .toString(), assertionElement, assertionID); wstContext.setSecurityToken(securityToken); attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML11_TOKEN_TYPE); RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); wstContext.setAttachedReference(attachedReference);
throw new WSTrustException(ErrorCodes.NULL_VALUE + "security token:Unable to validate token"); WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); context.setOnBehalfOfPrincipal(onBehalfOfPrincipal); context.setQName(new QName(securityToken.getNamespaceURI(), securityToken.getLocalName())); PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.initialize(configuration); status = context.getStatus();
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); context.setOnBehalfOfPrincipal(onBehalfOfPrincipal); context.setQName(new QName(securityToken.getNamespaceURI(), securityToken.getLocalName())); PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.initialize(configuration);
Element token = context.getRequestSecurityToken().getRenewTargetElement(); if (token == null) throw new ProcessingException(ErrorCodes.PROCESSING_EXCEPTION conditions.setNotBefore(context.getRequestSecurityToken().getLifetime().getCreated()); conditions.setNotOnOrAfter(context.getRequestSecurityToken().getLifetime().getExpires()); .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(), statements); SecurityToken securityToken = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType() .toString(), assertionElement, assertionID); context.setSecurityToken(securityToken); attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML2_TOKEN_TYPE); RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); context.setAttachedReference(attachedReference);
Element token = wstContext.getRequestSecurityToken().getValidateTargetElement(); if (token == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Bad validate request: missing required ValidateTarget"); status.setCode(code); status.setReason(reason); wstContext.setStatus(status);
public void cancelToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof WSTrustRequestContext)) return; WSTrustRequestContext wstContext = (WSTrustRequestContext) context; // get the SAML assertion that will be canceled. Element token = wstContext.getRequestSecurityToken().getCancelTargetElement(); if (token == null) throw logger.wsTrustNullCancelTargetError(); Element assertionElement = (Element) token.getFirstChild(); if (!this.isSAMLAssertion(assertionElement)) throw logger.assertionInvalidError(); // get the assertion ID and add it to the canceled assertions set. String assertionId = assertionElement.getAttribute("AssertionID"); this.revocationRegistry.revokeToken(SAMLUtil.SAML11_TOKEN_TYPE, assertionId); String absoluteKI = this.properties.get(USE_ABSOLUTE_KEYIDENTIFIER); if (absoluteKI != null && "true".equalsIgnoreCase(absoluteKI)) { useAbsoluteKeyIdentifier = true; } }
Lifetime lifetime = context.getRequestSecurityToken().getLifetime(); AudienceRestrictionType restriction = null; AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo(); if (appliesTo != null) restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo)); Principal principal = context.getCallerPrincipal(); if (context.getOnBehalfOfPrincipal() != null) principal = context.getOnBehalfOfPrincipal(); confirmationMethod = SAMLUtil.SAML2_SENDER_VOUCHES_URI; else if (context.getProofTokenInfo() != null) keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo()); Map<String, Object> claimedAttributes = context.getClaimedAttributes(); if (claimedAttributes != null) NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer()); AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(), conditions, subject, statements); SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), assertionElement, assertionID); context.setSecurityToken(token); SAMLUtil.SAML2_TOKEN_TYPE);
WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); requestContext.setTokenIssuer(this.configuration.getSTSName()); if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) { requestContext.setServiceProviderPublicKey(providerPublicKey); requestContext.setClaimedAttributes(processor.processClaims(claims, callerPrincipal)); else if (logger.isDebugEnabled()) logger.debug("Claims have been specified in the request but no processor was found for dialect " + claims.getDialect()); requestContext.setOnBehalfOfPrincipal(onBehalfOfPrincipal); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(combinedSecret, providerPublicKey, keyWrapAlgo, providerCertificate)); } else { requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(serverSecret, providerPublicKey, keyWrapAlgo, providerCertificate)); requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(certificate)); requestContext.setProofTokenInfo(keyInfo); } else if (value instanceof KeyInfoType) { requestContext.setProofTokenInfo((KeyInfoType) value); } else throw new WSTrustException(logger.unsupportedType(value.toString())); requestContext.setTokenType(request.getTokenType().toString()); PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.initialize(configuration);
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); context.setTokenIssuer(this.configuration.getSTSName()); context.setOnBehalfOfPrincipal(onBehalfOfPrincipal); String ns = securityToken.getNamespaceURI(); context.setQName(new QName(ns, securityToken.getLocalName())); SecurityToken contextSecurityToken = context.getSecurityToken(); if (contextSecurityToken == null) throw new WSTrustException(logger.nullValueError("Security Token from context")); response.setLifetime(request.getLifetime()); response.setRequestedSecurityToken(requestedSecurityToken); if (context.getAttachedReference() != null) response.setRequestedAttachedReference(context.getAttachedReference()); if (context.getUnattachedReference() != null) response.setRequestedUnattachedReference(context.getUnattachedReference()); return response;