private boolean findClaimInAssertion(SamlAssertionWrapper assertion, URI claimURI) { if (assertion.getSaml1() != null) { return findClaimInAssertion(assertion.getSaml1(), claimURI); } else if (assertion.getSaml2() != null) { return findClaimInAssertion(assertion.getSaml2(), claimURI); } return false; }
private boolean findClaimInAssertion(SamlAssertionWrapper assertion, URI claimURI) { if (assertion.getSaml1() != null) { return findClaimInAssertion(assertion.getSaml1(), claimURI); } else if (assertion.getSaml2() != null) { return findClaimInAssertion(assertion.getSaml2(), claimURI); } return false; }
protected String findClaimInAssertion(SamlAssertionWrapper samlAssertionWrapper, URI claimURI) { if (samlAssertionWrapper.getSaml1() != null) { return findClaimInAssertion(samlAssertionWrapper.getSaml1(), claimURI); } else if (samlAssertionWrapper.getSaml2() != null) { return findClaimInAssertion(samlAssertionWrapper.getSaml2(), claimURI); } return "Unsupported SAML version"; }
public Instant getNotBefore() { DateTime validFrom = null; if (getSamlVersion().equals(SAMLVersion.VERSION_20)) { validFrom = getSaml2().getConditions().getNotBefore(); } else { validFrom = getSaml1().getConditions().getNotBefore(); } // Now convert to a Java Instant Object if (validFrom != null) { return validFrom.toDate().toInstant(); } return null; }
public Instant getNotOnOrAfter() { DateTime validTill = null; if (getSamlVersion().equals(SAMLVersion.VERSION_20)) { validTill = getSaml2().getConditions().getNotOnOrAfter(); } else { validTill = getSaml1().getConditions().getNotOnOrAfter(); } // Now convert to a Java Instant Object if (validTill != null) { return validTill.toDate().toInstant(); } return null; }
private String createNewId(SamlAssertionWrapper assertion) { if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); String oldId = saml1Assertion.getID(); saml1Assertion.setID(IDGenerator.generateID("_")); return oldId; } org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); String oldId = saml2Assertion.getID(); saml2Assertion.setID(IDGenerator.generateID("_")); return oldId; }
private String createNewId(SamlAssertionWrapper assertion) { if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); String oldId = saml1Assertion.getID(); saml1Assertion.setID(IDGenerator.generateID("_")); return oldId; } org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); String oldId = saml2Assertion.getID(); saml2Assertion.setID(IDGenerator.generateID("_")); return oldId; }
private void createNewConditions(SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters) { ConditionsBean conditions = conditionsProvider.getConditions(convertToProviderParameters(tokenParameters)); if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); saml1Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml1.core.Conditions saml1Conditions = SAML1ComponentBuilder.createSamlv1Conditions(conditions); saml1Assertion.setConditions(saml1Conditions); } else { org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); saml2Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml2.core.Conditions saml2Conditions = SAML2ComponentBuilder.createConditions(conditions); saml2Assertion.setConditions(saml2Conditions); } }
private void createNewConditions(SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters) { ConditionsBean conditions = conditionsProvider.getConditions(convertToProviderParameters(tokenParameters)); if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); saml1Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml1.core.Conditions saml1Conditions = SAML1ComponentBuilder.createSamlv1Conditions(conditions); saml1Assertion.setConditions(saml1Conditions); } else { org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); saml2Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml2.core.Conditions saml2Conditions = SAML2ComponentBuilder.createConditions(conditions); saml2Assertion.setConditions(saml2Conditions); } }
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) { List<String> addresses = new ArrayList<>(); if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } } return addresses; }
private DateTime getExpiryDate(SamlAssertionWrapper assertion) { if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) { return assertion.getSaml2().getConditions().getNotOnOrAfter(); } return assertion.getSaml1().getConditions().getNotOnOrAfter(); }
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) { List<String> addresses = new ArrayList<>(); if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } } return addresses; }
private DateTime getExpiryDate(SamlAssertionWrapper assertion) { if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) { return assertion.getSaml2().getConditions().getNotOnOrAfter(); } return assertion.getSaml1().getConditions().getNotOnOrAfter(); }
private void signAssertion( SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters ) throws Exception { if (signToken) { STSPropertiesMBean stsProperties = tokenParameters.getStsProperties(); String realm = tokenParameters.getRealm(); RealmProperties samlRealm = null; if (realm != null && realmMap.containsKey(realm)) { samlRealm = realmMap.get(realm); } signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements()); } else { if (assertion.getSaml1().getSignature() != null) { assertion.getSaml1().setSignature(null); } else if (assertion.getSaml2().getSignature() != null) { assertion.getSaml2().setSignature(null); } } }
private void signAssertion( SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters ) throws Exception { if (signToken) { STSPropertiesMBean stsProperties = tokenParameters.getStsProperties(); String realm = tokenParameters.getRealm(); RealmProperties samlRealm = null; if (realm != null && realmMap.containsKey(realm)) { samlRealm = realmMap.get(realm); } signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements()); } else { if (assertion.getSaml1().getSignature() != null) { assertion.getSaml1().setSignature(null); } else if (assertion.getSaml2().getSignature() != null) { assertion.getSaml2().setSignature(null); } } }
private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper assertionW) { for (Statement stmt : assertionW.getSaml1().getStatements()) { org.opensaml.saml.saml1.core.Subject samlSubject = null; if (stmt instanceof AttributeStatement) { AttributeStatement attrStmt = (AttributeStatement) stmt; samlSubject = attrStmt.getSubject(); } else if (stmt instanceof AuthenticationStatement) { AuthenticationStatement authStmt = (AuthenticationStatement) stmt; samlSubject = authStmt.getSubject(); } else { AuthorizationDecisionStatement authzStmt = (AuthorizationDecisionStatement)stmt; samlSubject = authzStmt.getSubject(); } if (samlSubject != null) { return samlSubject; } } return null; }
private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper assertionW) { for (Statement stmt : assertionW.getSaml1().getStatements()) { org.opensaml.saml.saml1.core.Subject samlSubject = null; if (stmt instanceof AttributeStatement) { AttributeStatement attrStmt = (AttributeStatement) stmt; samlSubject = attrStmt.getSubject(); } else if (stmt instanceof AuthenticationStatement) { AuthenticationStatement authStmt = (AuthenticationStatement) stmt; samlSubject = authStmt.getSubject(); } else { AuthorizationDecisionStatement authzStmt = (AuthorizationDecisionStatement)stmt; samlSubject = authzStmt.getSubject(); } if (samlSubject != null) { return samlSubject; } } return null; }
private SecurityToken createSecurityToken( SamlAssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } if (subjectKeyInfo.getPublicKey() != null) { token.setKey(subjectKeyInfo.getPublicKey()); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
private SecurityToken createSecurityToken( SamlAssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } if (subjectKeyInfo.getPublicKey() != null) { token.setKey(subjectKeyInfo.getPublicKey()); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }