public String apply(final org.opensaml.saml.saml1.core.Assertion input) { return input.getID(); } });
/** {@inheritDoc} */ public XMLObject unmarshall(Element domElement) throws UnmarshallingException { // After regular unmarshalling, check the minor version and set ID-ness if not SAML 1.0 Assertion assertion = (Assertion) super.unmarshall(domElement); if (assertion.getMinorVersion() != 0 && !Strings.isNullOrEmpty(assertion.getID())) { domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } return assertion; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final Assertion assertion = assertionLookupStrategy.apply(profileRequestContext); if (assertion == null) { log.error("Unable to obtain Assertion to modify"); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return; } final AuthenticationStatement statement = buildAuthenticationStatement(profileRequestContext, authenticationContext.getSubcontext(RequestedPrincipalContext.class)); assertion.getAuthenticationStatements().add(statement); log.debug("{} Added AuthenticationStatement to Assertion {}", getLogPrefix(), assertion.getID()); }
/** * Creates and adds a {@link Conditions} to a given {@link Assertion}. If the {@link Assertion} already contains an * {@link Conditions} this method just returns. * * @param action current action * @param assertion assertion to which the condition will be added * * @return the {@link Conditions} that already existed on, or the one that was added to, the {@link Assertion} */ @Nonnull public static Conditions addConditionsToAssertion(@Nonnull final AbstractProfileAction action, @Nonnull final Assertion assertion) { Conditions conditions = assertion.getConditions(); if (conditions == null) { final SAMLObjectBuilder<Conditions> conditionsBuilder = (SAMLObjectBuilder<Conditions>) XMLObjectProviderRegistrySupport.getBuilderFactory().<Conditions>getBuilderOrThrow( Conditions.DEFAULT_ELEMENT_NAME); conditions = conditionsBuilder.buildObject(); assertion.setConditions(conditions); getLogger().debug("Profile Action {}: Assertion {} did not already contain Conditions, added", action.getClass().getSimpleName(), assertion.getID()); } else { getLogger().debug("Profile Action {}: Assertion {} already contains Conditions, nothing was done", action.getClass().getSimpleName(), assertion.getID()); } return conditions; }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException { Assertion assertion = (Assertion) samlElement; if (assertion.getID() != null) { domElement.setAttributeNS(null, Assertion.ID_ATTRIB_NAME, assertion.getID()); if (assertion.getMinorVersion() != 0) { domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } } if (assertion.getIssuer() != null) { domElement.setAttributeNS(null, Assertion.ISSUER_ATTRIB_NAME, assertion.getIssuer()); } if (assertion.getIssueInstant() != null) { String date = ISODateTimeFormat.dateTime().print(assertion.getIssueInstant()); domElement.setAttributeNS(null, Assertion.ISSUEINSTANT_ATTRIB_NAME, date); } domElement.setAttributeNS(null, Assertion.MAJORVERSION_ATTRIB_NAME, "1"); if (assertion.getMinorVersion() == 0) { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "0"); } else { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "1"); } } }
/** * Constructs and adds a {@link Assertion} to the given {@link Response}. The {@link Assertion} is constructed * using the parameters supplied, and its issue instant is set to the issue instant of the given {@link Response}. * * @param action the current action * @param response the response to which the assertion will be added * @param idGenerator source of assertion ID * @param issuer value for assertion * * @return the assertion that was added to the response */ @Nonnull public static Assertion addAssertionToResponse(@Nonnull final AbstractProfileAction action, @Nonnull final Response response, @Nonnull final IdentifierGenerationStrategy idGenerator, @Nonnull @NotEmpty final String issuer) { final Assertion assertion = buildAssertion(action, idGenerator, issuer); assertion.setIssueInstant(response.getIssueInstant()); getLogger().debug("Profile Action {}: Added Assertion {} to Response {}", new Object[] {action.getClass().getSimpleName(), assertion.getID(), response.getID(),}); response.getAssertions().add(assertion); return assertion; }
return Collections.singletonList(((org.opensaml.saml.saml2.core.Assertion) message).getID()); } else if (message instanceof org.opensaml.saml.saml1.core.Assertion) { return Collections.singletonList(((org.opensaml.saml.saml1.core.Assertion) message).getID());
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SAMLObjectBuilder<DoNotCacheCondition> dncConditionBuilder = (SAMLObjectBuilder<DoNotCacheCondition>) XMLObjectProviderRegistrySupport.getBuilderFactory().<DoNotCacheCondition>getBuilderOrThrow( DoNotCacheCondition.DEFAULT_ELEMENT_NAME); for (final Assertion assertion : response.getAssertions()) { final Conditions conditions = SAML1ActionSupport.addConditionsToAssertion(this, assertion); final List<DoNotCacheCondition> dncConditions = conditions.getDoNotCacheConditions(); if (dncConditions.isEmpty()) { dncConditions.add(dncConditionBuilder.buildObject()); log.debug("{} Added DoNotCache condition to Assertion {}", getLogPrefix(), assertion.getID()); } else { log.debug("{} Assertion {} already contained DoNotCache condition, another was not added", getLogPrefix(), assertion.getID()); } } }
/** * Method getId returns the id of this SamlAssertionWrapper object. * * @return the id (type String) of this SamlAssertionWrapper object. */ public String getId() { String id = null; if (samlVersion == SAMLVersion.VERSION_20) { id = ((org.opensaml.saml.saml2.core.Assertion)samlObject).getID(); if (id == null || id.length() == 0) { LOG.error("SamlAssertionWrapper: ID was null, seeting a new ID value"); id = IDGenerator.generateID("_"); ((org.opensaml.saml.saml2.core.Assertion)samlObject).setID(id); } } else if (samlVersion == SAMLVersion.VERSION_11) { id = ((org.opensaml.saml.saml1.core.Assertion)samlObject).getID(); if (id == null || id.length() == 0) { LOG.error("SamlAssertionWrapper: ID was null, seeting a new ID value"); id = IDGenerator.generateID("_"); ((org.opensaml.saml.saml1.core.Assertion)samlObject).setID(id); } } else { LOG.error("SamlAssertionWrapper: unable to return ID - no saml assertion object"); } return id; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { try { final AttributeStatement statement = buildAttributeStatement(profileRequestContext, getAttributeContext().getIdPAttributes().values()); if (statement == null) { log.debug("{} No AttributeStatement was built, nothing to do", getLogPrefix()); return; } final Assertion assertion = assertionLookupStrategy.apply(profileRequestContext); if (assertion == null) { log.error("Unable to obtain Assertion to modify"); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return; } assertion.getAttributeStatements().add(statement); log.debug("{} Adding constructed AttributeStatement to Assertion {} ", getLogPrefix(), assertion.getID()); } catch (final AttributeEncodingException e) { ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_ENCODE_ATTRIBUTE); } } //CheckStyle: ReturnCount ON
/** * Constructs an {@link Assertion} using the parameters supplied, with its issue instant set to the * current time. * * @param action the current action * @param idGenerator source of assertion ID * @param issuer value for assertion * * @return the assertion */ @Nonnull public static Assertion buildAssertion(@Nonnull final AbstractProfileAction action, @Nonnull final IdentifierGenerationStrategy idGenerator, @Nonnull @NotEmpty final String issuer) { final SAMLObjectBuilder<Assertion> assertionBuilder = (SAMLObjectBuilder<Assertion>) XMLObjectProviderRegistrySupport.getBuilderFactory().<Assertion>getBuilderOrThrow( Assertion.DEFAULT_ELEMENT_NAME); final Assertion assertion = assertionBuilder.buildObject(); assertion.setID(idGenerator.generateIdentifier()); assertion.setIssueInstant(new DateTime()); assertion.setIssuer(issuer); assertion.setVersion(SAMLVersion.VERSION_11); getLogger().debug("Profile Action {}: Created Assertion {}", action.getClass().getSimpleName(), assertion.getID()); return assertion; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final Long lifetime = assertionLifetimeStrategy != null ? assertionLifetimeStrategy.apply(profileRequestContext) : null; if (lifetime == null) { log.debug("{} No assertion lifetime supplied, using default", getLogPrefix()); } if (response instanceof org.opensaml.saml.saml1.core.Response) { for (final org.opensaml.saml.saml1.core.Assertion assertion : ((org.opensaml.saml.saml1.core.Response) response).getAssertions()) { final DateTime expiration = new DateTime(assertion.getIssueInstant()).plus( lifetime != null ? lifetime : defaultAssertionLifetime); log.debug("{} Added NotOnOrAfter condition, indicating an expiration of {}, to Assertion {}", new Object[] {getLogPrefix(), expiration, assertion.getID()}); SAML1ActionSupport.addConditionsToAssertion(this, assertion).setNotOnOrAfter(expiration); } } else if (response instanceof org.opensaml.saml.saml2.core.Response) { for (final org.opensaml.saml.saml2.core.Assertion assertion : ((org.opensaml.saml.saml2.core.Response) response).getAssertions()) { final DateTime expiration = new DateTime(assertion.getIssueInstant()).plus( lifetime != null ? lifetime : defaultAssertionLifetime); log.debug("{} Added NotOnOrAfter condition, indicating an expiration of {}, to Assertion {}", new Object[] {getLogPrefix(), expiration, assertion.getID()}); SAML2ActionSupport.addConditionsToAssertion(this, assertion).setNotOnOrAfter(expiration); } } }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { if (response instanceof org.opensaml.saml.saml1.core.Response) { for (final org.opensaml.saml.saml1.core.Assertion assertion : ((org.opensaml.saml.saml1.core.Response) response).getAssertions()) { addAudienceRestriction(profileRequestContext, SAML1ActionSupport.addConditionsToAssertion(this, assertion)); log.debug("{} Added AudienceRestrictionCondition to Assertion {}", getLogPrefix(), assertion.getID()); } } else if (response instanceof org.opensaml.saml.saml2.core.Response) { for (final org.opensaml.saml.saml2.core.Assertion assertion : ((org.opensaml.saml.saml2.core.Response) response).getAssertions()) { addAudienceRestriction(profileRequestContext, SAML2ActionSupport.addConditionsToAssertion(this, assertion)); log.debug("{} Added AudienceRestrictionCondition to Assertion {}", getLogPrefix(), assertion.getID()); } } }
val credential = new WsFederationCredential(); credential.setRetrievedOn(retrievedOn); credential.setId(assertion.getID()); credential.setIssuer(assertion.getIssuer()); credential.setIssuedOn(ZonedDateTime.parse(assertion.getIssueInstant().toDateTimeISO().toString()));
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { if (response instanceof org.opensaml.saml.saml1.core.Response) { for (final org.opensaml.saml.saml1.core.Assertion assertion : ((org.opensaml.saml.saml1.core.Response) response).getAssertions()) { log.debug("{} Added NotBefore condition to Assertion {}", getLogPrefix(), assertion.getID()); SAML1ActionSupport.addConditionsToAssertion(this, assertion).setNotBefore( ((org.opensaml.saml.saml1.core.Response) response).getIssueInstant()); } } else if (response instanceof org.opensaml.saml.saml2.core.Response) { for (final org.opensaml.saml.saml2.core.Assertion assertion : ((org.opensaml.saml.saml2.core.Response) response).getAssertions()) { log.debug("{} Added NotBefore condition to Assertion {}", getLogPrefix(), assertion.getID()); SAML2ActionSupport.addConditionsToAssertion(this, assertion).setNotBefore( ((org.opensaml.saml.saml2.core.Response) response).getIssueInstant()); } } }
credential.setId(assertion.getID()); credential.setIssuer(assertion.getIssuer()); credential.setIssuedOn(assertion.getIssueInstant());
private String createNewId(SamlAssertionWrapper assertion) { if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); String oldId = saml1Assertion.getID(); saml1Assertion.setID(IDGenerator.generateID("_")); return oldId; } org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); String oldId = saml2Assertion.getID(); saml2Assertion.setID(IDGenerator.generateID("_")); return oldId; }
private String createNewId(SamlAssertionWrapper assertion) { if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); String oldId = saml1Assertion.getID(); saml1Assertion.setID(IDGenerator.generateID("_")); return oldId; } org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); String oldId = saml2Assertion.getID(); saml2Assertion.setID(IDGenerator.generateID("_")); return oldId; }