/** * Resolve the SAML entity ID from a SAML 1 response. * * @param response the response * * @return the entity ID, or null if it could not be resolved */ @Nullable protected String processSaml1Response(@Nonnull final org.opensaml.saml.saml1.core.Response response) { String issuer = null; final List<Assertion> assertions = response.getAssertions(); if (assertions != null && assertions.size() > 0) { log.info("Attempting to extract issuer from enclosed SAML 1.x Assertion(s)"); for (Assertion assertion : assertions) { if (assertion != null && assertion.getIssuer() != null) { if (issuer != null && !issuer.equals(assertion.getIssuer())) { log.warn("SAML 1.x assertions, within response '{}' contain different issuer IDs, " + "can not dynamically resolve SAML peer entity ID", response.getID()); return null; } issuer = assertion.getIssuer(); } } } if (issuer == null) { log.warn("Issuer could not be extracted from standard SAML 1.x response message"); } return issuer; }
/** * converts a token into an assertion. * * @param reqToken the req token * @param config the config * @return an assertion */ public Pair<Assertion, WsFederationConfiguration> buildAndVerifyAssertion(final RequestedSecurityToken reqToken, final Collection<WsFederationConfiguration> config) { val securityToken = getSecurityTokenFromRequestedToken(reqToken, config); if (securityToken instanceof Assertion) { LOGGER.debug("Security token is an assertion."); val assertion = Assertion.class.cast(securityToken); LOGGER.debug("Extracted assertion successfully: [{}]", assertion); val cfg = config.stream() .filter(c -> c.getIdentityProviderIdentifier().equals(assertion.getIssuer())) .findFirst() .orElse(null); if (cfg == null) { throw new IllegalArgumentException("Could not locate wsfed configuration for security token provided. The assertion issuer " + assertion.getIssuer() + " does not match any of the identity provider identifiers defined in the configuration"); } return Pair.of(assertion, cfg); } throw new IllegalArgumentException("Could not extract or decrypt an assertion based on the security token provided"); }
/** * Method getIssuerString returns the issuerString of this SamlAssertionWrapper object. * * @return the issuerString (type String) of this SamlAssertionWrapper object. */ public String getIssuerString() { if (samlVersion == SAMLVersion.VERSION_20 && ((org.opensaml.saml.saml2.core.Assertion)samlObject).getIssuer() != null) { return ((org.opensaml.saml.saml2.core.Assertion)samlObject).getIssuer().getValue(); } else if (samlVersion == SAMLVersion.VERSION_11 && ((org.opensaml.saml.saml1.core.Assertion)samlObject).getIssuer() != null) { return ((org.opensaml.saml.saml1.core.Assertion)samlObject).getIssuer(); } LOG.error( "SamlAssertionWrapper: unable to return Issuer string - no saml assertion " + "object or issuer is null" ); return null; }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException { Assertion assertion = (Assertion) samlElement; if (assertion.getID() != null) { domElement.setAttributeNS(null, Assertion.ID_ATTRIB_NAME, assertion.getID()); if (assertion.getMinorVersion() != 0) { domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } } if (assertion.getIssuer() != null) { domElement.setAttributeNS(null, Assertion.ISSUER_ATTRIB_NAME, assertion.getIssuer()); } if (assertion.getIssueInstant() != null) { String date = ISODateTimeFormat.dateTime().print(assertion.getIssueInstant()); domElement.setAttributeNS(null, Assertion.ISSUEINSTANT_ATTRIB_NAME, date); } domElement.setAttributeNS(null, Assertion.MAJORVERSION_ATTRIB_NAME, "1"); if (assertion.getMinorVersion() == 0) { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "0"); } else { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "1"); } } }
c.setIssuer(assertion.getIssuer()); c.setClaimType(URI.create(attribute.getAttributeName())); try {
c.setIssuer(assertion.getIssuer()); c.setClaimType(URI.create(attribute.getAttributeName())); try {
credential.setRetrievedOn(retrievedOn); credential.setId(assertion.getID()); credential.setIssuer(assertion.getIssuer()); credential.setIssuedOn(ZonedDateTime.parse(assertion.getIssueInstant().toDateTimeISO().toString())); val conditions = assertion.getConditions();
credential.setRetrievedOn(retrievedOn); credential.setId(assertion.getID()); credential.setIssuer(assertion.getIssuer()); credential.setIssuedOn(assertion.getIssueInstant());