/** * Returns a {@link NameID} which is matched to the specified {@code filter} from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, Predicate<NameID> filter) { return response.getAssertions().stream() .map(s -> s.getSubject().getNameID()) .filter(filter) .findFirst(); }
assertions = response.getAssertions(); } else { builder.add(decryptAssertion(encryptedAssertion, idp.encryptionCredential())); builder.addAll(response.getAssertions()); assertions = builder.build();
response.getAssertions().add(assertion);
/** * Returns a {@link NameID} which is matched to the specified {@code filter} from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, Predicate<NameID> filter) { return response.getAssertions().stream() .map(s -> s.getSubject().getNameID()) .filter(filter) .findFirst(); }
@Nullable private String findLoginNameFromSubjects(Response response) { if (Strings.isNullOrEmpty(subjectLoginNameIdFormat)) { return null; } return response.getAssertions() .stream() .map(s -> s.getSubject().getNameID()) .filter(nameId -> nameId.getFormat().equals(subjectLoginNameIdFormat)) .map(NameIDType::getValue) .findFirst() .orElse(null); }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { Response resp = (Response) parentSAMLObject; if (childSAMLObject instanceof Assertion) { resp.getAssertions().add((Assertion) childSAMLObject); } else if (childSAMLObject instanceof EncryptedAssertion) { resp.getEncryptedAssertions().add((EncryptedAssertion) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
/** * Decrypt encrypted assertions and add them to the assertions list of the response. * * @param response the response * @param decrypter the decrypter */ protected final void decryptEncryptedAssertions(final Response response, final Decrypter decrypter) { for (final EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) { try { final Assertion decryptedAssertion = decrypter.decrypt(encryptedAssertion); response.getAssertions().add(decryptedAssertion); } catch (final DecryptionException e) { logger.error("Decryption of assertion failed, continue with the next one", e); } } }
@Override public String getPrincipalIdFrom(final Authentication authentication, final Object returnValue, final Exception exception) { val response = (Response) returnValue; if (!response.getAssertions().isEmpty()) { val assertion = response.getAssertions().get(0); val subject = assertion.getSubject(); if (subject != null && subject.getNameID() != null) { return subject.getNameID().getValue(); } } return super.getPrincipalIdFrom(authentication, returnValue, exception); }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { log.debug("{} Attempting to add SubjectConfirmation to assertions in outgoing Response", getLogPrefix()); response = responseLookupStrategy.apply(profileRequestContext); if (response == null) { log.debug("{} No SAML response located in current profile request context", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return false; } else if (response.getAssertions().isEmpty()) { log.debug("{} No assertions in response message, nothing to do", getLogPrefix()); return false; } return super.doPreExecute(profileRequestContext); }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { log.debug("{} Attempting to add OneTimeUse condition to every Assertion in Response", getLogPrefix()); response = responseLookupStrategy.apply(profileRequestContext); if (response == null) { log.debug("{} No SAML response located in current profile request context", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return false; } else if (response.getAssertions().isEmpty()) { log.debug("{} No assertions in response message, nothing to do", getLogPrefix()); return false; } return super.doPreExecute(profileRequestContext); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { for (final Assertion assertion : response.getAssertions()) { addProxyRestriction(profileRequestContext, SAML2ActionSupport.addConditionsToAssertion(this, assertion)); log.debug("{} Added ProxyRestriction to Assertion {}", getLogPrefix(), assertion.getID()); } }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final StatusResponseType message = responseLookupStrategy.apply(profileRequestContext); if (message != null) { if (message instanceof Response) { response = (Response) message; } else if (message instanceof ArtifactResponse && ((ArtifactResponse) message).getMessage() instanceof Response) { response = (Response) ((ArtifactResponse) message).getMessage(); } } if (response == null || response.getAssertions().isEmpty()) { log.debug("{} Response was not present or contained no assertions, nothing to do", getLogPrefix()); return false; } return super.doPreExecute(profileRequestContext); }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final StatusResponseType message = responseLookupStrategy.apply(profileRequestContext); if (message != null) { if (message instanceof Response) { response = (Response) message; } else if (message instanceof ArtifactResponse && ((ArtifactResponse) message).getMessage() instanceof Response) { response = (Response) ((ArtifactResponse) message).getMessage(); } } if (response == null || response.getAssertions().isEmpty()) { log.debug("{} Response was not present or contained no assertions, nothing to do", getLogPrefix()); return false; } return super.doPreExecute(profileRequestContext); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { int count = 0; for (final Assertion assertion : response.getAssertions()) { final Subject subject = getAssertionSubject(assertion); final NameID existing = subject.getNameID(); if (existing == null || overwriteExisting) { subject.setNameID(cloneNameID()); count ++; } } if (count > 0) { log.debug("{} Added NameID to {} assertion(s)", getLogPrefix(), count); } }
protected Element createResponse(Idp idp, String requestID, Assertion assertion) throws Exception { Document doc = DOMUtils.newDocument(); Status status = SAML2PResponseComponentBuilder.createStatus( "urn:oasis:names:tc:SAML:2.0:status:Success", null ); String issuer = isUseRealmForIssuer() ? idp.getRealm() : idp.getIdpUrl().toString(); Response response = SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status); response.getAssertions().add(assertion); Element policyElement = OpenSAMLUtil.toDom(response, doc); doc.appendChild(policyElement); return policyElement; }
public static Response createResponse( Issuer issuer, Status status, String requestId, Element samlAssertion) throws WSSecurityException { Response response = responseSAMLObjectBuilder.buildObject(); response.setIssuer(issuer); response.setStatus(status); response.setID("_" + UUID.randomUUID().toString()); response.setIssueInstant(new DateTime()); response.setInResponseTo(requestId); response.setVersion(SAMLVersion.VERSION_20); if (samlAssertion != null) { SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(samlAssertion); response.getAssertions().add(samlAssertionWrapper.getSaml2()); } return response; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SAMLObjectBuilder<OneTimeUse> conditionBuilder = (SAMLObjectBuilder<OneTimeUse>) XMLObjectProviderRegistrySupport.getBuilderFactory().<OneTimeUse>getBuilderOrThrow( OneTimeUse.DEFAULT_ELEMENT_NAME); for (final Assertion assertion : response.getAssertions()) { final Conditions conditions = SAML2ActionSupport.addConditionsToAssertion(this, assertion); if (conditions.getOneTimeUse() == null) { conditions.getConditions().add(conditionBuilder.buildObject()); log.debug("{} Added OneTimeUse condition to Assertion {}", getLogPrefix(), assertion.getID()); } else { log.debug("{} Assertion {} already contained OneTimeUse condition, another was not added", getLogPrefix(), assertion.getID()); } } }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SAMLObjectBuilder<GeneratedKey> keyBuilder = (SAMLObjectBuilder<GeneratedKey>) XMLObjectProviderRegistrySupport.getBuilderFactory().<GeneratedKey>getBuilderOrThrow( GeneratedKey.DEFAULT_ELEMENT_NAME); final String key = Base64Support.encode(ecpContext.getSessionKey(), false); for (final Assertion assertion : response.getAssertions()) { final Advice advice = SAML2ActionSupport.addAdviceToAssertion(this, assertion); final GeneratedKey gk = keyBuilder.buildObject(); gk.setValue(key); advice.getChildren().add(gk); } log.debug("{} Added GeneratedKey to Advice", getLogPrefix()); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SAMLObjectBuilder<ChannelBindings> cbBuilder = (SAMLObjectBuilder<ChannelBindings>) XMLObjectProviderRegistrySupport.getBuilderFactory().<ChannelBindings>getBuilderOrThrow( ChannelBindings.DEFAULT_ELEMENT_NAME); for (final Assertion assertion : response.getAssertions()) { final Advice advice = SAML2ActionSupport.addAdviceToAssertion(this, assertion); for (final ChannelBindings cb : channelBindingsContext.getChannelBindings()) { final ChannelBindings newCB = cbBuilder.buildObject(); newCB.setType(cb.getType()); advice.getChildren().add(newCB); } } log.debug("{} Added ChannelBindings indicator(s) to Advice", getLogPrefix()); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { if (response instanceof org.opensaml.saml.saml1.core.Response) { for (final org.opensaml.saml.saml1.core.Assertion assertion : ((org.opensaml.saml.saml1.core.Response) response).getAssertions()) { log.debug("{} Added NotBefore condition to Assertion {}", getLogPrefix(), assertion.getID()); SAML1ActionSupport.addConditionsToAssertion(this, assertion).setNotBefore( ((org.opensaml.saml.saml1.core.Response) response).getIssueInstant()); } } else if (response instanceof org.opensaml.saml.saml2.core.Response) { for (final org.opensaml.saml.saml2.core.Assertion assertion : ((org.opensaml.saml.saml2.core.Response) response).getAssertions()) { log.debug("{} Added NotBefore condition to Assertion {}", getLogPrefix(), assertion.getID()); SAML2ActionSupport.addConditionsToAssertion(this, assertion).setNotBefore( ((org.opensaml.saml.saml2.core.Response) response).getIssueInstant()); } } }