/** * Returns a {@link NameID} which is matched to the specified {@code filter} from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, Predicate<NameID> filter) { return response.getAssertions().stream() .map(s -> s.getSubject().getNameID()) .filter(filter) .findFirst(); }
/** * method used to get subject value * @param subject subject element of request message * @return String subject value */ protected String getUserName(Subject subject) { return subject.getNameID().getValue(); }
/** * Returns a {@link NameID} which is matched to the specified {@code filter} from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, Predicate<NameID> filter) { return response.getAssertions().stream() .map(s -> s.getSubject().getNameID()) .filter(filter) .findFirst(); }
@Nullable private String findLoginNameFromSubjects(Response response) { if (Strings.isNullOrEmpty(subjectLoginNameIdFormat)) { return null; } return response.getAssertions() .stream() .map(s -> s.getSubject().getNameID()) .filter(nameId -> nameId.getFormat().equals(subjectLoginNameIdFormat)) .map(NameIDType::getValue) .findFirst() .orElse(null); }
/** * Apply function to an assertion. * * @param assertion assertion to operate on * * @return the format, or null */ @Nullable private String apply(@Nonnull final org.opensaml.saml.saml2.core.Assertion assertion) { if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { return assertion.getSubject().getNameID().getFormat(); } return null; }
/** * Apply function to an assertion. * * @param assertion assertion to operate on * * @return the identifier, or null */ @Nullable private String apply(@Nonnull final org.opensaml.saml.saml2.core.Assertion assertion) { if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { return assertion.getSubject().getNameID().getValue(); } return null; }
/** * This method is used to get subject value along with tenant domain * @param request Assertion request message * @param tenantDomain Tenant domain of the subject * @return String full qualified subject value */ protected String getFullQualifiedSubject(SubjectQuery request, String tenantDomain) { return request.getSubject().getNameID().getValue() + "@" + tenantDomain; }
@Override public String getPrincipalIdFrom(final Authentication authentication, final Object returnValue, final Exception exception) { val response = (Response) returnValue; if (!response.getAssertions().isEmpty()) { val assertion = response.getAssertions().get(0); val subject = assertion.getSubject(); if (subject != null && subject.getNameID() != null) { return subject.getNameID().getValue(); } } return super.getPrincipalIdFrom(authentication, returnValue, exception); }
protected NameIdPrincipal getPrincipal(org.opensaml.saml.saml2.core.Subject subject, List<SimpleKey> localKeys) { NameID p = getNameID( subject.getNameID(), subject.getEncryptedID(), localKeys ); if (p != null) { return getNameIdPrincipal(p); } else { throw new UnsupportedOperationException("Currently only supporting NameID subject principals"); } }
public SAMLAuthnRequest(AuthnRequest authnRequest) { super(authnRequest); consumerServiceURL = authnRequest.getAssertionConsumerServiceURL(); forceAuthn = authnRequest.isForceAuthn().booleanValue(); if (authnRequest.getSubject() != null && authnRequest.getSubject().getNameID() != null) { subjectNameId = authnRequest.getSubject().getNameID().getValue(); } }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { if (!super.doPreExecute(profileRequestContext)) { return false; } assertion = assertionTokenStrategy.apply(profileRequestContext); if (assertion == null) { log.warn("{} No valid SAML 2 Assertion available within the request context", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS); return false; } final org.opensaml.saml.saml2.core.Subject samlSubject = assertion.getSubject(); if (samlSubject == null || samlSubject.getNameID() == null) { log.warn("{} SAML 2 Assertion does not contain either a Subject or a NameID", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } nameID = samlSubject.getNameID(); return true; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { int count = 0; for (final Assertion assertion : response.getAssertions()) { final Subject subject = getAssertionSubject(assertion); final NameID existing = subject.getNameID(); if (existing == null || overwriteExisting) { subject.setNameID(cloneNameID()); count ++; } } if (count > 0) { log.debug("{} Added NameID to {} assertion(s)", getLogPrefix(), count); } }
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; callback.setSamlVersion(Version.SAML_20); callback.setIssuer(issuer); if (conditions != null) { callback.setConditions(conditions); } SubjectBean subjectBean = new SubjectBean( subject.getNameID().getValue(), subject.getNameID().getNameQualifier(), confirmationMethod ); subjectBean.setSubjectNameIDFormat(subject.getNameID().getFormat()); subjectBean.setSubjectConfirmationData(subjectConfirmationData); callback.setSubject(subjectBean); createAndSetStatement(callback); } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final NameID nameId = generateNameID(profileRequestContext); if (nameId == null) { if (requiredFormat != null) { log.warn("{} Request specified use of an unsupportable identifier format: {}", getLogPrefix(), requiredFormat); ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.INVALID_NAMEID_POLICY); } else { log.debug("{} Unable to generate a NameID, leaving empty", getLogPrefix()); } return; } int count = 0; for (final Assertion assertion : assertions) { final Subject subject = getAssertionSubject(assertion); final NameID existing = subject.getNameID(); if (existing == null || overwriteExisting) { subject.setNameID(count > 0 ? cloneNameID(nameId) : nameId); } count ++; } if (count > 0) { log.debug("{} Added NameID to {} assertion subject(s)", getLogPrefix(), count); } }
private void storeAttributeQueryTicketInRegistry(final Assertion assertion, final HttpServletRequest request, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) { val value = assertion.getSubject().getNameID().getValue(); val ticketGrantingTicket = CookieUtils.getTicketGrantingTicketFromRequest( ticketGrantingTicketCookieGenerator, this.ticketRegistry, request); val ticket = samlAttributeQueryTicketFactory.create(value, assertion, adaptor.getEntityId(), ticketGrantingTicket); this.ticketRegistry.addTicket(ticket); } }
/** * Encrypt any {@link NameID}s found in a subject and replace them with the result. * * @param subject subject to operate on * * @throws EncryptionException if an error occurs */ private void processSubject(@Nullable final Subject subject) throws EncryptionException { if (subject != null) { if (shouldEncrypt(subject.getNameID())) { log.debug("{} Encrypt NameID in Subject", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(subject.getNameID()); subject.setEncryptedID(encrypted); subject.setNameID(null); } for (final SubjectConfirmation sc : subject.getSubjectConfirmations()) { if (shouldEncrypt(sc.getNameID())) { log.debug("{} Encrypt NameID in SubjectConfirmation", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(sc.getNameID()); sc.setEncryptedID(encrypted); sc.setNameID(null); } } } }
public void validate(Message message, SamlAssertionWrapper wrapper) { validateSAMLVersion(wrapper); Conditions cs = wrapper.getSaml2().getConditions(); validateAudience(message, cs); if (issuer != null) { String actualIssuer = getIssuer(wrapper); String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer; if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } } if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
public void validate(Message message, SamlAssertionWrapper wrapper) { validateSAMLVersion(wrapper); Conditions cs = wrapper.getSaml2().getConditions(); validateAudience(message, cs); if (issuer != null) { String actualIssuer = getIssuer(wrapper); String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer; if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } } if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }