final List<SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations(); for (final SubjectConfirmation subjectConfirmation : subjectConfirmations) { if (!"urn:oasis:names:tc:SAML:2.0:cm:bearer".equals(subjectConfirmation.getMethod())) {
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer"); subject.getSubjectConfirmations().add(subjectConfirmation);
private boolean validateAuthenticationSubject(Message m, Conditions cs, org.opensaml.saml.saml2.core.Subject subject) { // We need to find a Bearer Subject Confirmation method boolean bearerSubjectConfFound = false; if (subject.getSubjectConfirmations() != null) { for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData()); bearerSubjectConfFound = true; } } } return bearerSubjectConfFound; }
private boolean validateAuthenticationSubject(Message m, Conditions cs, org.opensaml.saml.saml2.core.Subject subject) { // We need to find a Bearer Subject Confirmation method boolean bearerSubjectConfFound = false; if (subject.getSubjectConfirmations() != null) { for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData()); bearerSubjectConfFound = true; } } } return bearerSubjectConfFound; }
/** * Validate the Subject (of an Authentication Statement). */ private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject( org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding ) throws WSSecurityException { if (subject.getSubjectConfirmations() == null) { return null; } org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null; // We need to find a Bearer Subject Confirmation method for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding); validSubjectConf = subjectConf; } } return validSubjectConf; }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException { Subject subject = (Subject) parentObject; if (childObject instanceof BaseID) { subject.setBaseID((BaseID) childObject); } else if (childObject instanceof NameID) { subject.setNameID((NameID) childObject); } else if (childObject instanceof EncryptedID) { subject.setEncryptedID((EncryptedID) childObject); } else if (childObject instanceof SubjectConfirmation) { subject.getSubjectConfirmations().add((SubjectConfirmation) childObject); } else { super.processChildElement(parentObject, childObject); } } }
List<SubjectConfirmation> confirmations = assertionSubject.getSubjectConfirmations(); if (confirmations == null || confirmations.isEmpty()) { log.debug("Assertion contains no SubjectConfirmations, skipping subject confirmation");
private void validateRequest(RequestAbstractType parsedRequest) throws ProcessingException { if (parsedRequest.getIssuer() == null) { LOG.debug("No Issuer is present in the AuthnRequest/LogoutRequest"); throw new ProcessingException(TYPE.BAD_REQUEST); } String format = parsedRequest.getIssuer().getFormat(); if (format != null && !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format)) { LOG.debug("An invalid Format attribute was received: {}", format); throw new ProcessingException(TYPE.BAD_REQUEST); } if (parsedRequest instanceof AuthnRequest) { // No SubjectConfirmation Elements are allowed AuthnRequest authnRequest = (AuthnRequest)parsedRequest; if (authnRequest.getSubject() != null && authnRequest.getSubject().getSubjectConfirmations() != null && !authnRequest.getSubject().getSubjectConfirmations().isEmpty()) { LOG.debug("An invalid SubjectConfirmation Element was received"); throw new ProcessingException(TYPE.BAD_REQUEST); } } }
protected Subject getSubject(org.opensaml.saml.saml2.core.Subject subject, List<SimpleKey> localKeys) { return new Subject() .setPrincipal(getPrincipal(subject, localKeys)) .setConfirmations(getConfirmations(subject.getSubjectConfirmations(), localKeys)) ; }
((org.opensaml.saml.saml2.core.Assertion)samlObject).getSubject(); List<org.opensaml.saml.saml2.core.SubjectConfirmation> confirmations = subject.getSubjectConfirmations(); for (org.opensaml.saml.saml2.core.SubjectConfirmation confirmation : confirmations) { methods.add(confirmation.getMethod());
final Subject subject = getAssertionSubject(assertion); if (overwriteExisting) { subject.getSubjectConfirmations().clear(); subject.getSubjectConfirmations().add(count > 0 ? cloneConfirmation(confirmation) : confirmation); count ++;
subject.getSubjectConfirmations().forEach(c -> c.setNameID(null)); subject.getSubjectConfirmations().forEach(c -> c.setEncryptedID(encryptedConfId));
for (final SubjectConfirmation sc : subject.getSubjectConfirmations()) { if (sc.getEncryptedID() != null) { log.debug("{} Decrypting EncryptedID in SubjectConfirmation", getLogPrefix());
if (samlSubject != null) { List<org.opensaml.saml.saml2.core.SubjectConfirmation> subjectConfList = samlSubject.getSubjectConfirmations(); for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConfirmation : subjectConfList) { SubjectConfirmationData subjConfData =
/** * New subject element. * * @param nameIdFormat the name id format * @param nameIdValue the name id value * @param recipient the recipient * @param notOnOrAfter the not on or after * @param inResponseTo the in response to * @return the subject */ public Subject newSubject(final String nameIdFormat, final String nameIdValue, final String recipient, final DateTime notOnOrAfter, final String inResponseTo) { final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class); confirmation.setMethod(SubjectConfirmation.METHOD_BEARER); final SubjectConfirmationData data = newSamlObject(SubjectConfirmationData.class); data.setRecipient(recipient); data.setNotOnOrAfter(notOnOrAfter); data.setInResponseTo(inResponseTo); confirmation.setSubjectConfirmationData(data); final Subject subject = newSamlObject(Subject.class); subject.setNameID(getNameID(nameIdFormat, nameIdValue)); subject.getSubjectConfirmations().add(confirmation); return subject; }
/** * Encrypt any {@link NameID}s found in a subject and replace them with the result. * * @param subject subject to operate on * * @throws EncryptionException if an error occurs */ private void processSubject(@Nullable final Subject subject) throws EncryptionException { if (subject != null) { if (shouldEncrypt(subject.getNameID())) { log.debug("{} Encrypt NameID in Subject", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(subject.getNameID()); subject.setEncryptedID(encrypted); subject.setNameID(null); } for (final SubjectConfirmation sc : subject.getSubjectConfirmations()) { if (shouldEncrypt(sc.getNameID())) { log.debug("{} Encrypt NameID in SubjectConfirmation", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(sc.getNameID()); sc.setEncryptedID(encrypted); sc.setNameID(null); } } } }
assertion.setSubject(subject); subject.getSubjectConfirmations().add(sc);
); subject.getSubjectConfirmations().add(subjectConfirmation); return subject;
for (final SubjectConfirmation confirmation : subject.getSubjectConfirmations()) { if (SubjectConfirmation.METHOD_BEARER.equals(confirmation.getMethod()) && isValidBearerSubjectConfirmationData(confirmation.getSubjectConfirmationData(), context)) {
a.setSubject(subject); subject.setNameID(nid); subject.getSubjectConfirmations().add(confirmation);