/** * Create an efficient field-wise copy of a {@link NameIdentifier}. * * @return the copy */ @Nonnull private NameIdentifier cloneNameIdentifier() { final NameIdentifier clone = nameIdentifierBuilder.buildObject(); clone.setFormat(nameIdentifier.getFormat()); clone.setNameQualifier(nameIdentifier.getNameQualifier()); clone.setValue(nameIdentifier.getValue()); return clone; }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException { NameIdentifier nameIdentifier = (NameIdentifier) samlElement; if (nameIdentifier.getNameQualifier() != null) { domElement .setAttributeNS(null, NameIdentifier.NAMEQUALIFIER_ATTRIB_NAME, nameIdentifier.getNameQualifier()); } if (nameIdentifier.getFormat() != null) { domElement.setAttributeNS(null, NameIdentifier.FORMAT_ATTRIB_NAME, nameIdentifier.getFormat()); } }
/** * Return true iff the two input {@link NameIdentifier} objects are equivalent for SAML 1.x purposes. * * @param name1 first NameIdentifier to check * @param name2 second NameIdentifier to check * @return true iff the two values should be viewed as equivalent */ public static boolean areNameIdentifiersEquivalent(@Nonnull final NameIdentifier name1, @Nonnull final NameIdentifier name2) { return areNameIdentifierFormatsEquivalent(name1.getFormat(), name2.getFormat()) && Objects.equals(name1.getValue(), name2.getValue()) && Objects.equals(name1.getNameQualifier(), name2.getNameQualifier()); }
/** {@inheritDoc} */ @Override @Nullable protected NameIdentifier doGenerate(@Nonnull final ProfileRequestContext profileRequestContext) throws SAMLException { final String identifier = getIdentifier(profileRequestContext); if (identifier == null) { log.debug("No identifier to use"); return null; } log.debug("Generating NameIdentifier {} with Format {}", identifier, getFormat()); final NameIdentifier nameIdentifier = nameBuilder.buildObject(); nameIdentifier.setValue(identifier); nameIdentifier.setFormat(getFormat()); nameIdentifier.setNameQualifier(getEffectiveIdPNameQualifier(profileRequestContext)); if (getSPNameQualifier() != null) { log.warn("SPNameQualifier not supported for SAML 1 NameIdentifiers, omitting it"); } if (getSPProvidedID() != null) { log.warn("SPProvidedID not supported for SAML 1 NameIdentifiers, omitting it"); } return nameIdentifier; }
/** {@inheritDoc} */ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException { NameIdentifier nameIdentifier = (NameIdentifier) samlObject; if (nameIdentifier.getValue() != null) { ElementSupport.appendTextContent(domElement, nameIdentifier.getValue()); } } }
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { NameIdentifier nameIdentifier = (NameIdentifier) samlObject; if (NameIdentifier.FORMAT_ATTRIB_NAME.equals(attribute.getLocalName())) { nameIdentifier.setFormat(attribute.getValue()); } else if (NameIdentifier.NAMEQUALIFIER_ATTRIB_NAME.equals(attribute.getLocalName())) { nameIdentifier.setNameQualifier(attribute.getValue()); } else { super.processAttribute(samlObject, attribute); } }
nameIdentifier.getFormat())) {
/** {@inheritDoc} */ protected void processElementContent(XMLObject samlObject, String elementContent) { NameIdentifier nameIdentifier = (NameIdentifier) samlObject; nameIdentifier.setValue(elementContent); } }
nameIdentifier.setValue(nameIdValue); nameIdentifier.setFormat(nameIdFormat); nameIdentifier.setNameQualifier(nameIdQualifier); log.debug("{} NameQualifier set to '{}'", getLogPrefix(), nameIdQualifier); } else if (null != attributeIssuerID) { log.debug("{} NameQualifier set to '{}'", getLogPrefix(), attributeIssuerID); nameIdentifier.setNameQualifier(attributeIssuerID); } else { throw new ResolutionException(getLogPrefix() + " provided attribute issuer ID was empty");
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }
/** {@inheritDoc} */ @Override @Nullable public String decode(@Nonnull final SubjectCanonicalizationContext c14nContext, @Nonnull final NameIdentifier nameIdentifier) throws NameDecoderException { return decode(nameIdentifier.getValue()); }
/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameIdentifier target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameIdentifier.UNSPECIFIED)) { log.debug("Applying policy to NameIdentifier with Format {}", format != null ? format : NameIdentifier.UNSPECIFIED); return doApply(requesterId, responderId, format, target.getNameQualifier(), null); } else { log.debug("Policy checking disabled for NameIdentifier Format {}", format != null ? format : NameIdentifier.UNSPECIFIED); return true; } }
if (value instanceof XMLObjectAttributeValue && value.getValue() instanceof NameIdentifier) { if (SAML1ObjectSupport.areNameIdentifierFormatsEquivalent(getFormat(), ((NameIdentifier) value.getValue()).getFormat())) { log.info("Returning NameIdentifier from XMLObject-valued attribute {}", sourceId); return (NameIdentifier) value.getValue();
/** * Build a new subject. * * @param identifier subject identifier * @return new subject */ @Nonnull private Subject newSubject(final String identifier) { final SubjectConfirmation confirmation = newSAMLObject( SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME); final ConfirmationMethod method = newSAMLObject( ConfirmationMethod.class, ConfirmationMethod.DEFAULT_ELEMENT_NAME); method.setConfirmationMethod(ConfirmationMethod.METHOD_ARTIFACT); confirmation.getConfirmationMethods().add(method); final NameIdentifier nameIdentifier = newSAMLObject(NameIdentifier.class, NameIdentifier.DEFAULT_ELEMENT_NAME); nameIdentifier.setValue(identifier); final Subject subject = newSAMLObject(Subject.class, Subject.DEFAULT_ELEMENT_NAME); subject.setNameIdentifier(nameIdentifier); subject.setSubjectConfirmation(confirmation); return subject; }
/** * Create an efficient field-wise copy of a {@link NameIdentifier}. * * @param nameIdentifier the object to clone * * @return the copy */ @Nonnull private NameIdentifier cloneNameIdentifier(@Nonnull final NameIdentifier nameIdentifier) { final NameIdentifier clone = nameIdentifierBuilder.buildObject(); clone.setFormat(nameIdentifier.getFormat()); clone.setNameQualifier(nameIdentifier.getNameQualifier()); clone.setValue(nameIdentifier.getValue()); return clone; }
nameId.setFormat(format); nameId.setNameQualifier(qualifier); continue; nameId.setValue((String) value); return nameId; } else {
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }
/** {@inheritDoc} */ @Override @Nonnull public String decode(@Nonnull final SubjectCanonicalizationContext c14nContext, @Nonnull final NameIdentifier nameIdentifier) throws NameDecoderException { return super.decode(nameIdentifier.getValue(), c14nContext.getRequesterId()); }
ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } else if (!formatMatches(nameIdentifiers.iterator().next().getNameIdentifier().getFormat(), c14nContext)) { c14nContext.setException(new SubjectCanonicalizationException("Format not supported")); return false; return formatMatches(nameIdentifiers.iterator().next().getNameIdentifier().getFormat(), c14nContext);
ConfirmationMethod confirmationMethod = confirmationMethodV1Builder.buildObject(); nameIdentifier.setNameQualifier(subjectBean.getSubjectNameQualifier()); nameIdentifier.setValue(subjectBean.getSubjectName()); nameIdentifier.setFormat(subjectBean.getSubjectNameIDFormat()); String confirmationMethodStr = subjectBean.getSubjectConfirmationMethod();