nameIdPolicy.setFormat(policy.format().urn()); nameIdPolicy.setAllowCreate(policy.isCreatable()); authnRequest.setNameIDPolicy(nameIdPolicy);
@SuppressWarnings("unchecked") public static NameIDPolicy createNameIDPolicy( boolean allowCreate, String format, String spNameQualifier ) { if (nameIDBuilder == null) { nameIDBuilder = (SAMLObjectBuilder<NameIDPolicy>) builderFactory.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME); } NameIDPolicy nameId = nameIDBuilder.buildObject(); nameId.setAllowCreate(allowCreate); nameId.setFormat(format); nameId.setSPNameQualifier(spNameQualifier); return nameId; }
/** * Build a synthetic AuthnRequest instance from the IdP-initiated SSO request structure. * * @return the synthetic AuthnRequest message instance * * @throws MessageDecodingException if the inbound request does not contain an entityID value */ @Nonnull protected AuthnRequest buildAuthnRequest() throws MessageDecodingException { final AuthnRequest authnRequest = requestBuilder.buildObject(); final Issuer requestIssuer = issuerBuilder.buildObject(); requestIssuer.setValue(ssoRequest.getEntityId()); authnRequest.setIssuer(requestIssuer); final NameIDPolicy nip = nipBuilder.buildObject(); nip.setAllowCreate(true); authnRequest.setNameIDPolicy(nip); authnRequest.setAssertionConsumerServiceURL(ssoRequest.getAssertionConsumerServiceURL()); authnRequest.setIssueInstant(new DateTime(ssoRequest.getTime(), ISOChronology.getInstanceUTC())); authnRequest.setVersion(SAMLVersion.VERSION_20); authnRequest.setID(getMessageID()); return authnRequest; }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { NameIDPolicy policy = (NameIDPolicy) samlObject; if (policy.getFormat() != null) { domElement.setAttributeNS(null, NameIDPolicy.FORMAT_ATTRIB_NAME, policy.getFormat()); } if (policy.getSPNameQualifier() != null) { domElement.setAttributeNS(null, NameIDPolicy.SP_NAME_QUALIFIER_ATTRIB_NAME, policy.getSPNameQualifier()); } if (policy.getAllowCreateXSBoolean() != null) { domElement.setAttributeNS(null, NameIDPolicy.ALLOW_CREATE_ATTRIB_NAME, policy.getAllowCreateXSBoolean() .toString()); } } }
protected NameIdPolicy fromNameIDPolicy(NameIDPolicy nameIDPolicy) { NameIdPolicy result = null; if (nameIDPolicy != null) { result = new NameIdPolicy() .setAllowCreate(nameIDPolicy.getAllowCreate()) .setFormat(NameId.fromUrn(nameIDPolicy.getFormat())) .setSpNameQualifier(nameIDPolicy.getSPNameQualifier()); } return result; }
/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameIDPolicy target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameID.UNSPECIFIED)) { log.debug("Applying policy to NameIDPolicy with Format {}", format != null ? format : NameID.UNSPECIFIED); return doApply(requesterId, responderId, format, null, target.getSPNameQualifier()); } else { log.debug("Policy checking disabled for NameIDPolicy with Format {}", format != null ? format : NameID.UNSPECIFIED); return true; } }
/** * Gets required name id format if any. * * @param authnRequest the authn request * @return the required name id format if any */ protected static String getRequiredNameIdFormatIfAny(final RequestAbstractType authnRequest) { val nameIDPolicy = getNameIDPolicy(authnRequest); val requiredNameFormat = nameIDPolicy != null ? nameIDPolicy.getFormat() : null; LOGGER.debug("AuthN request indicates [{}] is the required NameID format", requiredNameFormat); return requiredNameFormat; }
/** {@inheritDoc} */ @Override @Nullable protected String getEffectiveSPNameQualifier(@Nonnull final ProfileRequestContext profileRequestContext) { // Override the default behavior if the SP specifies a qualifier in its request. final AuthnRequest request = requestLookupStrategy.apply(profileRequestContext); if (request != null && request.getNameIDPolicy() != null) { final String qual = request.getNameIDPolicy().getSPNameQualifier(); if (!Strings.isNullOrEmpty(qual)) { return qual; } } return super.getEffectiveSPNameQualifier(profileRequestContext); }
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { NameIDPolicy policy = (NameIDPolicy) samlObject; if (attribute.getLocalName().equals(NameIDPolicy.FORMAT_ATTRIB_NAME)) { policy.setFormat(attribute.getValue()); } if (attribute.getLocalName().equals(NameIDPolicy.SP_NAME_QUALIFIER_ATTRIB_NAME)) { policy.setSPNameQualifier(attribute.getValue()); } if (attribute.getLocalName().equals(NameIDPolicy.ALLOW_CREATE_ATTRIB_NAME)) { policy.setAllowCreate(XSBooleanValue.valueOf(attribute.getValue())); } else { super.processAttribute(samlObject, attribute); } } }
val pBuilder = (SAMLObjectBuilder) configBean.getBuilderFactory().getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME); val nameIDPolicy = (NameIDPolicy) pBuilder.buildObject(); nameIDPolicy.setAllowCreate(Boolean.TRUE); authnRequest.setNameIDPolicy(nameIDPolicy);
/** * Extract a format required by the inbound request, if present. * * @param profileRequestContext current profile request context * * @return a format dictated by the request, or null */ @Nullable private String getRequiredFormat(@Nonnull final ProfileRequestContext profileRequestContext) { if (request != null) { final NameIDPolicy policy = request.getNameIDPolicy(); if (policy != null) { final String format = policy.getFormat(); if (!Strings.isNullOrEmpty(format) && !NameID.UNSPECIFIED.equals(format) && !NameID.ENCRYPTED.equals(format)) { return format; } } } return null; }
/** * Prepare name id encoder saml 2 string name id encoder. * * @param authnRequest the authn request * @param nameFormat the name format * @param attribute the attribute * @param service the service * @param adaptor the adaptor * @return the saml 2 string name id encoder */ protected static SAML2StringNameIDEncoder prepareNameIdEncoder(final RequestAbstractType authnRequest, final String nameFormat, final IdPAttribute attribute, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) { val encoder = new SAML2StringNameIDEncoder(); encoder.setNameFormat(nameFormat); if (getNameIDPolicy(authnRequest) != null) { val qualifier = getNameIDPolicy(authnRequest).getSPNameQualifier(); LOGGER.debug("NameID qualifier is set to [{}]", qualifier); encoder.setNameQualifier(qualifier); } return encoder; }
protected NameIDPolicy getNameIDPolicy( NameIdPolicy nameIdPolicy ) { NameIDPolicy result = null; if (nameIdPolicy != null) { result = buildSAMLObject(NameIDPolicy.class); result.setAllowCreate(nameIdPolicy.getAllowCreate()); result.setFormat(nameIdPolicy.getFormat().toString()); result.setSPNameQualifier(nameIdPolicy.getSpNameQualifier()); } return result; }
nameIdPolicy.setFormat(policy.format().urn()); nameIdPolicy.setAllowCreate(policy.isCreatable()); authnRequest.setNameIDPolicy(nameIdPolicy);
final AuthnRequest request = (AuthnRequest) msg; if (request.getNameIDPolicy() != null) { final String requestedFormat = request.getNameIDPolicy().getFormat(); if (requestedFormat != null && NameID.ENCRYPTED.equals(requestedFormat)) { log.debug("{} Request asked for encrypted identifier, disregarding installed predicate");
nameIDPolicy.setFormat(NameIDType.TRANSIENT); } else if (idp.supportsNameIDFormat(NameIDType.PERSISTENT)) { nameIDPolicy.setFormat(NameIDType.PERSISTENT); } else { throw new IllegalArgumentException("Could not find supported NameIDFormat for IdP " + idpEntityID); nameIDPolicy.setAllowCreate(true); nameIDPolicy.setSPNameQualifier(spEntityID);
nameIdPolicy.setAllowCreate(true); nameIdPolicy.setFormat(nameIdPolicyFormat); request.setNameIDPolicy(nameIdPolicy);
nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"); nameIdPolicy.setSPNameQualifier("Issuer"); nameIdPolicy.setAllowCreate(true);