/** * Returns a {@link NameID} which is matched to the specified {@code filter} from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, Predicate<NameID> filter) { return response.getAssertions().stream() .map(s -> s.getSubject().getNameID()) .filter(filter) .findFirst(); }
final List<SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations(); for (final SubjectConfirmation subjectConfirmation : subjectConfirmations) { if (!"urn:oasis:names:tc:SAML:2.0:cm:bearer".equals(subjectConfirmation.getMethod())) {
/** * New subject element. * * @param nameIdFormat the name id format * @param nameIdValue the name id value * @param recipient the recipient * @param notOnOrAfter the not on or after * @param inResponseTo the in response to * @return the subject */ public Subject newSubject(final String nameIdFormat, final String nameIdValue, final String recipient, final DateTime notOnOrAfter, final String inResponseTo) { final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class); confirmation.setMethod(SubjectConfirmation.METHOD_BEARER); final SubjectConfirmationData data = newSamlObject(SubjectConfirmationData.class); data.setRecipient(recipient); data.setNotOnOrAfter(notOnOrAfter); data.setInResponseTo(inResponseTo); confirmation.setSubjectConfirmationData(data); final Subject subject = newSamlObject(Subject.class); subject.setNameID(getNameID(nameIdFormat, nameIdValue)); subject.getSubjectConfirmations().add(confirmation); return subject; }
/** * Encrypt any {@link NameID}s found in a subject and replace them with the result. * * @param subject subject to operate on * * @throws EncryptionException if an error occurs */ private void processSubject(@Nullable final Subject subject) throws EncryptionException { if (subject != null) { if (shouldEncrypt(subject.getNameID())) { log.debug("{} Encrypt NameID in Subject", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(subject.getNameID()); subject.setEncryptedID(encrypted); subject.setNameID(null); } for (final SubjectConfirmation sc : subject.getSubjectConfirmations()) { if (shouldEncrypt(sc.getNameID())) { log.debug("{} Encrypt NameID in SubjectConfirmation", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(sc.getNameID()); sc.setEncryptedID(encrypted); sc.setNameID(null); } } } }
NameID nameIdFromSubject = subject.getNameID(); final BaseID baseIdFromSubject = subject.getBaseID(); final EncryptedID encryptedIdFromSubject = subject.getEncryptedID(); for (final SubjectConfirmation confirmation : subject.getSubjectConfirmations()) { if (SubjectConfirmation.METHOD_BEARER.equals(confirmation.getMethod()) && isValidBearerSubjectConfirmationData(confirmation.getSubjectConfirmationData(), context)) {
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException { Subject subject = (Subject) parentObject; if (childObject instanceof BaseID) { subject.setBaseID((BaseID) childObject); } else if (childObject instanceof NameID) { subject.setNameID((NameID) childObject); } else if (childObject instanceof EncryptedID) { subject.setEncryptedID((EncryptedID) childObject); } else if (childObject instanceof SubjectConfirmation) { subject.getSubjectConfirmations().add((SubjectConfirmation) childObject); } else { super.processChildElement(parentObject, childObject); } } }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { int count = 0; for (final Assertion assertion : response.getAssertions()) { final Subject subject = getAssertionSubject(assertion); final NameID existing = subject.getNameID(); if (existing == null || overwriteExisting) { subject.setNameID(cloneNameID()); count ++; } } if (count > 0) { log.debug("{} Added NameID to {} assertion(s)", getLogPrefix(), count); } }
if (subject.getEncryptedID() != null) { log.debug("{} Decrypting EncryptedID in Subject", getLogPrefix()); try { final NameID decrypted = processEncryptedID(profileRequestContext, subject.getEncryptedID()); if (decrypted != null) { subject.setNameID(decrypted); subject.setEncryptedID(null); for (final SubjectConfirmation sc : subject.getSubjectConfirmations()) { if (sc.getEncryptedID() != null) { log.debug("{} Decrypting EncryptedID in SubjectConfirmation", getLogPrefix()); try { final NameID decrypted = processEncryptedID(profileRequestContext, subject.getEncryptedID()); if (decrypted != null) { sc.setNameID(decrypted);
subject.setNameID(null); subject.getSubjectConfirmations().forEach(c -> c.setNameID(null)); subject.setEncryptedID(encryptedId); subject.getSubjectConfirmations().forEach(c -> c.setEncryptedID(encryptedConfId));
protected NameIdPrincipal getPrincipal(org.opensaml.saml.saml2.core.Subject subject, List<SimpleKey> localKeys) { NameID p = getNameID( subject.getNameID(), subject.getEncryptedID(), localKeys ); if (p != null) { return getNameIdPrincipal(p); } else { throw new UnsupportedOperationException("Currently only supporting NameID subject principals"); } }
public static Subject createSubject(NameID nameId) { Subject subject = subjectBuilder.buildObject(); subject.setNameID(nameId); return subject; }
subject.setNameID(nameID); ); subject.getSubjectConfirmations().add(subjectConfirmation); return subject;
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final NameID nameId = generateNameID(profileRequestContext); if (nameId == null) { if (requiredFormat != null) { log.warn("{} Request specified use of an unsupportable identifier format: {}", getLogPrefix(), requiredFormat); ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.INVALID_NAMEID_POLICY); } else { log.debug("{} Unable to generate a NameID, leaving empty", getLogPrefix()); } return; } int count = 0; for (final Assertion assertion : assertions) { final Subject subject = getAssertionSubject(assertion); final NameID existing = subject.getNameID(); if (existing == null || overwriteExisting) { subject.setNameID(count > 0 ? cloneNameID(nameId) : nameId); } count ++; } if (count > 0) { log.debug("{} Added NameID to {} assertion subject(s)", getLogPrefix(), count); } }
/** * method used to get subject value * @param subject subject element of request message * @return String subject value */ protected String getUserName(Subject subject) { return subject.getNameID().getValue(); }
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer"); subject.getSubjectConfirmations().add(subjectConfirmation);
subject.setNameID(nameId); subject.getSubjectConfirmations().add(subjectConfirmation); samlAssertion.setSubject(subject);
/** * Returns a {@link NameID} which is matched to the specified {@code filter} from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, Predicate<NameID> filter) { return response.getAssertions().stream() .map(s -> s.getSubject().getNameID()) .filter(filter) .findFirst(); }
private boolean validateAuthenticationSubject(Message m, Conditions cs, org.opensaml.saml.saml2.core.Subject subject) { // We need to find a Bearer Subject Confirmation method boolean bearerSubjectConfFound = false; if (subject.getSubjectConfirmations() != null) { for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData()); bearerSubjectConfFound = true; } } } return bearerSubjectConfFound; }
nameId.setFormat(NameIdentifier.EMAIL); subject.setNameID(nameId); subject.getSubjectConfirmations().add(subjectConfirmation); samlAssertion.setSubject(subject);
@Nullable private String findLoginNameFromSubjects(Response response) { if (Strings.isNullOrEmpty(subjectLoginNameIdFormat)) { return null; } return response.getAssertions() .stream() .map(s -> s.getSubject().getNameID()) .filter(nameId -> nameId.getFormat().equals(subjectLoginNameIdFormat)) .map(NameIDType::getValue) .findFirst() .orElse(null); }