private void buildAssertionAuthnStatement(Assertion assertion) { @SuppressWarnings("unchecked") SAMLObjectBuilder<AuthnStatement> authnStatementBuilder = (SAMLObjectBuilder<AuthnStatement>) builderFactory .getBuilder(AuthnStatement.DEFAULT_ELEMENT_NAME); AuthnStatement authnStatement = authnStatementBuilder.buildObject(); authnStatement.setAuthnInstant(new DateTime()); authnStatement.setSessionIndex(generateID()); @SuppressWarnings("unchecked") SAMLObjectBuilder<AuthnContext> authnContextBuilder = (SAMLObjectBuilder<AuthnContext>) builderFactory .getBuilder(AuthnContext.DEFAULT_ELEMENT_NAME); AuthnContext authnContext = authnContextBuilder.buildObject(); @SuppressWarnings("unchecked") SAMLObjectBuilder<AuthnContextClassRef> authnContextClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>) builderFactory .getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(); authnContextClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX); authnContext.setAuthnContextClassRef(authnContextClassRef); authnStatement.setAuthnContext(authnContext); assertion.getAuthnStatements().add(authnStatement); }
public MultiValueMap<String, String> retrieveUserAttributes(SamlIdentityProviderDefinition definition, SAMLCredential credential) { logger.debug(String.format("Retrieving SAML user attributes [zone:%s, origin:%s]", definition.getZoneId(), definition.getIdpEntityAlias())); MultiValueMap<String, String> userAttributes = new LinkedMultiValueMap<>(); if (definition != null && definition.getAttributeMappings() != null) { for (Entry<String, Object> attributeMapping : definition.getAttributeMappings().entrySet()) { if (attributeMapping.getValue() instanceof String) { if (credential.getAttribute((String)attributeMapping.getValue()) != null) { String key = attributeMapping.getKey(); for (XMLObject xmlObject : credential.getAttribute((String) attributeMapping.getValue()).getAttributeValues()) { String value = getStringValue(key, definition, xmlObject); if (value!=null) { userAttributes.add(key, value); } } } } } } if (credential.getAuthenticationAssertion() != null && credential.getAuthenticationAssertion().getAuthnStatements() != null) { for (AuthnStatement statement : credential.getAuthenticationAssertion().getAuthnStatements()) { if (statement.getAuthnContext() != null && statement.getAuthnContext().getAuthnContextClassRef() != null) { userAttributes.add(AUTHENTICATION_CONTEXT_CLASS_REFERENCE, statement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef()); } } } return userAttributes; }
/** {@inheritDoc} */ protected void processElementContent(XMLObject samlObject, String elementContent) { AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) samlObject; authnContextClassRef.setAuthnContextClassRef(elementContent); } }
when(contextClassRef.getAuthnContextClassRef()).thenReturn(AuthnContext.PASSWORD_AUTHN_CTX);
SAMLConstants.SAML20_NS, "AuthnContextClassRef", "saml"); authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
/** {@inheritDoc} */ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException { AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) samlObject; XMLHelper.appendTextContent(domElement, authnContextClassRef.getAuthnContextClassRef()); } }
@Override public AuthnContextClassRef build() { AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject(); authnContextClassRef.setAuthnContextClassRef(authnContextClassReference); return authnContextClassRef; }
/** * Checks that the AuthnContextClassRef is present. * * @param authnCCR * @throws ValidationException */ protected void validateClassRef(AuthnContextClassRef authnCCR) throws ValidationException { if (DatatypeHelper.isEmpty(authnCCR.getAuthnContextClassRef())) { throw new ValidationException("AuthnContextClassRef required"); } } }
authCtxClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX); } else if (inMsgCtx.getProperty(RahasConstants.X509_CERT) != null) { //if X.509 cert based authn authCtxClassRef.setAuthnContextClassRef(AuthnContext.X509_AUTHN_CTX);
classRef = receivedContext.getAuthnContextClassRef().getAuthnContextClassRef(); if (classRefRequested.getAuthnContextClassRef().equals(classRef)) { log.debug("AuthContext matched with value {}", classRef); return;
/** * Fills the request with required AuthNContext according to selected options. * * @param request request to fill * @param options options driving generation of the element */ protected void buildAuthnContext(AuthnRequest request, WebSSOProfileOptions options) { Collection<String> contexts = options.getAuthnContexts(); if (contexts != null && contexts.size() > 0) { SAMLObjectBuilder<RequestedAuthnContext> builder = (SAMLObjectBuilder<RequestedAuthnContext>) builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME); RequestedAuthnContext authnContext = builder.buildObject(); authnContext.setComparison(options.getAuthnContextComparison()); for (String context : contexts) { SAMLObjectBuilder<AuthnContextClassRef> contextRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>) builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); AuthnContextClassRef authnContextClassRef = contextRefBuilder.buildObject(); authnContextClassRef.setAuthnContextClassRef(context); authnContext.getAuthnContextClassRefs().add(authnContextClassRef); } request.setRequestedAuthnContext(authnContext); } }
public AuthenticationStatement(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Assertion assertion = credential.getAuthenticationAssertion(); List<AuthnStatement> authnStatements = assertion.getAuthnStatements(); AuthnStatement authnStatement = authnStatements.get(0); SubjectLocality subjectLocalityValue = authnStatement.getSubjectLocality(); authenticationInstance = authnStatement.getAuthnInstant(); sessionValidity = authnStatement.getSessionNotOnOrAfter(); authenticationContextClass = authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(); sessionIndex = authnStatement.getSessionIndex(); subjectLocality = subjectLocalityValue == null ? null : subjectLocalityValue.getAddress(); }
private static AuthnStatement buildAuthnStatement(DateTime authnInstant, String entityID) { AuthnContextClassRef authnContextClassRef = buildSAMLObject(AuthnContextClassRef.class, AuthnContextClassRef.DEFAULT_ELEMENT_NAME); authnContextClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX); AuthenticatingAuthority authenticatingAuthority = buildSAMLObject(AuthenticatingAuthority.class, AuthenticatingAuthority.DEFAULT_ELEMENT_NAME); authenticatingAuthority.setURI(entityID); AuthnContext authnContext = buildSAMLObject(AuthnContext.class, AuthnContext.DEFAULT_ELEMENT_NAME); authnContext.setAuthnContextClassRef(authnContextClassRef); authnContext.getAuthenticatingAuthorities().add(authenticatingAuthority); AuthnStatement authnStatement = buildSAMLObject(AuthnStatement.class, AuthnStatement.DEFAULT_ELEMENT_NAME); authnStatement.setAuthnContext(authnContext); authnStatement.setAuthnInstant(authnInstant); return authnStatement; }
(authnStatement.getAuthnContext().getAuthnContextClassRef() != null)) { samlAuthnStatement.setAuthContextClassRef(authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef()); log.debug("Assertion.samlAuthnStatement.authContextClassRef = " + samlAuthnStatement.getAuthContextClassRef());
authnContextClassRef.setAuthnContextClassRef( transformAuthenticationMethod(statementBean.getAuthenticationMethod()) );
authnContextClassRef.setAuthnContextClassRef(authnContext); } else { authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
authnContextClassRef.setAuthnContextClassRef( transformAuthenticationMethod(statementBean.getAuthenticationMethod()) );
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder. buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "AuthnContextClassRef", "saml"); authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:Password"); // TODO not sure exactly about this