protected boolean checkBearer(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts) { List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); for (String confirmationMethod : confirmationMethods) { boolean isBearer = isMethodBearer(confirmationMethod); if (isBearer && !assertionWrapper.isSigned() && (tlsCerts == null || tlsCerts.length == 0)) { return false; } // do some more validation - time based, etc } return true; }
protected boolean checkBearer(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts) { List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); for (String confirmationMethod : confirmationMethods) { boolean isBearer = isMethodBearer(confirmationMethod); if (isBearer && !assertionWrapper.isSigned() && (tlsCerts == null || tlsCerts.length == 0)) { return false; } // do some more validation - time based, etc } return true; }
/** * Is Delegation allowed for a particular token */ protected boolean isDelegationAllowed( ReceivedToken receivedToken, String appliesToAddress ) { Element validateTargetElement = (Element)receivedToken.getToken(); try { SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement); for (String confirmationMethod : assertion.getConfirmationMethods()) { if (!(SAML1Constants.CONF_BEARER.equals(confirmationMethod) || SAML2Constants.CONF_BEARER.equals(confirmationMethod))) { LOG.fine("An unsupported Confirmation Method was used: " + confirmationMethod); return false; } } if (checkAudienceRestriction && appliesToAddress != null) { List<String> addresses = getAudienceRestrictions(assertion); if (!(addresses.isEmpty() || addresses.contains(appliesToAddress))) { LOG.fine("The AppliesTo address " + appliesToAddress + " is not contained" + " in the Audience Restriction addresses in the assertion"); return false; } } } catch (WSSecurityException ex) { LOG.log(Level.WARNING, "Error in ascertaining whether delegation is allowed", ex); return false; } return true; }
/** * Is Delegation allowed for a particular token */ protected boolean isDelegationAllowed( ReceivedToken receivedToken, String appliesToAddress ) { Element validateTargetElement = (Element)receivedToken.getToken(); try { SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement); for (String confirmationMethod : assertion.getConfirmationMethods()) { if (!(SAML1Constants.CONF_BEARER.equals(confirmationMethod) || SAML2Constants.CONF_BEARER.equals(confirmationMethod))) { LOG.fine("An unsupported Confirmation Method was used: " + confirmationMethod); return false; } } if (checkAudienceRestriction && appliesToAddress != null) { List<String> addresses = getAudienceRestrictions(assertion); if (!(addresses.isEmpty() || addresses.contains(appliesToAddress))) { LOG.fine("The AppliesTo address " + appliesToAddress + " is not contained" + " in the Audience Restriction addresses in the assertion"); return false; } } } catch (WSSecurityException ex) { LOG.log(Level.WARNING, "Error in ascertaining whether delegation is allowed", ex); return false; } return true; }
/** * Is Delegation allowed for a particular token */ @Override protected boolean isDelegationAllowed( ReceivedToken receivedToken, String appliesToAddress ) { Element validateTargetElement = (Element)receivedToken.getToken(); try { SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement); for (String confirmationMethod : assertion.getConfirmationMethods()) { if (!(SAML1Constants.CONF_BEARER.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML2Constants.CONF_BEARER.equals(confirmationMethod) || SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod))) { return false; } } if (isCheckAudienceRestriction() && appliesToAddress != null) { List<String> addresses = getAudienceRestrictions(assertion); if (!(addresses.isEmpty() || addresses.contains(appliesToAddress))) { return false; } } } catch (WSSecurityException ex) { LOG.log(Level.WARNING, "Error in ascertaining whether delegation is allowed", ex); return false; } return true; }
List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); boolean isSenderVouches = false; for (String confirmationMethod : confirmationMethods) {
protected boolean checkHolderOfKey(Message message, SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts) { List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); for (String confirmationMethod : confirmationMethods) { if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) { SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (!compareCredentials(subjectKeyInfo, message, tlsCerts)) { return false; } } } return true; }
/** * Is Delegation allowed for a particular token */ @Override protected boolean isDelegationAllowed( ReceivedToken receivedToken, String appliesToAddress ) { Element validateTargetElement = (Element)receivedToken.getToken(); try { SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement); for (String confirmationMethod : assertion.getConfirmationMethods()) { if (!(SAML1Constants.CONF_BEARER.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML2Constants.CONF_BEARER.equals(confirmationMethod) || SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod))) { return false; } } if (isCheckAudienceRestriction() && appliesToAddress != null) { List<String> addresses = getAudienceRestrictions(assertion); if (!(addresses.isEmpty() || addresses.contains(appliesToAddress))) { return false; } } } catch (WSSecurityException ex) { LOG.log(Level.WARNING, "Error in ascertaining whether delegation is allowed", ex); return false; } return true; }
/** * A method to create a Principal from a SAML Assertion * @param samlAssertion An SamlAssertionWrapper object * @return A principal */ private Principal createPrincipalFromSAML( SamlAssertionWrapper samlAssertion, STRParserResult parserResult ) { SAMLTokenPrincipalImpl samlPrincipal = new SAMLTokenPrincipalImpl(samlAssertion); String confirmMethod = null; List<String> methods = samlAssertion.getConfirmationMethods(); if (methods != null && !methods.isEmpty()) { confirmMethod = methods.get(0); } if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod) && samlAssertion.isSigned()) { parserResult.setTrustedCredential(true); } return samlPrincipal; }
protected boolean checkHolderOfKey(Message message, SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts) { List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); for (String confirmationMethod : confirmationMethods) { if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) { SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (!compareCredentials(subjectKeyInfo, message, tlsCerts)) { return false; } } } return true; }
Certificate[] tlsCerts ) { List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); boolean isHolderOfKey = false; for (String confirmationMethod : confirmationMethods) {
) throws WSSecurityException { List<String> methods = samlAssertion.getConfirmationMethods(); if (methods == null || methods.isEmpty()) { if (requiredSubjectConfirmationMethod != null) {
) throws WSSecurityException { List<String> methods = samlAssertion.getConfirmationMethods(); if (methods == null || methods.isEmpty()) { if (requiredSubjectConfirmationMethod != null) {
) throws WSSecurityException { List<String> methods = samlAssertion.getConfirmationMethods(); if (methods == null || methods.isEmpty()) { if (super.getRequiredSubjectConfirmationMethod() != null) {
return true; List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); for (String confirmationMethod : confirmationMethods) { if (OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
return true; List<String> confirmationMethods = assertionWrapper.getConfirmationMethods(); for (String confirmationMethod : confirmationMethods) { if (OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
String confirmationMethod = assertion.getConfirmationMethods().get(0); if (!OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
List<String> methods = samlAssertionWrapper.getConfirmationMethods(); if (methods != null && !methods.isEmpty()) { confirmMethod = methods.get(0);
List<String> methods = samlAssertionWrapper.getConfirmationMethods(); if (methods != null && !methods.isEmpty()) { String confirmMethod = methods.get(0);
List<String> methods = samlAssertionWrapper.getConfirmationMethods(); boolean holderOfKey = false; if (methods != null) {