private void validateSAMLVersion(SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
private void validateSAMLVersion(SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
private boolean findClaimInAssertion(SamlAssertionWrapper assertion, URI claimURI) { if (assertion.getSaml1() != null) { return findClaimInAssertion(assertion.getSaml1(), claimURI); } else if (assertion.getSaml2() != null) { return findClaimInAssertion(assertion.getSaml2(), claimURI); } return false; }
private boolean findClaimInAssertion(SamlAssertionWrapper assertion, URI claimURI) { if (assertion.getSaml1() != null) { return findClaimInAssertion(assertion.getSaml1(), claimURI); } else if (assertion.getSaml2() != null) { return findClaimInAssertion(assertion.getSaml2(), claimURI); } return false; }
private String getIssuer(SamlAssertionWrapper assertionW) { Issuer samlIssuer = assertionW.getSaml2().getIssuer(); return samlIssuer == null ? null : samlIssuer.getValue(); }
protected String findClaimInAssertion(SamlAssertionWrapper samlAssertionWrapper, URI claimURI) { if (samlAssertionWrapper.getSaml1() != null) { return findClaimInAssertion(samlAssertionWrapper.getSaml1(), claimURI); } else if (samlAssertionWrapper.getSaml2() != null) { return findClaimInAssertion(samlAssertionWrapper.getSaml2(), claimURI); } return "Unsupported SAML version"; }
private String getIssuer(SamlAssertionWrapper assertionW) { Issuer samlIssuer = assertionW.getSaml2().getIssuer(); return samlIssuer == null ? null : samlIssuer.getValue(); }
private static boolean isOneTimeUse(SecurityToken issuedToken) { Element token = issuedToken.getToken(); if (token != null && "Assertion".equals(token.getLocalName()) && WSS4JConstants.SAML2_NS.equals(token.getNamespaceURI())) { try { SamlAssertionWrapper assertion = new SamlAssertionWrapper(token); if (assertion.getSaml2().getConditions() != null && assertion.getSaml2().getConditions().getOneTimeUse() != null) { return true; } } catch (WSSecurityException ex) { throw new Fault(ex); } } return false; }
private static boolean isOneTimeUse(SecurityToken issuedToken) { Element token = issuedToken.getToken(); if (token != null && "Assertion".equals(token.getLocalName()) && WSS4JConstants.SAML2_NS.equals(token.getNamespaceURI())) { try { SamlAssertionWrapper assertion = new SamlAssertionWrapper(token); if (assertion.getSaml2().getConditions() != null && assertion.getSaml2().getConditions().getOneTimeUse() != null) { return true; } } catch (WSSecurityException ex) { throw new Fault(ex); } } return false; }
public Instant getNotOnOrAfter() { DateTime validTill = null; if (getSamlVersion().equals(SAMLVersion.VERSION_20)) { validTill = getSaml2().getConditions().getNotOnOrAfter(); } else { validTill = getSaml1().getConditions().getNotOnOrAfter(); } // Now convert to a Java Instant Object if (validTill != null) { return validTill.toDate().toInstant(); } return null; }
public Instant getNotBefore() { DateTime validFrom = null; if (getSamlVersion().equals(SAMLVersion.VERSION_20)) { validFrom = getSaml2().getConditions().getNotBefore(); } else { validFrom = getSaml1().getConditions().getNotBefore(); } // Now convert to a Java Instant Object if (validFrom != null) { return validFrom.toDate().toInstant(); } return null; }
public void validate(Message message, SamlAssertionWrapper wrapper) { validateSAMLVersion(wrapper); Conditions cs = wrapper.getSaml2().getConditions(); validateAudience(message, cs); if (issuer != null) { String actualIssuer = getIssuer(wrapper); String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer; if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } } if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
public void validate(Message message, SamlAssertionWrapper wrapper) { validateSAMLVersion(wrapper); Conditions cs = wrapper.getSaml2().getConditions(); validateAudience(message, cs); if (issuer != null) { String actualIssuer = getIssuer(wrapper); String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer; if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } } if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) { List<String> addresses = new ArrayList<>(); if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } } return addresses; }
private DateTime getExpiryDate(SamlAssertionWrapper assertion) { if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) { return assertion.getSaml2().getConditions().getNotOnOrAfter(); } return assertion.getSaml1().getConditions().getNotOnOrAfter(); }
private DateTime getExpiryDate(SamlAssertionWrapper assertion) { if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) { return assertion.getSaml2().getConditions().getNotOnOrAfter(); } return assertion.getSaml1().getConditions().getNotOnOrAfter(); }
private void createNewConditions(SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters) { ConditionsBean conditions = conditionsProvider.getConditions(convertToProviderParameters(tokenParameters)); if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); saml1Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml1.core.Conditions saml1Conditions = SAML1ComponentBuilder.createSamlv1Conditions(conditions); saml1Assertion.setConditions(saml1Conditions); } else { org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); saml2Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml2.core.Conditions saml2Conditions = SAML2ComponentBuilder.createConditions(conditions); saml2Assertion.setConditions(saml2Conditions); } }
private String createNewId(SamlAssertionWrapper assertion) { if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); String oldId = saml1Assertion.getID(); saml1Assertion.setID(IDGenerator.generateID("_")); return oldId; } org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); String oldId = saml2Assertion.getID(); saml2Assertion.setID(IDGenerator.generateID("_")); return oldId; }
private String createNewId(SamlAssertionWrapper assertion) { if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); String oldId = saml1Assertion.getID(); saml1Assertion.setID(IDGenerator.generateID("_")); return oldId; } org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); String oldId = saml2Assertion.getID(); saml2Assertion.setID(IDGenerator.generateID("_")); return oldId; }
@Override public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion(); if (!"sts".equals(assertion.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } Assertion saml2Assertion = assertion.getSaml2(); if (saml2Assertion == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } return validatedCredential; }