/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException { NameIdentifier nameIdentifier = (NameIdentifier) samlElement; if (nameIdentifier.getNameQualifier() != null) { domElement .setAttributeNS(null, NameIdentifier.NAMEQUALIFIER_ATTRIB_NAME, nameIdentifier.getNameQualifier()); } if (nameIdentifier.getFormat() != null) { domElement.setAttributeNS(null, NameIdentifier.FORMAT_ATTRIB_NAME, nameIdentifier.getFormat()); } }
/** * Return true iff the two input {@link NameIdentifier} objects are equivalent for SAML 1.x purposes. * * @param name1 first NameIdentifier to check * @param name2 second NameIdentifier to check * @return true iff the two values should be viewed as equivalent */ public static boolean areNameIdentifiersEquivalent(@Nonnull final NameIdentifier name1, @Nonnull final NameIdentifier name2) { return areNameIdentifierFormatsEquivalent(name1.getFormat(), name2.getFormat()) && Objects.equals(name1.getValue(), name2.getValue()) && Objects.equals(name1.getNameQualifier(), name2.getNameQualifier()); }
/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameIdentifier target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameIdentifier.UNSPECIFIED)) { log.debug("Applying policy to NameIdentifier with Format {}", format != null ? format : NameIdentifier.UNSPECIFIED); return doApply(requesterId, responderId, format, target.getNameQualifier(), null); } else { log.debug("Policy checking disabled for NameIdentifier Format {}", format != null ? format : NameIdentifier.UNSPECIFIED); return true; } }
/** * Create an efficient field-wise copy of a {@link NameIdentifier}. * * @param nameIdentifier the object to clone * * @return the copy */ @Nonnull private NameIdentifier cloneNameIdentifier(@Nonnull final NameIdentifier nameIdentifier) { final NameIdentifier clone = nameIdentifierBuilder.buildObject(); clone.setFormat(nameIdentifier.getFormat()); clone.setNameQualifier(nameIdentifier.getNameQualifier()); clone.setValue(nameIdentifier.getValue()); return clone; }
/** * Create an efficient field-wise copy of a {@link NameIdentifier}. * * @return the copy */ @Nonnull private NameIdentifier cloneNameIdentifier() { final NameIdentifier clone = nameIdentifierBuilder.buildObject(); clone.setFormat(nameIdentifier.getFormat()); clone.setNameQualifier(nameIdentifier.getNameQualifier()); clone.setValue(nameIdentifier.getValue()); return clone; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }