private final static String USERNAME_ATTRIBUTE_NAME = "urn:oid:0.9.2342.19200300.100.1.3" private String getUsername(Assertion assertion) { for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) { for (Attribute attribute : attributeStatement.getAttributes()) { if (USERNAME_ATTRIBUTE_NAME.equals(attribute.getName())) { List<XMLObject> attributeValues = attribute.getAttributeValues(); if (!attributeValues.isEmpty()) { return getAttributeValue(attributeValues.get(0)); } } } } throw new IllegalArgumentException("no username attribute found"); }
@Nullable private String findLoginNameFromAttributes(Response response) { if (Strings.isNullOrEmpty(attributeLoginName)) { return null; } return response.getAssertions() .stream() .flatMap(s -> s.getAttributeStatements().stream()) .flatMap(s -> s.getAttributes().stream()) .filter(attr -> attr.getName().equals(attributeLoginName)) .findFirst() .map(attr -> { final XMLObject v = attr.getAttributeValues().get(0); if (v instanceof XSString) { return ((XSString) v).getValue(); } else { return null; } }) .orElse(null); }
/** * Returns the SAML 2.0 Assertion Attribute Statement content. * * @param assertion the SAML Assertion whose content is to be returned * @return the SAML 2.0 Assertion Attribute Statement content of the SAML 2.0 Assertion specified */ public static Map<String, String> getAssertionStatements(Assertion assertion) { Map<String, String> results = new HashMap<>(); if ((assertion != null) && (assertion.getAttributeStatements() != null)) { Stream<AttributeStatement> attributeStatements = assertion.getAttributeStatements().stream(); attributeStatements. forEach(attributeStatement -> attributeStatement.getAttributes() .stream() .forEach(attribute -> { Optional<XMLObject> value = attribute.getAttributeValues() .stream() .findFirst(); if (value.isPresent()) { Optional.ofNullable(value.get().getDOM()) .ifPresent(dom -> { String attributeValue = dom.getTextContent(); results.put(attribute.getName(), attributeValue); }); } })); } return results; }
protected String findClaimInAssertion(org.opensaml.saml.saml2.core.Assertion assertion, URI claimURI) { List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { return "Attribute " + claimURI + " not found in the SAMLAssertion"; } for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) { List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes(); for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { if (attribute.getName().equals(claimURI.toString()) && attribute.getAttributeValues() != null && !attribute.getAttributeValues().isEmpty()) { return null; } } } return "Attribute " + claimURI + " not found in the SAMLAssertion"; }
private Map<String, String> setSAMLDetails(org.opensaml.saml2.core.Response response2){ Map<String, String> samlDetailsMap = new HashMap<String, String>(); try { List<Assertion> assertions = response2.getAssertions(); LOGGER.error("No of assertions : "+assertions.size()); for(Assertion assertion:assertions){ List<AttributeStatement> attributeStatements = assertion.getAttributeStatements(); for(AttributeStatement attributeStatement: attributeStatements){ List<Attribute> attributes = attributeStatement.getAttributes(); for(Attribute attribute: attributes){ String name = attribute.getName(); List<XMLObject> attributes1 = attribute.getAttributeValues(); for(XMLObject xmlObject : attributes1){ if(xmlObject instanceof XSString){ samlDetailsMap.put(name, ((XSString) xmlObject).getValue()); LOGGER.error("Name is : "+name+" value is : "+((XSString) xmlObject).getValue()); }else if(xmlObject instanceof XSAnyImpl){ String value = ((XSAnyImpl) xmlObject).getTextContent(); samlDetailsMap.put(name, value); } } } } } } catch (Exception e) { LOGGER.error("Exception occurred while setting the saml details"); } LOGGER.error("Exiting from setSAMLDetails method"); return samlDetailsMap; }
private boolean findClaimInAssertion(org.opensaml.saml.saml2.core.Assertion assertion, URI claimURI) { List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { return false; } for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) { List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes(); for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { if (attribute.getName().equals(claimURI.toString()) && attribute.getAttributeValues() != null && !attribute.getAttributeValues().isEmpty()) { return true; } } } return false; }
private boolean findClaimInAssertion(org.opensaml.saml.saml2.core.Assertion assertion, URI claimURI) { List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { return false; } for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) { List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes(); for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { if (attribute.getName().equals(claimURI.toString()) && attribute.getAttributeValues() != null && !attribute.getAttributeValues().isEmpty()) { return true; } } } return false; }
/** * Add Liberty SSOS service Endpoint Reference (EPR) attribute to Assertion's AttributeStatement. * * @param requestContext the current request context * @param assertion the delegated assertion being issued */ private void addLibertySSOSEPRAttribute(@Nonnull final ProfileRequestContext requestContext, @Nonnull final Assertion assertion) { final Attribute attribute = (Attribute) XMLObjectSupport.buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME); attribute.setName(LibertyConstants.SERVICE_TYPE_SSOS); attribute.setNameFormat(Attribute.URI_REFERENCE); attribute.getAttributeValues().add(buildLibertSSOSEPRAttributeValue(requestContext, assertion)); final List<AttributeStatement> attributeStatements = assertion.getAttributeStatements(); AttributeStatement attributeStatement = null; if (attributeStatements.isEmpty()) { attributeStatement = (AttributeStatement) XMLObjectSupport.buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME); assertion.getAttributeStatements().add(attributeStatement); } else { attributeStatement = attributeStatements.get(0); } attributeStatement.getAttributes().add(attribute); }
for (final AttributeStatement s : assertion.getAttributeStatements()) { final Iterator<EncryptedAttribute> i = s.getEncryptedAttributes().iterator(); while (i.hasNext()) {
private String getRoleFromAssertion(SamlAssertionWrapper assertion) { Assertion saml2Assertion = assertion.getSaml2(); if (saml2Assertion == null) { return null; } List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { return null; } String nameFormat = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims"; for (AttributeStatement statement : attributeStatements) { List<Attribute> attributes = statement.getAttributes(); for (Attribute attribute : attributes) { if ("role".equals(attribute.getName()) && nameFormat.equals(attribute.getNameFormat())) { Element attributeValueElement = attribute.getAttributeValues().get(0).getDOM(); return attributeValueElement.getTextContent(); } } } return null; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { try { final AttributeStatement statement = buildAttributeStatement(profileRequestContext, getAttributeContext().getIdPAttributes().values()); if (statement == null) { log.debug("{} No AttributeStatement was built, nothing to do", getLogPrefix()); return; } final Assertion assertion = assertionLookupStrategy.apply(profileRequestContext); if (assertion == null) { log.error("Unable to obtain Assertion to modify"); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return; } assertion.getAttributeStatements().add(statement); log.debug("{} Adding constructed AttributeStatement to Assertion {} ", getLogPrefix(), assertion.getID()); } catch (final AttributeEncodingException e) { ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_ENCODE_ATTRIBUTE); } } //CheckStyle: ReturnCount ON
protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) { List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { if (LOG.isLoggable(Level.FINEST)) {
protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) { List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { if (LOG.isLoggable(Level.FINEST)) {
protected List<Claim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) { List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion .getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { LOG.debug("No attribute statements found");
for (final AttributeStatement statement : assertion.getAttributeStatements()) {
for (AttributeStatement attributeStatement : saml2Assertion.getAttributeStatements()) { for (Attribute attribute : attributeStatement.getAttributes()) { if (!"attribute-role".equals(attribute.getName())) {
for (final AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) { for (final Attribute attribute : attributeStatement.getAttributes()) { attributes.add(attribute);
@Override public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion(); if (!"sts".equals(assertion.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } Assertion saml2Assertion = assertion.getSaml2(); if (saml2Assertion == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } return validatedCredential; }
List<AttributeStatement> statements = assertion.getSaml2().getAttributeStatements(); for (AttributeStatement as : statements) { for (Attribute atr : as.getAttributes()) {
protected Assertion resolveAssertion( org.opensaml.saml.saml2.core.Assertion parsed, List<SimpleKey> verificationKeys, List<SimpleKey> localKeys ) { Signature signature = validateSignature(parsed, verificationKeys); return new Assertion() .setSignature(signature) .setId(parsed.getID()) .setIssueInstant(parsed.getIssueInstant()) .setVersion(parsed.getVersion().toString()) .setIssuer(getIssuer(parsed.getIssuer())) .setSubject(getSubject(parsed.getSubject(), localKeys)) .setConditions(getConditions(parsed.getConditions())) .setAuthenticationStatements(getAuthenticationStatements(parsed.getAuthnStatements())) .setAttributes(getAttributes(parsed.getAttributeStatements(), localKeys)) ; }