@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
validateSignature(idp.signingCredential(), assertion); final List<AuthnStatement> authnStatements = assertion.getAuthnStatements(); if (authnStatements.isEmpty()) { continue;
assertion.getAuthnStatements().add(authnStatement);
/** * Searches the sessionIndex in the assertion * * @param subjectAssertion assertion from the response * @return the sessionIndex if found in the assertion */ protected String getSessionIndex(final Assertion subjectAssertion) { List<AuthnStatement> authnStatements = subjectAssertion.getAuthnStatements(); if (authnStatements != null && authnStatements.size() > 0) { AuthnStatement statement = authnStatements.get(0); if (statement != null) { return statement.getSessionIndex(); } } return null; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final Assertion assertion = assertionLookupStrategy.apply(profileRequestContext); if (assertion == null) { log.error("Unable to obtain Assertion to modify"); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return; } final AuthnStatement statement = buildAuthnStatement(profileRequestContext, authenticationContext.getSubcontext(RequestedPrincipalContext.class)); assertion.getAuthnStatements().add(statement); log.debug("{} Added AuthenticationStatement to Assertion {}", getLogPrefix(), assertion.getID()); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final Assertion assertion = assertionLookupStrategy.apply(profileRequestContext); if (assertion == null) { log.error("Unable to obtain Assertion to modify"); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return; } final AuthnStatement statement = getNewAuthnStatement(); if (statement == null) { log.error("Unable to obtain AuthnStatement to add"); ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR); return; } assertion.getAuthnStatements().add(statement); log.debug("{} Added AuthenticationStatement to Assertion {}", getLogPrefix(), assertion.getID()); } //CheckStyle: ReturnCount OFF
} else { for (final Assertion assertion : response.getAssertions()) { if (!assertion.getAuthnStatements().isEmpty()) { log.debug("Found Assertion with AuthnStatement to decorate in outbound Response"); return Collections.singletonList(assertion);
/** {@inheritDoc} */ @Override @Nullable public Assertion apply(@Nullable final ProfileRequestContext input) { if (input != null && input.getOutboundMessageContext() != null) { final Object outboundMessage = input.getOutboundMessageContext().getMessage(); if (outboundMessage instanceof Assertion) { return (Assertion) outboundMessage; } else if (outboundMessage instanceof Response) { final Response response = (Response) outboundMessage; if (response.getAssertions().isEmpty()) { return null; } else { for (final Assertion theAssertion : response.getAssertions()) { if (!theAssertion.getAuthnStatements().isEmpty()) { log.debug("Found Assertion with AuthnStatement to decorate in outbound Response"); return theAssertion; } } log.debug("Found no Assertion with AuthnStatement in outbound Response, returning first"); return response.getAssertions().get(0); } } } return null; } }
if (!attestedToken.getAuthnStatements().isEmpty()) { sourceStatement = attestedToken.getAuthnStatements().get(0);
for (final AuthnStatement statement : assertion.getAuthnStatements()) { if (statement.getSessionIndex() != null) { return new Pair<>(assertion, statement);
for (final AuthnStatement statement : assertion.getAuthnStatements()) { if (statement.getSessionIndex() != null) { indexes.add(statement.getSessionIndex());
/** * Create a new SAML1 response object. * * @param authnStatement the authn statement * @param issuer the issuer * @param issuedAt the issued at * @param id the id * @return the assertion */ public Assertion newAssertion(final AuthnStatement authnStatement, final String issuer, final DateTime issuedAt, final String id) { final Assertion assertion = newSamlObject(Assertion.class); assertion.setID(id); assertion.setIssueInstant(issuedAt); assertion.setIssuer(newIssuer(issuer)); assertion.getAuthnStatements().add(authnStatement); return assertion; }
if (!assertion.getAuthnStatements().isEmpty()) { try { validateAssertion(assertion, context, engine, decrypter);
for (final AuthnStatement statement : assertion.getAuthnStatements()) { if (statement.getAuthnInstant() != null) { return statement.getAuthnInstant();
@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
final List<AuthnStatement> authnStatements = subjectAssertion.getAuthnStatements(); final List<String> authnContexts = new ArrayList<>(); for (final AuthnStatement authnStatement : authnStatements) {
for (final AuthnStatement statement : assertion.getAuthnStatements()) { if (statement.getAuthnContext() != null) { final AuthnContext ac = statement.getAuthnContext();
&& getSaml2().getAuthnStatements() != null) { List<AuthnStatement> authnStatements = getSaml2().getAuthnStatements();
/** * Validate the given assertion: * - issueInstant * - issuer * - subject * - conditions * - authnStatements * - signature * * @param assertion the assertion * @param context the context * @param engine the engine * @param decrypter the decrypter */ protected final void validateAssertion(final Assertion assertion, final SAML2MessageContext context, final SignatureTrustEngine engine, final Decrypter decrypter) { validateIssueInstant(assertion.getIssueInstant()); validateIssuer(assertion.getIssuer(), context); if (assertion.getSubject() != null) { validateSubject(assertion.getSubject(), context, decrypter); } else { throw new SAMAssertionSubjectException("Assertion subject cannot be null"); } validateAssertionConditions(assertion.getConditions(), context); validateAuthenticationStatements(assertion.getAuthnStatements(), context); validateAssertionSignature(assertion.getSignature(), context, engine); }
protected Assertion resolveAssertion( org.opensaml.saml.saml2.core.Assertion parsed, List<SimpleKey> verificationKeys, List<SimpleKey> localKeys ) { Signature signature = validateSignature(parsed, verificationKeys); return new Assertion() .setSignature(signature) .setId(parsed.getID()) .setIssueInstant(parsed.getIssueInstant()) .setVersion(parsed.getVersion().toString()) .setIssuer(getIssuer(parsed.getIssuer())) .setSubject(getSubject(parsed.getSubject(), localKeys)) .setConditions(getConditions(parsed.getConditions())) .setAuthenticationStatements(getAuthenticationStatements(parsed.getAuthnStatements())) .setAttributes(getAttributes(parsed.getAttributeStatements(), localKeys)) ; }