public void resignAssertion(Assertion assertion) throws SignatureException { final Signature signature = assertion.getSignature(); if (signature == null) { signSamlObject(assertion); return; } final String digestAlgorithm = ((SAMLObjectContentReference) signature.getContentReferences().get(0)).getDigestAlgorithm(); signSamlObject( assertion, signature.getSignatureAlgorithm(), signature.getCanonicalizationAlgorithm(), digestAlgorithm); }
Signature signature = token.getSignature();
private void signAssertion( SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters ) throws Exception { if (signToken) { STSPropertiesMBean stsProperties = tokenParameters.getStsProperties(); String realm = tokenParameters.getRealm(); RealmProperties samlRealm = null; if (realm != null && realmMap.containsKey(realm)) { samlRealm = realmMap.get(realm); } signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements()); } else { if (assertion.getSaml1().getSignature() != null) { assertion.getSaml1().setSignature(null); } else if (assertion.getSaml2().getSignature() != null) { assertion.getSaml2().setSignature(null); } } }
private void signAssertion( SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters ) throws Exception { if (signToken) { STSPropertiesMBean stsProperties = tokenParameters.getStsProperties(); String realm = tokenParameters.getRealm(); RealmProperties samlRealm = null; if (realm != null && realmMap.containsKey(realm)) { samlRealm = realmMap.get(realm); } signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements()); } else { if (assertion.getSaml1().getSignature() != null) { assertion.getSaml1().setSignature(null); } else if (assertion.getSaml2().getSignature() != null) { assertion.getSaml2().setSignature(null); } } }
if (assertion.getSignature() == null) { throw new SSOException("SAML 2.0 Assertion signing is enabled, but signature element not found in " + "SAML 2.0 Assertion element"); } else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(assertion.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) {
if (!samlResponse.isSigned() && enforceAssertionsSigned && assertion.getSignature() == null) { LOG.fine("The enclosed assertions in the SAML Response must be signed"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
private static void signXMLObject(XMLObject xmlObject) throws WSSecurityException { if (xmlObject instanceof org.opensaml.saml.saml1.core.Response) { org.opensaml.saml.saml1.core.Response response = (org.opensaml.saml.saml1.core.Response)xmlObject; // Sign any Assertions if (response.getAssertions() != null) { for (org.opensaml.saml.saml1.core.Assertion assertion : response.getAssertions()) { signObject(assertion.getSignature()); } } signObject(response.getSignature()); } else if (xmlObject instanceof org.opensaml.saml.saml2.core.Response) { org.opensaml.saml.saml2.core.Response response = (org.opensaml.saml.saml2.core.Response)xmlObject; // Sign any Assertions if (response.getAssertions() != null) { for (org.opensaml.saml.saml2.core.Assertion assertion : response.getAssertions()) { signObject(assertion.getSignature()); } } signObject(response.getSignature()); } else if (xmlObject instanceof SignableSAMLObject) { signObject(((SignableSAMLObject)xmlObject).getSignature()); } }
/** * Validate the given assertion: * - issueInstant * - issuer * - subject * - conditions * - authnStatements * - signature * * @param assertion the assertion * @param context the context * @param engine the engine * @param decrypter the decrypter */ protected final void validateAssertion(final Assertion assertion, final SAML2MessageContext context, final SignatureTrustEngine engine, final Decrypter decrypter) { validateIssueInstant(assertion.getIssueInstant()); validateIssuer(assertion.getIssuer(), context); if (assertion.getSubject() != null) { validateSubject(assertion.getSubject(), context, decrypter); } else { throw new SAMAssertionSubjectException("Assertion subject cannot be null"); } validateAssertionConditions(assertion.getConditions(), context); validateAuthenticationStatements(assertion.getAuthnStatements(), context); validateAssertionSignature(assertion.getSignature(), context, engine); }
if (assertion.getSignature() == null) { throw new SSOException("SAML 2.0 Assertion signing is enabled, but signature element not found in" + " SAML 2.0 Assertion element"); } else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(assertion.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) {
List<Assertion> assertions = ((Response) samlObject).getAssertions(); for (Assertion assertion : assertions) { assertion.getSignature().setSigningCredential(signingCredential);