/** * Returns a {@link NameID} that its name format equals to the specified {@code expectedFormat}, * from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, SamlNameIdFormat expectedFormat) { return getNameId(response, nameId -> nameId.getFormat().equals(expectedFormat.urn())); }
@Nullable private String findLoginNameFromSubjects(Response response) { if (Strings.isNullOrEmpty(subjectLoginNameIdFormat)) { return null; } return response.getAssertions() .stream() .map(s -> s.getSubject().getNameID()) .filter(nameId -> nameId.getFormat().equals(subjectLoginNameIdFormat)) .map(NameIDType::getValue) .findFirst() .orElse(null); }
/** * Returns a {@link NameID} that its name format equals to the specified {@code expectedFormat}, * from the {@link Response}. */ public static Optional<NameID> getNameId(Response response, SamlNameIdFormat expectedFormat) { return getNameId(response, nameId -> nameId.getFormat().equals(expectedFormat.urn())); }
/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameID target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameID.UNSPECIFIED)) { log.debug("Applying policy to NameID with Format {}", format != null ? format : NameID.UNSPECIFIED); return doApply(requesterId, responderId, format, target.getNameQualifier(), target.getSPNameQualifier()); } else { log.debug("Policy checking disabled for NameID Format {}", format != null ? format : NameID.UNSPECIFIED); return true; } }
/** * Return true iff the two input {@link NameID} objects are equivalent for SAML 2.0 purposes. * * @param name1 first NameID to check * @param name2 second NameID to check * @return true iff the two values should be viewed as equivalent */ public static boolean areNameIDsEquivalent(@Nonnull final NameID name1, @Nonnull final NameID name2) { return areNameIDFormatsEquivalent(name1.getFormat(), name2.getFormat()) && Objects.equals(name1.getValue(), name2.getValue()) && Objects.equals(name1.getNameQualifier(), name2.getNameQualifier()) && Objects.equals(name1.getSPNameQualifier(), name2.getSPNameQualifier()); }
/** * Return true iff the NameID should be encrypted. * * @param name NameID to check * * @return true iff encryption should happen */ private boolean shouldEncrypt(@Nullable final NameID name) { if (name != null) { String format = name.getFormat(); if (format == null) { format = NameID.UNSPECIFIED; } if (!excludedFormats.contains(format)) { if (log.isDebugEnabled()) { try { final Element dom = XMLObjectSupport.marshall(name); log.debug("{} NameID before encryption:\n{}", getLogPrefix(), SerializeSupport.prettyPrintXML(dom)); } catch (final MarshallingException e) { log.error("{} Unable to marshall NameID for logging purposes", getLogPrefix(), e); } } return true; } } return false; }
/** * Apply function to an assertion. * * @param assertion assertion to operate on * * @return the format, or null */ @Nullable private String apply(@Nonnull final org.opensaml.saml.saml2.core.Assertion assertion) { if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { return assertion.getSubject().getNameID().getFormat(); } return null; }
SAML2ObjectSupport.areNameIDFormatsEquivalent(connector.getFormat(), nameID.getFormat())) {
val nameID = query.getSubject().getNameID(); nameID.detach(); LOGGER.debug("Choosing NameID format [{}] with value [{}] for attribute query", nameID.getFormat(), nameID.getValue()); return nameID; LOGGER.debug("Encoding NameID based on [{}]", nameFormat); var nameId = encoder.encode(attribute); LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameId.getFormat(), nameId.getValue()); return nameId; } catch (final Exception e) {
if (value instanceof XMLObjectAttributeValue && value.getValue() instanceof NameID) { if (SAML2ObjectSupport.areNameIDFormatsEquivalent(getFormat(), ((NameID) value.getValue()).getFormat())) { log.info("Returning NameID from XMLObject-valued attribute {}", sourceId); return (NameID) value.getValue();
/** * Create an efficient field-wise copy of a {@link NameID}. * * @param nameId the object to clone * * @return the copy */ @Nonnull private NameID cloneNameID(@Nonnull final NameID nameId) { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
service.isSkipGeneratingSubjectConfirmationNotBefore() ? null : ZonedDateTime.now()); if (NameIDType.ENCRYPTED.equalsIgnoreCase(subjectNameId.getFormat())) { subject.setNameID(null); subject.getSubjectConfirmations().forEach(c -> c.setNameID(null));
/** * Create an efficient field-wise copy of a {@link NameID}. * * @return the copy */ @Nonnull private NameID cloneNameID() { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
try { if (subject != null && subject.getNameID() != null && subject.getNameID().getFormat() != null && super.getSsoIdpConfig().getNameIDFormat() != null && subject.getNameID().getFormat().equals(super.getSsoIdpConfig().getNameIDFormat())) { UserStoreManager userStoreManager = SAMLQueryServiceComponent.getRealmservice(). getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId()).
this.nameId = new SAMLNameID(); this.nameId.setNameQualifier(nameId.getNameQualifier()); this.nameId.setFormat(nameId.getFormat()); this.nameId.setSpNameQualifier(nameId.getSPNameQualifier()); this.nameId.setSpProviderId(nameId.getSPProvidedID());
protected NameIdPrincipal getNameIdPrincipal(NameID p) { return new NameIdPrincipal() .setSpNameQualifier(p.getSPNameQualifier()) .setNameQualifier(p.getNameQualifier()) .setFormat(NameId.fromUrn(p.getFormat())) .setSpProvidedId(p.getSPProvidedID()) .setValue(p.getValue()); }
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; callback.setSamlVersion(Version.SAML_20); callback.setIssuer(issuer); if (conditions != null) { callback.setConditions(conditions); } SubjectBean subjectBean = new SubjectBean( subject.getNameID().getValue(), subject.getNameID().getNameQualifier(), confirmationMethod ); subjectBean.setSubjectNameIDFormat(subject.getNameID().getFormat()); subjectBean.setSubjectConfirmationData(subjectConfirmationData); callback.setSubject(subjectBean); createAndSetStatement(callback); } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } }
protected List<SubjectConfirmation> getConfirmations( List<org.opensaml.saml.saml2.core .SubjectConfirmation> subjectConfirmations, List<SimpleKey> localKeys ) { List<SubjectConfirmation> result = new LinkedList<>(); for (org.opensaml.saml.saml2.core.SubjectConfirmation s : subjectConfirmations) { NameID nameID = getNameID(s.getNameID(), s.getEncryptedID(), localKeys); result.add( new SubjectConfirmation() .setNameId(nameID != null ? nameID.getValue() : null) .setFormat(nameID != null ? NameId.fromUrn(nameID.getFormat()) : null) .setMethod(SubjectConfirmationMethod.fromUrn(s.getMethod())) .setConfirmationData( new SubjectConfirmationData() .setRecipient(s.getSubjectConfirmationData().getRecipient()) .setNotOnOrAfter(s.getSubjectConfirmationData().getNotOnOrAfter()) .setNotBefore(s.getSubjectConfirmationData().getNotBefore()) .setInResponseTo(s.getSubjectConfirmationData().getInResponseTo()) ) ); } return result; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }