/** * Return true iff the two input {@link NameID} objects are equivalent for SAML 2.0 purposes. * * @param name1 first NameID to check * @param name2 second NameID to check * @return true iff the two values should be viewed as equivalent */ public static boolean areNameIDsEquivalent(@Nonnull final NameID name1, @Nonnull final NameID name2) { return areNameIDFormatsEquivalent(name1.getFormat(), name2.getFormat()) && Objects.equals(name1.getValue(), name2.getValue()) && Objects.equals(name1.getNameQualifier(), name2.getNameQualifier()) && Objects.equals(name1.getSPNameQualifier(), name2.getSPNameQualifier()); }
/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameID target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameID.UNSPECIFIED)) { log.debug("Applying policy to NameID with Format {}", format != null ? format : NameID.UNSPECIFIED); return doApply(requesterId, responderId, format, target.getNameQualifier(), target.getSPNameQualifier()); } else { log.debug("Policy checking disabled for NameID Format {}", format != null ? format : NameID.UNSPECIFIED); return true; } }
/** {@inheritDoc} */ public String apply(final ProfileRequestContext input) { // First attempt to resolve SPNameQualifier from delegated Assertion's Subject NameID, if present if (nameID.getSPNameQualifier() != null) { log.debug("Saw delegated Assertion Subject NameID SPNameQualifier: {}", nameID.getSPNameQualifier()); return nameID.getSPNameQualifier(); } // Second attempt to resolve entityID of entity in SAML presenter role if (input != null && input.getInboundMessageContext() != null) { final SAMLPresenterEntityContext presenterContext = input.getInboundMessageContext().getSubcontext(SAMLPresenterEntityContext.class); if (presenterContext != null) { log.debug("Saw SAML presenter entityID: {}", presenterContext.getEntityId()); return presenterContext.getEntityId(); } else { return null; } } return null; }
/** * Create an efficient field-wise copy of a {@link NameID}. * * @param nameId the object to clone * * @return the copy */ @Nonnull private NameID cloneNameID(@Nonnull final NameID nameId) { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
/** * Create an efficient field-wise copy of a {@link NameID}. * * @return the copy */ @Nonnull private NameID cloneNameID() { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
String recipientID = nameID.getSPNameQualifier(); if (recipientID == null) { recipientID = c14nContext.getRequesterId();
this.nameId.setNameQualifier(nameId.getNameQualifier()); this.nameId.setFormat(nameId.getFormat()); this.nameId.setSpNameQualifier(nameId.getSPNameQualifier()); this.nameId.setSpProviderId(nameId.getSPProvidedID()); this.nameId.setValue(nameId.getValue());
protected NameIdPrincipal getNameIdPrincipal(NameID p) { return new NameIdPrincipal() .setSpNameQualifier(p.getSPNameQualifier()) .setNameQualifier(p.getNameQualifier()) .setFormat(NameId.fromUrn(p.getFormat())) .setSpProvidedId(p.getSPProvidedID()) .setValue(p.getValue()); }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }