/** * method used to get subject value * @param subject subject element of request message * @return String subject value */ protected String getUserName(Subject subject) { return subject.getNameID().getValue(); }
/** {@inheritDoc} */ @Override @Nullable public String decode(@Nonnull final SubjectCanonicalizationContext c14nContext, @Nonnull final NameID nameIdentifier) throws NameDecoderException { return decode(nameIdentifier.getValue()); }
/** {@inheritDoc} */ @Override @Nonnull @NotEmpty public String decode(@Nonnull final SubjectCanonicalizationContext c14nContext, @Nonnull final NameID nameID) throws NameDecoderException { return super.decode(nameID.getValue(), c14nContext.getRequesterId()); }
/** {@inheritDoc} */ @Override @Nonnull @NotEmpty public String decode(@Nonnull final SubjectCanonicalizationContext c14nContext, @Nonnull final NameID nameID) throws NameDecoderException { return super.decode(nameID.getValue(), c14nContext.getRequesterId()); }
/** * This method is used to get subject value along with tenant domain * @param request Assertion request message * @param tenantDomain Tenant domain of the subject * @return String full qualified subject value */ protected String getFullQualifiedSubject(SubjectQuery request, String tenantDomain) { return request.getSubject().getNameID().getValue() + "@" + tenantDomain; }
/** * Return true iff the two input {@link NameID} objects are equivalent for SAML 2.0 purposes. * * @param name1 first NameID to check * @param name2 second NameID to check * @return true iff the two values should be viewed as equivalent */ public static boolean areNameIDsEquivalent(@Nonnull final NameID name1, @Nonnull final NameID name2) { return areNameIDFormatsEquivalent(name1.getFormat(), name2.getFormat()) && Objects.equals(name1.getValue(), name2.getValue()) && Objects.equals(name1.getNameQualifier(), name2.getNameQualifier()) && Objects.equals(name1.getSPNameQualifier(), name2.getSPNameQualifier()); }
public SAMLLogoutRequest(LogoutRequest logoutRequest) { super(logoutRequest); if (logoutRequest.getNotOnOrAfter() != null) { notOnOrAfter = logoutRequest.getNotOnOrAfter().toDate(); } if (logoutRequest.getNameID() != null) { subjectNameId = logoutRequest.getNameID().getValue(); } }
/** * Apply function to an assertion. * * @param assertion assertion to operate on * * @return the identifier, or null */ @Nullable private String apply(@Nonnull final org.opensaml.saml.saml2.core.Assertion assertion) { if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { return assertion.getSubject().getNameID().getValue(); } return null; }
@Override public String getPrincipalIdFrom(final Authentication authentication, final Object returnValue, final Exception exception) { val response = (Response) returnValue; if (!response.getAssertions().isEmpty()) { val assertion = response.getAssertions().get(0); val subject = assertion.getSubject(); if (subject != null && subject.getNameID() != null) { return subject.getNameID().getValue(); } } return super.getPrincipalIdFrom(authentication, returnValue, exception); }
public SAMLAuthnRequest(AuthnRequest authnRequest) { super(authnRequest); consumerServiceURL = authnRequest.getAssertionConsumerServiceURL(); forceAuthn = authnRequest.isForceAuthn().booleanValue(); if (authnRequest.getSubject() != null && authnRequest.getSubject().getNameID() != null) { subjectNameId = authnRequest.getSubject().getNameID().getValue(); } }
private void storeAttributeQueryTicketInRegistry(final Assertion assertion, final HttpServletRequest request, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) { val value = assertion.getSubject().getNameID().getValue(); val ticketGrantingTicket = CookieUtils.getTicketGrantingTicketFromRequest( ticketGrantingTicketCookieGenerator, this.ticketRegistry, request); val ticket = samlAttributeQueryTicketFactory.create(value, assertion, adaptor.getEntityId(), ticketGrantingTicket); this.ticketRegistry.addTicket(ticket); } }
/** * Create an efficient field-wise copy of a {@link NameID}. * * @param nameId the object to clone * * @return the copy */ @Nonnull private NameID cloneNameID(@Nonnull final NameID nameId) { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
/** * Create an efficient field-wise copy of a {@link NameID}. * * @return the copy */ @Nonnull private NameID cloneNameID() { final NameID clone = nameIdBuilder.buildObject(); clone.setFormat(nameId.getFormat()); clone.setNameQualifier(nameId.getNameQualifier()); clone.setSPNameQualifier(nameId.getSPNameQualifier()); clone.setSPProvidedID(nameId.getSPProvidedID()); clone.setValue(nameId.getValue()); return clone; }
public void validate(Message message, SamlAssertionWrapper wrapper) { validateSAMLVersion(wrapper); Conditions cs = wrapper.getSaml2().getConditions(); validateAudience(message, cs); if (issuer != null) { String actualIssuer = getIssuer(wrapper); String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer; if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } } if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
public void validate(Message message, SamlAssertionWrapper wrapper) { validateSAMLVersion(wrapper); Conditions cs = wrapper.getSaml2().getConditions(); validateAudience(message, cs); if (issuer != null) { String actualIssuer = getIssuer(wrapper); String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer; if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } } if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
@Override public CriteriaSet apply(final ProfileRequestContext input) { if (logoutRequest != null && logoutRequest.getIssuer() != null && logoutRequest.getNameID() != null) { return new CriteriaSet(new SPSessionCriterion(logoutRequest.getIssuer().getValue(), logoutRequest.getNameID().getValue())); } else { return new CriteriaSet(); } } };
protected NameIdPrincipal getNameIdPrincipal(NameID p) { return new NameIdPrincipal() .setSpNameQualifier(p.getSPNameQualifier()) .setNameQualifier(p.getNameQualifier()) .setFormat(NameId.fromUrn(p.getFormat())) .setSpProvidedId(p.getSPProvidedID()) .setValue(p.getValue()); }
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; callback.setSamlVersion(Version.SAML_20); callback.setIssuer(issuer); if (conditions != null) { callback.setConditions(conditions); } SubjectBean subjectBean = new SubjectBean( subject.getNameID().getValue(), subject.getNameID().getNameQualifier(), confirmationMethod ); subjectBean.setSubjectNameIDFormat(subject.getNameID().getFormat()); subjectBean.setSubjectConfirmationData(subjectConfirmationData); callback.setSubject(subjectBean); createAndSetStatement(callback); } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } }
protected List<SubjectConfirmation> getConfirmations( List<org.opensaml.saml.saml2.core .SubjectConfirmation> subjectConfirmations, List<SimpleKey> localKeys ) { List<SubjectConfirmation> result = new LinkedList<>(); for (org.opensaml.saml.saml2.core.SubjectConfirmation s : subjectConfirmations) { NameID nameID = getNameID(s.getNameID(), s.getEncryptedID(), localKeys); result.add( new SubjectConfirmation() .setNameId(nameID != null ? nameID.getValue() : null) .setFormat(nameID != null ? NameId.fromUrn(nameID.getFormat()) : null) .setMethod(SubjectConfirmationMethod.fromUrn(s.getMethod())) .setConfirmationData( new SubjectConfirmationData() .setRecipient(s.getSubjectConfirmationData().getRecipient()) .setNotOnOrAfter(s.getSubjectConfirmationData().getNotOnOrAfter()) .setNotBefore(s.getSubjectConfirmationData().getNotBefore()) .setInResponseTo(s.getSubjectConfirmationData().getInResponseTo()) ) ); } return result; }
public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) { if (assertionW.getSaml2() != null) { org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject(); Subject subject = new Subject(); NameID nameId = s.getNameID(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); subject.setSpId(nameId.getSPProvidedID()); subject.setSpQualifier(nameId.getSPNameQualifier()); return subject; } else if (assertionW.getSaml1() != null) { org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW); if (s != null) { Subject subject = new Subject(); NameIdentifier nameId = s.getNameIdentifier(); subject.setNameQualifier(nameId.getNameQualifier()); // if format is transient then we may need to use STSClient // to request an alternate name from IDP subject.setNameFormat(nameId.getFormat()); subject.setName(nameId.getValue()); return subject; } } return null; }