if (!"urn:oasis:names:tc:SAML:2.0:cm:bearer".equals(subjectConfirmation.getMethod())) { continue;
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { SubjectConfirmation subjectConfirmation = (SubjectConfirmation) samlObject; if (subjectConfirmation.getMethod() != null) { domElement.setAttributeNS(null, SubjectConfirmation.METHOD_ATTRIB_NAME, subjectConfirmation.getMethod()); } } }
/** {@inheritDoc} */ @Nonnull protected ValidationResult doValidate(@Nonnull final SubjectConfirmation confirmation, @Nonnull final Assertion assertion, @Nonnull final ValidationContext context) throws AssertionValidationException { if (Objects.equals(confirmation.getMethod(), SubjectConfirmation.METHOD_SENDER_VOUCHES)) { return ValidationResult.VALID; } else { return ValidationResult.INDETERMINATE; } } }
/** {@inheritDoc} */ @Nonnull protected ValidationResult doValidate(@Nonnull final SubjectConfirmation confirmation, @Nonnull final Assertion assertion, @Nonnull final ValidationContext context) throws AssertionValidationException { if (Objects.equals(confirmation.getMethod(), SubjectConfirmation.METHOD_BEARER)) { return ValidationResult.VALID; } else { return ValidationResult.INDETERMINATE; } } }
private boolean validateAuthenticationSubject(Message m, Conditions cs, org.opensaml.saml.saml2.core.Subject subject) { // We need to find a Bearer Subject Confirmation method boolean bearerSubjectConfFound = false; if (subject.getSubjectConfirmations() != null) { for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData()); bearerSubjectConfFound = true; } } } return bearerSubjectConfFound; }
private boolean validateAuthenticationSubject(Message m, Conditions cs, org.opensaml.saml.saml2.core.Subject subject) { // We need to find a Bearer Subject Confirmation method boolean bearerSubjectConfFound = false; if (subject.getSubjectConfirmations() != null) { for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData()); bearerSubjectConfFound = true; } } } return bearerSubjectConfFound; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { // Populate Liberty context for use later. ssosContext = profileRequestContext.getSubcontext(LibertySSOSContext.class, true); ssosContext.setAttestedToken(assertionToken.getWrappedToken()); ssosContext.setAttestedSubjectConfirmationMethod(assertionToken.getSubjectConfirmation().getMethod()); }
SubjectConfirmationValidator validator = subjectConfirmationValidators.get(confirmation.getMethod()); if (validator != null) { try {
/** * Validate the Subject (of an Authentication Statement). */ private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject( org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding ) throws WSSecurityException { if (subject.getSubjectConfirmations() == null) { return null; } org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null; // We need to find a Bearer Subject Confirmation method for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding); validSubjectConf = subjectConf; } } return validSubjectConf; }
throws AssertionValidationException { if (!Objects.equals(confirmation.getMethod(), SubjectConfirmation.METHOD_HOLDER_OF_KEY)) { return ValidationResult.INDETERMINATE;
subject.getSubjectConfirmations(); for (org.opensaml.saml.saml2.core.SubjectConfirmation confirmation : confirmations) { methods.add(confirmation.getMethod());
/** * Create an efficient field-wise copy of a {@link SubjectConfirmation}. * * @param confirmation the object to clone * * @return the copy */ @Nonnull private SubjectConfirmation cloneConfirmation(@Nonnull final SubjectConfirmation confirmation) { final SubjectConfirmation clone = confirmationBuilder.buildObject(); clone.setMethod(confirmation.getMethod()); final SubjectConfirmationData data = confirmation.getSubjectConfirmationData(); if (data != null) { final SubjectConfirmationData cloneData = confirmationDataBuilder.buildObject(); cloneData.setAddress(data.getAddress()); cloneData.setInResponseTo(data.getInResponseTo()); cloneData.setRecipient(data.getRecipient()); cloneData.setNotBefore(data.getNotBefore()); cloneData.setNotOnOrAfter(data.getNotOnOrAfter()); clone.setSubjectConfirmationData(cloneData); } return clone; }
if (!"urn:oasis:names:tc:SAML:2.0:cm:bearer".equals(subjectConfirmation.getMethod())) { continue;
if (SubjectConfirmation.METHOD_BEARER.equals(confirmation.getMethod()) && isValidBearerSubjectConfirmationData(confirmation.getSubjectConfirmationData(), context)) { NameID nameIDFromConfirmation = confirmation.getNameID();
protected List<SubjectConfirmation> getConfirmations( List<org.opensaml.saml.saml2.core .SubjectConfirmation> subjectConfirmations, List<SimpleKey> localKeys ) { List<SubjectConfirmation> result = new LinkedList<>(); for (org.opensaml.saml.saml2.core.SubjectConfirmation s : subjectConfirmations) { NameID nameID = getNameID(s.getNameID(), s.getEncryptedID(), localKeys); result.add( new SubjectConfirmation() .setNameId(nameID != null ? nameID.getValue() : null) .setFormat(nameID != null ? NameId.fromUrn(nameID.getFormat()) : null) .setMethod(SubjectConfirmationMethod.fromUrn(s.getMethod())) .setConfirmationData( new SubjectConfirmationData() .setRecipient(s.getSubjectConfirmationData().getRecipient()) .setNotOnOrAfter(s.getSubjectConfirmationData().getNotOnOrAfter()) .setNotBefore(s.getSubjectConfirmationData().getNotBefore()) .setInResponseTo(s.getSubjectConfirmationData().getInResponseTo()) ) ); } return result; }