Assertion assertion = response.getAssertions().get(0); DateTime until = new DateTime().plusHours(1); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint); assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID); assertion.getIssuer().setValue(issuerEntityId); assertion.getSubject().getNameID().setValue(username); assertion.getSubject().getNameID().setFormat(format); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until); assertion.getConditions().setNotOnOrAfter(until); SamlConfig config = new SamlConfig();
@Test public void testBuildResponseWithSignedAssertion() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(true); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); assertNotNull(assertion.getSignature()); }
@Test public void testBuildResponseForSamlRequestWithUnspecifiedNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.UNSPECIFIED)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithPersistentNameID() throws Exception { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(samlTestUtils.mockAuthnRequest(NameIDType.PERSISTENT)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals(authenticationId, subject.getNameID().getValue()); assertEquals(NameIDType.PERSISTENT, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithEmailAddressNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.EMAIL)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa@testing.org", subject.getNameID().getValue()); assertEquals(NameIDType.EMAIL, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponse() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); assertEquals(request.getID(), response.getInResponseTo()); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
if (assertion!= null && assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { session.setAttribute(SAMLPluginConstants.SAML_NAMEID, assertion.getSubject().getNameID().getValue()); break; if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { session.setAttribute(SAMLPluginConstants.SAML_NAMEID, assertion.getSubject().getNameID().getValue());
private static String getSubjectNameIDFormat(Assertion assertion) { String retVal = null; if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { retVal = assertion.getSubject().getNameID().getFormat(); } return retVal; } /*
private static String getSubjectNameIDValue(Assertion assertion) { String retVal = null; if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { retVal = assertion.getSubject().getNameID().getValue(); //assertion.getSubject().getNameID().get } return retVal; } private static String getSubjectNameIDFormat(Assertion assertion) {
private List<SubjectConfirmation> getSubjectConfirmations(Assertion assertion) throws IdentityOAuth2Exception { List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations(); if (subjectConfirmations == null || subjectConfirmations.isEmpty()) { throw new IdentityOAuth2Exception("No SubjectConfirmation exist in Assertion"); } return subjectConfirmations; }
/** * Get the subject confirmation method of a SAML 2.0 assertion * * @param assertion SAML 2.0 assertion * @return Subject Confirmation method */ public static String getSAML2SubjectConfirmationMethod(Assertion assertion) { String subjectConfirmationMethod = RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK; List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations(); if (subjectConfirmations.size() > 0) { subjectConfirmationMethod = subjectConfirmations.get(0).getMethod(); } return subjectConfirmationMethod; }
protected void processSubject(Assertion assertion, AuthenticationContext context) throws SAML2SSOAuthenticationException { String subject = null; if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { subject = assertion.getSubject().getNameID().getValue(); } if (StringUtils.isBlank(subject)) { throw new SAML2SSOAuthenticationException("Assertion does not contain the name of the subject"); } FederatedUser federatedUser = new FederatedUser(subject); context.addParameter("Subject", federatedUser); }
private String getNameIdValue(Assertion assertion) throws IdentityOAuth2Exception { if (assertion.getSubject().getNameID() != null) { return assertion.getSubject().getNameID().getValue(); } else { throw new IdentityOAuth2Exception("NameID value is null. Cannot proceed"); } }
@Override @SuppressWarnings("unchecked") protected void verifyAssertion(Assertion assertion, AuthnRequest request, SAMLMessageContext context) throws AuthenticationException, SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, DecryptionException { //nope context.setSubjectNameIdentifier(assertion.getSubject().getNameID()); } } : new WebSSOProfileConsumerImpl();
/** * Retrieves the Name ID from the SAML response. This is normally the name of the authenticated * user. * * @return The Name ID from the SAML response. */ public String getNameID() { return assertion.getSubject().getNameID().getValue(); } }
/** * Method getConfirmationMethods returns the confirmationMethods of this * AssertionWrapper model. * * @return the confirmationMethods of this AssertionWrapper model. */ public List<String> getConfirmationMethods() { List<String> methods = new ArrayList<String>(); if (saml2 != null) { org.opensaml.saml2.core.Subject subject = saml2.getSubject(); List<org.opensaml.saml2.core.SubjectConfirmation> confirmations = subject.getSubjectConfirmations(); for (org.opensaml.saml2.core.SubjectConfirmation confirmation : confirmations) { methods.add(confirmation.getMethod()); } } return methods; }
/** * Get the username from the SAML2 Response * * @param response SAML2 Response * @return username username contained in the SAML Response */ private String getUsernameFromResponse(Response response) { List<Assertion> assertions = response.getAssertions(); Assertion assertion = null; if (assertions != null && assertions.size() > 0) { // There can be only one assertion in a SAML Response, so get the first one assertion = assertions.get(0); return assertion.getSubject().getNameID().getValue(); } return null; }
private void validateAssertion(Response response) throws SamlException { if (response.getAssertions().size() != 1) { throw new SamlException("The response doesn't contain exactly 1 assertion"); } Assertion assertion = response.getAssertions().get(0); if (!assertion.getIssuer().getValue().equals(responseIssuer)) { throw new SamlException("The assertion issuer didn't match the expected value"); } if (assertion.getSubject().getNameID() == null) { throw new SamlException( "The NameID value is missing from the SAML response; this is likely an IDP configuration issue"); } enforceConditions(assertion.getConditions()); }
public SubjectConfirmation(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Subject subject = credential.getAuthenticationAssertion().getSubject(); List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations(); org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation = subjectConfirmations.get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); method = subjectConfirmation.getMethod(); inResponseTo = subjectConfirmationData.getInResponseTo(); notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); recipient = subjectConfirmationData.getRecipient(); }
private void verifyAssertion(Assertion assertion, AuthnRequest request, BasicSAMLMessageContext context) throws SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, Exception { // Verify assertion time skew if (!isDateTimeSkewValid(MAX_ASSERTION_TIME, assertion.getIssueInstant())) { System.out.println("Authentication statement is too old to be used"+assertion.getIssueInstant()); throw new Exception("Users authentication credential is too old to be used"); } // Verify validity of assertion // Advice is ignored, core 574 verifyIssuer(assertion.getIssuer(), context); verifyAssertionSignature(assertion.getSignature(), context); verifySubject(assertion.getSubject(), request, context); // Assertion with authentication statement must contain audience restriction if (assertion.getAuthnStatements().size() > 0) { verifyAssertionConditions(assertion.getConditions(), context, true); for (AuthnStatement statement : assertion.getAuthnStatements()) { verifyAuthenticationStatement(statement, context); } } else { verifyAssertionConditions(assertion.getConditions(), context, false); } } /**