private Response createResponse(SAMLMessageContext context, AssertionConsumerService assertionConsumerService, Assertion assertion, AuthnRequest authnRequest) { @SuppressWarnings("unchecked") SAMLObjectBuilder<Response> responseBuilder = (SAMLObjectBuilder<Response>) builderFactory .getBuilder(Response.DEFAULT_ELEMENT_NAME); Response response = responseBuilder.buildObject(); buildCommonAttributes(context.getLocalEntityId(), response, assertionConsumerService, authnRequest); response.getAssertions().add(assertion); buildStatusSuccess(response); return response; }
public static Response wrapAssertionIntoResponse(Assertion assertion, String assertionIssuer) { Response response = new ResponseBuilder().buildObject(); Issuer issuer = new IssuerBuilder().buildObject(); issuer.setValue(assertionIssuer); response.setIssuer(issuer); response.setID("id-" + System.currentTimeMillis()); Status stat = new StatusBuilder().buildObject(); // Set the status code StatusCode statCode = new StatusCodeBuilder().buildObject(); statCode.setValue("urn:oasis:names:tc:SAML:2.0:status:Success"); stat.setStatusCode(statCode); // Set the status Message StatusMessage statMesssage = new StatusMessageBuilder().buildObject(); statMesssage.setMessage(null); stat.setStatusMessage(statMesssage); response.setStatus(stat); response.setVersion(SAMLVersion.VERSION_20); response.setIssueInstant(new DateTime()); response.getAssertions().add(assertion); //XMLHelper.adoptElement(assertion.getDOM(), assertion.getDOM().getOwnerDocument()); return response; }
profile.buildResponse(authentication, context, options); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0);
@Test public void verifyAttributeMappingsIgnoredForNullValues() throws Exception { user.setPhoneNumbers(Collections.singletonList(new ScimUser.PhoneNumber(null))); Map<String, Object> attributeMappings = new HashMap<>(); attributeMappings.put("given_name", "first_name"); attributeMappings.put("phone_number", "cell_phone"); samlServiceProvider.getConfig().setAttributeMappings(attributeMappings); String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.UNSPECIFIED)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); profile.buildAttributeStatement(assertion, authentication, samlServiceProvider.getEntityId()); List<Attribute> attributes = assertion.getAttributeStatements().get(0).getAttributes(); assertAttributeValue(attributes, "first_name", user.getGivenName()); assertAttributeDoesNotExist(attributes, "last_name"); assertAttributeDoesNotExist(attributes, "cell_phone"); }
@Test public void testBuildResponseWithSignedAssertion() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(true); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); assertNotNull(assertion.getSignature()); }
@Test public void testBuildResponseForSamlRequestWithPersistentNameID() throws Exception { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(samlTestUtils.mockAuthnRequest(NameIDType.PERSISTENT)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals(authenticationId, subject.getNameID().getValue()); assertEquals(NameIDType.PERSISTENT, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithEmailAddressNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.EMAIL)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa@testing.org", subject.getNameID().getValue()); assertEquals(NameIDType.EMAIL, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithUnspecifiedNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.UNSPECIFIED)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponse() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); assertEquals(request.getID(), response.getInResponseTo()); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
profile.buildResponse(authentication, context, options); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); DateTime until = new DateTime().plusHours(1); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint);
private void config(XMLObject xmldata) throws ClassNotFoundException{ if (xmldata instanceof Assertion) { assertions = new ArrayList<Assertion>(); assertions.add((Assertion) xmldata); }else if (xmldata instanceof Response){ assertions = ((Response) xmldata).getAssertions(); }else { throw new ClassNotFoundException(); } }
username = SAMLUtils.getValueFromAssertions(processedSAMLResponse.getAssertions(), SAML2AuthManager.SAMLUserAttributeName.value()); for (Assertion assertion: processedSAMLResponse.getAssertions()) { if (assertion!= null && assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { session.setAttribute(SAMLPluginConstants.SAML_NAMEID, assertion.getSubject().getNameID().getValue());
/** * Get roles from the SAML2 Response * * @param response SAML2 Response * @return roles array */ private String[] getRolesFromResponse(Response response) { List<Assertion> assertions = response.getAssertions(); Assertion assertion = null; if (assertions != null && assertions.size() > 0) { assertion = assertions.get(0); return getRolesFromAssertion(assertion); } return null; }
/** * Get the username from the SAML2 Response * * @param response SAML2 Response * @return username username contained in the SAML Response */ public static String getUsernameFromResponse(Response response) { List<Assertion> assertions = response.getAssertions(); Assertion assertion = null; if (assertions != null && assertions.size() > 0) { // There can be only one assertion in a SAML Response, so get the // first one assertion = assertions.get(0); return getUsernameFromAssertion(assertion); } return null; }
/** * Get roles from the SAML2 Response * * @param response SAML2 Response * @return roles array */ private String[] getRolesFromResponse(Response response) { List<Assertion> assertions = response.getAssertions(); Assertion assertion = null; if (assertions != null && assertions.size() > 0) { assertion = assertions.get(0); return getRolesFromAssertion(assertion); } return null; }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { Response resp = (Response) parentSAMLObject; if (childSAMLObject instanceof Assertion) { resp.getAssertions().add((Assertion) childSAMLObject); } else if (childSAMLObject instanceof EncryptedAssertion) { resp.getEncryptedAssertions().add((EncryptedAssertion) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
/** * Retrieve all supplied assertions, decrypting any encrypted * assertions if necessary. */ private List<Assertion> getAssertions(Response response) throws DecryptionException { List<Assertion> assertions = new ArrayList<Assertion>(); assertions.addAll(response.getAssertions()); for (EncryptedAssertion e : response.getEncryptedAssertions()) { assertions.add(decrypt(e)); } return assertions; }
/** * Validate SAML Assertion signature. * @param credential * @return */ private boolean validateAssertionSignature(Credential credential) { // Get the SAML response signature and assertion signature Signature assertionSignature = null; if(isResponse()){ assertionSignature = ((Response)getSAMLResponse()).getAssertions().get(0).getSignature(); } return validateSignature(credential, assertionSignature); }
private void validateAssertion(Response response) throws SamlException { if (response.getAssertions().size() != 1) { throw new SamlException("The response doesn't contain exactly 1 assertion"); } Assertion assertion = response.getAssertions().get(0); if (!assertion.getIssuer().getValue().equals(responseIssuer)) { throw new SamlException("The assertion issuer didn't match the expected value"); } if (assertion.getSubject().getNameID() == null) { throw new SamlException( "The NameID value is missing from the SAML response; this is likely an IDP configuration issue"); } enforceConditions(assertion.getConditions()); }
private void validateSignature(Response response) throws SamlException { Signature responseSignature = response.getSignature(); Signature assertionSignature = response.getAssertions().get(0).getSignature(); if (responseSignature == null && assertionSignature == null) { throw new SamlException("No signature is present in either response or assertion"); } if (responseSignature != null && !validate(responseSignature)) { throw new SamlException("The response signature is invalid"); } if (assertionSignature != null && !validate(assertionSignature)) { throw new SamlException("The assertion signature is invalid"); } }