@Test public void testBuildResponseForSamlRequestWithEmailAddressNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.EMAIL)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa@testing.org", subject.getNameID().getValue()); assertEquals(NameIDType.EMAIL, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithPersistentNameID() throws Exception { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(samlTestUtils.mockAuthnRequest(NameIDType.PERSISTENT)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals(authenticationId, subject.getNameID().getValue()); assertEquals(NameIDType.PERSISTENT, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithUnspecifiedNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.UNSPECIFIED)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponse() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); assertEquals(request.getID(), response.getInResponseTo()); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseWithSignedAssertion() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(true); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); assertNotNull(assertion.getSignature()); }
assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID); assertion.getIssuer().setValue(issuerEntityId); assertion.getSubject().getNameID().setValue(username); assertion.getSubject().getNameID().setFormat(format); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until);
if (assertion!= null && assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { session.setAttribute(SAMLPluginConstants.SAML_NAMEID, assertion.getSubject().getNameID().getValue()); break; if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { session.setAttribute(SAMLPluginConstants.SAML_NAMEID, assertion.getSubject().getNameID().getValue());
@Override @SuppressWarnings("unchecked") protected void verifyAssertion(Assertion assertion, AuthnRequest request, SAMLMessageContext context) throws AuthenticationException, SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, DecryptionException { //nope context.setSubjectNameIdentifier(assertion.getSubject().getNameID()); } } : new WebSSOProfileConsumerImpl();
/** * Retrieves the Name ID from the SAML response. This is normally the name of the authenticated * user. * * @return The Name ID from the SAML response. */ public String getNameID() { return assertion.getSubject().getNameID().getValue(); } }
private static String getSubjectNameIDValue(Assertion assertion) { String retVal = null; if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { retVal = assertion.getSubject().getNameID().getValue(); //assertion.getSubject().getNameID().get } return retVal; } private static String getSubjectNameIDFormat(Assertion assertion) {
/** * Get the username from the SAML2 Response * * @param response SAML2 Response * @return username username contained in the SAML Response */ private String getUsernameFromResponse(Response response) { List<Assertion> assertions = response.getAssertions(); Assertion assertion = null; if (assertions != null && assertions.size() > 0) { // There can be only one assertion in a SAML Response, so get the first one assertion = assertions.get(0); return assertion.getSubject().getNameID().getValue(); } return null; }
protected void processSubject(Assertion assertion, AuthenticationContext context) throws SAML2SSOAuthenticationException { String subject = null; if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { subject = assertion.getSubject().getNameID().getValue(); } if (StringUtils.isBlank(subject)) { throw new SAML2SSOAuthenticationException("Assertion does not contain the name of the subject"); } FederatedUser federatedUser = new FederatedUser(subject); context.addParameter("Subject", federatedUser); }
/** {@inheritDoc} */ public void validate(Subject subject) throws ValidationException { if (subject.getBaseID() == null && subject.getNameID() == null && (subject.getSubjectConfirmations() == null || subject.getSubjectConfirmations().size() == 0)) { throw new ValidationException("ID or SubjectConfirmation required"); } } }
public List<SAML2Attribute> parse(){ List<SAML2Attribute> ret = new ArrayList<SAML2Attribute>(); String logMess = "===== Incoming ticket name/value-list ====="; logger.info(logMess); for (Assertion assertion : assertions){ ret = parseAttributes(assertion); String name; String value; if ( !isBIF ){ //LkTj-biljetten stter frskrivarkoden som NameID name = assertion.getSubject().getNameID().getFormat(); value = assertion.getSubject().getNameID().getValue(); logMess = " " + name + " : " + value; logger.info(logMess); SAML2Attribute nameid = new SAML2Attribute(name,value); ret.add(nameid); } name = "AssertionID"; //TODO: remove hard coded string? value = assertion.getID(); logMess = " " + name + " : " + value; logger.info(logMess); SAML2Attribute assertID = new SAML2Attribute(name,value); ret.add(assertID); } return ret; }
private void validateAssertion(Response response) throws SamlException { if (response.getAssertions().size() != 1) { throw new SamlException("The response doesn't contain exactly 1 assertion"); } Assertion assertion = response.getAssertions().get(0); if (!assertion.getIssuer().getValue().equals(responseIssuer)) { throw new SamlException("The assertion issuer didn't match the expected value"); } if (assertion.getSubject().getNameID() == null) { throw new SamlException( "The NameID value is missing from the SAML response; this is likely an IDP configuration issue"); } enforceConditions(assertion.getConditions()); }
/** * * Build and returns the authentication context using the given IDP callback. * * @param idpMessage * @return */ public static AuthenticationContext getAuthenticationContext(IDPMessage idpMessage) { ResponseImpl response = (ResponseImpl) idpMessage.getSAMLResponse(); Assertion assertion = response.getAssertions().get(0); AuthenticationContext authenticationContext = new AuthenticationContext(); // If the 'Subject' is not there the SAML response, it's not an authenticated one. if(assertion == null || assertion.getSubject() == null){ authenticationContext.setAuthenticated(false); return authenticationContext; }else{ String subject = assertion.getSubject().getNameID().getValue(); authenticationContext.setSubject(subject); authenticationContext.setTenantDomain(MultitenantUtils.getTenantDomain(subject)); } authenticationContext.setAuthenticatedIDPs(idpMessage.getAuthenticatedIDPs()); return authenticationContext; }