@Test public void testBuildResponseWithSignedAssertion() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(true); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); assertNotNull(assertion.getSignature()); }
@Test public void testBuildResponseForSamlRequestWithPersistentNameID() throws Exception { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(samlTestUtils.mockAuthnRequest(NameIDType.PERSISTENT)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals(authenticationId, subject.getNameID().getValue()); assertEquals(NameIDType.PERSISTENT, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithEmailAddressNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.EMAIL)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa@testing.org", subject.getNameID().getValue()); assertEquals(NameIDType.EMAIL, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
Assertion assertion = response.getAssertions().get(0); DateTime until = new DateTime().plusHours(1); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint); assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID); assertion.getIssuer().setValue(issuerEntityId); assertion.getSubject().getNameID().setValue(username); assertion.getSubject().getNameID().setFormat(format); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until); assertion.getConditions().setNotOnOrAfter(until); SamlConfig config = new SamlConfig();
@Test public void testBuildResponseForSamlRequestWithUnspecifiedNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.UNSPECIFIED)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponse() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); assertEquals(request.getID(), response.getInResponseTo()); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
subjectConfirmationData.setRecipient(authnRequest.getAssertionConsumerServiceURL()); subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); subject.getSubjectConfirmations().add(subjectConfirmation); assertion.setSubject(subject);
/** {@inheritDoc} */ public void validate(Subject subject) throws ValidationException { if (subject.getBaseID() == null && subject.getNameID() == null && (subject.getSubjectConfirmations() == null || subject.getSubjectConfirmations().size() == 0)) { throw new ValidationException("ID or SubjectConfirmation required"); } } }
/** * Get the subject confirmation method of a SAML 2.0 assertion * * @param assertion SAML 2.0 assertion * @return Subject Confirmation method */ public static String getSAML2SubjectConfirmationMethod(Assertion assertion) { String subjectConfirmationMethod = RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK; List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations(); if (subjectConfirmations.size() > 0) { subjectConfirmationMethod = subjectConfirmations.get(0).getMethod(); } return subjectConfirmationMethod; }
private List<SubjectConfirmation> getSubjectConfirmations(Assertion assertion) throws IdentityOAuth2Exception { List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations(); if (subjectConfirmations == null || subjectConfirmations.isEmpty()) { throw new IdentityOAuth2Exception("No SubjectConfirmation exist in Assertion"); } return subjectConfirmations; }
/** * Method getConfirmationMethods returns the confirmationMethods of this * AssertionWrapper model. * * @return the confirmationMethods of this AssertionWrapper model. */ public List<String> getConfirmationMethods() { List<String> methods = new ArrayList<String>(); if (saml2 != null) { org.opensaml.saml2.core.Subject subject = saml2.getSubject(); List<org.opensaml.saml2.core.SubjectConfirmation> confirmations = subject.getSubjectConfirmations(); for (org.opensaml.saml2.core.SubjectConfirmation confirmation : confirmations) { methods.add(confirmation.getMethod()); } } return methods; }
@Override public Subject build() { Subject subject = new SubjectBuilder().buildObject(); subject.setNameID(nameId); if(subjectConfermations.size() >0){ for (SubjectConfirmation subjectConfirmation : subjectConfermations) { subject.getSubjectConfirmations().add(subjectConfirmation); } } return subject; } }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException { Subject subject = (Subject) parentObject; if (childObject instanceof BaseID) { subject.setBaseID((BaseID) childObject); } else if (childObject instanceof NameID) { subject.setNameID((NameID) childObject); } else if (childObject instanceof EncryptedID) { subject.setEncryptedID((EncryptedID) childObject); } else if (childObject instanceof SubjectConfirmation) { subject.getSubjectConfirmations().add((SubjectConfirmation) childObject); } else { super.processChildElement(parentObject, childObject); } } }
subject.getSubjectConfirmations().add(subjectConfirmation); return subject;
public SubjectConfirmation(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Subject subject = credential.getAuthenticationAssertion().getSubject(); List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations(); org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation = subjectConfirmations.get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); method = subjectConfirmation.getMethod(); inResponseTo = subjectConfirmationData.getInResponseTo(); notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); recipient = subjectConfirmationData.getRecipient(); }
org.opensaml.saml2.core.Subject subject = assertion.getSubject(); List<org.opensaml.saml2.core.SubjectConfirmation> confirmations = subject.getSubjectConfirmations();
protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); Subject subject = assertion.getSubject(); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } else { SubjectConfirmationData scData = subject.getSubjectConfirmations() .get(0).getSubjectConfirmationData(); if (scData.getNotBefore() != null) { this.setDateNotBefore(scData.getNotBefore().toDate()); } if (scData.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate()); } } }
private static Subject buildSubject(String subjectNameId, String subjectNameIdType, String recipient, String inResponseTo) { NameID nameID = buildSAMLObject(NameID.class, NameID.DEFAULT_ELEMENT_NAME); nameID.setValue(subjectNameId); nameID.setFormat(subjectNameIdType); Subject subject = buildSAMLObject(Subject.class, Subject.DEFAULT_ELEMENT_NAME); subject.setNameID(nameID); SubjectConfirmation subjectConfirmation = buildSAMLObject(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME); subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); SubjectConfirmationData subjectConfirmationData = buildSAMLObject(SubjectConfirmationData.class, SubjectConfirmationData.DEFAULT_ELEMENT_NAME); subjectConfirmationData.setRecipient(recipient); subjectConfirmationData.setInResponseTo(inResponseTo); subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(8 * 60)); subjectConfirmationData.setAddress(recipient); subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); subject.getSubjectConfirmations().add(subjectConfirmation); return subject; }
confData.setAddress(CONF_KEY); subjectConf.setSubjectConfirmationData(confData); subject.getSubjectConfirmations().add(subjectConf); assertion.setSubject(subject);
); subject.getSubjectConfirmations().add(subjectConfirmation); return subject;