@Test public void testBuildResponseWithSignedAssertion() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(true); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); assertNotNull(assertion.getSignature()); }
@Test public void testBuildResponseForSamlRequestWithPersistentNameID() throws Exception { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(samlTestUtils.mockAuthnRequest(NameIDType.PERSISTENT)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals(authenticationId, subject.getNameID().getValue()); assertEquals(NameIDType.PERSISTENT, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithUnspecifiedNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.UNSPECIFIED)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithEmailAddressNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.EMAIL)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa@testing.org", subject.getNameID().getValue()); assertEquals(NameIDType.EMAIL, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
Assertion assertion = response.getAssertions().get(0); DateTime until = new DateTime().plusHours(1); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint); assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID); assertion.getIssuer().setValue(issuerEntityId); assertion.getSubject().getNameID().setValue(username); assertion.getSubject().getNameID().setFormat(format); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until); assertion.getConditions().setNotOnOrAfter(until); SamlConfig config = new SamlConfig();
@Test public void testBuildResponse() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); assertEquals(request.getID(), response.getInResponseTo()); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
/** * Checks to see whether the schema type of the subject confirmation data, if present, is the required * {@link KeyInfoConfirmationDataType#TYPE_NAME}. * * @param confirmation subject confirmation bearing the confirmation data to be checked * * @return true if the confirmation data's schema type is correct, false otherwise */ public boolean isValidConfirmationDataType(SubjectConfirmation confirmation) { QName confirmationDataSchemaType = confirmation.getSubjectConfirmationData().getSchemaType(); if (confirmationDataSchemaType != null && !confirmationDataSchemaType.equals(KeyInfoConfirmationDataType.TYPE_NAME)) { return false; } return true; }
private static List<KeyInfo> getSubjectConfirmationKeyInformation(SubjectConfirmation confirmation, Assertion assertion) throws ValidationException { SubjectConfirmationData confirmationData = confirmation.getSubjectConfirmationData(); if (confirmation == null) { //System.out.println("Subject Confirmation Data is null !!!!!!!!"); } List<KeyInfo> keyInfos = new LazyList<KeyInfo>(); for (XMLObject object : confirmationData.getUnknownXMLObjects()) { if (object.getElementQName().equals(KeyInfo.DEFAULT_ELEMENT_NAME)) { if (object != null && object.getElementQName().equals(KeyInfo.DEFAULT_ELEMENT_NAME)) { keyInfos.add((KeyInfo) object); } } } if (keyInfos == null || keyInfos.isEmpty()) { //System.out.println("KeyInfo Data is null !!!!!!!!"); } return keyInfos; }
/** * Extracts the {@link KeyInfo}s from the given subject confirmation data. * * @param confirmation subject confirmation data * @param assertion assertion bearing the subject to be confirmed * @param context current message processing context * * @return list of key informations available in the subject confirmation data, never null * * @throws ValidationException if there is a problem processing the SubjectConfirmation * */ protected List<KeyInfo> getSubjectConfirmationKeyInformation(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context) throws ValidationException { SubjectConfirmationData confirmationData = confirmation.getSubjectConfirmationData(); List<KeyInfo> keyInfos = new LazyList<KeyInfo>(); for (XMLObject object : confirmationData.getUnknownXMLObjects()) { if (object != null && object.getElementQName().equals(KeyInfo.DEFAULT_ELEMENT_NAME)) { keyInfos.add((KeyInfo) object); } } return keyInfos; }
/** * Validates the <code>NotBefore</code> condition of the {@link SubjectConfirmationData}, if any is present. * * @param confirmation confirmation method, with {@link SubjectConfirmationData}, being validated * @param assertion assertion bearing the confirmation method * @param context current validation context * * @return the result of the validation evaluation */ protected ValidationResult validateNotBefore(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context) { DateTime skewedNow = new DateTime(ISOChronology.getInstanceUTC()).plus(getClockSkew(context)); DateTime notBefore = confirmation.getSubjectConfirmationData().getNotBefore(); if (notBefore != null && notBefore.isAfter(skewedNow)) { context.setValidationFailureMessage(String.format( "Subject confirmation, in assertion '%s', with NotBefore condition of '%s' is not yet valid"+ assertion.getID()+", "+ notBefore)); return ValidationResult.INVALID; } return ValidationResult.VALID; }
for (SubjectConfirmation subjectConfirmation : subjectConfirmations) { bearerFound = updateBearerFound(subjectConfirmation, bearerFound); if (subjectConfirmation.getSubjectConfirmationData() != null) { recipientURLS.addAll(getRecipientUrls(subjectConfirmation.getSubjectConfirmationData())); notOnOrAfterAndNotBeforeFromSubjectConfirmation = getValidNotBeforeAndAfterDetails(subjectConfirmation.getSubjectConfirmationData(), timeSkew);
/** * Validates the <code>NotOnOrAfter</code> condition of the {@link SubjectConfirmationData}, if any is present. * * @param confirmation confirmation method, with {@link SubjectConfirmationData}, being validated * @param assertion assertion bearing the confirmation method * @param context current validation context * * @return the result of the validation evaluation */ protected ValidationResult validateNotOnOrAfter(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context) { DateTime skewedNow = new DateTime(ISOChronology.getInstanceUTC()).minus(getClockSkew(context)); DateTime notOnOrAfter = confirmation.getSubjectConfirmationData().getNotOnOrAfter(); if (notOnOrAfter != null && notOnOrAfter.isBefore(skewedNow)) { context.setValidationFailureMessage(String.format( "Subject confirmation, in assertion '%s', with NotOnOrAfter condition of '%s' is no longer valid", assertion.getID(), notOnOrAfter)); return ValidationResult.INVALID; } return ValidationResult.VALID; }
String address = DatatypeHelper.safeTrimOrNullString(confirmation.getSubjectConfirmationData().getAddress()); if (address == null) { return ValidationResult.VALID;
ValidationContext context) { String recipient = DatatypeHelper .safeTrimOrNullString(confirmation.getSubjectConfirmationData().getRecipient()); if (recipient == null) { return ValidationResult.VALID;
public SubjectConfirmation(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Subject subject = credential.getAuthenticationAssertion().getSubject(); List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations(); org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation = subjectConfirmations.get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); method = subjectConfirmation.getMethod(); inResponseTo = subjectConfirmationData.getInResponseTo(); notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); recipient = subjectConfirmationData.getRecipient(); }
/** {@inheritDoc} */ public ValidationResult validate(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context) throws ValidationException { if (confirmation.getSubjectConfirmationData() != null) { ValidationResult result = validateNotBefore(confirmation, assertion, context); if (result != ValidationResult.VALID) { return result; } result = validateNotOnOrAfter(confirmation, assertion, context); if (result != ValidationResult.VALID) { return result; } result = validateRecipient(confirmation, assertion, context); if (result != ValidationResult.VALID) { return result; } result = validateAddress(confirmation, assertion, context); if (result != ValidationResult.VALID) { return result; } } return doValidate(confirmation, assertion, context); }
protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); Subject subject = assertion.getSubject(); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } else { SubjectConfirmationData scData = subject.getSubjectConfirmations() .get(0).getSubjectConfirmationData(); if (scData.getNotBefore() != null) { this.setDateNotBefore(scData.getNotBefore().toDate()); } if (scData.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate()); } } }
for (org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation : subjectConfList) { SubjectConfirmationData subjConfData = subjectConfirmation.getSubjectConfirmationData(); Element sub = subjConfData.getDOM(); Element keyInfoElement =
for (org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation : subjectConfList) { SubjectConfirmationData subjConfData = subjectConfirmation.getSubjectConfirmationData(); Element sub = subjConfData.getDOM(); Element keyInfoElement =