try assertion = samlCredential.getAssertionAsElement();
Element assertion = credential.getAssertionAsElement(); String xmlSignatureNSPrefix = findNameSpacePrefix(assertion, JBossSAMLURIConstants.XMLDSIG_NSURI.get()); (Element) xpath.evaluate(expression, credential.getAssertionAsElement(), XPathConstants.NODE); XMLSignature signature = new XMLSignature(sigElement, "");
Element assertion = credential.getAssertionAsElement(); String xmlSignatureNSPrefix = findNameSpacePrefix(assertion, JBossSAMLURIConstants.XMLDSIG_NSURI.get()); (Element) xpath.evaluate(expression, credential.getAssertionAsElement(), XPathConstants.NODE); XMLSignature signature = new XMLSignature(sigElement, "");
/** * Get the SAML Assertion from the subject * * @return */ protected Element getAssertionFromSubject() { Element assertion = null; Subject subject = SecurityActions.getAuthenticatedSubject(); if (subject == null) { logger.trace("No authentication Subject found, cannot provide any user roles!"); return assertion; } Set<Object> creds = subject.getPublicCredentials(); if (creds != null) { for (Object cred : creds) { if (cred instanceof SamlCredential) { SamlCredential samlCredential = (SamlCredential) cred; try { assertion = samlCredential.getAssertionAsElement(); } catch (ProcessingException e) { logger.samlAssertionPasingFailed(e); } break; } } } return assertion; }
/** * This method validates SAML Credential in following steps: <ol> <li>Validate the signing key embedded in SAML token is still * valid, not expired</li> <li>Validate the signing key embedded in SAML token is trusted against a local truststore, such as * certpath validation</li> <li>Validate SAML token is still valid, not expired</li> <li>Validate the SAML signature using the * embedded signing key in SAML token itself as you indicated below</li> </ol> * * If something goes wrong throws LoginException. * * @throws LoginException */ private void validateSAMLCredential() throws LoginException, ConfigurationException, CertificateExpiredException, CertificateNotYetValidException { X509Certificate cert = getX509Certificate(); // public certificate validation validateCertPath(cert); // check time validity of the certificate cert.checkValidity(); boolean sigValid = false; try { sigValid = AssertionUtil.isSignatureValid(credential.getAssertionAsElement(), cert.getPublicKey()); } catch (ProcessingException e) { logger.processingError(e); } if (!sigValid) { throw logger.authSAMLInvalidSignatureError(); } if (AssertionUtil.hasExpired(assertion)) { throw logger.authSAMLAssertionExpiredError(); } }
/** * This method validates SAML Credential in following steps: <ol> <li>Validate the signing key embedded in SAML token is still * valid, not expired</li> <li>Validate the signing key embedded in SAML token is trusted against a local truststore, such as * certpath validation</li> <li>Validate SAML token is still valid, not expired</li> <li>Validate the SAML signature using the * embedded signing key in SAML token itself as you indicated below</li> </ol> * * If something goes wrong throws LoginException. * * @throws LoginException */ private void validateSAMLCredential() throws LoginException, ConfigurationException, CertificateExpiredException, CertificateNotYetValidException { X509Certificate cert = getX509Certificate(); // public certificate validation validateCertPath(cert); // check time validity of the certificate cert.checkValidity(); boolean sigValid = false; try { sigValid = AssertionUtil.isSignatureValid(credential.getAssertionAsElement(), cert.getPublicKey()); } catch (ProcessingException e) { logger.processingError(e); } if (!sigValid) { throw logger.authSAMLInvalidSignatureError(); } if (AssertionUtil.hasExpired(assertion)) { throw logger.authSAMLAssertionExpiredError(); } }
/** * Get the SAML Assertion from the subject * * @return */ protected Element getAssertionFromSubject() { Element assertion = null; Subject subject = SecurityActions.getAuthenticatedSubject(); if (subject == null) { logger.trace("No authentication Subject found, cannot provide any user roles!"); return assertion; } Set<Object> creds = subject.getPublicCredentials(); if (creds != null) { for (Object cred : creds) { if (cred instanceof SamlCredential) { SamlCredential samlCredential = (SamlCredential) cred; try { assertion = samlCredential.getAssertionAsElement(); } catch (ProcessingException e) { logger.samlAssertionPasingFailed(e); } break; } } } return assertion; }
@Override protected Group[] getRoleSets() throws LoginException { if (this.assertion == null) { try { this.assertion = SAMLUtil.fromElement(this.credential.getAssertionAsElement()); } catch (Exception e) { throw logger.authFailedToParseSAMLAssertion(e); } } if (logger.isTraceEnabled()) { try { logger.trace("Assertion from where roles will be sought = " + AssertionUtil.asString(assertion)); } catch (ProcessingException ignore) { } } List<String> roleKeys = new ArrayList<String>(); if (StringUtil.isNotNull(roleKey)) { roleKeys.addAll(StringUtil.tokenize(roleKey)); } String groupName = SecurityConstants.ROLES_IDENTIFIER; Group rolesGroup = new PicketLinkGroup(groupName); List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); for (String role : roles) { rolesGroup.addMember(new SimplePrincipal(role)); } return new Group[]{rolesGroup}; }
@Override protected Group[] getRoleSets() throws LoginException { if (this.assertion == null) { try { this.assertion = SAMLUtil.fromElement(this.credential.getAssertionAsElement()); } catch (Exception e) { throw logger.authFailedToParseSAMLAssertion(e); } } if (logger.isTraceEnabled()) { try { logger.trace("Assertion from where roles will be sought = " + AssertionUtil.asString(assertion)); } catch (ProcessingException ignore) { } } List<String> roleKeys = new ArrayList<String>(); if (StringUtil.isNotNull(roleKey)) { roleKeys.addAll(StringUtil.tokenize(roleKey)); } String groupName = SecurityConstants.ROLES_IDENTIFIER; Group rolesGroup = new PicketLinkGroup(groupName); List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); for (String role : roles) { rolesGroup.addMember(new SimplePrincipal(role)); } return new Group[]{rolesGroup}; }
@Override protected Group[] getRoleSets() throws LoginException { if (this.assertion == null) { try { this.assertion = SAMLUtil.fromElement(this.credential.getAssertionAsElement()); } catch (Exception e) { throw logger.authFailedToParseSAMLAssertion(e); } } if (logger.isTraceEnabled()) { try { logger.trace("Assertion from where roles will be sought = " + AssertionUtil.asString(assertion)); } catch (ProcessingException ignore) { } } List<String> roleKeys = new ArrayList<String>(); if (StringUtil.isNotNull(roleKey)) { roleKeys.addAll(StringUtil.tokenize(roleKey)); } String groupName = SecurityConstants.ROLES_IDENTIFIER; Group rolesGroup = new PicketLinkGroup(groupName); List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); for (String role : roles) { rolesGroup.addMember(new SimplePrincipal(role)); } return new Group[]{rolesGroup}; }
@Override protected Group[] getRoleSets() throws LoginException { if (this.assertion == null) { try { this.assertion = SAMLUtil.fromElement(this.credential.getAssertionAsElement()); } catch (Exception e) { throw logger.authFailedToParseSAMLAssertion(e); } } if (logger.isTraceEnabled()) { try { logger.trace("Assertion from where roles will be sought = " + AssertionUtil.asString(assertion)); } catch (ProcessingException ignore) { } } List<String> roleKeys = new ArrayList<String>(); if (StringUtil.isNotNull(roleKey)) { roleKeys.addAll(StringUtil.tokenize(roleKey)); } String groupName = SecurityConstants.ROLES_IDENTIFIER; Group rolesGroup = new PicketLinkGroup(groupName); List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); for (String role : roles) { rolesGroup.addMember(new SimplePrincipal(role)); } return new Group[]{rolesGroup}; }
assertionElement = this.credential.getAssertionAsElement(); } catch (Exception e) { throw logger.authErrorHandlingCallback(e);
assertionElement = this.credential.getAssertionAsElement(); } catch (Exception e) { throw logger.authErrorHandlingCallback(e);
assertionElement = this.credential.getAssertionAsElement(); } catch (Exception e) { throw logger.authErrorHandlingCallback(e);
assertionElement = this.credential.getAssertionAsElement(); } catch (Exception e) { throw logger.authErrorHandlingCallback(e);