/**
   * Create an Error Response
   *
   * @param responseURL
   * @param status
   * @param identityURL
   * @param supportSignature
   * @return
   * @throws ConfigurationException
   */
  public Document getErrorResponse(
      String responseURL, String status, String identityURL, boolean supportSignature) {
    Document samlResponse = null;
    ResponseType responseType = null;

    SAML2Response saml2Response = new SAML2Response();

    // Create a response type
    String id = IDGenerator.create("ID_");

    IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
    issuerHolder.setStatusCode(status);

    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue(null);
    idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI(responseURL);

    responseType = saml2Response.createResponseType(id);
    responseType.setStatus(JBossSAMLAuthnResponseFactory.createStatusType(status));

    // Lets see how the response looks like
    if (logger.isTraceEnabled()) {
      StringWriter sw = new StringWriter();
      try {
        saml2Response.marshall(responseType, sw);
      } catch (ProcessingException e) {
        logger.trace(e);
      }
      logger.trace("SAML Response Document: " + sw.toString());
    }

    if (supportSignature) {
      try {
        SAML2Signature ss = new SAML2Signature();
        samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
      } catch (Exception e) {
        logger.trace(e);
        throw new RuntimeException(logger.signatureError(e));
      }
    } else
      try {
        samlResponse = saml2Response.convert(responseType);
      } catch (Exception e) {
        logger.trace(e);
      }

    return samlResponse;
  }
  /**
   * Parse a {@link ResponseType} that contains ADFS Claims and then try to sign
   *
   * @throws Exception
   */
  @Test
  public void parseADFSClaims() throws Exception {
    ClassLoader tcl = Thread.currentThread().getContextClassLoader();
    InputStream configStream =
        tcl.getResourceAsStream("saml/v2/response/saml2-response-adfs-claims.xml");
    SAML2Response samlResponse = new SAML2Response();
    SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream);
    assertNotNull(samlObject);

    SAML2Signature sig = new SAML2Signature();
    Document signedDoc = sig.sign((ResponseType) samlObject, getKeyPair());
    assertNotNull(signedDoc);

    System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));
  }
  /**
   * This test constructs the {@link ResponseType}. An {@link AssertionType} is locally constructed
   * and then passed to the construct method
   *
   * @throws Exception
   */
  @Test
  public void constructAndSign() throws Exception {
    SAML2Response samlResponse = new SAML2Response();
    String ID = IDGenerator.create("ID_");

    IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink");

    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue("anil");

    // create the service provider(in this case BAS) holder object
    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI("http://sombody");

    Map<String, Object> attributes = new HashMap<String, Object>();

    attributes.put("TOKEN_USER_ID", String.valueOf(2));
    attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org");
    attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User");

    AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes);

    String assertionId = IDGenerator.create("ID_");

    AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer());
    assertion.addStatement(attributeStatement);

    ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion);
    SAML2Signature sig = new SAML2Signature();
    Document signedDoc = sig.sign(responseType, getKeyPair());
    assertNotNull(signedDoc);

    System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));

    Document convertedDoc = samlResponse.convert(responseType);
    assertNotNull(convertedDoc);

    // Now for the writing part
    ByteArrayOutputStream baos = new ByteArrayOutputStream();

    SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
    samlWriter.write(responseType);

    Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
    JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
  }
Beispiel #4
0
  protected void sendToDestination(
      Document samlDocument,
      String relayState,
      String destination,
      HttpServletResponse response,
      boolean request)
      throws IOException, SAXException, GeneralSecurityException {
    if (!ignoreSignatures) {
      SAML2Signature samlSignature = new SAML2Signature();

      Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument);
      if (nextSibling != null) {
        samlSignature.setNextSibling(nextSibling);
      }
      KeyPair keypair = keyManager.getSigningKeyPair();
      samlSignature.signSAMLDocument(samlDocument, keypair);
    }
    String samlMessage =
        PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
    PostBindingUtil.sendPost(
        new DestinationInfoHolder(destination, samlMessage, relayState), response, request);
  }