/**
   * This test constructs the {@link ResponseType}. An {@link AssertionType} is locally constructed
   * and then passed to the construct method
   *
   * @throws Exception
   */
  @Test
  public void constructAndSign() throws Exception {
    SAML2Response samlResponse = new SAML2Response();
    String ID = IDGenerator.create("ID_");

    IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink");

    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue("anil");

    // create the service provider(in this case BAS) holder object
    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI("http://sombody");

    Map<String, Object> attributes = new HashMap<String, Object>();

    attributes.put("TOKEN_USER_ID", String.valueOf(2));
    attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org");
    attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User");

    AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes);

    String assertionId = IDGenerator.create("ID_");

    AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer());
    assertion.addStatement(attributeStatement);

    ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion);
    SAML2Signature sig = new SAML2Signature();
    Document signedDoc = sig.sign(responseType, getKeyPair());
    assertNotNull(signedDoc);

    System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));

    Document convertedDoc = samlResponse.convert(responseType);
    assertNotNull(convertedDoc);

    // Now for the writing part
    ByteArrayOutputStream baos = new ByteArrayOutputStream();

    SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
    samlWriter.write(responseType);

    Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
    JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
  }
Beispiel #2
0
  public boolean handleSAML11UnsolicitedResponse(
      HttpServletRequest request, HttpServletResponse response) throws IOException {
    String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);

    Principal principal = request.getUserPrincipal();

    // If we have already authenticated the user and there is no request from IDP or logout from
    // user
    if (principal != null) {
      return true;
    }

    HttpSession session = request.getSession(true);

    // See if we got a response from IDP
    if (isNotNull(samlResponse)) {
      boolean isValid = false;
      try {
        isValid = validate(request);
      } catch (Exception e) {
        logger.samlSPHandleRequestError(e);
        throw new IOException();
      }
      if (!isValid) {
        throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED);
      }

      try {
        InputStream base64DecodedResponse = null;

        if ("GET".equalsIgnoreCase(request.getMethod())) {
          base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse);
        } else {
          base64DecodedResponse = PostBindingUtil.base64DecodeAsStream(samlResponse);
        }

        SAMLParser parser = new SAMLParser();
        SAML11ResponseType saml11Response =
            (SAML11ResponseType) parser.parse(base64DecodedResponse);

        List<SAML11AssertionType> assertions = saml11Response.get();
        if (assertions.size() > 1) {
          logger.trace("More than one assertion from IDP. Considering the first one.");
        }
        String username = null;
        List<String> roles = new ArrayList<String>();
        SAML11AssertionType assertion = assertions.get(0);
        if (assertion != null) {
          // Get the subject
          List<SAML11StatementAbstractType> statements = assertion.getStatements();
          for (SAML11StatementAbstractType statement : statements) {
            if (statement instanceof SAML11AuthenticationStatementType) {
              SAML11AuthenticationStatementType subStat =
                  (SAML11AuthenticationStatementType) statement;
              SAML11SubjectType subject = subStat.getSubject();
              username = subject.getChoice().getNameID().getValue();
            }
          }
          roles = AssertionUtil.getRoles(assertion, null);
        }

        return true;
      } catch (Exception e) {
        logger.samlSPHandleRequestError(e);
      }
    }

    return false;
  }