@Override
protected void renderMergedOutputModel(
final Map model, final HttpServletRequest request, final HttpServletResponse response)
throws Exception {
try {
final Assertion assertion = getAssertionFrom(model);
final Authentication authentication = assertion.getChainedAuthentications().get(0);
final Date currentDate = new Date();
final String authenticationMethod =
(String)
authentication
.getAttributes()
.get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD);
final Service service = assertion.getService();
final SAMLResponse samlResponse =
new SAMLResponse(null, service.getId(), new ArrayList<Object>(), null);
final boolean isRemembered =
(authentication
.getAttributes()
.get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME)
== Boolean.TRUE
&& !assertion.isFromNewLogin());
samlResponse.setIssueInstant(currentDate);
// this should be true, but we never enforced it, so we need to check to be safe
if (service instanceof SamlService) {
final SamlService samlService = (SamlService) service;
if (samlService.getRequestID() != null) {
samlResponse.setInResponseTo(samlService.getRequestID());
}
}
final SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.setIssueInstant(currentDate);
samlAssertion.setIssuer(this.issuer);
samlAssertion.setNotBefore(currentDate);
samlAssertion.setNotOnOrAfter(new Date(currentDate.getTime() + this.issueLength));
final SAMLAudienceRestrictionCondition samlAudienceRestrictionCondition =
new SAMLAudienceRestrictionCondition();
samlAudienceRestrictionCondition.addAudience(service.getId());
final SAMLAuthenticationStatement samlAuthenticationStatement =
new SAMLAuthenticationStatement();
samlAuthenticationStatement.setAuthInstant(authentication.getAuthenticatedDate());
samlAuthenticationStatement.setAuthMethod(
authenticationMethod != null
? authenticationMethod
: SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);
samlAuthenticationStatement.setSubject(getSamlSubject(authentication));
if (!authentication.getPrincipal().getAttributes().isEmpty() || isRemembered) {
final SAMLAttributeStatement attributeStatement = new SAMLAttributeStatement();
attributeStatement.setSubject(getSamlSubject(authentication));
samlAssertion.addStatement(attributeStatement);
for (final Entry<String, Object> e :
authentication.getPrincipal().getAttributes().entrySet()) {
final SAMLAttribute attribute = new SAMLAttribute();
attribute.setName(e.getKey());
attribute.setNamespace(NAMESPACE);
if (e.getValue() instanceof Collection<?>) {
final Collection<?> c = (Collection<?>) e.getValue();
if (c.isEmpty()) {
// 100323 bnoordhuis: don't add the attribute, it causes a
// org.opensaml.MalformedException
continue;
}
attribute.setValues(c);
} else {
attribute.addValue(e.getValue());
}
attributeStatement.addAttribute(attribute);
}
if (isRemembered) {
final SAMLAttribute attribute = new SAMLAttribute();
attribute.setName(REMEMBER_ME_ATTRIBUTE_NAME);
attribute.setNamespace(NAMESPACE);
attribute.addValue(true);
attributeStatement.addAttribute(attribute);
}
}
samlAssertion.addStatement(samlAuthenticationStatement);
samlAssertion.addCondition(samlAudienceRestrictionCondition);
samlResponse.addAssertion(samlAssertion);
final String xmlResponse = samlResponse.toString();
response.setContentType("text/xml; charset=" + this.encoding);
response.getWriter().print("<?xml version=\"1.0\" encoding=\"" + this.encoding + "\"?>");
response
.getWriter()
.print(
"<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body>");
response.getWriter().print(xmlResponse);
response.getWriter().print("</SOAP-ENV:Body></SOAP-ENV:Envelope>");
response.flushBuffer();
} catch (final Exception e) {
log.error(e.getMessage(), e);
throw e;
}
}
