private Response buildMockResponse() throws Exception {
   Response samlMessage = new ResponseBuilder().buildObject();
   samlMessage.setID("foo");
   samlMessage.setVersion(SAMLVersion.VERSION_20);
   samlMessage.setIssueInstant(new DateTime(0));
   Issuer issuer = new IssuerBuilder().buildObject();
   issuer.setValue("MockedIssuer");
   samlMessage.setIssuer(issuer);
   Status status = new StatusBuilder().buildObject();
   StatusCode statusCode = new StatusCodeBuilder().buildObject();
   statusCode.setValue(StatusCode.SUCCESS_URI);
   status.setStatusCode(statusCode);
   samlMessage.setStatus(status);
   Assertion assertion = new AssertionBuilder().buildObject();
   Subject subject = new SubjectBuilder().buildObject();
   NameID nameID = new NameIDBuilder().buildObject();
   nameID.setValue("SOME-UNIQUE-ID");
   nameID.setFormat(NameIDType.PERSISTENT);
   subject.setNameID(nameID);
   assertion.setSubject(subject);
   AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
   authnStatement.setSessionIndex("Some Session String");
   assertion.getAuthnStatements().add(authnStatement);
   AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
   assertion.getAttributeStatements().add(attributeStatement);
   samlMessage.getAssertions().add(assertion);
   return samlMessage;
 }
  /*
   * Create the AuthnRequest
   */
  public AuthnRequestImpl buildAuthnRequest() throws ValidationException {
    // Use the OpenSAML Configuration singleton to get a builder factory object
    final XMLObjectBuilderFactory xmlObjectBuilderFactory = Configuration.getBuilderFactory();
    // First get a builder for AuthnRequest
    final AuthnRequestBuilder authnRequestBuilder =
        (AuthnRequestBuilder) xmlObjectBuilderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);

    // And one for Issuer
    final IssuerBuilder issuerBuilder =
        (IssuerBuilder) xmlObjectBuilderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);

    // get a builder for NameID
    final NameIDBuilder nameIDBuilder =
        (NameIDBuilder) xmlObjectBuilderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);

    // build a NameID object
    final NameID nameID = nameIDBuilder.buildObject();
    nameID.setFormat(NameIDType.PERSISTENT);
    nameID.setSPProvidedID("https://aa.bb.cc/sp/provider");
    nameID.setSPNameQualifier("https://aa.bb.cc/sp/provider");

    // get a builder for Subject
    final SubjectBuilder subjectBuilder =
        (SubjectBuilder) xmlObjectBuilderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);

    // build a Subject object
    final Subject subject = subjectBuilder.buildObject();
    subject.setNameID(nameID);

    // build an AuthnRequest object
    final AuthnRequestImpl authnRequest = (AuthnRequestImpl) authnRequestBuilder.buildObject();

    // Build the Issuer object
    final Issuer newIssuer = issuerBuilder.buildObject();
    newIssuer.setValue("https://aa.bb.cc/sp/provideraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
    authnRequest.setIssuer(newIssuer);
    authnRequest.setProviderName("https://aa.bb.cc/sp/provider");
    authnRequest.setAssertionConsumerServiceURL("1");
    authnRequest.setDestination("https://aa.bb.cc/sp/provider");
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
    authnRequest.setSubject(subject);
    // Only add the parameter if it is true.
    //        if (forceReAuthentication == true) {
    authnRequest.setForceAuthn(true);
    //        }

    authnRequest.setVersion(org.opensaml.common.SAMLVersion.VERSION_20);
    final DateTime dateTime = new DateTime();
    authnRequest.setIssueInstant(dateTime);
    authnRequest.setID(UUID.randomUUID().toString());

    authnRequest.validate(true);

    return authnRequest;
  }
Esempio n. 3
0
  private Assertion buildSAMLAssertion(
      SAMLSSOAuthnReqDTO authReqDTO, DateTime notOnOrAfter, String sessionId)
      throws IdentityException {
    try {
      DateTime currentTime = new DateTime();
      Assertion samlAssertion = new AssertionBuilder().buildObject();
      samlAssertion.setID(SAMLSSOUtil.createID());
      samlAssertion.setVersion(SAMLVersion.VERSION_20);
      samlAssertion.setIssuer(SAMLSSOUtil.getIssuer());
      samlAssertion.setIssueInstant(currentTime);
      Subject subject = new SubjectBuilder().buildObject();

      NameID nameId = new NameIDBuilder().buildObject();
      if (authReqDTO.getUseFullyQualifiedUsernameAsSubject()) {
        nameId.setValue(authReqDTO.getUsername());
        nameId.setFormat(NameIdentifier.EMAIL);
      } else {
        nameId.setValue(MultitenantUtils.getTenantAwareUsername(authReqDTO.getUsername()));
        nameId.setFormat(authReqDTO.getNameIDFormat());
      }

      subject.setNameID(nameId);

      SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
      subjectConfirmation.setMethod(SAMLSSOConstants.SUBJECT_CONFIRM_BEARER);

      SubjectConfirmationData scData = new SubjectConfirmationDataBuilder().buildObject();
      scData.setRecipient(authReqDTO.getAssertionConsumerURL());
      scData.setNotOnOrAfter(notOnOrAfter);
      scData.setInResponseTo(authReqDTO.getId());
      subjectConfirmation.setSubjectConfirmationData(scData);

      subject.getSubjectConfirmations().add(subjectConfirmation);

      samlAssertion.setSubject(subject);

      AuthnStatement authStmt = new AuthnStatementBuilder().buildObject();
      authStmt.setAuthnInstant(new DateTime());

      AuthnContext authContext = new AuthnContextBuilder().buildObject();
      AuthnContextClassRef authCtxClassRef = new AuthnContextClassRefBuilder().buildObject();
      authCtxClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
      authContext.setAuthnContextClassRef(authCtxClassRef);
      authStmt.setAuthnContext(authContext);
      if (authReqDTO.isDoSingleLogout()) {
        authStmt.setSessionIndex(sessionId);
      }
      samlAssertion.getAuthnStatements().add(authStmt);

      /*
       * If <AttributeConsumingServiceIndex> element is in the
       * <AuthnRequest> and
       * according to the spec 2.0 the subject MUST be in the assertion
       */
      Map<String, String> claims = SAMLSSOUtil.getAttributes(authReqDTO);
      if (claims != null) {
        samlAssertion.getAttributeStatements().add(buildAttributeStatement(claims));
      }

      AudienceRestriction audienceRestriction = new AudienceRestrictionBuilder().buildObject();
      Audience issuerAudience = new AudienceBuilder().buildObject();
      issuerAudience.setAudienceURI(authReqDTO.getIssuer());
      audienceRestriction.getAudiences().add(issuerAudience);
      if (authReqDTO.getRequestedAudiences() != null) {
        for (String requestedAudience : authReqDTO.getRequestedAudiences()) {
          Audience audience = new AudienceBuilder().buildObject();
          audience.setAudienceURI(requestedAudience);
          audienceRestriction.getAudiences().add(audience);
        }
      }
      Conditions conditions = new ConditionsBuilder().buildObject();
      conditions.setNotBefore(currentTime);
      conditions.setNotOnOrAfter(notOnOrAfter);
      conditions.getAudienceRestrictions().add(audienceRestriction);
      samlAssertion.setConditions(conditions);

      if (authReqDTO.getDoSignAssertions()) {
        SAMLSSOUtil.setSignature(
            samlAssertion,
            XMLSignature.ALGO_ID_SIGNATURE_RSA,
            new SignKeyDataHolder(authReqDTO.getUsername()));
      }

      return samlAssertion;
    } catch (Exception e) {
      log.error("Error when reading claim values for generating SAML Response", e);
      throw new IdentityException(
          "Error when reading claim values for generating SAML Response", e);
    }
  }