/** * Sign a SAML Document * * @param samlDocument * @param keypair * @throws ProcessingException */ public void signSAMLDocument(Document samlDocument, KeyPair keypair) throws ProcessingException { // Get the ID from the root String id = samlDocument.getDocumentElement().getAttribute(ID_ATTRIBUTE_NAME); try { sign(samlDocument, id, keypair); } catch (Exception e) { throw new ProcessingException(logger.signatureError(e)); } }
/** * Create an Error Response * * @param responseURL * @param status * @param identityURL * @param supportSignature * @return * @throws ConfigurationException */ public Document getErrorResponse( String responseURL, String status, String identityURL, boolean supportSignature) { Document samlResponse = null; ResponseType responseType = null; SAML2Response saml2Response = new SAML2Response(); // Create a response type String id = IDGenerator.create("ID_"); IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL); issuerHolder.setStatusCode(status); IDPInfoHolder idp = new IDPInfoHolder(); idp.setNameIDFormatValue(null); idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get()); SPInfoHolder sp = new SPInfoHolder(); sp.setResponseDestinationURI(responseURL); responseType = saml2Response.createResponseType(id); responseType.setStatus(JBossSAMLAuthnResponseFactory.createStatusType(status)); // Lets see how the response looks like if (logger.isTraceEnabled()) { StringWriter sw = new StringWriter(); try { saml2Response.marshall(responseType, sw); } catch (ProcessingException e) { logger.trace(e); } logger.trace("SAML Response Document: " + sw.toString()); } if (supportSignature) { try { SAML2Signature ss = new SAML2Signature(); samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair()); } catch (Exception e) { logger.trace(e); throw new RuntimeException(logger.signatureError(e)); } } else try { samlResponse = saml2Response.convert(responseType); } catch (Exception e) { logger.trace(e); } return samlResponse; }
/** * Parse a {@link ResponseType} that contains ADFS Claims and then try to sign * * @throws Exception */ @Test public void parseADFSClaims() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); InputStream configStream = tcl.getResourceAsStream("saml/v2/response/saml2-response-adfs-claims.xml"); SAML2Response samlResponse = new SAML2Response(); SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream); assertNotNull(samlObject); SAML2Signature sig = new SAML2Signature(); Document signedDoc = sig.sign((ResponseType) samlObject, getKeyPair()); assertNotNull(signedDoc); System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc)); }
/** * This test constructs the {@link ResponseType}. An {@link AssertionType} is locally constructed * and then passed to the construct method * * @throws Exception */ @Test public void constructAndSign() throws Exception { SAML2Response samlResponse = new SAML2Response(); String ID = IDGenerator.create("ID_"); IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink"); IDPInfoHolder idp = new IDPInfoHolder(); idp.setNameIDFormatValue("anil"); // create the service provider(in this case BAS) holder object SPInfoHolder sp = new SPInfoHolder(); sp.setResponseDestinationURI("http://sombody"); Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put("TOKEN_USER_ID", String.valueOf(2)); attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org"); attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User"); AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes); String assertionId = IDGenerator.create("ID_"); AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer()); assertion.addStatement(attributeStatement); ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion); SAML2Signature sig = new SAML2Signature(); Document signedDoc = sig.sign(responseType, getKeyPair()); assertNotNull(signedDoc); System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc)); Document convertedDoc = samlResponse.convert(responseType); assertNotNull(convertedDoc); // Now for the writing part ByteArrayOutputStream baos = new ByteArrayOutputStream(); SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos)); samlWriter.write(responseType); Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); }