/** * This test constructs the {@link ResponseType}. An {@link AssertionType} is locally constructed * and then passed to the construct method * * @throws Exception */ @Test public void constructAndSign() throws Exception { SAML2Response samlResponse = new SAML2Response(); String ID = IDGenerator.create("ID_"); IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink"); IDPInfoHolder idp = new IDPInfoHolder(); idp.setNameIDFormatValue("anil"); // create the service provider(in this case BAS) holder object SPInfoHolder sp = new SPInfoHolder(); sp.setResponseDestinationURI("http://sombody"); Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put("TOKEN_USER_ID", String.valueOf(2)); attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org"); attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User"); AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes); String assertionId = IDGenerator.create("ID_"); AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer()); assertion.addStatement(attributeStatement); ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion); SAML2Signature sig = new SAML2Signature(); Document signedDoc = sig.sign(responseType, getKeyPair()); assertNotNull(signedDoc); System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc)); Document convertedDoc = samlResponse.convert(responseType); assertNotNull(convertedDoc); // Now for the writing part ByteArrayOutputStream baos = new ByteArrayOutputStream(); SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos)); samlWriter.write(responseType); Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc)); }
public boolean handleSAML11UnsolicitedResponse( HttpServletRequest request, HttpServletResponse response) throws IOException { String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); Principal principal = request.getUserPrincipal(); // If we have already authenticated the user and there is no request from IDP or logout from // user if (principal != null) { return true; } HttpSession session = request.getSession(true); // See if we got a response from IDP if (isNotNull(samlResponse)) { boolean isValid = false; try { isValid = validate(request); } catch (Exception e) { logger.samlSPHandleRequestError(e); throw new IOException(); } if (!isValid) { throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED); } try { InputStream base64DecodedResponse = null; if ("GET".equalsIgnoreCase(request.getMethod())) { base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse); } else { base64DecodedResponse = PostBindingUtil.base64DecodeAsStream(samlResponse); } SAMLParser parser = new SAMLParser(); SAML11ResponseType saml11Response = (SAML11ResponseType) parser.parse(base64DecodedResponse); List<SAML11AssertionType> assertions = saml11Response.get(); if (assertions.size() > 1) { logger.trace("More than one assertion from IDP. Considering the first one."); } String username = null; List<String> roles = new ArrayList<String>(); SAML11AssertionType assertion = assertions.get(0); if (assertion != null) { // Get the subject List<SAML11StatementAbstractType> statements = assertion.getStatements(); for (SAML11StatementAbstractType statement : statements) { if (statement instanceof SAML11AuthenticationStatementType) { SAML11AuthenticationStatementType subStat = (SAML11AuthenticationStatementType) statement; SAML11SubjectType subject = subStat.getSubject(); username = subject.getChoice().getNameID().getValue(); } } roles = AssertionUtil.getRoles(assertion, null); } return true; } catch (Exception e) { logger.samlSPHandleRequestError(e); } } return false; }