/**
* Create an Error Response
*
* @param responseURL
* @param status
* @param identityURL
* @param supportSignature
* @return
* @throws ConfigurationException
*/
public Document getErrorResponse(
String responseURL, String status, String identityURL, boolean supportSignature) {
Document samlResponse = null;
ResponseType responseType = null;
SAML2Response saml2Response = new SAML2Response();
// Create a response type
String id = IDGenerator.create("ID_");
IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
issuerHolder.setStatusCode(status);
IDPInfoHolder idp = new IDPInfoHolder();
idp.setNameIDFormatValue(null);
idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
SPInfoHolder sp = new SPInfoHolder();
sp.setResponseDestinationURI(responseURL);
responseType = saml2Response.createResponseType(id);
responseType.setStatus(JBossSAMLAuthnResponseFactory.createStatusType(status));
// Lets see how the response looks like
if (logger.isTraceEnabled()) {
StringWriter sw = new StringWriter();
try {
saml2Response.marshall(responseType, sw);
} catch (ProcessingException e) {
logger.trace(e);
}
logger.trace("SAML Response Document: " + sw.toString());
}
if (supportSignature) {
try {
SAML2Signature ss = new SAML2Signature();
samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
} catch (Exception e) {
logger.trace(e);
throw new RuntimeException(logger.signatureError(e));
}
} else
try {
samlResponse = saml2Response.convert(responseType);
} catch (Exception e) {
logger.trace(e);
}
return samlResponse;
}
/**
* Parse a {@link ResponseType} that contains ADFS Claims and then try to sign
*
* @throws Exception
*/
@Test
public void parseADFSClaims() throws Exception {
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream configStream =
tcl.getResourceAsStream("saml/v2/response/saml2-response-adfs-claims.xml");
SAML2Response samlResponse = new SAML2Response();
SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream);
assertNotNull(samlObject);
SAML2Signature sig = new SAML2Signature();
Document signedDoc = sig.sign((ResponseType) samlObject, getKeyPair());
assertNotNull(signedDoc);
System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));
}
/**
* This test constructs the {@link ResponseType}. An {@link AssertionType} is locally constructed
* and then passed to the construct method
*
* @throws Exception
*/
@Test
public void constructAndSign() throws Exception {
SAML2Response samlResponse = new SAML2Response();
String ID = IDGenerator.create("ID_");
IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink");
IDPInfoHolder idp = new IDPInfoHolder();
idp.setNameIDFormatValue("anil");
// create the service provider(in this case BAS) holder object
SPInfoHolder sp = new SPInfoHolder();
sp.setResponseDestinationURI("http://sombody");
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put("TOKEN_USER_ID", String.valueOf(2));
attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org");
attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User");
AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes);
String assertionId = IDGenerator.create("ID_");
AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer());
assertion.addStatement(attributeStatement);
ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion);
SAML2Signature sig = new SAML2Signature();
Document signedDoc = sig.sign(responseType, getKeyPair());
assertNotNull(signedDoc);
System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));
Document convertedDoc = samlResponse.convert(responseType);
assertNotNull(convertedDoc);
// Now for the writing part
ByteArrayOutputStream baos = new ByteArrayOutputStream();
SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
samlWriter.write(responseType);
Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
}
protected void sendToDestination(
Document samlDocument,
String relayState,
String destination,
HttpServletResponse response,
boolean request)
throws IOException, SAXException, GeneralSecurityException {
if (!ignoreSignatures) {
SAML2Signature samlSignature = new SAML2Signature();
Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument);
if (nextSibling != null) {
samlSignature.setNextSibling(nextSibling);
}
KeyPair keypair = keyManager.getSigningKeyPair();
samlSignature.signSAMLDocument(samlDocument, keypair);
}
String samlMessage =
PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
PostBindingUtil.sendPost(
new DestinationInfoHolder(destination, samlMessage, relayState), response, request);
}