/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder result = new StringBuilder();
result.append("Principal: " + getPrincipal() + ", Attributes: ");
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
result.append("[ ");
result.append(attr.getName());
result.append(" : ");
for (int i = 0; i < attr.getAttributeValues().size(); i++) {
result.append(((XSString) attr.getAttributeValues().get(i)).getValue());
}
result.append("] ");
}
}
// add this back in when we support parsing this information
result.append(", AuthnStatements: ");
for (AuthnStatement authStatement : getAuthnStatements()) {
result.append("[ ");
result.append(authStatement.getAuthnInstant() + " : ");
result.append(
authStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
result.append("] ");
}
// result.append(", AuthzDecisionStatements: ");
// for (AuthzDecisionStatement authDecision : getAuthzDecisionStatements()) {
// result.append("[ ");
// result.append(authDecision.getDecision().toString());
// result.append(" ]");
// }
return result.toString();
}
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentObject, XMLObject childObject)
throws UnmarshallingException {
AttributeStatement attributeStatement = (AttributeStatement) parentObject;
if (childObject instanceof Attribute) {
attributeStatement.getAttributes().add((Attribute) childObject);
} else if (childObject instanceof EncryptedAttribute) {
attributeStatement.getEncryptedAttributes().add((EncryptedAttribute) childObject);
} else {
super.processChildElement(parentObject, childObject);
}
}
@Override
public Set<Principal> getPrincipals() {
Set<Principal> principals = new HashSet<>();
Principal primary = getPrincipal();
principals.add(primary);
principals.add(new RolePrincipal(primary.getName()));
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
if (StringUtils.containsIgnoreCase(attr.getName(), "role")) {
for (final XMLObject obj : attr.getAttributeValues()) {
principals.add(new RolePrincipal(((XSString) obj).getValue()));
}
}
}
}
return principals;
}
/*
* Process the response and returns the results
*/
private Map<String, String> getAssertionStatements(Assertion assertion) {
Map<String, String> results = new HashMap<String, String>();
if (assertion != null && assertion.getAttributeStatements() != null) {
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
Element value = attribute.getAttributeValues().get(0).getDOM();
String attributeValue = value.getTextContent();
results.put(attribute.getName(), attributeValue);
}
}
}
return results;
}
/**
* Checks if the NameIDFormat is of the following formats below, if not, the name is changed to
* the value of the first matching usernameAttribute.
*/
private void identifyNameIDFormat() {
if (!((StringUtils.containsIgnoreCase(nameIDFormat, SAML2Constants.NAMEID_FORMAT_PERSISTENT)
|| StringUtils.containsIgnoreCase(
nameIDFormat, SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME)
|| StringUtils.containsIgnoreCase(nameIDFormat, SAML2Constants.NAMEID_FORMAT_KERBEROS)
|| StringUtils.containsIgnoreCase(
nameIDFormat, SAML2Constants.NAMEID_FORMAT_UNSPECIFIED))
&& !name.equals(""))) {
for (AttributeStatement attributeStatementList : getAttributeStatements()) {
List<Attribute> attributeList = attributeStatementList.getAttributes();
for (Attribute attribute : attributeList) {
if (listContainsIgnoreCase(usernameAttributeList, attribute.getName())) {
name = ((XMLString) attribute.getAttributeValues().get(0)).getValue();
return;
}
}
}
}
}
private AttributeStatement buildAttributeStatement(Map<String, String> claims) {
AttributeStatement attStmt = null;
if (claims != null) {
attStmt = new AttributeStatementBuilder().buildObject();
Iterator<String> ite = claims.keySet().iterator();
for (int i = 0; i < claims.size(); i++) {
Attribute attrib = new AttributeBuilder().buildObject();
String claimUri = ite.next();
attrib.setName(claimUri);
// look
// https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUsrManJavaAnyTypes
XSStringBuilder stringBuilder =
(XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
XSString stringValue =
stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
stringValue.setValue(claims.get(claimUri));
attrib.getAttributeValues().add(stringValue);
attStmt.getAttributes().add(attrib);
}
}
return attStmt;
}
private Map<String, Object> getUserAttributes(ResponseImpl samlResponse) {
Map<String, Object> userAttributes = new HashMap<>();
// Add 'Subject'
Assertion assertion = samlResponse.getAssertions().get(0);
userAttributes.put(
SAMLConstants.SAML2_ASSERTION_SUBJECT, assertion.getSubject().getNameID().getValue());
// Add other user attributes.
List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements != null) {
for (AttributeStatement attributeStatement : attributeStatements) {
List<Attribute> attributes = attributeStatement.getAttributes();
for (Attribute attribute : attributes) {
userAttributes.put(
attribute.getName(), attribute.getAttributeValues().get(0).getDOM().getTextContent());
}
}
}
return userAttributes;
}
private Saml2Credentials buildSaml2Credentials(final ExtendedSAMLMessageContext context) {
NameID nameId = (NameID) context.getSubjectNameIdentifier();
Assertion subjectAssertion = context.getSubjectAssertion();
List<Attribute> attributes = new ArrayList<Attribute>();
for (AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
attributes.add(attribute);
}
if (attributeStatement.getEncryptedAttributes().size() > 0) {
logger.warn("Encrypted attributes returned, but no keystore was provided.");
}
for (EncryptedAttribute encryptedAttribute : attributeStatement.getEncryptedAttributes()) {
try {
attributes.add(decrypter.decrypt(encryptedAttribute));
} catch (DecryptionException e) {
logger.warn("Decryption of attribute failed, continue with the next one", e);
}
}
}
return new Saml2Credentials(nameId, attributes, subjectAssertion.getConditions(), getName());
}