Пример #1
0
 /*
  * (non-Javadoc)
  *
  * @see java.lang.Object#toString()
  */
 @Override
 public String toString() {
   StringBuilder result = new StringBuilder();
   result.append("Principal: " + getPrincipal() + ", Attributes: ");
   for (AttributeStatement attributeStatement : getAttributeStatements()) {
     for (Attribute attr : attributeStatement.getAttributes()) {
       result.append("[ ");
       result.append(attr.getName());
       result.append(" : ");
       for (int i = 0; i < attr.getAttributeValues().size(); i++) {
         result.append(((XSString) attr.getAttributeValues().get(i)).getValue());
       }
       result.append("] ");
     }
   }
   // add this back in when we support parsing this information
   result.append(", AuthnStatements: ");
   for (AuthnStatement authStatement : getAuthnStatements()) {
     result.append("[ ");
     result.append(authStatement.getAuthnInstant() + " : ");
     result.append(
         authStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
     result.append("] ");
   }
   //        result.append(", AuthzDecisionStatements: ");
   //        for (AuthzDecisionStatement authDecision : getAuthzDecisionStatements()) {
   //            result.append("[ ");
   //            result.append(authDecision.getDecision().toString());
   //            result.append(" ]");
   //        }
   return result.toString();
 }
  /** {@inheritDoc} */
  protected void processChildElement(XMLObject parentObject, XMLObject childObject)
      throws UnmarshallingException {
    AttributeStatement attributeStatement = (AttributeStatement) parentObject;

    if (childObject instanceof Attribute) {
      attributeStatement.getAttributes().add((Attribute) childObject);
    } else if (childObject instanceof EncryptedAttribute) {
      attributeStatement.getEncryptedAttributes().add((EncryptedAttribute) childObject);
    } else {
      super.processChildElement(parentObject, childObject);
    }
  }
Пример #3
0
  @Override
  public Set<Principal> getPrincipals() {
    Set<Principal> principals = new HashSet<>();
    Principal primary = getPrincipal();
    principals.add(primary);
    principals.add(new RolePrincipal(primary.getName()));
    for (AttributeStatement attributeStatement : getAttributeStatements()) {
      for (Attribute attr : attributeStatement.getAttributes()) {
        if (StringUtils.containsIgnoreCase(attr.getName(), "role")) {
          for (final XMLObject obj : attr.getAttributeValues()) {
            principals.add(new RolePrincipal(((XSString) obj).getValue()));
          }
        }
      }
    }

    return principals;
  }
  /*
   * Process the response and returns the results
   */
  private Map<String, String> getAssertionStatements(Assertion assertion) {

    Map<String, String> results = new HashMap<String, String>();

    if (assertion != null && assertion.getAttributeStatements() != null) {

      List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();

      for (AttributeStatement statement : attributeStatementList) {
        List<Attribute> attributesList = statement.getAttributes();
        for (Attribute attribute : attributesList) {
          Element value = attribute.getAttributeValues().get(0).getDOM();
          String attributeValue = value.getTextContent();
          results.put(attribute.getName(), attributeValue);
        }
      }
    }
    return results;
  }
Пример #5
0
 /**
  * Checks if the NameIDFormat is of the following formats below, if not, the name is changed to
  * the value of the first matching usernameAttribute.
  */
 private void identifyNameIDFormat() {
   if (!((StringUtils.containsIgnoreCase(nameIDFormat, SAML2Constants.NAMEID_FORMAT_PERSISTENT)
           || StringUtils.containsIgnoreCase(
               nameIDFormat, SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME)
           || StringUtils.containsIgnoreCase(nameIDFormat, SAML2Constants.NAMEID_FORMAT_KERBEROS)
           || StringUtils.containsIgnoreCase(
               nameIDFormat, SAML2Constants.NAMEID_FORMAT_UNSPECIFIED))
       && !name.equals(""))) {
     for (AttributeStatement attributeStatementList : getAttributeStatements()) {
       List<Attribute> attributeList = attributeStatementList.getAttributes();
       for (Attribute attribute : attributeList) {
         if (listContainsIgnoreCase(usernameAttributeList, attribute.getName())) {
           name = ((XMLString) attribute.getAttributeValues().get(0)).getValue();
           return;
         }
       }
     }
   }
 }
Пример #6
0
  private AttributeStatement buildAttributeStatement(Map<String, String> claims) {
    AttributeStatement attStmt = null;
    if (claims != null) {
      attStmt = new AttributeStatementBuilder().buildObject();
      Iterator<String> ite = claims.keySet().iterator();

      for (int i = 0; i < claims.size(); i++) {
        Attribute attrib = new AttributeBuilder().buildObject();
        String claimUri = ite.next();
        attrib.setName(claimUri);
        // look
        // https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUsrManJavaAnyTypes
        XSStringBuilder stringBuilder =
            (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
        XSString stringValue =
            stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        stringValue.setValue(claims.get(claimUri));
        attrib.getAttributeValues().add(stringValue);
        attStmt.getAttributes().add(attrib);
      }
    }
    return attStmt;
  }
  private Map<String, Object> getUserAttributes(ResponseImpl samlResponse) {

    Map<String, Object> userAttributes = new HashMap<>();

    // Add 'Subject'
    Assertion assertion = samlResponse.getAssertions().get(0);
    userAttributes.put(
        SAMLConstants.SAML2_ASSERTION_SUBJECT, assertion.getSubject().getNameID().getValue());

    // Add other user attributes.
    List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    if (attributeStatements != null) {
      for (AttributeStatement attributeStatement : attributeStatements) {
        List<Attribute> attributes = attributeStatement.getAttributes();
        for (Attribute attribute : attributes) {
          userAttributes.put(
              attribute.getName(), attribute.getAttributeValues().get(0).getDOM().getTextContent());
        }
      }
    }

    return userAttributes;
  }
Пример #8
0
  private Saml2Credentials buildSaml2Credentials(final ExtendedSAMLMessageContext context) {

    NameID nameId = (NameID) context.getSubjectNameIdentifier();
    Assertion subjectAssertion = context.getSubjectAssertion();

    List<Attribute> attributes = new ArrayList<Attribute>();
    for (AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) {
      for (Attribute attribute : attributeStatement.getAttributes()) {
        attributes.add(attribute);
      }
      if (attributeStatement.getEncryptedAttributes().size() > 0) {
        logger.warn("Encrypted attributes returned, but no keystore was provided.");
      }
      for (EncryptedAttribute encryptedAttribute : attributeStatement.getEncryptedAttributes()) {
        try {
          attributes.add(decrypter.decrypt(encryptedAttribute));
        } catch (DecryptionException e) {
          logger.warn("Decryption of attribute failed, continue with the next one", e);
        }
      }
    }

    return new Saml2Credentials(nameId, attributes, subjectAssertion.getConditions(), getName());
  }