/**
* This test constructs the {@link ResponseType}. An {@link AssertionType} is locally constructed
* and then passed to the construct method
*
* @throws Exception
*/
@Test
public void constructAndSign() throws Exception {
SAML2Response samlResponse = new SAML2Response();
String ID = IDGenerator.create("ID_");
IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink");
IDPInfoHolder idp = new IDPInfoHolder();
idp.setNameIDFormatValue("anil");
// create the service provider(in this case BAS) holder object
SPInfoHolder sp = new SPInfoHolder();
sp.setResponseDestinationURI("http://sombody");
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put("TOKEN_USER_ID", String.valueOf(2));
attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org");
attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User");
AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes);
String assertionId = IDGenerator.create("ID_");
AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer());
assertion.addStatement(attributeStatement);
ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion);
SAML2Signature sig = new SAML2Signature();
Document signedDoc = sig.sign(responseType, getKeyPair());
assertNotNull(signedDoc);
System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));
Document convertedDoc = samlResponse.convert(responseType);
assertNotNull(convertedDoc);
// Now for the writing part
ByteArrayOutputStream baos = new ByteArrayOutputStream();
SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
samlWriter.write(responseType);
Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
}
public boolean handleSAML11UnsolicitedResponse(
HttpServletRequest request, HttpServletResponse response) throws IOException {
String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
Principal principal = request.getUserPrincipal();
// If we have already authenticated the user and there is no request from IDP or logout from
// user
if (principal != null) {
return true;
}
HttpSession session = request.getSession(true);
// See if we got a response from IDP
if (isNotNull(samlResponse)) {
boolean isValid = false;
try {
isValid = validate(request);
} catch (Exception e) {
logger.samlSPHandleRequestError(e);
throw new IOException();
}
if (!isValid) {
throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED);
}
try {
InputStream base64DecodedResponse = null;
if ("GET".equalsIgnoreCase(request.getMethod())) {
base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse);
} else {
base64DecodedResponse = PostBindingUtil.base64DecodeAsStream(samlResponse);
}
SAMLParser parser = new SAMLParser();
SAML11ResponseType saml11Response =
(SAML11ResponseType) parser.parse(base64DecodedResponse);
List<SAML11AssertionType> assertions = saml11Response.get();
if (assertions.size() > 1) {
logger.trace("More than one assertion from IDP. Considering the first one.");
}
String username = null;
List<String> roles = new ArrayList<String>();
SAML11AssertionType assertion = assertions.get(0);
if (assertion != null) {
// Get the subject
List<SAML11StatementAbstractType> statements = assertion.getStatements();
for (SAML11StatementAbstractType statement : statements) {
if (statement instanceof SAML11AuthenticationStatementType) {
SAML11AuthenticationStatementType subStat =
(SAML11AuthenticationStatementType) statement;
SAML11SubjectType subject = subStat.getSubject();
username = subject.getChoice().getNameID().getValue();
}
}
roles = AssertionUtil.getRoles(assertion, null);
}
return true;
} catch (Exception e) {
logger.samlSPHandleRequestError(e);
}
}
return false;
}