Examples of org.jboss.identity.federation.saml.v2.assertion.AssertionType

• org.picketlink.identity.federation.saml.v2.assertion.AssertionType
  3.org/2001/XMLSchema}anyType"> <sequence> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Issuer"/> <element ref="{http://www.w3.org/2000/09/xmldsig#}Signature" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Subject" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Conditions" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Advice" minOccurs="0"/> <choice maxOccurs="unbounded" minOccurs="0"> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Statement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AuthnStatement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AuthzDecisionStatement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AttributeStatement"/> </choice> </sequence> <attribute name="Version" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> <attribute name="ID" use="required" type="{http://www.w3.org/2001/XMLSchema}ID" /> <attribute name="IssueInstant" use="required" type="{http://www.w3.org/2001/XMLSchema}dateTime" /> </restriction> </complexContent> </complexType>

        SecurityContextAssociation.clearSecurityContext();

        Element assertionElement = (Element) context.getSecurityToken().getTokenValue();

        SAMLParser samlParser = new SAMLParser();
        AssertionType assertion = (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement));

        /*
         * JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion");
         * Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); JAXBElement<?> parsedElement = (JAXBElement<?>)
         * unmarshaller.unmarshal((Element) context.getSecurityToken() .getTokenValue());
         * assertNotNull("Unexpected null element", parsedElement); assertEquals("Unexpected element type", AssertionType.class,
         * parsedElement.getDeclaredType());
         *
         * AssertionType assertion = (AssertionType) parsedElement.getValue();
         */
        StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken();
        assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID());
        assertEquals("Unexpected token issuer", "PicketLinkSTS", assertion.getIssuer().getValue());

        // check the contents of the assertion conditions.
        ConditionsType conditions = assertion.getConditions();
        assertNotNull("Unexpected null conditions", conditions);
        assertNotNull("Unexpected null value for NotBefore attribute", conditions.getNotBefore());
        assertNotNull("Unexpected null value for NotOnOrAfter attribute", conditions.getNotOnOrAfter());
        assertEquals("Unexpected number of conditions", 1, conditions.getConditions().size());
        assertTrue("Unexpected condition type", conditions.getConditions().get(0) instanceof AudienceRestrictionType);
        AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions.getConditions().get(0);
        assertNotNull("Unexpected null audience list", restrictionType.getAudience());
        assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size());
        assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience()
                .get(0).toString());

        // check the contents of the assertion subject.
        SubjectType subject = assertion.getSubject();
        assertNotNull("Unexpected null subject", subject);

        NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
        assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
        assertEquals("Unexpected name id", "bmozaffa", nameID.getValue());
        SubjectConfirmationType confirmation = (SubjectConfirmationType) subject.getConfirmation().get(0);
        assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI, confirmation.getMethod());

        Iterator<StatementAbstractType> statementIterator = assertion.getStatements().iterator();
        StatementAbstractType authnStatementType = statementIterator.next();
        StatementAbstractType statementAbstractType = statementIterator.next();

        assertTrue("Unexpected type instead of AuthnStatement: " + authnStatementType.getClass().getSimpleName(),
                authnStatementType instanceof AuthnStatementType);

        // Let us use the encrypted doc element to decrypt it

        ResponseType newRT = sr.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));

        AssertionType assertion = newRT.getAssertions().get(0).getAssertion();
        assertEquals("http://identityurl", assertion.getIssuer().getValue());
    }

        SPInfoHolder sp = new SPInfoHolder();
        sp.setResponseDestinationURI("http://service");
        sp.setIssuer("http://service.issuer");
        responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
        AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

        AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
        assertion.addStatement(attrStatement);

        // Add timed conditions
        saml2Response.createTimedConditions(assertion, 5000L);

        return responseType;

        ResponseType responseType = getResponseTypeAndCheckSignature(response, null);

        assertNotNull(responseType);
        assertEquals(1, responseType.getAssertions().size());

        AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

        assertEquals(assertion.getIssuer().getValue(), IDENTITY_PROVIDER_URL);

        List<String> expectedRoles = new ArrayList<String>();

        expectedRoles.add("test-role1");
        expectedRoles.add("test-role2");
        expectedRoles.add("test-role3");

        Set<StatementAbstractType> statements = assertion.getStatements();

        for (StatementAbstractType statementType : statements) {
            if (statementType instanceof AttributeStatementType) {
                AttributeStatementType attributeType = (AttributeStatementType) statementType;
                List<ASTChoiceType> attributes = attributeType.getAttributes();

        ResponseType responseType = getResponseTypeAndCheckSignature(response, bos);

        assertNotNull(responseType);
        assertEquals(1, responseType.getAssertions().size());
        AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
        assertEquals(assertion.getIssuer().getValue(), IDENTITY_PROVIDER_URL);

        ConditionsType conditions = assertion.getConditions();
        assertNotNull(conditions);
        List<ConditionAbstractType> conditionList = conditions.getConditions();
        assertEquals(1, conditionList.size());
        AudienceRestrictionType audience = (AudienceRestrictionType) conditionList.get(0);
        assertEquals(SERVICE_PROVIDER_URL, audience.getAudience().get(0).toString());

        ResponseType responseType = getResponseTypeAndCheckSignature(response, null);

        assertNotNull(responseType);
        assertEquals(1, responseType.getAssertions().size());

        AssertionType issuedAssertion = responseType.getAssertions().get(0).getAssertion();

        assertEquals(issuedAssertion.getIssuer().getValue(), IDENTITY_PROVIDER_URL);

        // The response should redirect back to the caller SP
        assertTrue("Expected a redirect to the SP.", response.redirectString.contains(SERVICE_PROVIDER_URL));

        ConditionsType conditions = issuedAssertion.getConditions();

        assertEquals("The assertion timeout is invalid.", 3000, conditions.getNotOnOrAfter().toGregorianCalendar()
                .getTimeInMillis()
                - conditions.getNotBefore().toGregorianCalendar().getTimeInMillis());
    }

        Source responseMessage = this.tokenService.invoke(requestMessage);
        BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
                .parse(DocumentUtil.getSourceAsStream(responseMessage));

        // validate the security token response.
        AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
                SAMLUtil.SAML2_BEARER_URI);

        // in this scenario, the conditions section should have an audience restriction.
        ConditionsType conditions = assertion.getConditions();
        assertEquals("Unexpected restriction list size", 1, conditions.getConditions().size());
        ConditionAbstractType abstractType = conditions.getConditions().get(0);
        assertTrue("Unexpected restriction type", abstractType instanceof AudienceRestrictionType);
        AudienceRestrictionType audienceRestriction = (AudienceRestrictionType) abstractType;
        assertEquals("Unexpected audience restriction list size", 1, audienceRestriction.getAudience().size());

        Source responseMessage = this.tokenService.invoke(requestMessage);
        BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
                .parse(DocumentUtil.getSourceAsStream(responseMessage));

        // validate the security token response.
        AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
                SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
        // validate the holder of key contents.
        SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
        this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);

        // check if the response contains the STS-generated key.
        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);

        Source responseMessage = this.tokenService.invoke(requestMessage);
        BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
                .parse(DocumentUtil.getSourceAsStream(responseMessage));

        // validate the security token response.
        AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
                SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
        // validate the holder of key contents.
        SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
        this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);

        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        RequestedProofTokenType proofToken = response.getRequestedProofToken();

        Source requestMessage = this.createSourceFromRequest(request);
        Source responseMessage = this.tokenService.invoke(requestMessage);
        BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
                .parse(DocumentUtil.getSourceAsStream(responseMessage));
        // validate the security token response.
        AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
                SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
        // validate the holder of key contents.
        SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
        this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, false);
    }