Examples of org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType

• org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType

  Java class for AttributeStatementType complex type.

  The following schema fragment specifies the expected content contained within this class.

   <complexType name="AttributeStatementType"> <complexContent> <extension base="{urn:oasis:names:tc:SAML:2.0:assertion}StatementAbstractType"> <choice maxOccurs="unbounded"> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Attribute"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}EncryptedAttribute"/> </choice> </extension> </complexContent> </complexType> 

      Unmarshaller un = MetaDataBuilder.getUnmarshaller();
      JAXBElement<?> j = (JAXBElement<?>) un.unmarshal(is);
      Object obj = j.getValue();
      if(obj instanceof EntityDescriptorType == false)
         throw new RuntimeException("Unsupported type:"+ obj.getClass());
      EntityDescriptorType edt = (EntityDescriptorType) obj;
      return edt;
   }

           Certificate cert = keyManager.getCertificate(signingAlias);
           KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert);

           //TODO: Assume just signing key for now
           KeyDescriptorType keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
                 null, 0, true, false);

           updateKeyDescriptor(metadata, keyDescriptor);

           //encryption

         ResponseType responseType = new ResponseType();
         ResultType resultType = responseContext.getResult();
         responseType.getResult().add(resultType);

         XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.createXACMLAuthzDecisionStatementType();
         xacmlStatement.setRequest(requestType);
         xacmlStatement.setResponse(responseType);

         //Place the xacml statement in an assertion
         //Then the assertion goes inside a SAML Response

         String ID = IDGenerator.create("ID_");

   protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
   {
      JAXBElement<RequestAbstractType> jaxbRequestType = null;

      Envelope envelope = null;
      XACMLAuthzDecisionQueryType xacmlRequest = null;

      try
      {
         Document inputDoc = DocumentUtil.getDocument(req.getInputStream());
         if(debug)
            log.trace("Received SOAP:"+DocumentUtil.getDocumentAsString(inputDoc));

         Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
         if(debug)
           un.setEventHandler(new DefaultValidationEventHandler());

         Object unmarshalledObject = un.unmarshal(DocumentUtil.getNodeAsStream(inputDoc));

         if(unmarshalledObject instanceof JAXBElement)
         {
            JAXBElement<?> jaxbElement = (JAXBElement<?>) unmarshalledObject;
            Object element = jaxbElement.getValue();
            if(element instanceof Envelope)
            {
               envelope = (Envelope)element;
               Body soapBody = envelope.getBody();
               Object samlRequest = soapBody.getAny().get(0);
               if(samlRequest instanceof JAXBElement)
               {
                  jaxbRequestType = (JAXBElement<RequestAbstractType>)samlRequest;
                  jaxbRequestType = (JAXBElement<RequestAbstractType>)samlRequest;
                  xacmlRequest = (XACMLAuthzDecisionQueryType) jaxbRequestType.getValue();
               }
               else
                  if(samlRequest instanceof Element)
                  {
                     Element elem = (Element) samlRequest;
                     xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType(elem);
                  }
            }
            else if(element instanceof XACMLAuthzDecisionQueryType)
            {
               xacmlRequest = (XACMLAuthzDecisionQueryType) element;
            }
         }
         if(xacmlRequest == null)
            throw new IOException("XACML Request not parsed");

         RequestType requestType = xacmlRequest.getRequest();

         RequestContext requestContext = new JBossRequestContext();
         requestContext.setRequest(requestType);

         //pdp evaluation is thread safe

      String samlMessage = getSAMLMessage(request);
      InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
      SAML2Request saml2Request = new SAML2Request();

      AuthnRequestType authnRequestType = null;
      try
      {
         authnRequestType = saml2Request.getAuthnRequestType(is);
      }
      catch (JAXBException e2)
      {
         throw new ParsingException(e2);
      }
      catch (SAXException e2)
      {
         throw new ParsingException(e2);
      }
      if(authnRequestType == null)
         throw new IllegalStateException("AuthnRequest is null");

      if(log.isTraceEnabled())
      {
         StringWriter sw = new StringWriter();
         try
         {
            saml2Request.marshall(authnRequestType, sw);
         }
         catch (SAXException e)
         {
            log.trace(e);
         }
         catch (JAXBException e)
         {
            log.trace(e);
         }
         log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
      }
      SAML2Response saml2Response = new SAML2Response();

      //Create a response type
      String id = IDGenerator.create("ID_");

      IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
      issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());

      IDPInfoHolder idp = new IDPInfoHolder();
      idp.setNameIDFormatValue(userPrincipal.getName());
      idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

      SPInfoHolder sp = new SPInfoHolder();
      sp.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
      //Add information on the roles
      List<String> roles = rg.generateRoles(userPrincipal);
      AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

                  List<String> roles = rg.generateRoles(userPrincipal);

                  log.trace("Roles have been determined:Creating response");

                  AuthnRequestType art = (AuthnRequestType) requestAbstractType;
                  responseType =
                     webRequestUtil.getResponse(art.getAssertionConsumerServiceURL(),
                           userPrincipal, roles,
                           this.identityURL, this.assertionValidity);
               }
               catch (IssuerNotTrustedException e)
               {

         throw new ServletException("serviceURL is not configured");

      SAML2Request saml2Request = new SAML2Request();

      SPUtil spUtil = new SPUtil();
      AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);

      ByteArrayOutputStream baos = new ByteArrayOutputStream();
      saml2Request.marshall(authnRequest, baos);

      String base64Request = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
      String destination = authnRequest.getDestination() + getDestination(base64Request, relayState);
      log.debug("Sending to destination="+destination);

      return destination;
   }

      {
         principal = (GenericPrincipal) process(request,response);

         if(principal == null)
         {
            AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);
            sendRequestToIDP(authnRequest, relayState, response);
            return false;
         }

         String username = principal.getName();
         String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;

         //Map to JBoss specific principal
         if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
         {
            GenericPrincipal gp = (GenericPrincipal) principal;
            //Push a context
            ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
            principal = context.getRealm().authenticate(username, password);
            ServiceProviderSAMLContext.clear();
         }

         session.setNote(Constants.SESS_USERNAME_NOTE, username);
         session.setNote(Constants.SESS_PASSWORD_NOTE, password);
         request.setUserPrincipal(principal);
         register(request, response, principal, Constants.FORM_METHOD, username, password);

         return true;
      }
      catch(AssertionExpiredException aie)
      {
         log.debug("Assertion has expired. Issuing a new saml2 request to the IDP");
         try
         {
            AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);
            sendRequestToIDP(authnRequest, relayState, response);
         }
         catch (Exception e)
         {
            log.trace("Exception:",e);

         if(userPrincipal == null)
         {
            String relayState = null;
            try
            {
               AuthnRequestType authnRequest = createSAMLRequest(serviceURL, identityURL);
               sendRequestToIDP(authnRequest, relayState, response);
            }
            catch (Exception e)
            {
               throw new ServletException(e);

               if(trace)
                  log.trace("Roles have been determined:Creating response");

               AuthnRequestType art = (AuthnRequestType) requestAbstractType;
               destination = art.getAssertionConsumerServiceURL();

               samlResponse =
                  webRequestUtil.getResponse(destination,
                        userPrincipal, roles,
                        this.identityURL, this.assertionValidity, this.signOutgoingMessages);