Package org.picketlink.identity.federation.api.saml.v2.response

Examples of org.picketlink.identity.federation.api.saml.v2.response.SAML2Response

232
233
234
235
236
237
238
239
240
241
242
243
     * @throws GeneralSecurityException
     */
    public Document sign(ResponseType response, String idValueOfAssertion, KeyPair keypair, String referenceURI)
            throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException,
            GeneralSecurityException, MarshalException, XMLSignatureException {
        SAML2Response saml2Response = new SAML2Response();
        Document doc = saml2Response.convert(response);
        doc.normalize();

        Node theSibling = getNextSiblingOfIssuer(doc);
        if (theSibling != null) {
            this.sibling = theSibling;
View Full Code Here
264
265
266
267
268
269
270
271
272
273
274
275
276
277
                // Are we going to send Request to IDP?
                boolean willSendRequest = true;

                try {
                    SAML2Response saml2Response = new SAML2Response();

                    SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(is);
                    SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder();

                    if (!ignoreSignatures) {
                        if (!verifySignature(documentHolder))
                            throw new ServletException(ErrorCodes.INVALID_DIGITAL_SIGNATURE + "Cannot verify sender");
                    }
View Full Code Here
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
            logger.trace("AssertionConsumerURL=" + assertionConsumerURL);

            ResponseType responseType = null;

            SAML2Response saml2Response = new SAML2Response();

            // Create a response type
            String id = IDGenerator.create("ID_");

            IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
            issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());

            IDPInfoHolder idp = new IDPInfoHolder();
            idp.setNameIDFormatValue(userPrincipal.getName());
            idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

            String assertionID = (String) session.getAttribute(GeneralConstants.ASSERTION_ID);

            if (assertionID != null) {
                // Just renew the assertion
                AssertionType latestAssertion = (AssertionType) session.getAttribute(GeneralConstants.ASSERTION);
                if (latestAssertion != null)
                    idp.setAssertion(latestAssertion);
            }

            SPInfoHolder sp = new SPInfoHolder();
            sp.setResponseDestinationURI(assertionConsumerURL);
            sp.setRequestID(requestID);
            sp.setIssuer(art.getIssuer().getValue());
            responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);

            // Add information on the roles
            AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

            // Create an AuthnStatementType
            if (handlerConfig.getParameter(DISABLE_AUTHN_STATEMENT) == null) {
                String authContextRef = JBossSAMLURIConstants.AC_PASSWORD.get();
                if (StringUtil.isNotNull(authMethod))
                    authContextRef = authMethod;

                AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(),
                        authContextRef);

                authnStatement.setSessionIndex(assertion.getID());

                assertion.addStatement(authnStatement);
            }

            if (handlerConfig.getParameter(DISABLE_SENDING_ROLES) == null && (roles != null && !roles.isEmpty())) {
                AttributeStatementType attrStatement = null;
                if(handlerConfig.getParameter(USE_MULTI_VALUED_ROLES) != null){
                    attrStatement = StatementUtil.createAttributeStatementForRoles(roles,true);
                }else {
                    attrStatement = StatementUtil.createAttributeStatement(roles);
                }
                if(attrStatement != null){
                    assertion.addStatement(attrStatement);  
                }
            }

            // Add in the attributes information
            if (attribs != null && attribs.size() > 0) {
                AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attribs);
                assertion.addStatement(attStatement);
            }

            // Add assertion to the session
            session.setAttribute(GeneralConstants.ASSERTION, assertion);

            Map<String, Object> requestOptions = request.getOptions();
            PicketLinkAuditHelper auditHelper = (PicketLinkAuditHelper) requestOptions.get(GeneralConstants.AUDIT_HELPER);
            if (auditHelper != null) {
                PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                auditEvent.setWhoIsAuditing((String) requestOptions.get(GeneralConstants.CONTEXT_PATH));
                auditEvent.setType(PicketLinkAuditEventType.CREATED_ASSERTION);
                auditEvent.setAssertionID(id);
                auditHelper.audit(auditEvent);
            }

            try {
                samlResponseDocument = saml2Response.convert(responseType);

                if (logger.isTraceEnabled()) {
                    logger.trace("SAML Response Document: " + DocumentUtil.asString(samlResponseDocument));
                }
            } catch (Exception e) {
View Full Code Here
311
312
313
314
315
316
317
318
319
320
321
322
            statusResponse.setInResponseTo(logOutRequestID);

            statusResponse.setIssuer(request.getIssuer());

            try {
                SAML2Response saml2Response = new SAML2Response();
                response.setResultingDocument(saml2Response.convert(statusResponse));
            } catch (ParsingException je) {
                throw logger.processingError(je);
            }

            response.setDestination(originalIssuer);
View Full Code Here
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
    }

    protected void signDocument(Document samlDocument) throws ProcessingException {
        String signatureMethod = signatureAlgorithm.getXmlSignatureMethod();
        String signatureDigestMethod = signatureAlgorithm.getXmlSignatureDigestMethod();
        SAML2Signature samlSignature = new SAML2Signature();

        if (signatureMethod != null) {
            samlSignature.setSignatureMethod(signatureMethod);
        }

        if (signatureDigestMethod != null) {
            samlSignature.setDigestMethod(signatureDigestMethod);
        }

        Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument);

        samlSignature.setNextSibling(nextSibling);

        if (signingCertificate != null) {
            samlSignature.setX509Certificate(signingCertificate);
        }

        samlSignature.signSAMLDocument(samlDocument, signingKeyPair);
    }
View Full Code Here
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    public static void verifyDocumentSignature(ClientModel client, Document document) throws VerificationException {
        if (!"true".equals(client.getAttribute(SamlProtocol.SAML_CLIENT_SIGNATURE_ATTRIBUTE))) {
            return;
        }
        SAML2Signature saml2Signature = new SAML2Signature();
        PublicKey publicKey = getSignatureValidationKey(client);
        try {
            if (!saml2Signature.validate(document, publicKey)) {
                throw new VerificationException("Invalid signature on document");
            }
        } catch (ProcessingException e) {
            throw new VerificationException("Error validating signature", e);
        }
View Full Code Here
256
257
258
259
260
261
262
263
264
265
266
        try {
            Document doc = DocumentUtil.createDocument();
            Node n = doc.importNode(assertionElement, true);
            doc.appendChild(n);

            return new SAML2Signature().validate(doc, publicKey);
        } catch (Exception e) {
            logger.signatureAssertionValidationError(e);
        }
        return false;
    }
View Full Code Here
314
315
316
317
318
319
320
321
322
323
324
325
            logger.trace("SAML Response Document: " + sw.toString());
        }

        if (supportSignature) {
            try {
                SAML2Signature ss = new SAML2Signature();
                samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
            } catch (Exception e) {
                logger.trace(e);
                throw new RuntimeException(logger.signatureError(e));
            }
        } else
View Full Code Here
80
81
82
83
84
85
86
87
88
89
90
91
92
        AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(id, assertionConsumerURL, destination, issuerValue);

        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
        KeyPair kp = kpg.genKeyPair();

        SAML2Signature ss = new SAML2Signature();
        ss.setSignatureMethod(SignatureMethod.DSA_SHA1);
        Document signedDoc = ss.sign(authnRequest, kp);

        Logger.getLogger(SignatureValidationUnitTestCase.class).debug("Signed Doc:" + DocumentUtil.asString(signedDoc));

        JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(signedDoc));
View Full Code Here
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
        AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(id, assertionConsumerURL, destination, issuerValue);

        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
        KeyPair kp = kpg.genKeyPair();

        SAML2Signature ss = new SAML2Signature();
        ss.setSignatureIncludeKeyInfo(false);

        ss.setSignatureMethod(SignatureMethod.DSA_SHA1);
        Document signedDoc = ss.sign(authnRequest, kp);

        Logger.getLogger(SignatureValidationUnitTestCase.class).debug("Signed Doc:" + DocumentUtil.asString(signedDoc));

        JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(signedDoc));
View Full Code Here
TOP

Related Classes of org.picketlink.identity.federation.api.saml.v2.response.SAML2Response

  • org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature
  • org.jboss.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet
  • org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectValve
  • org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectWithSignatureValve
  • org.jboss.identity.federation.bindings.tomcat.idp.IDPWebRequestUtil
  • org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator
  • org.jboss.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator
  • org.jboss.identity.federation.bindings.tomcat.sp.SPRedirectSignatureFormAuthenticator
  • org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder
  • org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.