Examples of org.picketlink.identity.federation.saml.v2.assertion.AssertionType

• org.picketlink.identity.federation.saml.v2.assertion.AssertionType
  @author Anil.Saldhana@redhat.com @since Nov 24, 2010

        private void populateSessionIndex(HttpServletRequest httpRequest, LogoutRequestType lot) throws ProcessingException,
                ConfigurationException, ParsingException {
            Document currentAssertion = (Document) httpRequest.getSession().getAttribute(GeneralConstants.ASSERTION_SESSION_ATTRIBUTE_NAME);

            if (currentAssertion != null) {
                AssertionType assertionType = SAMLUtil.fromElement(currentAssertion.getDocumentElement());

                Set<StatementAbstractType> statements = assertionType.getStatements();

                for (StatementAbstractType statementAbstractType : statements) {
                    if (AuthnStatementType.class.isInstance(statementAbstractType)) {
                        AuthnStatementType authnStatement = (AuthnStatementType) statementAbstractType;

        }

        HTTPContext httpContext = (HTTPContext) request.getContext();
        HttpSession session = httpContext.getRequest().getSession(false);

        AssertionType assertion = (AssertionType) request.getOptions().get(GeneralConstants.ASSERTION);
        if (assertion == null)
            throw logger.samlHandlerAssertionNotFound();

        Set<StatementAbstractType> statements = assertion.getStatements();
        for (StatementAbstractType statement : statements) {
            if (statement instanceof AttributeStatementType) {
                AttributeStatementType attrStat = (AttributeStatementType) statement;
                List<ASTChoiceType> attrs = attrStat.getAttributes();
                for (ASTChoiceType attrChoice : attrs) {

            String assertionID = (String) session.getAttribute(GeneralConstants.ASSERTION_ID);

            if (assertionID != null) {
                // Just renew the assertion
                AssertionType latestAssertion = (AssertionType) session.getAttribute(GeneralConstants.ASSERTION);
                if (latestAssertion != null)
                    idp.setAssertion(latestAssertion);
            }

            SPInfoHolder sp = new SPInfoHolder();
            sp.setResponseDestinationURI(assertionConsumerURL);
            sp.setRequestID(requestID);
            sp.setIssuer(art.getIssuer().getValue());
            responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);

            // Add information on the roles
            AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

            // Create an AuthnStatementType
            if (handlerConfig.getParameter(DISABLE_AUTHN_STATEMENT) == null) {
                String authContextRef = JBossSAMLURIConstants.AC_PASSWORD.get();
                if (StringUtil.isNotNull(authMethod))
                    authContextRef = authMethod;

                AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(),
                        authContextRef);

                authnStatement.setSessionIndex(assertion.getID());

                assertion.addStatement(authnStatement);
            }

            if (handlerConfig.getParameter(DISABLE_SENDING_ROLES) == null && (roles != null && !roles.isEmpty())) {
                AttributeStatementType attrStatement = null;
                if(handlerConfig.getParameter(USE_MULTI_VALUED_ROLES) != null){
                    attrStatement = StatementUtil.createAttributeStatementForRoles(roles,true);
                }else {
                    attrStatement = StatementUtil.createAttributeStatement(roles);
                }
                if(attrStatement != null){
                    assertion.addStatement(attrStatement);
                }
            }

            // Add in the attributes information
            if (attribs != null && attribs.size() > 0) {
                AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attribs);
                assertion.addStatement(attStatement);
            }

            // Add assertion to the session
            session.setAttribute(GeneralConstants.ASSERTION, assertion);

    public void sessionDestroyed(HttpSessionEvent se) {
        HttpSession httpSession = se.getSession();
        if (httpSession == null)
            throw logger.nullArgumentError("session");
        AssertionType assertion = (AssertionType) httpSession.getAttribute(GeneralConstants.ASSERTION);

        // If the user had logged out, then the assertion would not be available in the session.
        // The case when the user closes the browser and does not logout, the session will time out on the
        // server. So we know that the token has not been canceled by the STS.
        if (assertion != null) {

            boolean sigValid = AssertionUtil.isSignatureValid(assertionElement, publicKey);
            if (!sigValid) {
                throw logger.authSAMLInvalidSignatureError();
            }

            AssertionType assertion = SAMLUtil.fromElement(assertionElement);
            if (AssertionUtil.hasExpired(assertion)) {
                throw logger.authSAMLAssertionExpiredError();
            }
        } catch (NamingException e) {
            throw new LoginException(e.toString());

            XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(node));
            SAMLResponseParser samlResponseParser = new SAMLResponseParser();
            ResponseType responseType = (ResponseType) samlResponseParser.parse(xmlEventReader);

            // ResponseType responseType = (ResponseType) response;
            AssertionType at = responseType.getAssertions().get(0).getAssertion();
            XACMLAuthzDecisionStatementType xst = (XACMLAuthzDecisionStatementType) at.getStatements().iterator().next();
            ResultType rt = xst.getResponse().getResult().get(0);
            DecisionType dt = rt.getDecision();

            return new Result(dt, null);
        } catch (IOException e) {

        PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
        SAMLProtocolContext samlProtocolContext = new SAMLProtocolContext();
        samlProtocolContext.setSubjectType(subjectType);
        samlProtocolContext.setIssuerID(issuerInfo.getIssuer());

        AssertionType assertionType = idp.getAssertion();
        if (assertionType != null) {
            samlProtocolContext.setIssuedAssertion(assertionType);
            // renew it
            sts.renewToken(samlProtocolContext);
        } else
            sts.issueToken(samlProtocolContext);

        assertionType = samlProtocolContext.getIssuedAssertion();

        ConditionsType conditions = assertionType.getConditions();
        // Update the subjectConfirmationData expiry based on the assertion
        if (conditions != null) {
            subjectConfirmationData.setNotOnOrAfter(conditions.getNotOnOrAfter());

            //Add conditions -> AudienceRestriction

            return true;
        }

        public boolean commit() throws LoginException {
            NameIDType issuer = new NameIDType();
            AssertionType assertion = AssertionUtil.createAssertion(IDGenerator.create("ID_"), issuer);

            List<String> roles = new ArrayList<String>();
            roles.add("test1");
            roles.add("test2");

            AttributeStatementType att = StatementUtil.createAttributeStatement(roles);
            assertion.addStatement(att);

            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            try {
                SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos));
                writer.write(assertion);

        // retrieve the assertion
        Document document = soapMessage.getSOAPPart();
        Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
        Element assertion = Util.findElement(soapHeader, new QName(assertionNS, "Assertion"));
        if (assertion != null) {
            AssertionType assertionType = null;
            try {
                assertionType = SAMLUtil.fromElement(assertion);
                if (AssertionUtil.hasExpired(assertionType))
                    throw new RuntimeException(logger.samlAssertionExpiredError());
            } catch (Exception e) {

            server.stack().deRegisterTransitParticipant(sessionID, statusIssuer);

            String nextParticipant = this.getParticipant(server, sessionID, decodedRelayState);
            if (nextParticipant == null || nextParticipant.equals(decodedRelayState)) {
                // we are done with logout - First ask STS to cancel the token
                AssertionType assertion = (AssertionType) httpSession.getAttribute(GeneralConstants.ASSERTION);
                if (assertion != null) {
                    PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
                    SAMLProtocolContext samlProtocolContext = new SAMLProtocolContext();
                    samlProtocolContext.setIssuedAssertion(assertion);
                    sts.cancelToken(samlProtocolContext);