org.opensaml.common.SAMLVersion Java Examples

public Response buildResponse(SAMLSSOAuthnReqDTO authReqDTO, Assertion assertion)
        throws IdentityException {

    if (log.isDebugEnabled()) {
        log.debug("Building SAML Response for the consumer '"
                + authReqDTO.getAssertionConsumerURL() + "'");
    }
    Response response = new org.opensaml.saml2.core.impl.ResponseBuilder().buildObject();
    response.setIssuer(SAMLSSOUtil.getIssuer());
    response.setID(SAMLSSOUtil.createID());
    response.setInResponseTo(authReqDTO.getId());
    response.setDestination(authReqDTO.getAssertionConsumerURL());
    response.setStatus(buildStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
    response.setVersion(SAMLVersion.VERSION_20);
    DateTime issueInstant = new DateTime();
    response.setIssueInstant(issueInstant);
    response.getAssertions().add(assertion);
    if (authReqDTO.isDoSignResponse()) {
        SAMLSSOUtil.setSignature(response, authReqDTO.getSigningAlgorithmUri(), authReqDTO.getDigestAlgorithmUri
                (), new SignKeyDataHolder(authReqDTO.getUser().getAuthenticatedSubjectIdentifier()));
    }
    return response;
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_11);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            createAndSetStatement(subjectBean, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {

    Assertion assertion = (Assertion) samlObject;

    if (Assertion.ID_ATTRIB_NAME.equals(attribute.getLocalName())) {
        assertion.setID(attribute.getValue());
    } else if (Assertion.ISSUER_ATTRIB_NAME.equals(attribute.getLocalName())) {
        assertion.setIssuer(attribute.getValue());
    } else if (Assertion.ISSUEINSTANT_ATTRIB_NAME.equals(attribute.getLocalName())
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        assertion.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (Assertion.MINORVERSION_ATTRIB_NAME.equals(attribute.getLocalName())) {
        if (attribute.getValue().equals("0")) {
            assertion.setVersion(SAMLVersion.VERSION_10);
        } else {
            assertion.setVersion(SAMLVersion.VERSION_11);
        }
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 

/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    RequestAbstractType req = (RequestAbstractType) samlObject;

    if (attribute.getLocalName().equals(RequestAbstractType.VERSION_ATTRIB_NAME)) {
        req.setVersion(SAMLVersion.valueOf(attribute.getValue()));
    } else if (attribute.getLocalName().equals(RequestAbstractType.ID_ATTRIB_NAME)) {
        req.setID(attribute.getValue());
        attribute.getOwnerElement().setIdAttributeNode(attribute, true);
    } else if (attribute.getLocalName().equals(RequestAbstractType.ISSUE_INSTANT_ATTRIB_NAME)
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        req.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (attribute.getLocalName().equals(RequestAbstractType.DESTINATION_ATTRIB_NAME)) {
        req.setDestination(attribute.getValue());
    } else if (attribute.getLocalName().equals(RequestAbstractType.CONSENT_ATTRIB_NAME)) {
        req.setConsent(attribute.getValue());
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 

/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    StatusResponseType sr = (StatusResponseType) samlObject;

    if (attribute.getLocalName().equals(StatusResponseType.VERSION_ATTRIB_NAME)) {
        sr.setVersion(SAMLVersion.valueOf(attribute.getValue()));
    } else if (attribute.getLocalName().equals(StatusResponseType.ID_ATTRIB_NAME)) {
        sr.setID(attribute.getValue());
        attribute.getOwnerElement().setIdAttributeNode(attribute, true);
    } else if (attribute.getLocalName().equals(StatusResponseType.IN_RESPONSE_TO_ATTRIB_NAME)) {
        sr.setInResponseTo(attribute.getValue());
    } else if (attribute.getLocalName().equals(StatusResponseType.ISSUE_INSTANT_ATTRIB_NAME)
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        sr.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (attribute.getLocalName().equals(StatusResponseType.DESTINATION_ATTRIB_NAME)) {
        sr.setDestination(attribute.getValue());
    } else if (attribute.getLocalName().equals(StatusResponseType.CONSENT_ATTRIB_NAME)) {
        sr.setConsent(attribute.getValue());
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 

/**
 * Build the error response
 *
 * @param inResponseToID
 * @param statusCodes
 * @param statusMsg
 * @return
 */
public Response buildResponse(String inResponseToID, List<String> statusCodes, String statusMsg,
                              String destination) throws IdentityException {
    if (statusCodes == null || statusCodes.isEmpty()) {
        throw IdentityException.error("No Status Values");
    }
    response.setIssuer(SAMLSSOUtil.getIssuer());
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = null;
    for (String statCode : statusCodes) {
        statusCode = buildStatusCode(statCode, statusCode);
    }
    status.setStatusCode(statusCode);
    buildStatusMsg(status, statusMsg);
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);
    response.setID(SAMLSSOUtil.createID());
    if (inResponseToID != null) {
        response.setInResponseTo(inResponseToID);
    }
    if (destination != null) {
        response.setDestination(destination);
    }
    response.setIssueInstant(new DateTime());
    return response;
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_11);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            createAndSetStatement(subjectBean, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_20);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

public static String generateErrorneousResponse() {
    Response response = new ResponseBuilder().buildObject();
    response.setIssuer(getIssuer());
    response.setStatus(buildStatus());
    response.setVersion(SAMLVersion.VERSION_20);
    response.setID(UIDGenerator.generateUID());

    try {
        return encode(marshall(response));
    } catch (IdentityException e) {
        if (log.isDebugEnabled()) {
            log.debug("Error while encoding.", e);
        }
        return null;
    }
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_20);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_11);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            createAndSetStatement(subjectBean, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_20);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_11);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            createAndSetStatement(subjectBean, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

public void handle(Callback[] callbacks)
    throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(SAMLVersion.VERSION_20);
            SubjectBean subjectBean = 
                new SubjectBean(
                    subjectName, subjectQualifier, confirmationMethod
                );
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
 

@Override
protected void renderMergedOutputModel(
        final Map<String, Object> model, final HttpServletRequest request, final HttpServletResponse response) throws Exception {

    response.setCharacterEncoding(this.encoding);

    final WebApplicationService service = this.samlArgumentExtractor.extractService(request);
    final String serviceId = service != null ? service.getId() : "UNKNOWN";

    try {
        final Response samlResponse = newSamlObject(Response.class);
        samlResponse.setID(generateId());
        samlResponse.setIssueInstant(new DateTime());
        samlResponse.setVersion(SAMLVersion.VERSION_11);
        samlResponse.setRecipient(serviceId);
        if (service instanceof SamlService) {
            final SamlService samlService = (SamlService) service;

            if (samlService.getRequestID() != null) {
                samlResponse.setInResponseTo(samlService.getRequestID());
            }
        }
        prepareResponse(samlResponse, model);

        final BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext();
        messageContext.setOutboundMessageTransport(new HttpServletResponseAdapter(response, request.isSecure()));
        messageContext.setOutboundSAMLMessage(samlResponse);
        this.encoder.encode(messageContext);
    } catch (final Exception e) {
        logger.error("Error generating SAML response for service {}.", serviceId);
        throw e;
    }
}
 

public static List<String> parseRolesInAssertion(Object assertion, String roleAttributeName) {
    if (((AssertionWrapper) assertion).getSamlVersion().equals(SAMLVersion.VERSION_20)) {
        return parseRolesInAssertion(((AssertionWrapper)assertion).getSaml2(), roleAttributeName);
    } else {
        return parseRolesInAssertion(((AssertionWrapper)assertion).getSaml1(), roleAttributeName);
    }
}
 

/**
 * Validates the Version attribute.
 * 
 * @param request request to validate
 * @throws ValidationException if invalid
 */
protected void validateVersion(RequestAbstractType request) throws ValidationException {
    if (request.getVersion() == null) {
        throw new ValidationException("Version attribute must not be null");
    }
    if (request.getVersion().toString() != SAMLVersion.VERSION_20.toString()) {
        throw new ValidationException("Wrong SAML Version");
    }
}
 

/**
 * Check the policy version against the received assertion
 */
private boolean checkVersion(SamlToken samlToken, AssertionWrapper assertionWrapper) {
    if ((samlToken.isUseSamlVersion11Profile10()
        || samlToken.isUseSamlVersion11Profile11())
        && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_11) {
        return false;
    } else if (samlToken.isUseSamlVersion20Profile11()
        && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_20) {
        return false;
    }
    return true;
}
 

public static List<String> parseRolesInAssertion(Object assertion, String roleAttributeName) {
    if (((AssertionWrapper) assertion).getSamlVersion().equals(SAMLVersion.VERSION_20)) {
        return parseRolesInAssertion(((AssertionWrapper)assertion).getSaml2(), roleAttributeName);
    } else {
        return parseRolesInAssertion(((AssertionWrapper)assertion).getSaml1(), roleAttributeName);
    }
}
 

/**
 * Check the policy version against the received assertion
 */
private boolean checkVersion(SamlToken samlToken, AssertionWrapper assertionWrapper) {
    if ((samlToken.isUseSamlVersion11Profile10()
        || samlToken.isUseSamlVersion11Profile11())
        && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_11) {
        return false;
    } else if (samlToken.isUseSamlVersion20Profile11()
        && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_20) {
        return false;
    }
    return true;
}
 

/**
 * Validates the Version attribute
 * 
 * @param response
 * @throws ValidationException
 */
protected void validateVersion(StatusResponse response) throws ValidationException {
    if (response.getVersion() == null)
        throw new ValidationException("Version attribute must not be null");
    if (response.getVersion().toString() != SAMLVersion.VERSION_20.toString())
        throw new ValidationException("Wrong SAML Version");
}
 

/**
 * Check the policy version against the received assertion
 */
private boolean checkVersion(SamlToken samlToken, AssertionWrapper assertionWrapper) {
    if ((samlToken.isUseSamlVersion11Profile10()
        || samlToken.isUseSamlVersion11Profile11())
        && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_11) {
        return false;
    } else if (samlToken.isUseSamlVersion20Profile11()
        && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_20) {
        return false;
    }
    return true;
}
 

/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    Assertion assertion = (Assertion) samlObject;

    if (attribute.getLocalName().equals(Assertion.VERSION_ATTRIB_NAME)) {
        assertion.setVersion(SAMLVersion.valueOf(attribute.getValue()));
    } else if (attribute.getLocalName().equals(Assertion.ISSUE_INSTANT_ATTRIB_NAME)
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        assertion.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (attribute.getLocalName().equals(Assertion.ID_ATTRIB_NAME)) {
        assertion.setID(attribute.getValue());
        attribute.getOwnerElement().setIdAttributeNode(attribute, true);
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 

/**
 * Generate an authentication request with passive support.
 *
 * @return AuthnRequest Object
 * @throws Exception
 */
public AuthnRequest buildAuthenticationRequest(String subjectName, String nameIdPolicyFormat, boolean isPassive)
        throws Exception {

    if (log.isDebugEnabled()) {
        log.debug("Building Authentication Request");
    }
    Util.doBootstrap();
    AuthnRequest authnRequest = (AuthnRequest) Util
            .buildXMLObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
    authnRequest.setID(Util.createID());
    authnRequest.setVersion(SAMLVersion.VERSION_20);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setIssuer(buildIssuer());
    authnRequest.setNameIDPolicy(buildNameIDPolicy(nameIdPolicyFormat));
    authnRequest.setIsPassive(isPassive);
    authnRequest.setDestination(Util.getIdentityProviderSSOServiceURL());
    String acs = Util.getAssertionConsumerServiceURL();
    if (acs != null && acs.trim().length() > 0) {
        authnRequest.setAssertionConsumerServiceURL(acs);
    } else {
        authnRequest.setAssertionConsumerServiceURL(CarbonUIUtil.getAdminConsoleURL("").replace("carbon/", "acs"));
    }

    if (subjectName != null) {
        Subject subject = new SubjectBuilder().buildObject();
        NameID nameId = new NameIDBuilder().buildObject();
        nameId.setValue(subjectName);
        nameId.setFormat(NameIdentifier.EMAIL);
        subject.setNameID(nameId);
        authnRequest.setSubject(subject);

    }

    Util.setSignature(authnRequest, XMLSignature.ALGO_ID_SIGNATURE_RSA, new SignKeyDataHolder());

    return authnRequest;
}
 

/**
 * Build SAML response using IdP configuration & user name
 *
 * @param ssoIdPConfigs
 * @param userName
 * @return SAML Response object
 * @throws IdentityException
 */
public Response buildSAMLResponse(SAMLSSOServiceProviderDO ssoIdPConfigs, String userName)
        throws IdentityException {
    if (log.isDebugEnabled()) {
        log.debug("Building SAML Response for the consumer '" +
                ssoIdPConfigs.getAssertionConsumerUrl() + "'");
    }
    Response response = new org.opensaml.saml2.core.impl.ResponseBuilder().buildObject();
    response.setIssuer(SAMLSSOUtil.getIssuer());
    response.setID(SAMLSSOUtil.createID());
    response.setDestination(ssoIdPConfigs.getAssertionConsumerUrl());
    response.setStatus(buildStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
    response.setVersion(SAMLVersion.VERSION_20);
    DateTime issueInstant = new DateTime();
    DateTime notOnOrAfter =
            new DateTime(issueInstant.getMillis() +
                    SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 *
                            1000);
    response.setIssueInstant(issueInstant);
    Assertion assertion = buildSAMLAssertion(ssoIdPConfigs, notOnOrAfter, userName);
    if (ssoIdPConfigs.isDoEnableEncryptedAssertion()) {
        String domainName = MultitenantUtils.getTenantDomain(userName);
        String alias = ssoIdPConfigs.getCertAlias();
        if (alias != null) {
            EncryptedAssertion encryptedAssertion =
                    SAMLSSOUtil.setEncryptedAssertion(assertion,
                            EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256,
                            alias,
                            domainName);
            response.getEncryptedAssertions().add(encryptedAssertion);
        }
    } else {
        response.getAssertions().add(assertion);
    }
    if (ssoIdPConfigs.isDoSignResponse()) {
        SAMLSSOUtil.setSignature(response, ssoIdPConfigs.getSigningAlgorithmUri(), ssoIdPConfigs
                .getDigestAlgorithmUri(), new SignKeyDataHolder(userName));
    }
    return response;
}
 

/**
 * Generate an authentication request.
 *
 * @return AuthnRequest Object
 * @throws Exception error when bootstrapping
 */
public AuthnRequest buildAuthenticationRequest(String issuerId) throws Exception {
    Util.doBootstrap();
    AuthnRequest authnRequest = (AuthnRequest) Util.buildXMLObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
    authnRequest.setID(Util.createID());
    authnRequest.setVersion(SAMLVersion.VERSION_20);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setIssuer(buildIssuer( issuerId));
    authnRequest.setNameIDPolicy(buildNameIDPolicy());
    return authnRequest;
}
 

private Response createResponse(final DateTime issueDate, Issuer issuer, Status status, Assertion assertion) {
	ResponseBuilder responseBuilder = new ResponseBuilder();
	Response response = responseBuilder.buildObject();
	response.setID(UUID.randomUUID().toString());
	response.setIssueInstant(issueDate);
	response.setVersion(SAMLVersion.VERSION_20);
	response.setIssuer(issuer);
	response.setStatus(status);
	response.getAssertions().add(assertion);
	return response;
}
 

public static AuthnRequest buildAuthnRequestObject(final String authnId, final String spId, final String idpUrl, final String consumerUrl) {
    // Issuer object
    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(spId);

    // AuthnContextClass
    AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(
            SAMLConstants.SAML20_NS,
            "AuthnContextClassRef", "saml");
    authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);

    // AuthnContext
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
    RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
    requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);

    // Creation of AuthRequestObject
    AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
    AuthnRequest authnRequest = authRequestBuilder.buildObject();
    authnRequest.setID(authnId);
    authnRequest.setDestination(idpUrl);
    authnRequest.setVersion(SAMLVersion.VERSION_20);
    authnRequest.setForceAuthn(false);
    authnRequest.setIsPassive(false);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
    authnRequest.setAssertionConsumerServiceURL(consumerUrl);
    authnRequest.setProviderName(spId);
    authnRequest.setIssuer(issuer);
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);

    return authnRequest;
}
 

public static LogoutRequest buildLogoutRequest(String logoutUrl, String spId, String nameIdString) {
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(spId);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue(nameIdString);
    LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
    logoutRequest.setID(generateSecureRandomId());
    logoutRequest.setDestination(logoutUrl);
    logoutRequest.setVersion(SAMLVersion.VERSION_20);
    logoutRequest.setIssueInstant(new DateTime());
    logoutRequest.setIssuer(issuer);
    logoutRequest.setNameID(nameID);
    return logoutRequest;
}
 

private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}