org.opensaml.saml.saml2.core.NameIDPolicy Java Examples
The following examples show how to use
org.opensaml.saml.saml2.core.NameIDPolicy.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SamlClient.java From saml-client with MIT License | 6 votes |
|
/**
* Builds an encoded SAML request.
*
* @return The base-64 encoded SAML request.
* @throws SamlException thrown if an unexpected error occurs.
*/
public String getSamlRequest() throws SamlException {
AuthnRequest request = (AuthnRequest) getBasicSamlRequest(AuthnRequest.DEFAULT_ELEMENT_NAME);
request.setProtocolBinding(
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-" + this.samlBinding.toString());
request.setDestination(identityProviderUrl);
request.setAssertionConsumerServiceURL(assertionConsumerServiceUrl);
NameIDPolicy nameIDPolicy = (NameIDPolicy) buildSamlObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
request.setNameIDPolicy(nameIDPolicy);
signSAMLObject(request);
return marshallAndEncodeSamlObject(request);
}
Example #2
| Source File: SamlpRequestComponentBuilder.java From cxf with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
public static NameIDPolicy createNameIDPolicy(
boolean allowCreate,
String format,
String spNameQualifier
) {
if (nameIDBuilder == null) {
nameIDBuilder = (SAMLObjectBuilder<NameIDPolicy>)
builderFactory.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
}
NameIDPolicy nameId = nameIDBuilder.buildObject();
nameId.setAllowCreate(allowCreate);
nameId.setFormat(format);
nameId.setSPNameQualifier(spNameQualifier);
return nameId;
}
Example #3
| Source File: SamlpRequestComponentBuilder.java From cxf-fediz with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
public static NameIDPolicy createNameIDPolicy(
boolean allowCreate,
String format,
String spNameQualifier
) {
if (nameIDBuilder == null) {
nameIDBuilder = (SAMLObjectBuilder<NameIDPolicy>)
builderFactory.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
}
NameIDPolicy nameId = nameIDBuilder.buildObject();
nameId.setAllowCreate(allowCreate);
nameId.setFormat(format);
nameId.setSPNameQualifier(spNameQualifier);
return nameId;
}
Example #4
| Source File: Util.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
/**
* Build NameIDPolicy object given name ID policy format
*
* @param nameIdPolicy Name ID policy format
* @return SAML NameIDPolicy object
*/
public static NameIDPolicy buildNameIDPolicy(String nameIdPolicy) {
NameIDPolicy nameIDPolicyObj = new NameIDPolicyBuilder().buildObject();
if (!StringUtils.isEmpty(nameIdPolicy)) {
nameIDPolicyObj.setFormat(nameIdPolicy);
} else {
nameIDPolicyObj.setFormat(SSOConstants.NAME_ID_POLICY_DEFAULT);
}
nameIDPolicyObj.setAllowCreate(true);
return nameIDPolicyObj;
}
Example #5
| Source File: SamlpRequestComponentBuilder.java From cxf with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
//CHECKSTYLE:OFF
public static AuthnRequest createAuthnRequest(
String serviceURL,
boolean forceAuthn,
boolean isPassive,
String protocolBinding,
SAMLVersion version,
Issuer issuer,
NameIDPolicy nameIDPolicy,
RequestedAuthnContext requestedAuthnCtx
) {
//CHECKSTYLE:ON
if (authnRequestBuilder == null) {
authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>)
builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
}
AuthnRequest authnRequest = authnRequestBuilder.buildObject();
authnRequest.setAssertionConsumerServiceURL(serviceURL);
authnRequest.setForceAuthn(forceAuthn);
authnRequest.setID("_" + UUID.randomUUID());
authnRequest.setIsPassive(isPassive);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setProtocolBinding(protocolBinding);
authnRequest.setVersion(version);
authnRequest.setIssuer(issuer);
authnRequest.setNameIDPolicy(nameIDPolicy);
authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
return authnRequest;
}
Example #6
| Source File: DefaultAuthnRequestBuilder.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(
Message message,
String issuerId,
String assertionConsumerServiceAddress
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(
assertionConsumerServiceAddress,
forceAuthn,
isPassive,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
}
Example #7
| Source File: AuthnRequestBuilderTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
Document doc = DOMUtils.createDocument();
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer"
);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
AuthnRequest authnRequest =
SamlpRequestComponentBuilder.createAuthnRequest(
"http://localhost:9001/sso", false, false,
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20,
issuer, nameIDPolicy, authnCtx
);
Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
doc.appendChild(policyElement);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
Example #8
| Source File: SamlpRequestComponentBuilder.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
//CHECKSTYLE:OFF
public static AuthnRequest createAuthnRequest(
String serviceURL,
boolean forceAuthn,
boolean isPassive,
String protocolBinding,
SAMLVersion version,
Issuer issuer,
NameIDPolicy nameIDPolicy,
RequestedAuthnContext requestedAuthnCtx
) {
//CHECKSTYLE:ON
if (authnRequestBuilder == null) {
authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>)
builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
}
AuthnRequest authnRequest = authnRequestBuilder.buildObject();
authnRequest.setAssertionConsumerServiceURL(serviceURL);
authnRequest.setForceAuthn(forceAuthn);
authnRequest.setID("_" + UUID.randomUUID().toString());
authnRequest.setIsPassive(isPassive);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setProtocolBinding(protocolBinding);
authnRequest.setVersion(version);
authnRequest.setIssuer(issuer);
authnRequest.setNameIDPolicy(nameIDPolicy);
authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
return authnRequest;
}
Example #9
| Source File: DefaultSAMLPRequestBuilder.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(
String issuerId,
String assertionConsumerServiceAddress
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, nameIDFormat, issuerId
);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(
assertionConsumerServiceAddress,
forceAuthn,
isPassive,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
}
Example #10
| Source File: CustomSAMLPRequestBuilder.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(
String issuerId,
String assertionConsumerServiceAddress
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", issuerId
);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(
assertionConsumerServiceAddress,
forceAuthn,
isPassive,
protocolBinding,
SAMLVersion.VERSION_11,
issuer,
nameIDPolicy,
authnCtx
);
}
Example #11
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testBadIssuerFormat() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
String issuerId = "urn:org:apache:cxf:fediz:fedizhelloworld";
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
issuer.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest(
consumerURL,
false,
false,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
