org.opensaml.saml.saml2.core.impl.IssuerBuilder Java Examples
The following examples show how to use
org.opensaml.saml.saml2.core.impl.IssuerBuilder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AuthnRequestFactory.java From verify-service-provider with MIT License | 6 votes |
|
public AuthnRequest build(String serviceEntityId) {
AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
authnRequest.setID(String.format("_%s", UUID.randomUUID()));
authnRequest.setIssueInstant(DateTime.now());
authnRequest.setForceAuthn(false);
authnRequest.setDestination(destination.toString());
authnRequest.setExtensions(createExtensions());
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(serviceEntityId);
authnRequest.setIssuer(issuer);
authnRequest.setSignature(createSignature());
try {
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest);
Signer.signObject(authnRequest.getSignature());
} catch (SignatureException | MarshallingException e) {
throw new SAMLRuntimeException("Unknown problem while signing SAML object", e);
}
return authnRequest;
}
Example #2
| Source File: LogoutRequestBuilder.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
/**
* Build the logout request
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
*/
public LogoutRequest buildLogoutRequest(String subject,String sessionIndexId, String reason,
String issuerId, String nameIdFormat) {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexId);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
return logoutReq;
}
Example #3
| Source File: LogoutRequestBuilder.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
/**
* Overload Logout request for sessionIndexId is not exist case
*
* @param subject Subject
* @param reason Reason for logout
* @param issuerId id of issuer
* @return SAML logout request
*/
public LogoutRequest buildLogoutRequest(String subject, String reason,
String issuerId, String nameIdFormat) {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
logoutReq.setReason(reason);
return logoutReq;
}
Example #4
| Source File: GenerateAuthnRequestResourceTest.java From verify-service-provider with MIT License | 5 votes |
|
@Before
public void mockAuthnRequestFactory() {
authnRequest = new AuthnRequestBuilder().buildObject();
authnRequest.setID(TEST_REQUEST_ID);
authnRequest.setDestination(TEST_DESTINATION);
authnRequest.setIssueInstant(DateTime.parse(TEST_ISSUE_INSTANT));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(TEST_ISSUER);
authnRequest.setIssuer(issuer);
reset(authnRequestFactory);
}
Example #5
| Source File: WSXACMLMessageReceiver.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Create the issuer object to be added
*
* @return : the issuer of the statements
*/
private static Issuer createIssuer() {
IssuerBuilder issuer = (IssuerBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().
getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
Issuer issuerObject = issuer.buildObject();
issuerObject.setValue("https://identity.carbon.wso2.org");
issuerObject.setSPProvidedID("SPPProvierId");
return issuerObject;
}
Example #6
| Source File: LogoutRequestBuilder.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
/**
* Build the logout request
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
*/
public LogoutRequest buildSignedLogoutRequest(String subject,String sessionIndexId, String reason,
String issuerId, int tenantId, String tenantDomain, String destination, String nameIdFormat)
throws SSOHostObjectException {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexId);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
logoutReq.setDestination(destination);
SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
setSignature(logoutReq, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentCarbonX509Credential));
return logoutReq;
}
Example #7
| Source File: LogoutRequestBuilder.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
/**
* Overload Logout request for sessionIndexId is not exist case
*
* @param subject Subject
* @param reason Reason for logout
* @param issuerId id of issuer
* @return Signed SAML logout request
*/
public LogoutRequest buildSignedLogoutRequest(String subject, String reason,
String issuerId, int tenantId, String tenantDomain, String destination, String nameIdFormat)
throws SSOHostObjectException {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
logoutReq.setReason(reason);
logoutReq.setDestination(destination);
SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
setSignature(logoutReq, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentCarbonX509Credential));
return logoutReq;
}
Example #8
| Source File: AuthReqBuilder.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
/**
* Build the issuer object
*
* @return Issuer object
*/
private static Issuer buildIssuer(String issuerId) {
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
return issuer;
}
Example #9
| Source File: SAML2SPLogic.java From syncope with Apache License 2.0 | 4 votes |
|
@PreAuthorize("isAuthenticated() and not(hasRole('" + IdRepoEntitlement.ANONYMOUS + "'))")
public SAML2RequestTO createLogoutRequest(final String accessToken, final String spEntityID) {
check();
// 1. fetch the current JWT used for Syncope authentication
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken);
if (!consumer.verifySignatureWith(jwsSignatureVerifier)) {
throw new IllegalArgumentException("Invalid signature found in Access Token");
}
// 2. look for IdP
String idpEntityID = (String) consumer.getJwtClaims().getClaim(JWT_CLAIM_IDP_ENTITYID);
if (idpEntityID == null) {
throw new NotFoundException("No SAML 2.0 IdP information found in the access token");
}
SAML2IdPEntity idp = cache.get(idpEntityID);
if (idp == null) {
throw new NotFoundException("SAML 2.0 IdP '" + idpEntityID + '\'');
}
if (idp.getSLOLocation(idp.getBindingType()) == null) {
throw new IllegalArgumentException("No SingleLogoutService available for " + idp.getId());
}
// 3. create LogoutRequest
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
logoutRequest.setID('_' + SecureRandomUtils.generateRandomUUID().toString());
logoutRequest.setDestination(idp.getSLOLocation(idp.getBindingType()).getLocation());
DateTime now = new DateTime();
logoutRequest.setIssueInstant(now);
logoutRequest.setNotOnOrAfter(now.plusMinutes(5));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(spEntityID);
logoutRequest.setIssuer(issuer);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setFormat((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_FORMAT));
nameID.setValue((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_VALUE));
logoutRequest.setNameID(nameID);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_SESSIONINDEX));
logoutRequest.getSessionIndexes().add(sessionIndex);
SAML2RequestTO requestTO = new SAML2RequestTO();
requestTO.setIdpServiceAddress(logoutRequest.getDestination());
requestTO.setBindingType(idp.getBindingType());
try {
// 3. generate relay state as JWT
Map<String, Object> claims = new HashMap<>();
claims.put(JWT_CLAIM_IDP_DEFLATE,
idp.getBindingType() == SAML2BindingType.REDIRECT ? true : idp.isUseDeflateEncoding());
Pair<String, Date> relayState = accessTokenDataBinder.generateJWT(
SecureRandomUtils.generateRandomUUID().toString(),
logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims);
requestTO.setRelayState(relayState.getLeft());
// 4. sign and encode AuthnRequest
switch (idp.getBindingType()) {
case REDIRECT:
requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, true));
requestTO.setSignAlg(saml2rw.getSigAlgo());
requestTO.setSignature(saml2rw.sign(requestTO.getContent(), requestTO.getRelayState()));
break;
case POST:
default:
saml2rw.sign(logoutRequest);
requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, idp.isUseDeflateEncoding()));
}
} catch (Exception e) {
LOG.error("While generating LogoutRequest", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
return requestTO;
}
