Java Code Examples for org.opensaml.saml2.core.Response#setIssueInstant()

The following examples show how to use org.opensaml.saml2.core.Response#setIssueInstant() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultResponseBuilder.java    From carbon-identity with Apache License 2.0 7 votes vote down vote up
public Response buildResponse(SAMLSSOAuthnReqDTO authReqDTO, Assertion assertion)
        throws IdentityException {

    if (log.isDebugEnabled()) {
        log.debug("Building SAML Response for the consumer '"
                + authReqDTO.getAssertionConsumerURL() + "'");
    }
    Response response = new org.opensaml.saml2.core.impl.ResponseBuilder().buildObject();
    response.setIssuer(SAMLSSOUtil.getIssuer());
    response.setID(SAMLSSOUtil.createID());
    response.setInResponseTo(authReqDTO.getId());
    response.setDestination(authReqDTO.getAssertionConsumerURL());
    response.setStatus(buildStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
    response.setVersion(SAMLVersion.VERSION_20);
    DateTime issueInstant = new DateTime();
    response.setIssueInstant(issueInstant);
    response.getAssertions().add(assertion);
    if (authReqDTO.isDoSignResponse()) {
        SAMLSSOUtil.setSignature(response, authReqDTO.getSigningAlgorithmUri(), authReqDTO.getDigestAlgorithmUri
                (), new SignKeyDataHolder(authReqDTO.getUser().getAuthenticatedSubjectIdentifier()));
    }
    return response;
}
 
Example 2
Source File: SAMLResponseBuilder.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Build SAML response using IdP configuration & user name
 *
 * @param ssoIdPConfigs
 * @param userName
 * @return SAML Response object
 * @throws IdentityException
 */
public Response buildSAMLResponse(SAMLSSOServiceProviderDO ssoIdPConfigs, String userName)
        throws IdentityException {
    if (log.isDebugEnabled()) {
        log.debug("Building SAML Response for the consumer '" +
                ssoIdPConfigs.getAssertionConsumerUrl() + "'");
    }
    Response response = new org.opensaml.saml2.core.impl.ResponseBuilder().buildObject();
    response.setIssuer(SAMLSSOUtil.getIssuer());
    response.setID(SAMLSSOUtil.createID());
    response.setDestination(ssoIdPConfigs.getAssertionConsumerUrl());
    response.setStatus(buildStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
    response.setVersion(SAMLVersion.VERSION_20);
    DateTime issueInstant = new DateTime();
    DateTime notOnOrAfter =
            new DateTime(issueInstant.getMillis() +
                    SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 *
                            1000);
    response.setIssueInstant(issueInstant);
    Assertion assertion = buildSAMLAssertion(ssoIdPConfigs, notOnOrAfter, userName);
    if (ssoIdPConfigs.isDoEnableEncryptedAssertion()) {
        String domainName = MultitenantUtils.getTenantDomain(userName);
        String alias = ssoIdPConfigs.getCertAlias();
        if (alias != null) {
            EncryptedAssertion encryptedAssertion =
                    SAMLSSOUtil.setEncryptedAssertion(assertion,
                            EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256,
                            alias,
                            domainName);
            response.getEncryptedAssertions().add(encryptedAssertion);
        }
    } else {
        response.getAssertions().add(assertion);
    }
    if (ssoIdPConfigs.isDoSignResponse()) {
        SAMLSSOUtil.setSignature(response, ssoIdPConfigs.getSigningAlgorithmUri(), ssoIdPConfigs
                .getDigestAlgorithmUri(), new SignKeyDataHolder(userName));
    }
    return response;
}
 
Example 3
Source File: SamlAssertionProducer.java    From saml-generator with Apache License 2.0 5 votes vote down vote up
private Response createResponse(final DateTime issueDate, Issuer issuer, Status status, Assertion assertion) {
	ResponseBuilder responseBuilder = new ResponseBuilder();
	Response response = responseBuilder.buildObject();
	response.setID(UUID.randomUUID().toString());
	response.setIssueInstant(issueDate);
	response.setVersion(SAMLVersion.VERSION_20);
	response.setIssuer(issuer);
	response.setStatus(status);
	response.getAssertions().add(assertion);
	return response;
}
 
Example 4
Source File: SAML2LoginAPIAuthenticatorCmdTest.java    From cloudstack with Apache License 2.0 5 votes vote down vote up
private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}
 
Example 5
Source File: AuthnResponseGenerator.java    From MaxKey with Apache License 2.0 4 votes vote down vote up
public Response generateAuthnResponse(  AppsSAML20Details saml20Details,
										AuthnRequestInfo authnRequestInfo,
										HashMap<String,String>attributeMap, 
										BindingAdapter bindingAdapter){
	
	Response authResponse = new ResponseBuilder().buildObject();
	//builder Assertion
	Assertion assertion = assertionGenerator.generateAssertion( 
										saml20Details,
										bindingAdapter,
										saml20Details.getSpAcsUrl(),
										authnRequestInfo.getAuthnRequestID(),
										saml20Details.getAudience(),
										Integer.parseInt(saml20Details.getValidityInterval()), 
										attributeMap);
	
	//Encrypt 
	if(Boolean.isTrue(saml20Details.getEncrypted())) {
		logger.info("begin to encrypt assertion");
		try {
			// Assume this contains a recipient's RSA public
			EncryptionParameters encryptionParameters = new EncryptionParameters();
			encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			logger.info("encryption assertion Algorithm : "+EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
			keyEncryptionParameters.setEncryptionCredential(bindingAdapter.getSpSigningCredential());
			// kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
			keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			logger.info("keyEncryption  Algorithm : "+EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			KeyInfoGeneratorFactory keyInfoGeneratorFactory = Configuration
													.getGlobalSecurityConfiguration()
													.getKeyInfoGeneratorManager().getDefaultManager()
													.getFactory(bindingAdapter.getSpSigningCredential());
			keyEncryptionParameters.setKeyInfoGenerator(keyInfoGeneratorFactory.newInstance());
			Encrypter encrypter = new Encrypter(encryptionParameters, keyEncryptionParameters);
			encrypter.setKeyPlacement(KeyPlacement.PEER);
			EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion);
			authResponse.getEncryptedAssertions().add(encryptedAssertion);
		}catch(Exception e) {
			logger.info("Unable to encrypt assertion .",e);
		}
	}else { 
		authResponse.getAssertions().add(assertion);
	}
	
	authResponse.setIssuer(issuerGenerator.generateIssuer());
	authResponse.setID(idService.generateID());
	authResponse.setIssueInstant(timeService.getCurrentDateTime());
	authResponse.setInResponseTo(authnRequestInfo.getAuthnRequestID());
	authResponse.setDestination(saml20Details.getSpAcsUrl());
	authResponse.setStatus(statusGenerator.generateStatus(StatusCode.SUCCESS_URI));
	logger.debug("authResponse.isSigned "+authResponse.isSigned());
	return authResponse;
}
 
Example 6
Source File: DefaultResponseBuilder.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
@Override
public Response buildResponse(SAMLSSOAuthnReqDTO authReqDTO, String sessionId)
        throws IdentityException {

    if (log.isDebugEnabled()) {
        log.debug("Building SAML Response for the consumer '"
                + authReqDTO.getAssertionConsumerURL() + "'");
    }
    Response response = new org.opensaml.saml2.core.impl.ResponseBuilder().buildObject();
    response.setIssuer(SAMLSSOUtil.getIssuer());
    response.setID(SAMLSSOUtil.createID());
    if (!authReqDTO.isIdPInitSSOEnabled()) {
        response.setInResponseTo(authReqDTO.getId());
    }
    response.setDestination(authReqDTO.getAssertionConsumerURL());
    response.setStatus(buildStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
    response.setVersion(SAMLVersion.VERSION_20);
    DateTime issueInstant = new DateTime();
    DateTime notOnOrAfter = new DateTime(issueInstant.getMillis()
            + SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 * 1000L);
    response.setIssueInstant(issueInstant);
    Assertion assertion = SAMLSSOUtil.buildSAMLAssertion(authReqDTO, notOnOrAfter, sessionId);

    if (authReqDTO.isDoEnableEncryptedAssertion()) {

        String domainName = authReqDTO.getTenantDomain();
        String alias = authReqDTO.getCertAlias();
        if (alias != null) {
            EncryptedAssertion encryptedAssertion = SAMLSSOUtil.setEncryptedAssertion(assertion,
                    EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, alias, domainName);
            response.getEncryptedAssertions().add(encryptedAssertion);
        }
    } else {
        response.getAssertions().add(assertion);
    }

    if (authReqDTO.isDoSignResponse()) {
        SAMLSSOUtil.setSignature(response, authReqDTO.getSigningAlgorithmUri(), authReqDTO.getDigestAlgorithmUri
                (), new SignKeyDataHolder(authReqDTO.getUser().getAuthenticatedSubjectIdentifier()));
    }
    return response;
}