org.opensaml.saml.saml2.core.AuthnContext Java Examples

The following examples show how to use org.opensaml.saml.saml2.core.AuthnContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MockSamlIdpServer.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up 
private AuthnContext createAuthnCotext() {
    AuthnContext authnContext = createSamlElement(AuthnContext.class);
    AuthnContextClassRef authnContextClassRef = createSamlElement(AuthnContextClassRef.class);
    authnContextClassRef.setAuthnContextClassRef(AuthnContext.UNSPECIFIED_AUTHN_CTX);
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    return authnContext;
}
Example #2
Source File: GoogleAccountsService.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up 
/**
 * Construct SAML response.
 * <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
 * @return the SAML response
 */
private String constructSamlResponse() {
    final DateTime currentDateTime = DateTime.parse(new ISOStandardDateFormat().getCurrentDateAndTime());
    final DateTime notBeforeIssueInstant = DateTime.parse("2003-04-17T00:46:02Z");

    final RegisteredService svc = this.servicesManager.findServiceBy(this);
    final String userId = svc.getUsernameAttributeProvider().resolveUsername(getPrincipal(), this);

    final org.opensaml.saml.saml2.core.Response response = BUILDER.newResponse(
            BUILDER.generateSecureRandomId(),
            currentDateTime,
            getId(), this);
    response.setStatus(BUILDER.newStatus(StatusCode.SUCCESS, null));

    final AuthnStatement authnStatement = BUILDER.newAuthnStatement(
            AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime);
    final Assertion assertion = BUILDER.newAssertion(authnStatement,
            "https://www.opensaml.org/IDP",
            notBeforeIssueInstant, BUILDER.generateSecureRandomId());

    final Conditions conditions = BUILDER.newConditions(notBeforeIssueInstant,
            currentDateTime, getId());
    assertion.setConditions(conditions);

    final Subject subject = BUILDER.newSubject(NameID.EMAIL, userId,
            getId(), currentDateTime, this.requestId);
    assertion.setSubject(subject);

    response.getAssertions().add(assertion);

    final StringWriter writer = new StringWriter();
    BUILDER.marshalSamlXmlObject(response, writer);

    final String result = writer.toString();
    logger.debug("Generated Google SAML response: {}", result);
    return result;
}
Example #3
Source File: AbstractSaml20ObjectBuilder.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up 
/**
 * New authn statement.
 *
 * @param contextClassRef the context class ref such as {@link AuthnContext#PASSWORD_AUTHN_CTX}
 * @param authnInstant the authn instant
 * @return the authn statement
 */
public AuthnStatement newAuthnStatement(final String contextClassRef, final DateTime authnInstant) {
    final AuthnStatement stmt = newSamlObject(AuthnStatement.class);
    final AuthnContext ctx = newSamlObject(AuthnContext.class);

    final AuthnContextClassRef classRef = newSamlObject(AuthnContextClassRef.class);
    classRef.setAuthnContextClassRef(contextClassRef);

    ctx.setAuthnContextClassRef(classRef);
    stmt.setAuthnContext(ctx);
    stmt.setAuthnInstant(authnInstant);

    return stmt;
}
Example #4
Source File: IdentityAssertionTranslator.java    From verify-service-provider with MIT License 5 votes vote down vote up 
TranslatedNonMatchingResponseBody translateAssertion(
        Assertion assertion,
        LevelOfAssurance levelOfAssurance,
        Optional<uk.gov.ida.saml.core.domain.AuthnContext> authnContext) {
    final String nameID = getNameIdFrom(assertion);
    final String issuerID = assertion.getIssuer().getValue();
    final String hashId = userIdHashFactory.hashId(issuerID, nameID, authnContext);
    final NonMatchingAttributes attributes = translateAttributes(assertion);

    return new TranslatedNonMatchingResponseBody(IDENTITY_VERIFIED, hashId, levelOfAssurance, attributes);
}
Example #5
Source File: IdentityAssertionTranslator.java    From verify-service-provider with MIT License 5 votes vote down vote up 
String extractLevelOfAssuranceUriFrom(Assertion assertion) {
    AuthnStatement authnStatement = getAuthnStatementFrom(assertion);
    return ofNullable(authnStatement.getAuthnContext())
            .map(AuthnContext::getAuthnContextClassRef)
            .map(AuthnContextClassRef::getAuthnContextClassRef)
            .orElseThrow(() -> new SamlResponseValidationException("Expected a level of assurance."));
}
Example #6
Source File: MatchingAssertionTranslator.java    From verify-service-provider with MIT License 5 votes vote down vote up 
private LevelOfAssurance extractLevelOfAssurance(AuthnStatement authnStatement) {
    String levelOfAssuranceString = ofNullable(authnStatement.getAuthnContext())
        .map(AuthnContext::getAuthnContextClassRef)
        .map(AuthnContextClassRef::getAuthnContextClassRef)
        .orElseThrow(() -> new SamlResponseValidationException("Expected a level of assurance."));

    try {
        return LevelOfAssurance.fromSamlValue(levelOfAssuranceString);
    } catch (Exception ex) {
        throw new SamlResponseValidationException(String.format("Level of assurance '%s' is not supported.", levelOfAssuranceString));
    }
}
Example #7
Source File: DefaultRequestedAuthnContextProvider.java    From syncope with Apache License 2.0 5 votes vote down vote up 
@Override
public RequestedAuthnContext provide() {
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
    RequestedAuthnContext requestedAuthnContext = new RequestedAuthnContextBuilder().buildObject();
    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
    requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);

    return requestedAuthnContext;
}
Example #8
Source File: CasDuoSecurityRefedsAuthnMethodTranslator.java    From shib-cas-authn3 with Apache License 2.0 4 votes vote down vote up 
@Override
public void doTranslation(final HttpServletRequest request, final HttpServletResponse response, final Assertion assertion, final String authenticationKey) throws Exception {

    final ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(authenticationKey, request);
    final AuthenticationContext authnContext = prc.getSubcontext(AuthenticationContext.class, true);
    if (authnContext == null) {
        logger.debug("No authentication context is available");
        return;
    }
    final RequestedPrincipalContext principalCtx = authnContext.getSubcontext(RequestedPrincipalContext.class, true);
    if (principalCtx == null || principalCtx.getRequestedPrincipals().isEmpty()) {
        logger.debug("No requested principal context is available in the authentication context; Overriding class to {}", AuthnContext.PPT_AUTHN_CTX);
        overrideAuthnContextClass(AuthnContext.PPT_AUTHN_CTX, request, authenticationKey);
        return;
    }

    final Principal principal = new AuthnContextClassRefPrincipal(REFEDS);
    final Principal attribute = principalCtx.getRequestedPrincipals().stream().filter(p -> p.equals(principal)).findFirst().orElse(null);
    if (attribute == null) {
        logger.debug("No authn context class ref principal is found in the requested principals; overriding to {}", AuthnContext.PPT_AUTHN_CTX);
        overrideAuthnContextClass(AuthnContext.PPT_AUTHN_CTX, request, authenticationKey);
        return;
    }
    final String authnMethod = attribute.getName();
    logger.debug("Requested authn method provided by IdP is {}", authnMethod);
    if (!assertion.getPrincipal().getAttributes().containsKey("authnContextClass")) {
        logger.debug("No authentication context class is provided by CAS; Overriding context class to {}", AuthnContext.PPT_AUTHN_CTX);
        overrideAuthnContextClass(AuthnContext.PPT_AUTHN_CTX, request, authenticationKey);
        return;
    }

    final Object clazz = assertion.getPrincipal().getAttributes().get("authnContextClass");
    logger.debug("Located asserted authentication context class [{}]", clazz);

    if (clazz.equals("mfa-duo")) {
        overrideAuthnContextClass(REFEDS, request, authenticationKey);
        logger.info("Validation payload successfully asserts the authentication context class for mfa-duo; Context class is set to {}", REFEDS);
        return;
    }
    logger.debug("Authentication context class [{}] provided by CAS is not one by Duo Security. "
        + "The requested authentication method to be used shall be {} and is left unmodified", clazz, authnMethod);
    overrideAuthnContextClass(clazz.toString(), request, authenticationKey);
}
Example #9
Source File: CasDuoSecurityRefedsAuthnMethodTranslator.java    From shib-cas-authn3 with Apache License 2.0 4 votes vote down vote up 
@Override
public void doTranslation(final HttpServletRequest request, final HttpServletResponse response, final Assertion assertion, final String authenticationKey) throws Exception {

    final ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(authenticationKey, request);
    final AuthenticationContext authnContext = prc.getSubcontext(AuthenticationContext.class, true);
    if (authnContext == null) {
        logger.debug("No authentication context is available");
        return;
    }
    final RequestedPrincipalContext principalCtx = authnContext.getSubcontext(RequestedPrincipalContext.class, true);
    if (principalCtx == null || principalCtx.getRequestedPrincipals().isEmpty()) {
        logger.debug("No requested principal context is available in the authentication context; Overriding class to {}", AuthnContext.PPT_AUTHN_CTX);
        overrideAuthnContextClass(AuthnContext.PPT_AUTHN_CTX, request, authenticationKey);
        return;
    }

    final Principal principal = new AuthnContextClassRefPrincipal(REFEDS);
    final Principal attribute = principalCtx.getRequestedPrincipals().stream().filter(p -> p.equals(principal)).findFirst().orElse(null);
    if (attribute == null) {
        logger.debug("No authn context class ref principal is found in the requested principals; overriding to {}", AuthnContext.PPT_AUTHN_CTX);
        overrideAuthnContextClass(AuthnContext.PPT_AUTHN_CTX, request, authenticationKey);
        return;
    }
    final String authnMethod = attribute.getName();
    logger.debug("Requested authn method provided by IdP is {}", authnMethod);
    if (!assertion.getPrincipal().getAttributes().containsKey("authnContextClass")) {
        logger.debug("No authentication context class is provided by CAS; Overriding context class to {}", AuthnContext.PPT_AUTHN_CTX);
        overrideAuthnContextClass(AuthnContext.PPT_AUTHN_CTX, request, authenticationKey);
        return;
    }

    final Object clazz = assertion.getPrincipal().getAttributes().get("authnContextClass");
    logger.debug("Located asserted authentication context class [{}]", clazz);

    if (clazz.equals("mfa-duo")) {
        overrideAuthnContextClass(REFEDS, request, authenticationKey);
        logger.info("Validation payload successfully asserts the authentication context class for mfa-duo; Context class is set to {}", REFEDS);
        return;
    }
    logger.debug("Authentication context class [{}] provided by CAS is not one by Duo Security. "
        + "The requested authentication method to be used shall be {} and is left unmodified", clazz, authnMethod);
    overrideAuthnContextClass(clazz.toString(), request, authenticationKey);
}