{
// generate an id for the new assertion.
String assertionID = IDGenerator.create("ID_");
// lifetime and audience restrictions.
Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
AudienceRestrictionType restriction = null;
AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
if (appliesTo != null)
restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
restriction);
// TODO: implement support for the other confirmation methods.
String confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null,
confirmationMethod, null);
// create a subject using the caller principal.
Principal principal = context.getCallerPrincipal();
String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:jboss:identity-federation", subjectName);
SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);
// TODO: add SAML statements that corresponds to the claims provided by the requester.
// create the SAML assertion.
NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
conditions, subject, null);
// convert the constructed assertion to element.
Element assertionElement = null;
try