Examples of org.jboss.identity.federation.saml.v2.SAML2Object

• org.picketlink.identity.federation.saml.v2.SAML2Object
  Marker Interface @author Anil.Saldhana@redhat.com @since Sep 17, 2009

      if(request == null)
         throw new IllegalArgumentException("request is null");
      if(responseType == null)
         throw new IllegalArgumentException("response type is null");

      StatusType statusType = responseType.getStatus();
      if(statusType == null)
         throw new IllegalArgumentException("Status Type from the IDP is null");

      String statusValue = statusType.getStatusCode().getValue();
      if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
         throw new SecurityException("IDP forbid the user");

      List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
      if(assertions.size() == 0)

                event.event(EventType.LOGIN);
                event.error(Errors.INVALID_TOKEN);
                return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid Request");
            }

            SAML2Object samlObject = documentHolder.getSamlObject();

            RequestAbstractType requestAbstractType = (RequestAbstractType)samlObject;
            String issuer = requestAbstractType.getIssuer().getValue();
            ClientModel client = realm.findClient(issuer);

        Document samlDocument = DocumentUtil.getDocument(is);

        SAMLParser samlParser = new SAMLParser();
        JAXPValidationUtil.checkSchemaValidation(samlDocument);
        SAML2Object requestType = (SAML2Object) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));

        samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
        return requestType;
    }

            if (isNotNull(relayState))
                session.removeAttribute(GeneralConstants.RELAY_STATE);

            SAMLDocumentHolder samlDocumentHolder = null;
            SAML2Object samlObject = null;
            String destination = null;
            Document samlResponse = null;

            if (samlResponseMessage != null) {
                StatusResponseType statusResponseType = null;
                try {
                    samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
                    samlObject = samlDocumentHolder.getSamlObject();

                    boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
                    boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
                            samlResponseMessage, null), isPost);

                    if (!isValid)
                        throw new GeneralSecurityException("Validation check failed");

                    String issuer = null;
                    IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
                    ProtocolContext protocolContext = new HTTPContext(request, response, context);
                    // Create the request/response
                    SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
                            idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);

                    saml2HandlerRequest.setRelayState(relayState);

                    SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();

                    Set<SAML2Handler> handlers = chain.handlers();

                    if (samlObject instanceof StatusResponseType) {
                        statusResponseType = (StatusResponseType) samlObject;
                        issuer = statusResponseType.getIssuer().getValue();
                        webRequestUtil.isTrusted(issuer);

                        if (handlers != null) {
                            for (SAML2Handler handler : handlers) {
                                handler.reset();
                                handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
                                willSendRequest = saml2HandlerResponse.getSendRequest();
                            }
                        }
                    } else
                        throw new RuntimeException(ErrorCodes.UNSUPPORTED_TYPE + "Unknown type:"
                                + samlObject.getClass().getName());

                    samlResponse = saml2HandlerResponse.getResultingDocument();
                    relayState = saml2HandlerResponse.getRelayState();

                    destination = saml2HandlerResponse.getDestination();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }

            } else
            // Send valid saml response after processing the request
            if (samlRequestMessage != null) {
                // Get the SAML Request Message
                RequestAbstractType requestAbstractType = null;

                try {
                    samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
                    samlObject = samlDocumentHolder.getSamlObject();

                    boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
                    boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
                            samlRequestMessage, null), isPost);

                    if (!isValid)
                        throw new GeneralSecurityException(ErrorCodes.VALIDATION_CHECK_FAILED + "Validation check failed");

                    String issuer = null;
                    IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
                    ProtocolContext protocolContext = new HTTPContext(request, response, context);
                    // Create the request/response
                    SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
                            idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
                    saml2HandlerRequest.setRelayState(relayState);

                    // Set the options on the handler request
                    Map<String, Object> requestOptions = new HashMap<String, Object>();
                    requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
                    requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);

                    Map<String, Object> attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys);
                    requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);

                    saml2HandlerRequest.setOptions(requestOptions);

                    List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID);
                    if (roles == null) {
                        roles = roleGenerator.generateRoles(userPrincipal);
                        session.setAttribute(GeneralConstants.ROLES_ID, roles);
                    }

                    SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();

                    Set<SAML2Handler> handlers = chain.handlers();

                    if (samlObject instanceof RequestAbstractType) {
                        requestAbstractType = (RequestAbstractType) samlObject;
                        issuer = requestAbstractType.getIssuer().getValue();
                        webRequestUtil.isTrusted(issuer);

                        if (handlers != null) {
                            for (SAML2Handler handler : handlers) {
                                handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
                                willSendRequest = saml2HandlerResponse.getSendRequest();
                            }
                        }
                    } else
                        throw new RuntimeException(ErrorCodes.UNSUPPORTED_TYPE + "Unknown type:"
                                + samlObject.getClass().getName());

                    samlResponse = saml2HandlerResponse.getResultingDocument();
                    relayState = saml2HandlerResponse.getRelayState();

                    destination = saml2HandlerResponse.getDestination();

     */
    public boolean process(String samlRequest, HTTPContext httpContext, Set<SAML2Handler> handlers, Lock chainLock)
            throws ProcessingException, IOException, ParsingException, ConfigurationException {
        SAML2Request saml2Request = new SAML2Request();
        SAML2HandlerResponse saml2HandlerResponse = null;
        SAML2Object samlObject = null;
        SAMLDocumentHolder documentHolder = null;

        if (this.postBinding) {
            // we got a logout request from IDP
            InputStream is = PostBindingUtil.base64DecodeAsStream(samlRequest);

    @Test
    public void parseADFSClaims() throws Exception {
        ClassLoader tcl = Thread.currentThread().getContextClassLoader();
        InputStream configStream = tcl.getResourceAsStream("saml/v2/response/saml2-response-adfs-claims.xml");
        SAML2Response samlResponse = new SAML2Response();
        SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream);
        assertNotNull(samlObject);

        SAML2Signature sig = new SAML2Signature();
        Document signedDoc = sig.sign((ResponseType) samlObject, getKeyPair());
        assertNotNull(signedDoc);

        String logoutResponse = new String(Base64.decode(logoutOrigResponse));

        SAML2Request samlRequest = new SAML2Request();
        ByteArrayInputStream bis = new ByteArrayInputStream(logoutResponse.getBytes());
        SAML2Object samlObject = samlRequest.getSAML2ObjectFromStream(bis);
        assertTrue(samlObject instanceof LogoutRequestType);

        // Let us feed the LogOutRequest to the SPFilter
        MockContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
        Thread.currentThread().setContextClassLoader(mclSPEmp);

        MockServletContext servletContext = new MockServletContext();
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        SAML2Object saml2Object = new SAML2Object() {
        };

        SAMLDocumentHolder docHolder = new SAMLDocumentHolder(saml2Object, null);
        IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/");
        SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,

    protected void processSAMLRequestMessage(Request request, Response response) throws IOException {
        Principal userPrincipal = request.getPrincipal();
        Session session = request.getSessionInternal();
        SAMLDocumentHolder samlDocumentHolder = null;
        SAML2Object samlObject = null;

        Document samlResponse = null;
        boolean isErrorResponse = false;
        String destination = null;
        String destinationQueryStringWithSignature = null;

        Boolean requestedPostProfile = null;

        String samlRequestMessage = (String) session.getNote(GeneralConstants.SAML_REQUEST_KEY);

        String relayState = (String) session.getNote(GeneralConstants.RELAY_STATE);

        String contextPath = getContextPath();

        boolean willSendRequest = false;

        String referer = request.getHeader("Referer");

        cleanUpSessionNote(request);

        // Determine the transport mechanism
        boolean isSecure = request.isSecure();
        String loginType = determineLoginType(isSecure);

        IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);

        try {
            samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
            samlObject = samlDocumentHolder.getSamlObject();

            if (!(samlObject instanceof RequestAbstractType)) {
                throw logger.wrongTypeError(samlObject.getClass().getName());
            }

            // Get the SAML Request Message
            RequestAbstractType requestAbstractType = (RequestAbstractType) samlObject;
            String issuer = requestAbstractType.getIssuer().getValue();

    }

    protected void processSAMLResponseMessage(Request request, Response response) throws ServletException, IOException {
        Session session = request.getSessionInternal();
        SAMLDocumentHolder samlDocumentHolder = null;
        SAML2Object samlObject = null;

        Document samlResponse = null;
        boolean isErrorResponse = false;
        String destination = null;
        String destinationQueryStringWithSignature = null;

        String contextPath = getContextPath();

        boolean requestedPostProfile = false;

        // Get the SAML Response Message
        String samlResponseMessage = (String) session.getNote(GeneralConstants.SAML_RESPONSE_KEY);
        String relayState = (String) session.getNote(GeneralConstants.RELAY_STATE);

        boolean willSendRequest = false;

        String referer = request.getHeader("Referer");

        cleanUpSessionNote(request);

        IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);

        try {
            samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
            samlObject = samlDocumentHolder.getSamlObject();

            if (!(samlObject instanceof StatusResponseType)) {
                throw logger.wrongTypeError(samlObject.getClass().getName());
            }

            StatusResponseType statusResponseType = (StatusResponseType) samlObject;
            String issuer = statusResponseType.getIssuer().getValue();