Examples of org.jboss.identity.federation.saml.v2.assertion.AssertionType

• org.jboss.identity.federation.saml.v2.assertion.AssertionType
  3.org/2001/XMLSchema}anyType"> <sequence> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Issuer"/> <element ref="{http://www.w3.org/2000/09/xmldsig#}Signature" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Subject" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Conditions" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Advice" minOccurs="0"/> <choice maxOccurs="unbounded" minOccurs="0"> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Statement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AuthnStatement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AuthzDecisionStatement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AttributeStatement"/> </choice> </sequence> <attribute name="Version" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> <attribute name="ID" use="required" type="{http://www.w3.org/2001/XMLSchema}ID" /> <attribute name="IssueInstant" use="required" type="{http://www.w3.org/2001/XMLSchema}dateTime" /> </restriction> </complexContent> </complexType>

      SPInfoHolder sp = new SPInfoHolder();
      sp.setResponseDestinationURI(assertionConsumerURL);
      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);

      //Add information on the roles
      AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

      AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
      assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);

      //Add timed conditions
      saml2Response.createTimedConditions(assertion, assertionValidity);

      //Add in the attributes information
      if(this.attributeManager != null)
      {
         try
         {
            Map<String, Object> attribs =
               attributeManager.getAttributes(userPrincipal, this.attribKeys);
            AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attribs);
            assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attStatement);
         }
         catch(Exception e)
         {
            log.error("Exception in generating attributes:",e);
         }

    * @return
    */
   public static AssertionType createAssertion(String id, NameIDType issuerID, XMLGregorianCalendar issueInstant,
         ConditionsType conditions, SubjectType subject, List<StatementAbstractType> statements)
   {
      AssertionType assertion = new AssertionType();
      assertion.setID(id);
      assertion.setIssuer(issuerID);
      assertion.setIssueInstant(issueInstant);
      if(conditions != null)
        assertion.setConditions(conditions);
      if(subject != null)
        assertion.setSubject(subject);
      assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());

      if (statements != null)
         assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(statements);
      return assertion;
   }

            Fault fault = (Fault) response;
            return new Result(null,fault);
         }

         ResponseType responseType = (ResponseType) response;
         AssertionType at = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
         XACMLAuthzDecisionStatementType xst = (XACMLAuthzDecisionStatementType) at.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
         ResultType rt = xst.getResponse().getResult().get(0);
         DecisionType dt = rt.getDecision();

         return new Result(dt,null);
      }

         SPInfoHolder sp = new SPInfoHolder();
         sp.setResponseDestinationURI(assertionConsumerURL);
         responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);

         //Add information on the roles
         AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

         AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
         assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);

         //Add timed conditions
         saml2Response.createTimedConditions(assertion, assertionValidity);

         //Add in the attributes information
         if(attribs != null)
         {
            AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attribs);
            assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attStatement);
         }

         //Lets see how the response looks like
         if(log.isTraceEnabled())
         {

      String responseDestinationURI = sp.getResponseDestinationURI();

      XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();

      //Create an assertion
      AssertionType assertionType = JBossSAMLBaseFactory.createAssertion();
      assertionType.setID("ID_" + JBossSAMLBaseFactory.createUUID());
      assertionType.setVersion(issuerInfo.getSamlVersion());
      assertionType.setIssueInstant(issueInstant);

      assertionType.setIssuer(issuerInfo.getIssuer());

      //Create assertion -> subject
      SubjectType subjectType = JBossSAMLBaseFactory.createSubject();

      //subject -> nameid
      NameIDType nameIDType = JBossSAMLBaseFactory.createNameID();
      nameIDType.setFormat(idp.getNameIDFormat());
      nameIDType.setValue(idp.getNameIDFormatValue());

      JAXBElement<NameIDType> jaxbNameIDType = JBossSAMLBaseFactory.createNameID(nameIDType);
      subjectType.getContent().add(jaxbNameIDType);

      SubjectConfirmationType subjectConfirmation =
            JBossSAMLBaseFactory.createSubjectConfirmation(idp.getSubjectConfirmationMethod());
      SubjectConfirmationDataType subjectConfirmationData =
           JBossSAMLBaseFactory.createSubjectConfirmationData(sp.getRequestID(),
                 responseDestinationURI, issueInstant);
      subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

      JAXBElement<SubjectConfirmationType> jaxbSubjectConfirmationType =
         JBossSAMLBaseFactory.createSubjectConfirmation(subjectConfirmation);

      subjectType.getContent().add(jaxbSubjectConfirmationType);

      assertionType.setSubject(subjectType);

      ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
      //InResponseTo ID
      responseType.setInResponseTo(sp.getRequestID());
      //Destination

         IssuerInfoHolder issuerInfo = new IssuerInfoHolder(this.issuer);

         List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
         statements.add(xacmlStatement);

         AssertionType assertion = SAMLAssertionFactory.createAssertion(ID,
               issuerInfo.getIssuer(),
               XMLTimeUtil.getIssueInstant(),
               null,
               null,
               statements);

      SPInfoHolder sp = new SPInfoHolder();
      sp.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
      //Add information on the roles
      List<String> roles = rg.generateRoles(userPrincipal);
      AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

      AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
      assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);

      //Add timed conditions
      try
      {
         saml2Response.createTimedConditions(assertion, this.assertionValidity);

      List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
      if(assertions.size() == 0)
         throw new IllegalStateException("No assertions in reply from IDP");

      AssertionType assertion = (AssertionType)assertions.get(0);
      //Check for validity of assertion
      boolean expiredAssertion = AssertionUtil.hasExpired(assertion);
      if(expiredAssertion)
         throw new AssertionExpiredException();

      SubjectType subject = assertion.getSubject();
      JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0);
      NameIDType nameID = jnameID.getValue();
      String userName = nameID.getValue();
      List<String> roles = new ArrayList<String>();

      //Set it on a thread local for JBID integrators
      StatementLocal.statements.set(assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement());

      //Let us get the roles
      AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
      List<Object> attList = attributeStatement.getAttributeOrEncryptedAttribute();
      for(Object obj:attList)
      {
         AttributeType attr = (AttributeType) obj;
         String roleName = (String) attr.getAttributeValue().get(0);

    * @param issuer
    * @return
    */
   public static AssertionType createAssertion(String id, NameIDType issuer)
   {
      AssertionType assertion = SAMLAssertionFactory.getObjectFactory().createAssertionType();
      assertion.setID(id);
      assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
      assertion.setIssuer(issuer);
      return assertion;
   }

    * @return
    */
   public static AssertionType createAssertion(String id, NameIDType issuerID, XMLGregorianCalendar issueInstant,
         ConditionsType conditions, SubjectType subject, List<StatementAbstractType> statements)
   {
      AssertionType assertion = new AssertionType();
      assertion.setID(id);
      assertion.setIssuer(issuerID);
      assertion.setIssueInstant(issueInstant);
      assertion.setConditions(conditions);
      assertion.setSubject(subject);
      if (statements != null)
         assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(statements);
      return assertion;
   }