Examples of org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType

• org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationType
  3.org/2001/XMLSchema}anyType"> <sequence> <choice minOccurs="0"> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}BaseID"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}NameID"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}EncryptedID"/> </choice> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}SubjectConfirmationData" minOccurs="0"/> </sequence> <attribute name="Method" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> </restriction> </complexContent> </complexType>

            try
            {
               SAML2Response saml2Response = new SAML2Response();

               ResponseType responseType = saml2Response.getResponseType(is);

               SAMLDocumentHolder samlDocumentHolder = saml2Response.getSamlDocumentHolder();

               boolean validSignature = this.verifySignature(samlDocumentHolder);

               if(validSignature == false)
                  throw new IssuerNotTrustedException("Signature in saml document is invalid");

               this.isTrusted(responseType.getIssuer().getValue());

               List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
               if(assertions.size() == 0)
                  throw new IllegalStateException("No assertions in reply from IDP");

               Object assertion = assertions.get(0);
               if(assertion instanceof EncryptedElementType)

   }

   protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
   {
      Document samlResponse = samlDocumentHolder.getSamlDocument();
      ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();

      String issuerID = response.getIssuer().getValue();

      if(issuerID == null)
         throw new IssuerNotTrustedException("Issue missing");

      URL issuerURL;

      Document samlResponseDocument = null;

      if(trace)
         log.trace("AssertionConsumerURL=" + assertionConsumerURL +
            "::assertion validity=" + assertionValidity);
      ResponseType responseType = null;

      SAML2Response saml2Response = new SAML2Response();

      //Create a response type
      String id = IDGenerator.create("ID_");

      IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
      issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());

      IDPInfoHolder idp = new IDPInfoHolder();
      idp.setNameIDFormatValue(userPrincipal.getName());
      idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

      SPInfoHolder sp = new SPInfoHolder();
      sp.setResponseDestinationURI(assertionConsumerURL);
      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);


      //Add information on the roles
      AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

      AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
      assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);

      //Add timed conditions

    */
   public Document getErrorResponse(String responseURL, String status,
         String identityURL, boolean supportSignature)
   {
      Document samlResponse = null;
      ResponseType responseType = null;

      SAML2Response saml2Response = new SAML2Response();

      //Create a response type
      String id = IDGenerator.create("ID_");

      if(request == null)
         throw new IllegalArgumentException("request is null");
      if(responseType == null)
         throw new IllegalArgumentException("response type is null");

      StatusType statusType = responseType.getStatus();
      if(statusType == null)
         throw new IllegalArgumentException("Status Type from the IDP is null");

      String statusValue = statusType.getStatusCode().getValue();
      if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
         throw new SecurityException("IDP forbid the user");

      List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
      if(assertions.size() == 0)

      if(request == null)
         throw new IllegalArgumentException("request is null");
      if(responseType == null)
         throw new IllegalArgumentException("response type is null");

      StatusType statusType = responseType.getStatus();
      if(statusType == null)
         throw new IllegalArgumentException("Status Type from the IDP is null");

      String statusValue = statusType.getStatusCode().getValue();
      if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
         throw new SecurityException("IDP forbid the user");

      List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
      if(assertions.size() == 0)

        subject.getContent().add(assertionObjectFactory.createNameID(nameID));
        nameID.setValue(session.getPrincipal().getNameId().getValue());
        nameID.setFormat(session.getPrincipal().getNameId().getFormat());
        nameID.setNameQualifier(session.getPrincipal().getNameId().getQualifier());

        SubjectConfirmationType subjectConfirmation = assertionObjectFactory.createSubjectConfirmationType();
        subject.getContent().add(assertionObjectFactory.createSubjectConfirmation(subjectConfirmation));
        subjectConfirmation.setMethod(SamlConstants.CONFIRMATION_METHOD_BEARER);
        subjectConfirmation.setNameID(nameID);

        SubjectConfirmationDataType subjectConfirmationData = assertionObjectFactory.createSubjectConfirmationDataType();
        subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

        subjectConfirmationData.setRecipient(externalSamlEndpoint.getLocation());
        subjectConfirmationData.setNotOnOrAfter(SamlUtils.getXMLGregorianCalendarNowPlusDuration(GregorianCalendar.MINUTE, ASSERTION_VALIDITY_IN_MINUTES));
        subjectConfirmationData.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());

        for (JAXBElement<?> contentElement : assertion.getSubject().getContent()) {
            if (contentElement.getValue() instanceof NameIDType) {
                nameId = (NameIDType) contentElement.getValue();
            }
            if (contentElement.getValue() instanceof SubjectConfirmationType) {
                SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
                if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER)) {
                    SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();

                    boolean validRecipient = confirmationData.getRecipient().equals(samlEntityBean.get().getServiceURL(SamlServiceType.SAML_ASSERTION_CONSUMER_SERVICE));

                    boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendarNow()) == DatatypeConstants.GREATER;

         {
            nameId = (NameIDType) contentElement.getValue();
         }
         if (contentElement.getValue() instanceof SubjectConfirmationType)
         {
            SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
            if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
            {
               SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();

               boolean validRecipient = confirmationData.getRecipient().equals(samlEntityBean.get().getServiceURL(SamlServiceType.SAML_ASSERTION_CONSUMER_SERVICE));

               boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendarNow()) == DatatypeConstants.GREATER;

      subject.getContent().add(assertionObjectFactory.createNameID(nameID));
      nameID.setValue(session.getPrincipal().getNameId().getValue());
      nameID.setFormat(session.getPrincipal().getNameId().getFormat());
      nameID.setNameQualifier(session.getPrincipal().getNameId().getQualifier());

      SubjectConfirmationType subjectConfirmation = assertionObjectFactory.createSubjectConfirmationType();
      subject.getContent().add(assertionObjectFactory.createSubjectConfirmation(subjectConfirmation));
      subjectConfirmation.setMethod(SamlConstants.CONFIRMATION_METHOD_BEARER);
      subjectConfirmation.setNameID(nameID);

      SubjectConfirmationDataType subjectConfirmationData = assertionObjectFactory.createSubjectConfirmationDataType();
      subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

      subjectConfirmationData.setRecipient(externalSamlEndpoint.getLocation());
      subjectConfirmationData.setNotOnOrAfter(SamlUtils.getXMLGregorianCalendarNowPlusDuration(GregorianCalendar.MINUTE, ASSERTION_VALIDITY_IN_MINUTES));
      subjectConfirmationData.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());