final Assertion assertion = getAssertionFrom(model);
final Authentication authentication = assertion.getChainedAuthentications().get(0);
final Date currentDate = new Date();
final String authenticationMethod = (String) authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD);
final Service service = assertion.getService();
final SAMLResponse samlResponse = new SAMLResponse(null, service.getId(), new ArrayList<Object>(), null);
samlResponse.setIssueInstant(currentDate);
// this should be true, but we never enforced it, so we need to check to be safe
if (service instanceof SamlService) {
final SamlService samlService = (SamlService) service;
if (samlService.getRequestID() != null) {
samlResponse.setInResponseTo(samlService.getRequestID());
}
}
final SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.setIssueInstant(currentDate);
samlAssertion.setIssuer(this.issuer);
samlAssertion.setNotBefore(currentDate);
samlAssertion.setNotOnOrAfter(new Date(currentDate.getTime()
+ this.issueLength));
final SAMLAudienceRestrictionCondition samlAudienceRestrictionCondition = new SAMLAudienceRestrictionCondition();
samlAudienceRestrictionCondition.addAudience(service.getId());
final SAMLAuthenticationStatement samlAuthenticationStatement = new SAMLAuthenticationStatement();
samlAuthenticationStatement.setAuthInstant(authentication
.getAuthenticatedDate());
samlAuthenticationStatement
.setAuthMethod(authenticationMethod != null
? authenticationMethod
: SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);
samlAuthenticationStatement
.setSubject(getSamlSubject(authentication));
if (!authentication.getPrincipal().getAttributes().isEmpty()) {
final SAMLAttributeStatement attributeStatement = new SAMLAttributeStatement();
attributeStatement.setSubject(getSamlSubject(authentication));
samlAssertion.addStatement(attributeStatement);
for (final Entry<String, Object> e : authentication.getPrincipal().getAttributes().entrySet()) {
final SAMLAttribute attribute = new SAMLAttribute();
attribute.setName(e.getKey());
attribute.setNamespace(NAMESPACE);
if (e.getValue() instanceof Collection<?>) {
final Collection<?> c = (Collection<?>) e.getValue();
if (c.isEmpty()) {
// 100323 bnoordhuis: don't add the attribute, it causes a org.opensaml.MalformedException
continue;
}
attribute.setValues(c);
} else {
attribute.addValue(e.getValue());
}
attributeStatement.addAttribute(attribute);
}
}
samlAssertion.addStatement(samlAuthenticationStatement);
samlAssertion.addCondition(samlAudienceRestrictionCondition);
samlResponse.addAssertion(samlAssertion);
final String xmlResponse = samlResponse.toString();
response.setContentType("text/xml; charset=" + this.encoding);
response.getWriter().print("<?xml version=\"1.0\" encoding=\"" + this.encoding + "\"?>");
response.getWriter().print("<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body>");
response.getWriter().print(xmlResponse);