*/
public void issueToken(ProtocolContext protoContext) throws ProcessingException {
if (!(protoContext instanceof WSTrustRequestContext))
return;
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// generate an id for the new assertion.
String assertionID = IDGenerator.create("ID_");
// lifetime and audience restrictions.
Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
AudienceRestrictionType restriction = null;
AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
if (appliesTo != null)
restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
restriction);
// the assertion principal (default is caller principal)
Principal principal = context.getCallerPrincipal();
String confirmationMethod = null;
KeyInfoConfirmationDataType keyInfoDataType = null;
// if there is a on-behalf-of principal, we have the sender vouches confirmation method.
if (context.getOnBehalfOfPrincipal() != null) {
principal = context.getOnBehalfOfPrincipal();
confirmationMethod = SAMLUtil.SAML2_SENDER_VOUCHES_URI;
}
// if there is a proof-of-possession token in the context, we have the holder of key confirmation method.
else if (context.getProofTokenInfo() != null) {
confirmationMethod = SAMLUtil.SAML2_HOLDER_OF_KEY_URI;
keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo());
} else
confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, confirmationMethod,
keyInfoDataType);
// create a subject using the caller principal or on-behalf-of principal.
String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:picketlink:identity-federation", subjectName);
SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);
List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
// create the attribute statements if necessary.
Map<String, Object> claimedAttributes = context.getClaimedAttributes();
if (claimedAttributes != null) {
statements.add(StatementUtil.createAttributeStatement(claimedAttributes));
}
// create an AuthnStatement
statements.add(StatementUtil.createAuthnStatement(lifetime.getCreated(), confirmationMethod));
// create the SAML assertion.
NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
conditions, subject, statements);
if (this.attributeProvider != null) {
AttributeStatementType attributeStatement = this.attributeProvider.getAttributeStatement();
if (attributeStatement != null) {
assertion.addStatement(attributeStatement);
}
}
// convert the constructed assertion to element.
Element assertionElement = null;
try {
assertionElement = SAMLUtil.toElement(assertion);
} catch (Exception e) {
throw logger.samlAssertionMarshallError(e);
}
SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
assertionElement, assertionID);
context.setSecurityToken(token);
// set the SAML assertion attached reference.
KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID);
Map<QName, String> attributes = new HashMap<QName, String>();
attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType", WSTrustConstants.WSSE.PREFIX_11),
SAMLUtil.SAML2_TOKEN_TYPE);
RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes);
context.setAttachedReference(attachedReference);
}