Examples of org.picketlink.identity.federation.saml.v2.ac.classes.PhysicalVerification

• org.picketlink.identity.federation.saml.v2.assertion.AssertionType
  3.org/2001/XMLSchema}anyType"> <attribute name="credentialLevel"> <simpleType> <restriction base="{http://www.w3.org/2001/XMLSchema}NMTOKEN"> <enumeration value="primary"/> <enumeration value="secondary"/> </restriction> </simpleType> </attribute> </restriction> </complexContent> </complexType>

                event.event(EventType.LOGIN);
                event.error(Errors.INVALID_TOKEN);
                return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid Request");
            }

            SAML2Object samlObject = documentHolder.getSamlObject();

            RequestAbstractType requestAbstractType = (RequestAbstractType)samlObject;
            String issuer = requestAbstractType.getIssuer().getValue();
            ClientModel client = realm.findClient(issuer);

        Document samlDocument = DocumentUtil.getDocument(is);

        SAMLParser samlParser = new SAMLParser();
        JAXPValidationUtil.checkSchemaValidation(samlDocument);
        SAML2Object requestType = (SAML2Object) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));

        samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
        return requestType;
    }

        sp.setRequestID(requestID);
        sp.setIssuer(requestIssuer);
        responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);

        // Add information on the roles
        AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

        // Create an AuthnStatementType
        if (!disableAuthnStatement) {
            String authContextRef = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
            if (isNotNull(authMethod))
                authContextRef = authMethod;

            AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(),
                    authContextRef);

            authnStatement.setSessionIndex(assertion.getID());

            assertion.addStatement(authnStatement);
        }

        if (roles != null && !roles.isEmpty()) {
            AttributeStatementType attrStatement = StatementUtil.createAttributeStatementForRoles(roles, multiValuedRoles);
            assertion.addStatement(attrStatement);
        }

        // Add in the attributes information
        if (attributes != null && attributes.size() > 0) {
            AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attributes);
            assertion.addStatement(attStatement);
        }

        try {
            samlResponseDocument = saml2Response.convert(responseType);

            String assertionStr = samlCredential.getAssertionAsString();
            if (StringUtil.isNullOrEmpty(assertionStr))
                throw logger.authSAMLAssertionNullOrEmpty();

            SAMLParser parser = new SAMLParser();
            AssertionType assertion = (AssertionType) parser.parse(new ByteArrayInputStream(assertionStr.getBytes()));
            List<String> roles = AssertionUtil.getRoles(assertion, null);
            Group roleGroup = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
            for (String role : roles) {
                roleGroup.addMember(new SimplePrincipal(role));
            }

        }

        Map<String, Object> contextMap = new HashMap<String, Object>();
        contextMap.put(SHARED_TOKEN, this.samlToken);

        AssertionType assertion = null;
        try {
            assertion = SAMLUtil.fromElement(samlToken);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }

        if (principalMappingContext != null) {
            principalMappingContext.performMapping(contextMap, null);
            Principal principal = principalMappingContext.getMappingResult().getMappedObject();
            subject.getPrincipals().add(principal);

            // If the user has configured cache invalidation of subject based on saml token expiry
            if (enableCacheInvalidation) {
                TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry();

                XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion);
                if (expiry != null) {
                    cacheExpiry.register(securityDomain, expiry.toGregorianCalendar().getTime(), principal);
                } else {
                    logger.samlAssertionWithoutExpiration(assertion.getID());
                }
            }
        }

        if (roleMappingContext != null) {

        List<StatementAbstractType> statements = samlProtocolContext.getStatements();

        // generate an id for the new assertion.
        String assertionID = IDGenerator.create("ID_");

        AssertionType assertionType = SAMLAssertionFactory.createAssertion(assertionID, issuerID, issueInstant, conditions,
                subject, statements);

        try {
            AssertionUtil.createTimedConditions(assertionType, ASSERTION_VALIDITY, CLOCK_SKEW);
        } catch (ConfigurationException e) {

        if (sm != null)
            sm.checkPermission(PicketLinkCoreSTS.rte);

        SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;

        AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();

        try {
            XMLGregorianCalendar currentTime = XMLTimeUtil.getIssueInstant();
            issuedAssertion.updateIssueInstant(currentTime);
        } catch (ConfigurationException e) {
            throw logger.processingError(e);
        }

        try {
            AssertionUtil.createTimedConditions(issuedAssertion, ASSERTION_VALIDITY, CLOCK_SKEW);
        } catch (ConfigurationException e) {
            throw logger.processingError(e);
        } catch (IssueInstantMissingException e) {
            throw logger.processingError(e);
        }

        try {
            this.tokenRegistry.addToken(issuedAssertion.getID(), issuedAssertion);
        } catch (IOException e) {
            throw logger.processingError(e);
        }
        samlProtocolContext.setIssuedAssertion(issuedAssertion);
    }

        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(PicketLinkCoreSTS.rte);

        SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
        AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
        try {
            this.tokenRegistry.removeToken(issuedAssertion.getID());
        } catch (IOException e) {
            throw logger.processingError(e);
        }
    }

        if (sm != null)
            sm.checkPermission(PicketLinkCoreSTS.rte);

        SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;

        AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();

        try {
            if (!AssertionUtil.hasExpired(issuedAssertion))
                throw logger.samlAssertionExpiredError();
        } catch (ConfigurationException e) {
            throw logger.processingError(e);
        }

        if (issuedAssertion == null)
            throw logger.assertionInvalidError();
        if (this.tokenRegistry.getToken(issuedAssertion.getID()) == null)
            throw logger.assertionInvalidError();
    }

        subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

        subjectType.addConfirmation(subjectConfirmation);

        AssertionType assertionType = SAMLAssertionFactory.createAssertion(id, nameIDType, issueInstant, (ConditionsType) null,
                subjectType, (List<StatementAbstractType>) null);

        ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
        // InResponseTo ID
        responseType.setInResponseTo(sp.getRequestID());