Creating a SAML Assertion with OpenSAML (Part 2)

Teknoloji

1 Sep 2009

I migrated the code (see blog) from OpenSAML 1.0 to 2.3 with some help from here and here.

Here’s the Java Source:

import org.opensaml.DefaultBootstrap;
import org.opensaml.Configuration;

import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.DoNotCacheCondition;

import org.opensaml.saml1.core.impl.AssertionBuilder;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.opensaml.saml1.core.impl.AssertionMarshaller;
import org.opensaml.saml1.core.impl.SubjectImpl;

import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.util.XMLHelper;

import org.opensaml.xml.schema.XSString;

import org.w3c.dom.Element;
import org.joda.time.DateTime;

import java.util.Date;
import java.util.HashSet;
import java.util.List;

public class AMUserAssertion {

   private static String strIssuer = "Example:FrontEnd";
   private static String strNameID = "testUserID";
   private static String strNameQualifier = "Example:FrontEnd";
   private static String strNamespace = "urn:bea:security:saml:groups";
   private static String strAttrName = "Groups";
   private static String strAuthMethod = "SunAccessManager";

   public static void main(String args[]) {

      try {
         // OpenSAML 2.3
         DefaultBootstrap.bootstrap();
         XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

         // Create the NameIdentifier
         SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
         NameIdentifier nameId = nameIdBuilder.buildObject();
         nameId.setNameIdentifier(strNameID);
         nameId.setNameQualifier(strNameQualifier);
         nameId.setFormat(NameIdentifier.UNSPECIFIED);

         // Create the SubjectConfirmation
         SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder)  builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
         ConfirmationMethod confirmationMethod = confirmationMethodBuilder.buildObject();
         confirmationMethod.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");

         SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
         SubjectConfirmation subjectConfirmation = subjectConfirmationBuilder.buildObject();
                                 subjectConfirmation.getConfirmationMethods().add(confirmationMethod);
         // Create the Subject
         SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
         Subject subject = subjectBuilder.buildObject();

         subject.setNameIdentifier(nameId);
         subject.setSubjectConfirmation(subjectConfirmation);

         // Create Authentication Statement
         SAMLObjectBuilder authStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
         AuthenticationStatement authnStatement = authStatementBuilder.buildObject();
         authnStatement.setSubject(subject);
         authnStatement.setAuthenticationMethod(strAuthMethod);
         authnStatement.setAuthenticationInstant(new DateTime());

         // Create the attribute statement
         SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
         Attribute attrGroups = attrBuilder.buildObject();
         attrGroups.setAttributeName("Groups");

         XMLObjectBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
         XSString attrNewValue = (XSString) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
         attrNewValue.setValue("AssetManager");

         attrGroups.getAttributeValues().add(attrNewValue);

         SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
         AttributeStatement attrStatement = attrStatementBuilder.buildObject();
         attrStatement.getAttributes().add(attrGroups);
         // attrStatement.setSubject(subject);

         // Create the do-not-cache condition
         SAMLObjectBuilder doNotCacheConditionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(DoNotCacheCondition.DEFAULT_ELEMENT_NAME);
         DoNotCacheCondition condition = doNotCacheConditionBuilder.buildObject();

         SAMLObjectBuilder conditionsBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
         Conditions conditions = conditionsBuilder.buildObject();
         conditions.getConditions().add(condition);

         // Create the assertion
         SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
         Assertion assertion = assertionBuilder.buildObject();
         assertion.setIssuer(strIssuer);
         assertion.setIssueInstant(new DateTime());
         assertion.setVersion(SAMLVersion.VERSION_10);

         assertion.getAuthenticationStatements().add(authnStatement);
         assertion.getAttributeStatements().add(attrStatement);
         assertion.setConditions(conditions);

         // Print the assertion to standard output
         AssertionMarshaller marshaller = new AssertionMarshaller();
         Element element = marshaller.marshall(assertion);
         System.out.println("AMUserAssertion (SAML 1):\n");
         System.out.println(XMLHelper.prettyPrintXML(element));

      }
      catch (Exception e) {
                e.printStackTrace();
        }
   }
}

The output looks like:


<?xml version="1.0" encoding="UTF-8"?><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" IssueInstant="2009-09-01T14:24:49.905Z" Issuer="Example:FrontEnd" MajorVersion="1" MinorVersion="0">
   <saml1:Conditions>
      <saml1:DoNotCacheCondition/>
   </saml1:Conditions>
   <saml1:AuthenticationStatement AuthenticationInstant="2009-09-01T14:24:49.581Z" AuthenticationMethod="SunAccessManager">
      <saml1:Subject>
         <saml1:NameIdentifierFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="Example:FrontEnd">testUserIDlt;/saml1:NameIdentifier>
         <saml1:SubjectConfirmation>
            <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod>
         </saml1:SubjectConfirmation>
      </saml1:Subject>
   </saml1:AuthenticationStatement>
   <saml1:AttributeStatement>
      <saml1:Attribute AttributeName="Groups">
         <saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AssetManager</saml1:AttributeValue>
      </saml1:Attribute>
   </saml1:AttributeStatement>
</saml1:Assertion>

Source/Kaynak : http://blogs.sun.com/JoachimAndres/entry/creating_a_saml_assertion_with1

Comment Form

Updated Blogs

  • Technology
  • Haberler
  • Today On World
  • Ekschi - Ücretsiz Blog Servisi
  • Ekschi - Freeware Blog Service
  • Unutulan Kareler
  • Ekschi - Ücretsiz Blog Servisi - Freeware Blog Service
  • Ekschi Italian

    • Recent Posts

  • Alabama Wages War Against the Perfect Weed
  • Hacking AI installation process to install OpenSolaris to iSCSI device
  • purple-url-handler and XMPP URLs
  • Walking The Green Mile
  • NumberBox control
  • Sun Rays Mindelo Cape Verde
  • Guidance for installing Solaris Nevada CE Sparc to iSCSI device
  • Expert challenges UFO hacker’s $700k bill | 22 Sep 2009 | ComputerWeekly.com
  • HWSW.HU cikk - "Ellison: az Oracle lesz a legnagyobb rendszerszállító"
  • Mark Wielaard: SystemTap 1.0

    • Categories

    Archives

    Shortcuts


    High Speed Internet


    Login Create A Free Blog

    Content In Different Language


    Recent Comments


  • Jim Dougherty: You can fix Solaris 8 named_to_major, path_to_inst, drivers_alias errors on boot by simply installin [...]
  • psha: doesn't work [...]
  • Jiji joseph: Can you please let me know how can I get the SRMTools ? [...]
  • Sebastian: Hi, I don't think using a suite will work either. The order is also random. It is just a coincide [...]
  • Henry: Hey, I can't seem to get this working on my mac. The page down works if I put the focus on the wind [...]

    • Tags


    Our Scores


    Backlinks

    Copyright © 2007 - Technology - is proudly powered by WordPress | Log in

    Compositio Theme is created by: Design Disease brought to you by PremiumThemes.com