2:58 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2011-06-23 15:58:53 -0400 (Thu, 23 Jun 2011)
New Revision: 1026
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-auth-authz.xml
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-authzdecision.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/common/CommonActionType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11AuthorizationDecisionStatementType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11ConditionsType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11NameIdentifierType.java
Log:
more SAML11 parsing
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -45,6 +45,7 @@
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType;
import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
+import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthorizationDecisionStatementType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectStatementType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
@@ -139,44 +140,9 @@
else if (JBossSAMLConstants.CONDITIONS.get().equalsIgnoreCase(tag))
{
startElement = (StartElement) xmlEvent;
- SAML11ConditionsType conditions = new SAML11ConditionsType();
- assertion.setConditions(conditions);
- StartElement conditionsElement =
StaxParserUtil.getNextStartElement(xmlEventReader);
- StaxParserUtil.validate(conditionsElement,
JBossSAMLConstants.CONDITIONS.get());
-
- String assertionNS = SAML11Constants.ASSERTION_11_NSURI;
-
- QName notBeforeQName = new QName("",
JBossSAMLConstants.NOT_BEFORE.get());
- QName notBeforeQNameWithNS = new QName(assertionNS,
JBossSAMLConstants.NOT_BEFORE.get());
-
- QName notAfterQName = new QName("",
JBossSAMLConstants.NOT_ON_OR_AFTER.get());
- QName notAfterQNameWithNS = new QName(assertionNS,
JBossSAMLConstants.NOT_ON_OR_AFTER.get());
-
- Attribute notBeforeAttribute =
conditionsElement.getAttributeByName(notBeforeQName);
- if (notBeforeAttribute == null)
- notBeforeAttribute =
conditionsElement.getAttributeByName(notBeforeQNameWithNS);
-
- Attribute notAfterAttribute =
conditionsElement.getAttributeByName(notAfterQName);
- if (notAfterAttribute == null)
- notAfterAttribute =
conditionsElement.getAttributeByName(notAfterQNameWithNS);
-
- if (notBeforeAttribute != null)
- {
- String notBeforeValue =
StaxParserUtil.getAttributeValue(notBeforeAttribute);
- conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue));
- }
-
- if (notAfterAttribute != null)
- {
- String notAfterValue =
StaxParserUtil.getAttributeValue(notAfterAttribute);
- conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue));
- }
-
+ SAML11ConditionsType conditions =
SAML11ParserUtil.parseSAML11Conditions(xmlEventReader);
assertion.setConditions(conditions);
-
- EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
- StaxParserUtil.validate(endElement, JBossSAMLConstants.CONDITIONS.get());
}
else if (SAML11Constants.AUTHENTICATION_STATEMENT.equals(tag))
{
@@ -184,53 +150,18 @@
SAML11AuthenticationStatementType authStat =
SAMLParserUtil.parseAuthenticationStatement(xmlEventReader);
assertion.add(authStat);
}
- else if (JBossSAMLConstants.ATTRIBUTE_STATEMENT.get().equalsIgnoreCase(tag))
+ else if (SAML11Constants.ATTRIBUTE_STATEMENT.equalsIgnoreCase(tag))
{
SAML11AttributeStatementType attributeStatementType = SAML11ParserUtil
.parseSAML11AttributeStatement(xmlEventReader);
assertion.add(attributeStatementType);
}
- /*else if (JBossSAMLConstants.AUTHN_STATEMENT.get().equalsIgnoreCase(tag))
+ else if
(SAML11Constants.AUTHORIZATION_DECISION_STATEMENT.equalsIgnoreCase(tag))
{
- AuthnStatementType authnStatementType =
SAMLParserUtil.parseAuthnStatement(xmlEventReader);
- assertion.addStatement(authnStatementType);
+ SAML11AuthorizationDecisionStatementType authzStat = SAML11ParserUtil
+ .parseSAML11AuthorizationDecisionStatement(xmlEventReader);
+ assertion.add(authzStat);
}
- else if (JBossSAMLConstants.ATTRIBUTE_STATEMENT.get().equalsIgnoreCase(tag))
- {
- AttributeStatementType attributeStatementType =
SAMLParserUtil.parseAttributeStatement(xmlEventReader);
- assertion.addStatement(attributeStatementType);
- }
- else if (JBossSAMLConstants.STATEMENT.get().equalsIgnoreCase(tag))
- {
- startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
-
- String xsiTypeValue = StaxParserUtil.getXSITypeValue(startElement);
- if
(xsiTypeValue.contains(JBossSAMLConstants.XACML_AUTHZ_DECISION_STATEMENT_TYPE.get()))
- {
- XACMLAuthzDecisionStatementType authZStat = new
XACMLAuthzDecisionStatementType();
-
- startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
- tag = StaxParserUtil.getStartElementName(startElement);
-
- if (tag.contains(JBossSAMLConstants.RESPONSE.get()))
- {
- authZStat.setResponse(getXACMLResponse(xmlEventReader));
- startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
- //There may be request also
- tag = StaxParserUtil.getStartElementName(startElement);
- if (tag.contains(JBossSAMLConstants.REQUEST.get()))
- {
- authZStat.setRequest(getXACMLRequest(xmlEventReader));
- }
- }
-
- EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
- StaxParserUtil.validate(endElement, JBossSAMLConstants.STATEMENT.get());
- assertion.addStatement(authZStat);
- }
- else
- throw new RuntimeException("Unknown xsi:type=" + xsiTypeValue);
- }*/
else
throw new RuntimeException("SAML11AssertionParser:: unknown: " +
tag + "::location="
+ peekedElement.getLocation());
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -94,8 +94,14 @@
nameID.setFormat(URI.create(StaxParserUtil.getAttributeValue(formatAtt)));
}
+ Attribute nameQAtt = peekedElement.getAttributeByName(new
QName(SAML11Constants.NAME_QUALIFIER));
+ if (nameQAtt != null)
+ {
+ nameID.setNameQualifier(StaxParserUtil.getAttributeValue(formatAtt));
+ }
+
String val = StaxParserUtil.getElementText(xmlEventReader);
- nameID.setNameQualifier(val);
+ nameID.setValue(val);
SAML11SubjectTypeChoice subChoice = new SAML11SubjectTypeChoice(nameID);
subject.setChoice(subChoice);
}
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -35,8 +35,14 @@
import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11ActionType;
import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType;
+import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition;
+import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthorizationDecisionStatementType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11DecisionType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
/**
@@ -180,4 +186,138 @@
throw new RuntimeException("Unsupported xsi:type=" + typeValue);
}
-}
+
+ public static SAML11AuthorizationDecisionStatementType
parseSAML11AuthorizationDecisionStatement(
+ XMLEventReader xmlEventReader) throws ParsingException
+ {
+ SAML11AuthorizationDecisionStatementType authzDecision = null;
+
+ StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(startElement,
SAML11Constants.AUTHORIZATION_DECISION_STATEMENT);
+
+ Attribute decision = startElement.getAttributeByName(new
QName(SAML11Constants.DECISION));
+ if (decision == null)
+ throw new RuntimeException("Required attribute Decision in
Attribute");
+ String decisionValue = StaxParserUtil.getAttributeValue(decision);
+
+ Attribute resource = startElement.getAttributeByName(new
QName(SAML11Constants.RESOURCE));
+ if (resource == null)
+ throw new RuntimeException("Required attribute Namespace in
Attribute");
+ String resValue = StaxParserUtil.getAttributeValue(resource);
+
+ authzDecision = new SAML11AuthorizationDecisionStatementType(URI.create(resValue),
+ SAML11DecisionType.valueOf(decisionValue));
+
+ while (xmlEventReader.hasNext())
+ {
+ XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
+ if (xmlEvent instanceof EndElement)
+ {
+ EndElement end = StaxParserUtil.getNextEndElement(xmlEventReader);
+ if (StaxParserUtil.matches(end,
SAML11Constants.AUTHORIZATION_DECISION_STATEMENT))
+ break;
+ }
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ if (startElement == null)
+ break;
+ String tag = StaxParserUtil.getStartElementName(startElement);
+
+ if (SAML11Constants.ACTION.equals(tag))
+ {
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ SAML11ActionType samlAction = new SAML11ActionType();
+ Attribute namespaceAttr = startElement.getAttributeByName(new
QName(SAML11Constants.NAMESPACE));
+ if (namespaceAttr != null)
+ {
+ samlAction.setNamespace(StaxParserUtil.getAttributeValue(namespaceAttr));
+ }
+ samlAction.setValue(StaxParserUtil.getElementText(xmlEventReader));
+
+ authzDecision.addAction(samlAction);
+ }
+ else if (JBossSAMLConstants.SUBJECT.get().equals(tag))
+ {
+ SAML11SubjectParser parser = new SAML11SubjectParser();
+ authzDecision.setSubject((SAML11SubjectType) parser.parse(xmlEventReader));
+ }
+ else
+ throw new RuntimeException("Unknown tag:" + tag +
"::Location=" + startElement.getLocation());
+ }
+ return authzDecision;
+ }
+
+ /**
+ * Parse {@link SAML11ConditionsType}
+ * @param xmlEventReader
+ * @return
+ * @throws ParsingException
+ */
+ public static SAML11ConditionsType parseSAML11Conditions(XMLEventReader
xmlEventReader) throws ParsingException
+ {
+ StartElement startElement;
+ SAML11ConditionsType conditions = new SAML11ConditionsType();
+ StartElement conditionsElement =
StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get());
+
+ String assertionNS = SAML11Constants.ASSERTION_11_NSURI;
+
+ QName notBeforeQName = new QName("",
JBossSAMLConstants.NOT_BEFORE.get());
+ QName notBeforeQNameWithNS = new QName(assertionNS,
JBossSAMLConstants.NOT_BEFORE.get());
+
+ QName notAfterQName = new QName("",
JBossSAMLConstants.NOT_ON_OR_AFTER.get());
+ QName notAfterQNameWithNS = new QName(assertionNS,
JBossSAMLConstants.NOT_ON_OR_AFTER.get());
+
+ Attribute notBeforeAttribute =
conditionsElement.getAttributeByName(notBeforeQName);
+ if (notBeforeAttribute == null)
+ notBeforeAttribute =
conditionsElement.getAttributeByName(notBeforeQNameWithNS);
+
+ Attribute notAfterAttribute = conditionsElement.getAttributeByName(notAfterQName);
+ if (notAfterAttribute == null)
+ notAfterAttribute = conditionsElement.getAttributeByName(notAfterQNameWithNS);
+
+ if (notBeforeAttribute != null)
+ {
+ String notBeforeValue = StaxParserUtil.getAttributeValue(notBeforeAttribute);
+ conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue));
+ }
+
+ if (notAfterAttribute != null)
+ {
+ String notAfterValue = StaxParserUtil.getAttributeValue(notAfterAttribute);
+ conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue));
+ }
+
+ while (xmlEventReader.hasNext())
+ {
+ XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
+ if (xmlEvent instanceof EndElement)
+ {
+ EndElement end = StaxParserUtil.getNextEndElement(xmlEventReader);
+ if (StaxParserUtil.matches(end, JBossSAMLConstants.CONDITIONS.get()))
+ break;
+ }
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ if (startElement == null)
+ break;
+ String tag = StaxParserUtil.getStartElementName(startElement);
+
+ if (SAML11Constants.AUDIENCE_RESTRICTION_CONDITION.equals(tag))
+ {
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ SAML11AudienceRestrictionCondition restrictCond = new
SAML11AudienceRestrictionCondition();
+
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ if
(StaxParserUtil.getStartElementName(startElement).equals(JBossSAMLConstants.AUDIENCE.get()))
+ {
+
restrictCond.add(URI.create(StaxParserUtil.getElementText(xmlEventReader)));
+ }
+ EndElement theEndElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(theEndElement,
SAML11Constants.AUDIENCE_RESTRICTION_CONDITION);
+ conditions.add(restrictCond);
+ }
+ else
+ throw new RuntimeException("Unknown tag:" + tag +
"::Location=" + startElement.getLocation());
+ }
+ return conditions;
+ }
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -22,11 +22,14 @@
package org.picketlink.identity.federation.core.saml.v1;
/**
+ * Constants for the SAML v1.1 Specifications
* @author Anil.Saldhana(a)redhat.com
* @since Jun 22, 2011
*/
public interface SAML11Constants
{
+ String ACTION = "Action";
+
String ASSERTIONID = "AssertionID";
String ASSERTION_11_NSURI = "urn:oasis:names:tc:SAML:1.0:assertion";
@@ -35,14 +38,22 @@
String ATTRIBUTE_NAMESPACE = "AttributeNamespace";
+ String ATTRIBUTE_STATEMENT = "AttributeStatement";
+
+ String AUDIENCE_RESTRICTION_CONDITION = "AudienceRestrictionCondition";
+
String AUTHENTICATION_INSTANT = "AuthenticationInstant";
String AUTHENTICATION_METHOD = "AuthenticationMethod";
String AUTHENTICATION_STATEMENT = "AuthenticationStatement";
+ String AUTHORIZATION_DECISION_STATEMENT = "AuthorizationDecisionStatement";
+
String CONFIRMATION_METHOD = "ConfirmationMethod";
+ String DECISION = "Decision";
+
String FORMAT = "Format";
String ISSUER = "Issuer";
@@ -52,4 +63,10 @@
String MINOR_VERSION = "MinorVersion";
String NAME_IDENTIFIER = "NameIdentifier";
+
+ String NAME_QUALIFIER = "NameQualifier";
+
+ String NAMESPACE = "Namespace";
+
+ String RESOURCE = "Resource";
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -35,10 +35,15 @@
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType;
+import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition;
import
org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionAbstractType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType;
import
org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
+import
org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice;
/**
* Unit Test the parsing of SAML 1.1 assertion
@@ -74,7 +79,7 @@
SAML11SubjectType subject = stat.getSubject();
SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
- assertEquals("user(a)idp.example.org",
choice.getNameID().getNameQualifier());
+ assertEquals("user(a)idp.example.org", choice.getNameID().getValue());
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
choice.getNameID().getFormat().toString());
SAML11SubjectConfirmationType subjectConfirm = subject.getSubjectConfirmation();
@@ -109,7 +114,7 @@
SAML11SubjectType subject = stat.getSubject();
SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
- assertEquals("user(a)idp.example.org",
choice.getNameID().getNameQualifier());
+ assertEquals("user(a)idp.example.org", choice.getNameID().getValue());
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
choice.getNameID().getFormat().toString());
SAML11SubjectConfirmationType subjectConfirm = subject.getSubjectConfirmation();
@@ -121,7 +126,7 @@
subject = attribStat.getSubject();
choice = subject.getChoice();
- assertEquals("user(a)idp.example.org",
choice.getNameID().getNameQualifier());
+ assertEquals("user(a)idp.example.org", choice.getNameID().getValue());
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
choice.getNameID().getFormat().toString());
subjectConfirm = subject.getSubjectConfirmation();
@@ -138,4 +143,97 @@
assertTrue(attribValues.contains("member"));
assertTrue(attribValues.contains("student"));
}
+
+ @Test
+ public void testSAML11AssertionWithAuthzDecisionStatement() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream =
tcl.getResourceAsStream("parser/saml1/saml1-assertion-authzdecision.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ //Validate assertion
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+ assertEquals("buGxcG4gILg5NlocyLccDz6iXrUb", assertion.getID());
+ assertEquals("https://idp.example.org/saml";, assertion.getIssuer());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"),
assertion.getIssueInstant());
+
+ SAML11ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"),
conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:15:37.795Z"),
conditions.getNotOnOrAfter());
+ }
+
+ @Test
+ public void testSAML11AssertionWithAuthAndAuthz() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream =
tcl.getResourceAsStream("parser/saml1/saml1-assertion-auth-authz.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ //Validate assertion
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+ assertEquals("_e5c23ff7a3889e12fa01802a47331653", assertion.getID());
+ assertEquals("localhost", assertion.getIssuer());
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.817Z"),
assertion.getIssueInstant());
+
+ SAML11ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.817Z"),
conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:44.817Z"),
conditions.getNotOnOrAfter());
+ List<SAML11ConditionAbstractType> theConditions = conditions.get();
+ assertEquals(1, theConditions.size());
+ SAML11AudienceRestrictionCondition restrictCond =
(SAML11AudienceRestrictionCondition) theConditions.get(0);
+ assertEquals("https://some-service.example.com/app/";,
restrictCond.get().get(0).toString());
+
+ List<SAML11StatementAbstractType> statements = assertion.getStatements();
+ assertEquals(2, statements.size());
+
+ SAML11AttributeStatementType attrStat = (SAML11AttributeStatementType)
statements.get(0);
+ SAML11SubjectType subject = attrStat.getSubject();
+ SAML11SubjectTypeChoice choice = subject.getChoice();
+ SAML11NameIdentifierType nameID = choice.getNameID();
+ assertEquals("johnq", nameID.getValue());
+ SAML11SubjectConfirmationType subjConf = subject.getSubjectConfirmation();
+ URI confirmationMethod = subjConf.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:artifact",
confirmationMethod.toString());
+
+ List<SAML11AttributeType> attributes = attrStat.get();
+ assertEquals(4, attributes.size());
+ SAML11AttributeType attr = attributes.get(0);
+ assertEquals("uid", attr.getAttributeName());
+ assertEquals("http://www.ja-sig.org/products/cas/";,
attr.getAttributeNamespace().toString());
+ assertEquals("12345", attr.get().get(0));
+
+ attr = attributes.get(1);
+ assertEquals("groupMembership", attr.getAttributeName());
+ assertEquals("http://www.ja-sig.org/products/cas/";,
attr.getAttributeNamespace().toString());
+ assertEquals("uugid=middleware.staff,ou=Groups,dc=vt,dc=edu",
attr.get().get(0));
+
+ attr = attributes.get(2);
+ assertEquals("eduPersonAffiliation", attr.getAttributeName());
+ assertEquals("http://www.ja-sig.org/products/cas/";,
attr.getAttributeNamespace().toString());
+ assertEquals("staff", attr.get().get(0));
+
+ attr = attributes.get(3);
+ assertEquals("accountState", attr.getAttributeName());
+ assertEquals("http://www.ja-sig.org/products/cas/";,
attr.getAttributeNamespace().toString());
+ assertEquals("ACTIVE", attr.get().get(0));
+
+ SAML11AuthenticationStatementType authStat = (SAML11AuthenticationStatementType)
statements.get(1);
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.741Z"),
authStat.getAuthenticationInstant());
+ assertEquals("urn:oasis:names:tc:SAML:1.0:am:password",
authStat.getAuthenticationMethod().toString());
+ subject = authStat.getSubject();
+ choice = subject.getChoice();
+ nameID = choice.getNameID();
+ assertEquals("johnq", nameID.getValue());
+ subjConf = subject.getSubjectConfirmation();
+ confirmationMethod = subjConf.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:artifact",
confirmationMethod.toString());
+ }
}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-auth-authz.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-auth-authz.xml
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-auth-authz.xml 2011-06-23
19:58:53 UTC (rev 1026)
@@ -0,0 +1,51 @@
+<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
+ AssertionID="_e5c23ff7a3889e12fa01802a47331653"
IssueInstant="2008-12-10T14:12:14.817Z"
+ Issuer="localhost" MajorVersion="1" MinorVersion="1">
+ <Conditions NotBefore="2008-12-10T14:12:14.817Z"
+ NotOnOrAfter="2008-12-10T14:12:44.817Z">
+ <AudienceRestrictionCondition>
+ <Audience>
+ https://some-service.example.com/app/
+ </Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AttributeStatement>
+ <Subject>
+ <NameIdentifier>johnq</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>
+ urn:oasis:names:tc:SAML:1.0:cm:artifact
+ </ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <Attribute AttributeName="uid"
+ AttributeNamespace="http://www.ja-sig.org/products/cas/">
+ <AttributeValue>12345</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="groupMembership"
+ AttributeNamespace="http://www.ja-sig.org/products/cas/">
+ <AttributeValue>
+ uugid=middleware.staff,ou=Groups,dc=vt,dc=edu
+ </AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="eduPersonAffiliation"
+ AttributeNamespace="http://www.ja-sig.org/products/cas/">
+ <AttributeValue>staff</AttributeValue>
+ </Attribute>
+ <Attribute AttributeName="accountState"
+ AttributeNamespace="http://www.ja-sig.org/products/cas/">
+ <AttributeValue>ACTIVE</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ <AuthenticationStatement AuthenticationInstant="2008-12-10T14:12:14.741Z"
+ AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
+ <Subject>
+ <NameIdentifier>johnq</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>
+ urn:oasis:names:tc:SAML:1.0:cm:artifact
+ </ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ </AuthenticationStatement>
+</Assertion>
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-authzdecision.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-authzdecision.xml
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-authzdecision.xml 2011-06-23
19:58:53 UTC (rev 1026)
@@ -0,0 +1,24 @@
+<saml:Assertion
+ xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+ MajorVersion="1" MinorVersion="1"
+ Issuer="https://idp.example.org/saml"
+ AssertionID="buGxcG4gILg5NlocyLccDz6iXrUb"
+ IssueInstant="2002-06-19T17:05:37.795Z">
+ <saml:Conditions NotBefore="2002-06-19T17:05:37.795Z"
NotOnOrAfter="2002-06-19T17:15:37.795Z"/>
+ <saml:AuthorizationDecisionStatement
+ Decision="Permit"
+ Resource="https://sp.example.com/confidential_report.html">
+ <saml:Subject>
+ <saml:NameIdentifier
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
+ user(a)idp.example.org
+ </saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>
+ urn:oasis:names:tc:SAML:1.0:cm:bearer
+ </saml:ConfirmationMethod>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Action>read</saml:Action>
+ </saml:AuthorizationDecisionStatement>
+ </saml:Assertion>
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/common/CommonActionType.java
===================================================================
---
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/common/CommonActionType.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/common/CommonActionType.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -34,6 +34,8 @@
protected String namespace;
+ protected String value;
+
/**
* Gets the value of the namespace property.
*
@@ -59,4 +61,14 @@
{
this.namespace = value;
}
+
+ public String getValue()
+ {
+ return value;
+ }
+
+ public void setValue(String value)
+ {
+ this.value = value;
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11AuthorizationDecisionStatementType.java
===================================================================
---
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11AuthorizationDecisionStatementType.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11AuthorizationDecisionStatementType.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -44,7 +44,7 @@
* @author Anil.Saldhana(a)redhat.com
* @since Jun 22, 2011
*/
-public class SAML11AuthorizationDecisionStatementType extends
SAML11StatementAbstractType
+public class SAML11AuthorizationDecisionStatementType extends SAML11SubjectStatementType
{
private static final long serialVersionUID = 1L;
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11ConditionsType.java
===================================================================
---
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11ConditionsType.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11ConditionsType.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -22,6 +22,7 @@
package org.picketlink.identity.federation.saml.v1.assertion;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import org.picketlink.identity.federation.saml.common.CommonConditionsType;
@@ -59,4 +60,9 @@
{
return this.conditions.remove(condition);
}
+
+ public List<SAML11ConditionAbstractType> get()
+ {
+ return Collections.unmodifiableList(conditions);
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11NameIdentifierType.java
===================================================================
---
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11NameIdentifierType.java 2011-06-23
15:11:07 UTC (rev 1025)
+++
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11NameIdentifierType.java 2011-06-23
19:58:53 UTC (rev 1026)
@@ -44,6 +44,8 @@
protected URI format;
+ protected String value;
+
public String getNameQualifier()
{
return nameQualifier;
@@ -63,4 +65,14 @@
{
this.format = format;
}
+
+ public String getValue()
+ {
+ return value;
+ }
+
+ public void setValue(String value)
+ {
+ this.value = value;
+ }
}
\ No newline at end of file