Author: anil.saldhana(a)jboss.com
Date: 2010-11-04 17:33:08 -0400 (Thu, 04 Nov 2010)
New Revision: 533
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java
Log:
take care of x500 attributes
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-11-04
20:53:50 UTC (rev 532)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-11-04
21:33:08 UTC (rev 533)
@@ -88,6 +88,16 @@
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
StaxParserUtil.validate( startElement, JBossSAMLConstants.ATTRIBUTE.get() );
+ //Look for X500 Encoding
+ QName x500EncodingName = new QName( JBossSAMLURIConstants.X500_NSURI.get(),
+ JBossSAMLConstants.ENCODING.get() );
+ Attribute x500EncodingAttr = startElement.getAttributeByName( x500EncodingName );
+
+ if( x500EncodingAttr != null )
+ {
+ attributeType.getOtherAttributes().put( x500EncodingName,
StaxParserUtil.getAttributeValue( x500EncodingAttr ));
+ }
+
Attribute name = startElement.getAttributeByName( new QName(
JBossSAMLConstants.NAME.get() ));
if( name == null )
throw new RuntimeException( "Required attribute Name in Attribute" );
@@ -211,6 +221,15 @@
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, JBossSAMLConstants.AUTHN_CONTEXT.get() );
}
+ else if( JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get().equals( tag ))
+ {
+ String text = StaxParserUtil.getElementText( xmlEventReader );
+
+ JAXBElement<?> acDeclRef =
SAMLAssertionFactory.getObjectFactory().createAuthnContextClassRef(text );
+ authnContextType.getContent().add(acDeclRef);
+ EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(endElement, JBossSAMLConstants.AUTHN_CONTEXT.get() );
+ }
else
throw new RuntimeException( "Unknown Tag:" + tag );
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-11-04
20:53:50 UTC (rev 532)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-11-04
21:33:08 UTC (rev 533)
@@ -38,6 +38,7 @@
AUDIENCE( "Audience" ),
AUDIENCE_RESTRICTION( "AudienceRestriction" ),
AUTHN_CONTEXT( "AuthnContext" ),
+ AUTHN_CONTEXT_CLASS_REF( "AuthnContextClassRef" ),
AUTHN_CONTEXT_DECLARATION_REF( "AuthnContextDeclRef" ),
AUTHN_INSTANT( "AuthnInstant" ),
AUTHN_REQUEST( "AuthnRequest" ),
@@ -45,6 +46,7 @@
CONDITIONS( "Conditions" ),
CONSENT( "Consent" ),
DESTINATION( "Destination" ),
+ ENCODING( "Encoding" ),
FORMAT( "Format" ),
FRIENDLY_NAME( "FriendlyName" ),
ID( "ID" ),
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java 2010-11-04
20:53:50 UTC (rev 532)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java 2010-11-04
21:33:08 UTC (rev 533)
@@ -28,14 +28,21 @@
import java.util.List;
import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
import org.junit.Test;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
/**
@@ -143,4 +150,95 @@
}
}
}
+
+
+ @Test
+ public void testAssertionWithX500Attribute() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(
"parser/saml2/saml2-assertion-x500attrib.xml" );
+
+ SAMLParser parser = new SAMLParser();
+ AssertionType assertion = (AssertionType) parser.parse(configStream);
+ assertNotNull( assertion );
+
+ assertEquals( "ID_b07b804c-7c29-ea16-7300-4f3d6f7928ac",
assertion.getID() );
+ assertEquals( XMLTimeUtil.parse( "2004-12-05T09:22:05Z" ),
assertion.getIssueInstant() );
+ assertEquals( "2.0", assertion.getVersion() );
+
+ //Issuer
+ assertEquals( "https://idp.example.org/SAML2",
assertion.getIssuer().getValue() );
+
+ //Subject
+ SubjectType subject = assertion.getSubject();
+ List<JAXBElement<?>> content = subject.getContent();
+
+ int size = content.size();
+
+ for( int i = 0 ; i < size; i++ )
+ {
+ JAXBElement<?> node = content.get(i);
+ Class<?> clazz = node.getDeclaredType();
+ if( clazz.equals( NameIDType.class ))
+ {
+ NameIDType subjectNameID = (NameIDType) node.getValue();
+
+ assertEquals( "3f7b3dcf-1674-4ecd-92c8-1544f346baf8",
subjectNameID.getValue() );
+ assertEquals(
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient", subjectNameID.getFormat()
);
+ }
+
+ if( clazz.equals( ConditionsType.class ))
+ {
+ //Conditions
+ ConditionsType conditions = (ConditionsType) node.getValue();
+ assertEquals( XMLTimeUtil.parse( "2004-12-05T09:17:05Z" ) ,
conditions.getNotBefore() );
+ assertEquals( XMLTimeUtil.parse( "2004-12-05T09:27:05Z" ) ,
conditions.getNotOnOrAfter() );
+
+ //Audience Restriction
+ AudienceRestrictionType audienceRestrictionType =
+ (AudienceRestrictionType)
conditions.getConditionOrAudienceRestrictionOrOneTimeUse();
+ assertEquals( 1, audienceRestrictionType.getAudience().size() );
+ assertEquals( "https://sp.example.com/SAML2",
audienceRestrictionType.getAudience().get( 0 ));
+ }
+
+ else if( clazz.equals( SubjectConfirmationType.class ))
+ {
+ SubjectConfirmationType subjectConfirmation = (SubjectConfirmationType)
node.getValue();
+ assertEquals( "urn:oasis:names:tc:SAML:2.0:cm:bearer",
subjectConfirmation.getMethod() );
+
+ SubjectConfirmationDataType subjectConfirmationData =
subjectConfirmation.getSubjectConfirmationData();
+ assertEquals( "ID_aaf23196-1773-2113-474a-fe114412ab72",
subjectConfirmationData.getInResponseTo() );
+ assertEquals( XMLTimeUtil.parse( "2004-12-05T09:27:05Z" ),
subjectConfirmationData.getNotOnOrAfter() );
+ assertEquals( "https://sp.example.com/SAML2/SSO/POST",
subjectConfirmationData.getRecipient());
+ }
+
+ else if( clazz.equals( AttributeStatementType.class ))
+ {
+ AttributeStatementType attributeStatement = (AttributeStatementType)
node.getValue();
+ List<Object> attributes =
attributeStatement.getAttributeOrEncryptedAttribute();
+ assertEquals( 2, attributes.size() );
+
+ for( Object attr: attributes )
+ {
+ AttributeType attribute = (AttributeType) attr;
+ assertEquals( "eduPersonAffiliation",
attribute.getFriendlyName() );
+ assertEquals( "urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
attribute.getName() );
+ assertEquals( "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
attribute.getNameFormat() );
+
+ //Ensure that we have x500:encoding
+ QName x500EncodingName = new QName(
JBossSAMLURIConstants.X500_NSURI.get(),
+ JBossSAMLConstants.ENCODING.get() );
+ String encodingValue = attribute.getOtherAttributes().get(
x500EncodingName );
+ assertEquals( "LDAP", encodingValue );
+
+ List<Object> attributeValues = attribute.getAttributeValue();
+ assertEquals( 1, attributeValues.size() );
+
+ String str = (String ) attributeValues.get( 0 );
+ if( ! ( str.equals( "member") || str.equals( "staff"
)))
+ throw new RuntimeException( "attrib value not found" );
+ }
+ }
+ }
+ }
}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-x500attrib.xml 2010-11-04
21:33:08 UTC (rev 533)
@@ -0,0 +1,53 @@
+<saml:Assertion
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+
xmlns:xs="http://www.w3.org/2001/XMLSchema"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ ID="ID_b07b804c-7c29-ea16-7300-4f3d6f7928ac"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:22:05Z">
+ <
saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
+ <ds:Signature
+
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Sig...
+ <saml:Subject>
+ <saml:NameID
+ Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
+ 3f7b3dcf-1674-4ecd-92c8-1544f346baf8
+ </saml:NameID>
+ <saml:SubjectConfirmation
+ Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <saml:SubjectConfirmationData
+ InResponseTo="ID_aaf23196-1773-2113-474a-fe114412ab72"
+
Recipient="https://sp.example.com/SAML2/SSO/POST"
+ NotOnOrAfter="2004-12-05T09:27:05Z"/>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Conditions
+ NotBefore="2004-12-05T09:17:05Z"
+ NotOnOrAfter="2004-12-05T09:27:05Z">
+ <saml:AudienceRestriction>
+ <
saml:Audience>https://sp.example.com/SAML2</saml:Audience>
+ </saml:AudienceRestriction>
+ </saml:Conditions>
+ <saml:AuthnStatement
+ AuthnInstant="2004-12-05T09:22:00Z"
+ SessionIndex="b07b804c-7c29-ea16-7300-4f3d6f7928ac">
+ <saml:AuthnContext>
+ <saml:AuthnContextClassRef>
+ urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+ </saml:AuthnContextClassRef>
+ </saml:AuthnContext>
+ </saml:AuthnStatement>
+ <saml:AttributeStatement>
+ <saml:Attribute
+ xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
+ x500:Encoding="LDAP"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
+ FriendlyName="eduPersonAffiliation">
+ <saml:AttributeValue
+ xsi:type="xs:string">member</saml:AttributeValue>
+ <saml:AttributeValue
+ xsi:type="xs:string">staff</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ </saml:Assertion>
\ No newline at end of file