Creating a SAML Assertion with OpenSAML

Here's handy way to create a SAML assertion programmatically using OpenSAML (www.opensaml.org).

Dependencies:
xalan.jar (2.7.1), xercesImpl.jar, xml-apis.jar,
opensaml-1.1.jar, xmlsec-20050514.jar,
log4j-1.2.5.jar, commons-logging-1.03.jar, commons-codec-1.3.jar
Here's the Java Source:
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.opensaml.\*;

import java.util.Date;
import java.util.HashSet;

public class AMUserAssertion {

   private static String strIssuer = "Example:FrontEnd";
   private static String strNameID = "testUserID";
   private static String strNameQualifier = "Example:FrontEnd";
   // private static String strNamespace = "urn:oasis:names:tc:SAML:1.0:assertion";
   private static String strNamespace = "urn:bea:security:saml:groups";
   private static String strAttrName = "Groups";
   private static String strAuthMethod = "SunAccessManager";

   public static void main(String args[]) {
      try {
          // Crate the assertion
         SAMLAssertion assertion = new SAMLAssertion(strIssuer, null, null, null, null, null);
         // Create the subject
         SAMLSubject subject = new SAMLSubject(new SAMLNameIdentifier(strNameID, strNameQualifier, SAMLNameIdentifier.FORMAT_UNSPECIFIED), null, null, null);

         subject.addConfirmationMethod(SAMLSubject.CONF_SENDER_VOUCHES);

         // Create the authentication statement
         Date date = new Date();
         SAMLAuthenticationStatement authStatement = new SAMLAuthenticationStatement(subject, strAuthMethod, date, null, null, null);

         assertion.addStatement(authStatement);

         // Create the attribute statement
         SAMLAttribute attrGroups = new SAMLAttribute(strAttrName, strNamespace, null, 0, null);
         // Here some hardcoded values for the groups attributes
         attrGroups.addValue("AssetManager");
         attrGroups.addValue("Employee");

         HashSet set = new HashSet();
         set.add(attrGroups);

         SAMLSubject subject2 = (SAMLSubject) subject.clone();
         SAMLAttributeStatement attrStatement = new SAMLAttributeStatement(subject2, set);

         assertion.addStatement(attrStatement);

         SAMLDoNotCacheCondition condition = new SAMLDoNotCacheCondition();
         assertion.addCondition(condition);

         System.out.println("AMUserAssertion 1:\\n"+assertion.toString());
      }
      catch (Exception e) {
         e.printStackTrace();
      }
   }
}
The output looks like:
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_4e138dee03e2e826b58b9310e2d8a1e5" IssueInstant="2009-07-01T10:03:06.103Z" Issuer="PND:FrontEnd" MajorVersion="1" MinorVersion="1">
   <Conditions>
      <DoNotCacheCondition></DoNotCacheCondition>
   </Conditions>
   <AuthenticationStatement AuthenticationInstant="2009-07-01T10:03:07.078Z" AuthenticationMethod="SunAccessManager">
      <Subject>
         <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="PND:FrontEnd">testUserID</NameIdentifier>
         <SubjectConfirmation>
            <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
         </SubjectConfirmation>
      </Subject>
   </AuthenticationStatement>
   <AttributeStatement>
      <Subject>
         <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="PND:FrontEnd">testUserID</NameIdentifier>
         <SubjectConfirmation>
            <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
         </SubjectConfirmation>
      </Subject>
      <Attribute AttributeName="Groups" AttributeNamespace="urn:bea:security:saml:groups">
         <AttributeValue>AssetManager</AttributeValue>
         <AttributeValue>Employee</AttributeValue>
      </Attribute>
   </AttributeStatement>
</Assertion>"


Comments:

Thanks. This is works fine, however, I noticed in most saml examples, it begins with "<saml:Assertion..
" and yours begins with "<Assertion." How do I get the API to perform this?

Posted by Herbert Riggs on August 22, 2009 at 12:08 PM CEST #

Thanks for your code.

I'm getting the following exception:
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/lo
gging/LogFactory
at org.apache.xml.security.Init...
at org.opensaml.SAMLConfig...
at org.opensaml.SAMLConfig.instance...
at org.opensaml.SAMLAssertion...

I have included all dependent jar in my classpath.

What did I miss?

Thanks in advance.

Posted by Janine on December 08, 2009 at 08:48 AM CET #

The org.apache.commons.logging.LogFactory class is missing. It is in commons-logging-1.03.jar.

On UNIX, you can run the following command in the directory with your jar files to figure where the class is:
for i in `ls \*.jar`;do echo $i; jar -tvf $i | grep LogFactory; done

Posted by Joachim Andres on December 09, 2009 at 02:53 AM CET #

This is the most helpful code so far.
I will have link on dynamically created html page (j2ee) and once user click the link, I'll gather all related user credentials and pass as a SAML to third party. It will be Identity Provider Profile Type: Browser Post Profile (BPP).
How should I start? Can you give me more detail how to start for beginners please.Thanks

Posted by cage on June 10, 2010 at 12:56 AM CEST #

Very informative. Thanks a lot.

Posted by Tushar Dadlani on January 20, 2011 at 02:10 AM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
About

joachimandres

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today