Creating a SAML Assertion with OpenSAML (Part 2)

I migrated the code (see blog) from OpenSAML 1.0 to 2.3 with some help from here and here.
Here's the Java Source:
import org.opensaml.DefaultBootstrap;
import org.opensaml.Configuration;

import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.DoNotCacheCondition;

import org.opensaml.saml1.core.impl.AssertionBuilder;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.opensaml.saml1.core.impl.AssertionMarshaller;
import org.opensaml.saml1.core.impl.SubjectImpl;

import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.util.XMLHelper;

import org.opensaml.xml.schema.XSString;

import org.w3c.dom.Element;
import org.joda.time.DateTime;

import java.util.Date;
import java.util.HashSet;
import java.util.List;

public class AMUserAssertion {

   private static String strIssuer = "Example:FrontEnd";
   private static String strNameID = "testUserID";
   private static String strNameQualifier = "Example:FrontEnd";
   private static String strNamespace = "urn:bea:security:saml:groups";
   private static String strAttrName = "Groups";
   private static String strAuthMethod = "SunAccessManager";

   public static void main(String args[]) {
   
      try {
         // OpenSAML 2.3
         DefaultBootstrap.bootstrap();
         XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

         // Create the NameIdentifier
         SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
         NameIdentifier nameId = nameIdBuilder.buildObject();
         nameId.setNameIdentifier(strNameID);
         nameId.setNameQualifier(strNameQualifier);
         nameId.setFormat(NameIdentifier.UNSPECIFIED);

         // Create the SubjectConfirmation
         SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder)  builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
         ConfirmationMethod confirmationMethod = confirmationMethodBuilder.buildObject();
         confirmationMethod.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");

         SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
         SubjectConfirmation subjectConfirmation = subjectConfirmationBuilder.buildObject();
                                 subjectConfirmation.getConfirmationMethods().add(confirmationMethod);
         // Create the Subject
         SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
         Subject subject = subjectBuilder.buildObject();

         subject.setNameIdentifier(nameId);
         subject.setSubjectConfirmation(subjectConfirmation);

         // Create Authentication Statement
         SAMLObjectBuilder authStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
         AuthenticationStatement authnStatement = authStatementBuilder.buildObject();
         authnStatement.setSubject(subject);
         authnStatement.setAuthenticationMethod(strAuthMethod);
         authnStatement.setAuthenticationInstant(new DateTime());

         // Create the attribute statement
         SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
         Attribute attrGroups = attrBuilder.buildObject();
         attrGroups.setAttributeName("Groups");

         XMLObjectBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
         XSString attrNewValue = (XSString) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
         attrNewValue.setValue("AssetManager");

         attrGroups.getAttributeValues().add(attrNewValue);

         SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
         AttributeStatement attrStatement = attrStatementBuilder.buildObject();
         attrStatement.getAttributes().add(attrGroups);
         // attrStatement.setSubject(subject);

         // Create the do-not-cache condition
         SAMLObjectBuilder doNotCacheConditionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(DoNotCacheCondition.DEFAULT_ELEMENT_NAME);
         DoNotCacheCondition condition = doNotCacheConditionBuilder.buildObject();

         SAMLObjectBuilder conditionsBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
         Conditions conditions = conditionsBuilder.buildObject();
         conditions.getConditions().add(condition);
         
         // Create the assertion
         SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
         Assertion assertion = assertionBuilder.buildObject();
         assertion.setIssuer(strIssuer);
         assertion.setIssueInstant(new DateTime());
         assertion.setVersion(SAMLVersion.VERSION_10);

         assertion.getAuthenticationStatements().add(authnStatement);
         assertion.getAttributeStatements().add(attrStatement);
         assertion.setConditions(conditions);

         // Print the assertion to standard output
         AssertionMarshaller marshaller = new AssertionMarshaller();
         Element element = marshaller.marshall(assertion);
         System.out.println("AMUserAssertion (SAML 1):\\n");
         System.out.println(XMLHelper.prettyPrintXML(element));

      }
      catch (Exception e) {
                e.printStackTrace();
        }
   }
}
The output looks like:

<?xml version="1.0" encoding="UTF-8"?><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" IssueInstant="2009-09-01T14:24:49.905Z" Issuer="Example:FrontEnd" MajorVersion="1" MinorVersion="0">
   <saml1:Conditions>
      <saml1:DoNotCacheCondition/>
   </saml1:Conditions>
   <saml1:AuthenticationStatement AuthenticationInstant="2009-09-01T14:24:49.581Z" AuthenticationMethod="SunAccessManager">
      <saml1:Subject>
         <saml1:NameIdentifierFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="Example:FrontEnd">testUserIDlt;/saml1:NameIdentifier>
         <saml1:SubjectConfirmation>
            <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod>
         </saml1:SubjectConfirmation>
      </saml1:Subject>
   </saml1:AuthenticationStatement>
   <saml1:AttributeStatement>
      <saml1:Attribute AttributeName="Groups">
         <saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AssetManager</saml1:AttributeValue>
      </saml1:Attribute>
   </saml1:AttributeStatement>
</saml1:Assertion>

Comments:

I ma unable to get the saml 1 response output written above .I have modified the code as below to avoid Null pointer exception.Still it is not generating the SAML response.

package com;
import org.opensaml.DefaultBootstrap;
import org.opensaml.Configuration;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.DoNotCacheCondition;
import org.opensaml.saml1.core.impl.AssertionBuilder;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.opensaml.saml1.core.impl.AssertionMarshaller;
import org.opensaml.saml1.core.impl.AttributeBuilder;
import org.opensaml.saml1.core.impl.AttributeStatementBuilder;
import org.opensaml.saml1.core.impl.AuthenticationStatementBuilder;
import org.opensaml.saml1.core.impl.ConditionsBuilder;
import org.opensaml.saml1.core.impl.ConfirmationMethodBuilder;
import org.opensaml.saml1.core.impl.DoNotCacheConditionBuilder;
import org.opensaml.saml1.core.impl.NameIdentifierBuilder;
import org.opensaml.saml1.core.impl.SubjectBuilder;
import org.opensaml.saml1.core.impl.SubjectConfirmationBuilder;
import org.opensaml.saml1.core.impl.SubjectImpl;

import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringBuilder;

import java.util.Date;
import org.w3c.dom.Element;
import org.joda.time.DateTime;
import java.util.HashSet;
import java.util.List;

public class GenerateSAML1 {

private static String strIssuer = "Example:FrontEnd";
private static String strNameID = "testUserID";
private static String strNameQualifier = "Example:FrontEnd";
private static String strNamespace = "urn:bea:security:saml:groups";
private static String strAttrName = "Groups";
private static String strAuthMethod = "SunAccessManager";
//public String genSAML1() {
public static void main(String args[]) {
try {
// OpenSAML 2.3
//DefaultBootstrap.bootstrap();
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
// Create the NameIdentifier
NameIdentifierBuilder nameIdBuilder = new NameIdentifierBuilder();
NameIdentifier nameId =(NameIdentifier)nameIdBuilder.buildObject(NameIdentifier.DEFAULT_ELEMENT_NAME);
// SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
System.out.println("nameIdBuilder::"+nameIdBuilder);

nameId.setNameIdentifier(strNameID);
nameId.setNameQualifier(strNameQualifier);
nameId.setFormat(NameIdentifier.FORMAT_ATTRIB_NAME);

// Create the SubjectConfirmation
ConfirmationMethodBuilder confMethodBuilder = new ConfirmationMethodBuilder();
ConfirmationMethod confMethod = (ConfirmationMethod)confMethodBuilder.buildObject(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
//SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);

//ConfirmationMethod confirmationMethod = (ConfirmationMethod) confirmationMethodBuilder.buildObject();
System.out.println("confMethod::"+confMethod);
confMethod.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");

//SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);

//SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmationBuilder.buildObject();
SubjectConfirmationBuilder subConfirmBuild = new SubjectConfirmationBuilder();
SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subConfirmBuild.buildObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
System.out.println("subjectConfirmation::"+subjectConfirmation);
subjectConfirmation.getConfirmationMethods().add(confMethod);
// Create the Subject

SubjectBuilder subBuilder = new SubjectBuilder();
Subject subject = (Subject) subBuilder.buildObject(Subject.DEFAULT_ELEMENT_NAME);

//SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
//Subject subject = (Subject) subjectBuilder.buildObject();

System.out.println("subject:::"+subject);
subject.setNameIdentifier(nameId);
subject.setSubjectConfirmation(subjectConfirmation);

// Create Authentication Statement

AuthenticationStatementBuilder authStatementBuilder = new AuthenticationStatementBuilder();

AuthenticationStatement authnStatement = (AuthenticationStatement)authStatementBuilder.buildObject(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
System.out.println("999");
System.out.println("authnStatement::"+authnStatement);
//SAMLObjectBuilder authStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
//AuthenticationStatement authnStatement = (AuthenticationStatement) authStatementBuilder.buildObject();
authnStatement.setSubject(subject);
authnStatement.setAuthenticationMethod(strAuthMethod);
authnStatement.setAuthenticationInstant(new DateTime());
System.out.println("authnStatement::;"+authnStatement);

// Create the attribute statement

AttributeStatementBuilder attrStatementBuilder = new AttributeStatementBuilder();
AttributeStatement attrStatement = attrStatementBuilder.buildObject();
System.out.println("9993");

//SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
AttributeBuilder attrBuilder = new AttributeBuilder();
Attribute attrGroups = (Attribute) attrBuilder.buildObject();
System.out.println("attrGroups before setting:::"+attrGroups);
attrGroups.setAttributeName("Groups");
System.out.println("attrGroups after setting :::"+attrGroups);
System.out.println("attrGroups");

//XMLObjectBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
System.out.println("1001");
XSStringBuilder stringBuilder =(XSStringBuilder) builderFactory.getBuilder(XSString.TYPE_NAME);

//XSStringBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);

System.out.println("10011");
// String namespaceURI = "urn:oasis:names:tc:SAML:1.0:assertion",
// XSString attrNewValue = (XSString)stringBuilder.buildObject("http://www.w3.org/2001/XMLSchema",XSString.TYPE_LOCAL_NAME,"xs");
System.out.println("10012");
// XSString attrNewValue = (XSString) stringBuilder.buildObject(Attribute.DEFAULT_ELEMENT_NAME);
System.out.println("10013");

// attrNewValue.setValue("AssetManager");

//attrGroups.getAttributeValues().add(attrNewValue);

//SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
//AttributeStatement attrStatement1 = (AttributeStatement) attrStatementBuilder.buildObject();
attrStatement.getAttributes().add(attrGroups);
// attrStatement.setSubject(subject);
System.out.println("1003");
// Create the do-not-cache condition
DoNotCacheConditionBuilder doNotCacheConditionBuilder = new DoNotCacheConditionBuilder();
// SAMLObjectBuilder doNotCacheConditionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(DoNotCacheCondition.DEFAULT_ELEMENT_NAME);
DoNotCacheCondition condition = (DoNotCacheCondition) doNotCacheConditionBuilder.buildObject();
System.out.println("1005");

ConditionsBuilder conditionsBuilder = new ConditionsBuilder();
//SAMLObjectBuilder conditionsBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
Conditions conditions = (Conditions) conditionsBuilder.buildObject();
conditions.getConditions().add(condition);
System.out.println("1006");
// Create the assertion
AssertionBuilder assertionBuilder = new AssertionBuilder();
//SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = (Assertion) assertionBuilder.buildObject(Assertion.DEFAULT_ELEMENT_NAME);
assertion.setIssuer(strIssuer);
assertion.setIssueInstant(new DateTime());
assertion.setVersion(SAMLVersion.VERSION_10);
assertion.getAuthenticationStatements().add(authnStatement);
assertion.getAttributeStatements().add(attrStatement);
assertion.setConditions(conditions);
System.out.println("1007");
// Print the assertion to standard output
AssertionMarshaller marshaller = new AssertionMarshaller();
System.out.println("assertion::::::::"+assertion);
Element element = marshaller.marshall(assertion);
System.out.println("1009");
System.out.println(XMLHelper.prettyPrintXML(element));

}
catch (Exception e) {
e.printStackTrace();
}
}

}

Posted by gayatri on October 01, 2009 at 06:53 AM CEST #

Make sure you have 1)openws\*.jar included. Will be no NPE after this 2) DefaultBootstrap.bootstrap() can't be commented for it to work.

Posted by sanjeev shah on January 29, 2010 at 09:25 AM CET #

SampleSAML.java:57: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.NameIdentifier
NameIdentifier nameId = nameIdBuilder.buildObject();
\^
SampleSAML.java:64: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.ConfirmationMethod
ConfirmationMethod confirmationMethod = confirmationMethodBuilder.build
Object();

\^
SampleSAML.java:68: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.SubjectConfirmation
SubjectConfirmation subjectConfirmation = subjectConfirmationBuilder.bu
ildObject();

\^
SampleSAML.java:72: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.Subject
Subject subject = subjectBuilder.buildObject();
\^
SampleSAML.java:79: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.AuthenticationStatement
AuthenticationStatement authnStatement = authStatementBuilder.buildObje
ct();

\^
SampleSAML.java:86: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.Attribute
Attribute attrGroups = attrBuilder.buildObject();
\^
SampleSAML.java:96: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.AttributeStatement
AttributeStatement attrStatement = attrStatementBuilder.buildObject();
\^
SampleSAML.java:102: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.DoNotCacheCondition
DoNotCacheCondition condition = doNotCacheConditionBuilder.buildObject(
);
\^

SampleSAML.java:105: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.Conditions
Conditions conditions = conditionsBuilder.buildObject();
\^
SampleSAML.java:110: incompatible types
found : org.opensaml.common.SAMLObject
required: org.opensaml.saml1.core.Assertion
Assertion assertion = assertionBuilder.buildObject();
\^
10 errors

Any ideas?.

Posted by xyz on April 05, 2010 at 05:43 PM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

joachimandres

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today