Tuesday Sep 01, 2009

Creating a SAML Assertion with OpenSAML (Part 2)

I migrated the code (see blog) from OpenSAML 1.0 to 2.3 with some help from here and here.
Here's the Java Source:
import org.opensaml.DefaultBootstrap;
import org.opensaml.Configuration;

import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.DoNotCacheCondition;

import org.opensaml.saml1.core.impl.AssertionBuilder;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.opensaml.saml1.core.impl.AssertionMarshaller;
import org.opensaml.saml1.core.impl.SubjectImpl;

import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.util.XMLHelper;

import org.opensaml.xml.schema.XSString;

import org.w3c.dom.Element;
import org.joda.time.DateTime;

import java.util.Date;
import java.util.HashSet;
import java.util.List;

public class AMUserAssertion {

   private static String strIssuer = "Example:FrontEnd";
   private static String strNameID = "testUserID";
   private static String strNameQualifier = "Example:FrontEnd";
   private static String strNamespace = "urn:bea:security:saml:groups";
   private static String strAttrName = "Groups";
   private static String strAuthMethod = "SunAccessManager";

   public static void main(String args[]) {
   
      try {
         // OpenSAML 2.3
         DefaultBootstrap.bootstrap();
         XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

         // Create the NameIdentifier
         SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
         NameIdentifier nameId = nameIdBuilder.buildObject();
         nameId.setNameIdentifier(strNameID);
         nameId.setNameQualifier(strNameQualifier);
         nameId.setFormat(NameIdentifier.UNSPECIFIED);

         // Create the SubjectConfirmation
         SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder)  builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
         ConfirmationMethod confirmationMethod = confirmationMethodBuilder.buildObject();
         confirmationMethod.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");

         SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
         SubjectConfirmation subjectConfirmation = subjectConfirmationBuilder.buildObject();
                                 subjectConfirmation.getConfirmationMethods().add(confirmationMethod);
         // Create the Subject
         SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
         Subject subject = subjectBuilder.buildObject();

         subject.setNameIdentifier(nameId);
         subject.setSubjectConfirmation(subjectConfirmation);

         // Create Authentication Statement
         SAMLObjectBuilder authStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
         AuthenticationStatement authnStatement = authStatementBuilder.buildObject();
         authnStatement.setSubject(subject);
         authnStatement.setAuthenticationMethod(strAuthMethod);
         authnStatement.setAuthenticationInstant(new DateTime());

         // Create the attribute statement
         SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
         Attribute attrGroups = attrBuilder.buildObject();
         attrGroups.setAttributeName("Groups");

         XMLObjectBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
         XSString attrNewValue = (XSString) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
         attrNewValue.setValue("AssetManager");

         attrGroups.getAttributeValues().add(attrNewValue);

         SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
         AttributeStatement attrStatement = attrStatementBuilder.buildObject();
         attrStatement.getAttributes().add(attrGroups);
         // attrStatement.setSubject(subject);

         // Create the do-not-cache condition
         SAMLObjectBuilder doNotCacheConditionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(DoNotCacheCondition.DEFAULT_ELEMENT_NAME);
         DoNotCacheCondition condition = doNotCacheConditionBuilder.buildObject();

         SAMLObjectBuilder conditionsBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
         Conditions conditions = conditionsBuilder.buildObject();
         conditions.getConditions().add(condition);
         
         // Create the assertion
         SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
         Assertion assertion = assertionBuilder.buildObject();
         assertion.setIssuer(strIssuer);
         assertion.setIssueInstant(new DateTime());
         assertion.setVersion(SAMLVersion.VERSION_10);

         assertion.getAuthenticationStatements().add(authnStatement);
         assertion.getAttributeStatements().add(attrStatement);
         assertion.setConditions(conditions);

         // Print the assertion to standard output
         AssertionMarshaller marshaller = new AssertionMarshaller();
         Element element = marshaller.marshall(assertion);
         System.out.println("AMUserAssertion (SAML 1):\\n");
         System.out.println(XMLHelper.prettyPrintXML(element));

      }
      catch (Exception e) {
                e.printStackTrace();
        }
   }
}
The output looks like:

<?xml version="1.0" encoding="UTF-8"?><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" IssueInstant="2009-09-01T14:24:49.905Z" Issuer="Example:FrontEnd" MajorVersion="1" MinorVersion="0">
   <saml1:Conditions>
      <saml1:DoNotCacheCondition/>
   </saml1:Conditions>
   <saml1:AuthenticationStatement AuthenticationInstant="2009-09-01T14:24:49.581Z" AuthenticationMethod="SunAccessManager">
      <saml1:Subject>
         <saml1:NameIdentifierFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="Example:FrontEnd">testUserIDlt;/saml1:NameIdentifier>
         <saml1:SubjectConfirmation>
            <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod>
         </saml1:SubjectConfirmation>
      </saml1:Subject>
   </saml1:AuthenticationStatement>
   <saml1:AttributeStatement>
      <saml1:Attribute AttributeName="Groups">
         <saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AssetManager</saml1:AttributeValue>
      </saml1:Attribute>
   </saml1:AttributeStatement>
</saml1:Assertion>

Wednesday Jul 01, 2009

Creating a SAML Assertion with OpenSAML

Here's handy way to create a SAML assertion programmatically using OpenSAML (www.opensaml.org).

Dependencies:
xalan.jar (2.7.1), xercesImpl.jar, xml-apis.jar,
opensaml-1.1.jar, xmlsec-20050514.jar,
log4j-1.2.5.jar, commons-logging-1.03.jar, commons-codec-1.3.jar
Here's the Java Source:
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.opensaml.\*;

import java.util.Date;
import java.util.HashSet;

public class AMUserAssertion {

   private static String strIssuer = "Example:FrontEnd";
   private static String strNameID = "testUserID";
   private static String strNameQualifier = "Example:FrontEnd";
   // private static String strNamespace = "urn:oasis:names:tc:SAML:1.0:assertion";
   private static String strNamespace = "urn:bea:security:saml:groups";
   private static String strAttrName = "Groups";
   private static String strAuthMethod = "SunAccessManager";

   public static void main(String args[]) {
      try {
          // Crate the assertion
         SAMLAssertion assertion = new SAMLAssertion(strIssuer, null, null, null, null, null);
         // Create the subject
         SAMLSubject subject = new SAMLSubject(new SAMLNameIdentifier(strNameID, strNameQualifier, SAMLNameIdentifier.FORMAT_UNSPECIFIED), null, null, null);

         subject.addConfirmationMethod(SAMLSubject.CONF_SENDER_VOUCHES);

         // Create the authentication statement
         Date date = new Date();
         SAMLAuthenticationStatement authStatement = new SAMLAuthenticationStatement(subject, strAuthMethod, date, null, null, null);

         assertion.addStatement(authStatement);

         // Create the attribute statement
         SAMLAttribute attrGroups = new SAMLAttribute(strAttrName, strNamespace, null, 0, null);
         // Here some hardcoded values for the groups attributes
         attrGroups.addValue("AssetManager");
         attrGroups.addValue("Employee");

         HashSet set = new HashSet();
         set.add(attrGroups);

         SAMLSubject subject2 = (SAMLSubject) subject.clone();
         SAMLAttributeStatement attrStatement = new SAMLAttributeStatement(subject2, set);

         assertion.addStatement(attrStatement);

         SAMLDoNotCacheCondition condition = new SAMLDoNotCacheCondition();
         assertion.addCondition(condition);

         System.out.println("AMUserAssertion 1:\\n"+assertion.toString());
      }
      catch (Exception e) {
         e.printStackTrace();
      }
   }
}
The output looks like:
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_4e138dee03e2e826b58b9310e2d8a1e5" IssueInstant="2009-07-01T10:03:06.103Z" Issuer="PND:FrontEnd" MajorVersion="1" MinorVersion="1">
   <Conditions>
      <DoNotCacheCondition></DoNotCacheCondition>
   </Conditions>
   <AuthenticationStatement AuthenticationInstant="2009-07-01T10:03:07.078Z" AuthenticationMethod="SunAccessManager">
      <Subject>
         <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="PND:FrontEnd">testUserID</NameIdentifier>
         <SubjectConfirmation>
            <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
         </SubjectConfirmation>
      </Subject>
   </AuthenticationStatement>
   <AttributeStatement>
      <Subject>
         <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="PND:FrontEnd">testUserID</NameIdentifier>
         <SubjectConfirmation>
            <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
         </SubjectConfirmation>
      </Subject>
      <Attribute AttributeName="Groups" AttributeNamespace="urn:bea:security:saml:groups">
         <AttributeValue>AssetManager</AttributeValue>
         <AttributeValue>Employee</AttributeValue>
      </Attribute>
   </AttributeStatement>
</Assertion>"


About

joachimandres

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today