public class SAMLUtils extends Object
Constructor and Description |
---|
SAMLUtils() |
Modifier and Type | Method and Description |
---|---|
static org.opensaml.saml1.core.Assertion |
buildAssertion(Element assertionElement)
Builds an assertion from an XML element.
|
static org.opensaml.saml1.core.Assertion |
createAssertion(String issuerName,
org.joda.time.DateTime notBefore,
org.joda.time.DateTime notOnOrAfter,
List<org.opensaml.saml1.core.Statement> statements)
This method creates the final SAML assertion.
|
static org.opensaml.saml1.core.Attribute |
createAttribute(String name,
String namespace,
String value)
Creates a SAML attribute similar to following,
<saml:Attribute
AttributeName="MemberLevel"
AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes">
<saml:AttributeValue>gold</saml:AttributeValue>
</saml:Attribute>
|
static org.opensaml.saml1.core.AttributeStatement |
createAttributeStatement(org.opensaml.saml1.core.Subject subject,
List<org.opensaml.saml1.core.Attribute> attributeList)
Creates an attribute statement.
|
static org.opensaml.saml1.core.AuthenticationStatement |
createAuthenticationStatement(org.opensaml.saml1.core.Subject subject,
String authenticationMethod,
org.joda.time.DateTime authenticationInstant)
Creates an AuthenticationStatement.
|
static org.opensaml.saml1.core.Conditions |
createConditions(org.joda.time.DateTime notBefore,
org.joda.time.DateTime notOnOrAfter)
Creates Conditions object.
|
static org.opensaml.xml.signature.KeyInfo |
createKeyInfo()
Creates a KeyInfo object
|
static org.opensaml.xml.signature.KeyInfo |
createKeyInfo(org.opensaml.xml.encryption.EncryptedKey encryptedKey)
Creates a KeyInfo element given EncryptedKey.
|
static org.opensaml.xml.signature.KeyInfo |
createKeyInfo(org.opensaml.xml.signature.X509Data x509Data)
Creates a KeyInfo element given EncryptedKey.
|
static org.opensaml.saml1.core.NameIdentifier |
createNamedIdentifier(String principalName,
String format)
Create named identifier.
|
static org.opensaml.saml1.core.Subject |
createSubject(org.opensaml.saml1.core.NameIdentifier nameIdentifier,
String confirmationMethod,
org.opensaml.xml.signature.KeyInfo keyInfoContent)
Creates an opensaml Subject representation.
|
static org.opensaml.saml1.core.SubjectConfirmation |
createSubjectConfirmation(String confirmationMethod,
org.opensaml.xml.signature.KeyInfo keyInfoContent)
Creates opensaml SubjectConfirmation representation.
|
static org.opensaml.saml1.core.ConfirmationMethod |
createSubjectConfirmationMethod(String confirmationMethod)
Creates the subject confirmation method.
|
static Collection<X509Certificate> |
getCertChainCollection(X509Certificate[] issuerCerts) |
static String |
getSAML11SubjectConfirmationMethod(org.opensaml.saml1.core.Assertion assertion)
Get subject confirmation method of the given SAML 1.1 Assertion.
|
static void |
signAssertion(org.opensaml.saml1.core.Assertion assertion,
org.apache.ws.security.components.crypto.Crypto crypto,
String issuerKeyAlias,
String issuerKeyPassword)
Signs the SAML assertion.
|
public static Collection<X509Certificate> getCertChainCollection(X509Certificate[] issuerCerts)
public static org.opensaml.saml1.core.Assertion buildAssertion(Element assertionElement)
assertionElement
- The XML element.public static void signAssertion(org.opensaml.saml1.core.Assertion assertion, org.apache.ws.security.components.crypto.Crypto crypto, String issuerKeyAlias, String issuerKeyPassword) throws TrustException
Credential
objectSignature
objectassertion
- The assertion to be signed.crypto
- Certificate and private key data are stored in Crypto objectissuerKeyAlias
- Key aliasissuerKeyPassword
- Key passwordTrustException
- If an error occurred while signing the assertion.public static String getSAML11SubjectConfirmationMethod(org.opensaml.saml1.core.Assertion assertion)
assertion
- SAML 1.1 Assertionpublic static org.opensaml.saml1.core.NameIdentifier createNamedIdentifier(String principalName, String format) throws TrustException
principalName
- Name of the subject.format
- Format of the subject, whether it is an email, uid etc ...TrustException
- If unable to find the builder.public static org.opensaml.saml1.core.ConfirmationMethod createSubjectConfirmationMethod(String confirmationMethod) throws TrustException
<saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:holder-of-key </saml:ConfirmationMethod>
confirmationMethod
- Name of the actual confirmation method. Could be
holder-of-key - "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"
sender-vouches - "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"
bearer - TODOTrustException
- If unable to find appropriate XMLObject builder for confirmation QName.public static org.opensaml.saml1.core.SubjectConfirmation createSubjectConfirmation(String confirmationMethod, org.opensaml.xml.signature.KeyInfo keyInfoContent) throws TrustException
<saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:sender-vouches </saml:ConfirmationMethod> </saml:SubjectConfirmation>
confirmationMethod
- The subject confirmation method. Bearer, Sender-Vouches or Holder-Of-Key.keyInfoContent
- The KeyInfo content. According to SPEC (SAML 1.1) this could be null.TrustException
- If unable to find any of the XML builders.public static org.opensaml.saml1.core.Subject createSubject(org.opensaml.saml1.core.NameIdentifier nameIdentifier, String confirmationMethod, org.opensaml.xml.signature.KeyInfo keyInfoContent) throws TrustException
<saml:Subject> <saml:NameIdentifier NameQualifier="www.example.com" Format="..."> uid=joe,ou=people,ou=saml-demo,o=baltimore.com </saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:holder-of-key </saml:ConfirmationMethod> <ds:KeyInfo> <ds:KeyValue>...</ds:KeyValue> </ds:KeyInfo> </saml:SubjectConfirmation> </saml:Subject>
nameIdentifier
- Represent the "NameIdentifier" of XML element above.confirmationMethod
- Represent the bearer, HOK or Sender-Vouches.keyInfoContent
- Key info information. This could be null.TrustException
- If a relevant XML builder is unable to find.public static org.opensaml.saml1.core.AuthenticationStatement createAuthenticationStatement(org.opensaml.saml1.core.Subject subject, String authenticationMethod, org.joda.time.DateTime authenticationInstant) throws TrustException
<AuthenticationStatement AuthenticationInstant="2003-04-17T00:46:00Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <Subject> <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> scott@example.org</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod> </SubjectConfirmation> </Subject> <SubjectLocality IPAddress="127.0.0.1"/> </AuthenticationStatement>
subject
- OpenSAML Subject implementation.authenticationMethod
- How subject is authenticated ? i.e. by using a password, kerberos, certificate
etc ... The method is defined as a URL in SAML specification.authenticationInstant
- Time which authentication took place.TrustException
- If unable to find the builder.public static org.opensaml.saml1.core.AttributeStatement createAttributeStatement(org.opensaml.saml1.core.Subject subject, List<org.opensaml.saml1.core.Attribute> attributeList) throws TrustException
<saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier NameQualifier="www.example.com" Format="..."> uid=joe,ou=people,ou=saml-demo,o=baltimore.com </saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:holder-of-key </saml:ConfirmationMethod> <ds:KeyInfo> <ds:KeyValue>...</ds:KeyValue> </ds:KeyInfo> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="MemberLevel" AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes"> <saml:AttributeValue>gold</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="E-mail" AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes"> <saml:AttributeValue>joe@yahoo.com</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement>
subject
- The OpenSAML representation of the Subject.attributeList
- List of attribute values to include within the message.TrustException
- If unable to find the appropriate builder.public static org.opensaml.saml1.core.Conditions createConditions(org.joda.time.DateTime notBefore, org.joda.time.DateTime notOnOrAfter) throws TrustException
<saml:Conditions NotBefore="2002-06-19T16:53:33.173Z" NotOnOrAfter="2002-06-19T17:08:33.173Z"/>
notBefore
- The validity of the Assertion starts from this value.notOnOrAfter
- The validity ends from this value.TrustException
- If unable to find appropriate builder.public static org.opensaml.saml1.core.Assertion createAssertion(String issuerName, org.joda.time.DateTime notBefore, org.joda.time.DateTime notOnOrAfter, List<org.opensaml.saml1.core.Statement> statements) throws TrustException
<saml:Assertion AssertionID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc" IssueInstant="2003-04-17T00:46:02Z" Issuer="www.opensaml.org" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion"> <saml:Conditions> NotBefore="2002-06-19T16:53:33.173Z" NotOnOrAfter="2002-06-19T17:08:33.173Z"/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier NameQualifier="www.example.com" Format="..."> uid=joe,ou=people,ou=saml-demo,o=baltimore.com </saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:holder-of-key </saml:ConfirmationMethod> <ds:KeyInfo> <ds:KeyValue>...</ds:KeyValue> </ds:KeyInfo> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="MemberLevel" AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes"> <saml:AttributeValue>gold</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="E-mail" AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes"> <saml:AttributeValue>joe@yahoo.com</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <ds:Signature>...</ds:Signature> </saml:Assertion>
issuerName
- Represents the "Issuer" in Assertion.notBefore
- The Condition's NotBefore valuenotOnOrAfter
- The Condition's NotOnOrAfter valuestatements
- Other statements.TrustException
- If unable to find the appropriate builder.public static org.opensaml.saml1.core.Attribute createAttribute(String name, String namespace, String value) throws TrustException
<saml:Attribute AttributeName="MemberLevel" AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes"> <saml:AttributeValue>gold</saml:AttributeValue> </saml:Attribute>
name
- attribute namenamespace
- attribute namespace.value
- attribute value.TrustException
- If unable to find the appropriate builder.public static org.opensaml.xml.signature.KeyInfo createKeyInfo() throws TrustException
TrustException
- If an error occurred while creating KeyInfo.public static org.opensaml.xml.signature.KeyInfo createKeyInfo(org.opensaml.xml.encryption.EncryptedKey encryptedKey) throws TrustException
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" .... </xenc:EncryptedKey> </ds:KeyInfo>
encryptedKey
- The OpemSAML representation of encrypted key.TrustException
- If unable to find the builder.public static org.opensaml.xml.signature.KeyInfo createKeyInfo(org.opensaml.xml.signature.X509Data x509Data) throws TrustException
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" .... </X509Data> </ds:KeyInfo>
x509Data
- The OpemSAML representation X509DataTrustException
- If unable to find the builder.Copyright © Apache Software Foundation. All Rights Reserved.