Joachim Andres' Blog
Wednesday Jul 01, 2009
Creating a SAML Assertion with OpenSAML
Here's handy way to create a SAML assertion programmatically using OpenSAML (www.opensaml.org).
Dependencies:
xalan.jar (2.7.1), xercesImpl.jar, xml-apis.jar, opensaml-1.1.jar, xmlsec-20050514.jar, log4j-1.2.5.jar, commons-logging-1.03.jar, commons-codec-1.3.jarHere's the Java Source:
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.opensaml.*;
import java.util.Date;
import java.util.HashSet;
public class AMUserAssertion {
private static String strIssuer = "Example:FrontEnd";
private static String strNameID = "testUserID";
private static String strNameQualifier = "Example:FrontEnd";
// private static String strNamespace = "urn:oasis:names:tc:SAML:1.0:assertion";
private static String strNamespace = "urn:bea:security:saml:groups";
private static String strAttrName = "Groups";
private static String strAuthMethod = "SunAccessManager";
public static void main(String args[]) {
try {
// Crate the assertion
SAMLAssertion assertion = new SAMLAssertion(strIssuer, null, null, null, null, null);
// Create the subject
SAMLSubject subject = new SAMLSubject(new SAMLNameIdentifier(strNameID, strNameQualifier, SAMLNameIdentifier.FORMAT_UNSPECIFIED), null, null, null);
subject.addConfirmationMethod(SAMLSubject.CONF_SENDER_VOUCHES);
// Create the authentication statement
Date date = new Date();
SAMLAuthenticationStatement authStatement = new SAMLAuthenticationStatement(subject, strAuthMethod, date, null, null, null);
assertion.addStatement(authStatement);
// Create the attribute statement
SAMLAttribute attrGroups = new SAMLAttribute(strAttrName, strNamespace, null, 0, null);
// Here some hardcoded values for the groups attributes
attrGroups.addValue("AssetManager");
attrGroups.addValue("Employee");
HashSet set = new HashSet();
set.add(attrGroups);
SAMLSubject subject2 = (SAMLSubject) subject.clone();
SAMLAttributeStatement attrStatement = new SAMLAttributeStatement(subject2, set);
assertion.addStatement(attrStatement);
SAMLDoNotCacheCondition condition = new SAMLDoNotCacheCondition();
assertion.addCondition(condition);
System.out.println("AMUserAssertion 1:\n"+assertion.toString());
}
catch (Exception e) {
e.printStackTrace();
}
}
}
The output looks like:
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_4e138dee03e2e826b58b9310e2d8a1e5" IssueInstant="2009-07-01T10:03:06.103Z" Issuer="PND:FrontEnd" MajorVersion="1" MinorVersion="1">
<Conditions>
<DoNotCacheCondition></DoNotCacheCondition>
</Conditions>
<AuthenticationStatement AuthenticationInstant="2009-07-01T10:03:07.078Z" AuthenticationMethod="SunAccessManager">
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="PND:FrontEnd">testUserID</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
<AttributeStatement>
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="PND:FrontEnd">testUserID</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
<Attribute AttributeName="Groups" AttributeNamespace="urn:bea:security:saml:groups">
<AttributeValue>AssetManager</AttributeValue>
<AttributeValue>Employee</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>"
Posted at 01:25PM Jul 01, 2009 by joachimandres in Identity | Comments[1]
Thanks. This is works fine, however, I noticed in most saml examples, it begins with "<saml:Assertion..
" and yours begins with "<Assertion." How do I get the API to perform this?
Posted by Herbert Riggs on August 22, 2009 at 07:08 PM CEST #