Joachim Andres' Blog
Tuesday Sep 01, 2009
Creating a SAML Assertion with OpenSAML (Part 2)
I migrated the code (see blog) from OpenSAML 1.0 to 2.3 with some help from here and here.
Here's the Java Source:
import org.opensaml.DefaultBootstrap;
import org.opensaml.Configuration;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.DoNotCacheCondition;
import org.opensaml.saml1.core.impl.AssertionBuilder;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.opensaml.saml1.core.impl.AssertionMarshaller;
import org.opensaml.saml1.core.impl.SubjectImpl;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.schema.XSString;
import org.w3c.dom.Element;
import org.joda.time.DateTime;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
public class AMUserAssertion {
private static String strIssuer = "Example:FrontEnd";
private static String strNameID = "testUserID";
private static String strNameQualifier = "Example:FrontEnd";
private static String strNamespace = "urn:bea:security:saml:groups";
private static String strAttrName = "Groups";
private static String strAuthMethod = "SunAccessManager";
public static void main(String args[]) {
try {
// OpenSAML 2.3
DefaultBootstrap.bootstrap();
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
// Create the NameIdentifier
SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
NameIdentifier nameId = nameIdBuilder.buildObject();
nameId.setNameIdentifier(strNameID);
nameId.setNameQualifier(strNameQualifier);
nameId.setFormat(NameIdentifier.UNSPECIFIED);
// Create the SubjectConfirmation
SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
ConfirmationMethod confirmationMethod = confirmationMethodBuilder.buildObject();
confirmationMethod.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
SubjectConfirmation subjectConfirmation = subjectConfirmationBuilder.buildObject();
subjectConfirmation.getConfirmationMethods().add(confirmationMethod);
// Create the Subject
SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
Subject subject = subjectBuilder.buildObject();
subject.setNameIdentifier(nameId);
subject.setSubjectConfirmation(subjectConfirmation);
// Create Authentication Statement
SAMLObjectBuilder authStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
AuthenticationStatement authnStatement = authStatementBuilder.buildObject();
authnStatement.setSubject(subject);
authnStatement.setAuthenticationMethod(strAuthMethod);
authnStatement.setAuthenticationInstant(new DateTime());
// Create the attribute statement
SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
Attribute attrGroups = attrBuilder.buildObject();
attrGroups.setAttributeName("Groups");
XMLObjectBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
XSString attrNewValue = (XSString) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
attrNewValue.setValue("AssetManager");
attrGroups.getAttributeValues().add(attrNewValue);
SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
AttributeStatement attrStatement = attrStatementBuilder.buildObject();
attrStatement.getAttributes().add(attrGroups);
// attrStatement.setSubject(subject);
// Create the do-not-cache condition
SAMLObjectBuilder doNotCacheConditionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(DoNotCacheCondition.DEFAULT_ELEMENT_NAME);
DoNotCacheCondition condition = doNotCacheConditionBuilder.buildObject();
SAMLObjectBuilder conditionsBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
Conditions conditions = conditionsBuilder.buildObject();
conditions.getConditions().add(condition);
// Create the assertion
SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = assertionBuilder.buildObject();
assertion.setIssuer(strIssuer);
assertion.setIssueInstant(new DateTime());
assertion.setVersion(SAMLVersion.VERSION_10);
assertion.getAuthenticationStatements().add(authnStatement);
assertion.getAttributeStatements().add(attrStatement);
assertion.setConditions(conditions);
// Print the assertion to standard output
AssertionMarshaller marshaller = new AssertionMarshaller();
Element element = marshaller.marshall(assertion);
System.out.println("AMUserAssertion (SAML 1):\n");
System.out.println(XMLHelper.prettyPrintXML(element));
}
catch (Exception e) {
e.printStackTrace();
}
}
}
The output looks like:
<?xml version="1.0" encoding="UTF-8"?><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" IssueInstant="2009-09-01T14:24:49.905Z" Issuer="Example:FrontEnd" MajorVersion="1" MinorVersion="0">
<saml1:Conditions>
<saml1:DoNotCacheCondition/>
</saml1:Conditions>
<saml1:AuthenticationStatement AuthenticationInstant="2009-09-01T14:24:49.581Z" AuthenticationMethod="SunAccessManager">
<saml1:Subject>
<saml1:NameIdentifierFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="Example:FrontEnd">testUserIDlt;/saml1:NameIdentifier>
<saml1:SubjectConfirmation>
<saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod>
</saml1:SubjectConfirmation>
</saml1:Subject>
</saml1:AuthenticationStatement>
<saml1:AttributeStatement>
<saml1:Attribute AttributeName="Groups">
<saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AssetManager</saml1:AttributeValue>
</saml1:Attribute>
</saml1:AttributeStatement>
</saml1:Assertion>
Posted at 04:33PM Sep 01, 2009 by joachimandres in Identity | Comments[1]
I ma unable to get the saml 1 response output written above .I have modified the code as below to avoid Null pointer exception.Still it is not generating the SAML response.
package com;
import org.opensaml.DefaultBootstrap;
import org.opensaml.Configuration;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.DoNotCacheCondition;
import org.opensaml.saml1.core.impl.AssertionBuilder;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.opensaml.saml1.core.impl.AssertionMarshaller;
import org.opensaml.saml1.core.impl.AttributeBuilder;
import org.opensaml.saml1.core.impl.AttributeStatementBuilder;
import org.opensaml.saml1.core.impl.AuthenticationStatementBuilder;
import org.opensaml.saml1.core.impl.ConditionsBuilder;
import org.opensaml.saml1.core.impl.ConfirmationMethodBuilder;
import org.opensaml.saml1.core.impl.DoNotCacheConditionBuilder;
import org.opensaml.saml1.core.impl.NameIdentifierBuilder;
import org.opensaml.saml1.core.impl.SubjectBuilder;
import org.opensaml.saml1.core.impl.SubjectConfirmationBuilder;
import org.opensaml.saml1.core.impl.SubjectImpl;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringBuilder;
import java.util.Date;
import org.w3c.dom.Element;
import org.joda.time.DateTime;
import java.util.HashSet;
import java.util.List;
public class GenerateSAML1 {
private static String strIssuer = "Example:FrontEnd";
private static String strNameID = "testUserID";
private static String strNameQualifier = "Example:FrontEnd";
private static String strNamespace = "urn:bea:security:saml:groups";
private static String strAttrName = "Groups";
private static String strAuthMethod = "SunAccessManager";
//public String genSAML1() {
public static void main(String args[]) {
try {
// OpenSAML 2.3
//DefaultBootstrap.bootstrap();
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
// Create the NameIdentifier
NameIdentifierBuilder nameIdBuilder = new NameIdentifierBuilder();
NameIdentifier nameId =(NameIdentifier)nameIdBuilder.buildObject(NameIdentifier.DEFAULT_ELEMENT_NAME);
// SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
System.out.println("nameIdBuilder::"+nameIdBuilder);
nameId.setNameIdentifier(strNameID);
nameId.setNameQualifier(strNameQualifier);
nameId.setFormat(NameIdentifier.FORMAT_ATTRIB_NAME);
// Create the SubjectConfirmation
ConfirmationMethodBuilder confMethodBuilder = new ConfirmationMethodBuilder();
ConfirmationMethod confMethod = (ConfirmationMethod)confMethodBuilder.buildObject(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
//SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
//ConfirmationMethod confirmationMethod = (ConfirmationMethod) confirmationMethodBuilder.buildObject();
System.out.println("confMethod::"+confMethod);
confMethod.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
//SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
//SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmationBuilder.buildObject();
SubjectConfirmationBuilder subConfirmBuild = new SubjectConfirmationBuilder();
SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subConfirmBuild.buildObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
System.out.println("subjectConfirmation::"+subjectConfirmation);
subjectConfirmation.getConfirmationMethods().add(confMethod);
// Create the Subject
SubjectBuilder subBuilder = new SubjectBuilder();
Subject subject = (Subject) subBuilder.buildObject(Subject.DEFAULT_ELEMENT_NAME);
//SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
//Subject subject = (Subject) subjectBuilder.buildObject();
System.out.println("subject:::"+subject);
subject.setNameIdentifier(nameId);
subject.setSubjectConfirmation(subjectConfirmation);
// Create Authentication Statement
AuthenticationStatementBuilder authStatementBuilder = new AuthenticationStatementBuilder();
AuthenticationStatement authnStatement = (AuthenticationStatement)authStatementBuilder.buildObject(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
System.out.println("999");
System.out.println("authnStatement::"+authnStatement);
//SAMLObjectBuilder authStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
//AuthenticationStatement authnStatement = (AuthenticationStatement) authStatementBuilder.buildObject();
authnStatement.setSubject(subject);
authnStatement.setAuthenticationMethod(strAuthMethod);
authnStatement.setAuthenticationInstant(new DateTime());
System.out.println("authnStatement::;"+authnStatement);
// Create the attribute statement
AttributeStatementBuilder attrStatementBuilder = new AttributeStatementBuilder();
AttributeStatement attrStatement = attrStatementBuilder.buildObject();
System.out.println("9993");
//SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
AttributeBuilder attrBuilder = new AttributeBuilder();
Attribute attrGroups = (Attribute) attrBuilder.buildObject();
System.out.println("attrGroups before setting:::"+attrGroups);
attrGroups.setAttributeName("Groups");
System.out.println("attrGroups after setting :::"+attrGroups);
System.out.println("attrGroups");
//XMLObjectBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
System.out.println("1001");
XSStringBuilder stringBuilder =(XSStringBuilder) builderFactory.getBuilder(XSString.TYPE_NAME);
//XSStringBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
System.out.println("10011");
// String namespaceURI = "urn:oasis:names:tc:SAML:1.0:assertion",
// XSString attrNewValue = (XSString)stringBuilder.buildObject("http://www.w3.org/2001/XMLSchema",XSString.TYPE_LOCAL_NAME,"xs");
System.out.println("10012");
// XSString attrNewValue = (XSString) stringBuilder.buildObject(Attribute.DEFAULT_ELEMENT_NAME);
System.out.println("10013");
// attrNewValue.setValue("AssetManager");
//attrGroups.getAttributeValues().add(attrNewValue);
//SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
//AttributeStatement attrStatement1 = (AttributeStatement) attrStatementBuilder.buildObject();
attrStatement.getAttributes().add(attrGroups);
// attrStatement.setSubject(subject);
System.out.println("1003");
// Create the do-not-cache condition
DoNotCacheConditionBuilder doNotCacheConditionBuilder = new DoNotCacheConditionBuilder();
// SAMLObjectBuilder doNotCacheConditionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(DoNotCacheCondition.DEFAULT_ELEMENT_NAME);
DoNotCacheCondition condition = (DoNotCacheCondition) doNotCacheConditionBuilder.buildObject();
System.out.println("1005");
ConditionsBuilder conditionsBuilder = new ConditionsBuilder();
//SAMLObjectBuilder conditionsBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
Conditions conditions = (Conditions) conditionsBuilder.buildObject();
conditions.getConditions().add(condition);
System.out.println("1006");
// Create the assertion
AssertionBuilder assertionBuilder = new AssertionBuilder();
//SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = (Assertion) assertionBuilder.buildObject(Assertion.DEFAULT_ELEMENT_NAME);
assertion.setIssuer(strIssuer);
assertion.setIssueInstant(new DateTime());
assertion.setVersion(SAMLVersion.VERSION_10);
assertion.getAuthenticationStatements().add(authnStatement);
assertion.getAttributeStatements().add(attrStatement);
assertion.setConditions(conditions);
System.out.println("1007");
// Print the assertion to standard output
AssertionMarshaller marshaller = new AssertionMarshaller();
System.out.println("assertion::::::::"+assertion);
Element element = marshaller.marshall(assertion);
System.out.println("1009");
System.out.println(XMLHelper.prettyPrintXML(element));
}
catch (Exception e) {
e.printStackTrace();
}
}
}
Posted by gayatri on October 01, 2009 at 01:53 PM CEST #