aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java57
1 files changed, 50 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 4a0cec6e4..bdfb11d34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -34,6 +34,8 @@ import java.util.Set;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
@@ -191,17 +193,22 @@ public class AssertionAttributeExtractor {
}
-// public PersonalAttributeList getSTORKAttributes() {
-// return storkAttributes;
-// }
-
-
+ /**
+ * Get the Id attribute from SAML2 assertion
+ *
+ * @return
+ */
public String getAssertionID() {
return assertion.getID();
}
-
+ /**
+ * Get the subjectNameId from SAML2 Assertion
+ *
+ * @return nameId but never null
+ * @throws AssertionAttributeExtractorExeption
+ */
public String getNameID() throws AssertionAttributeExtractorExeption {
if (assertion.getSubject() != null) {
Subject subject = assertion.getSubject();
@@ -218,6 +225,12 @@ public class AssertionAttributeExtractor {
throw new AssertionAttributeExtractorExeption("nameID");
}
+ /**
+ * Get get SessionIndex from SAML2 assertion
+ *
+ * @return sessionIndex but never null
+ * @throws AssertionAttributeExtractorExeption
+ */
public String getSessionIndex() throws AssertionAttributeExtractorExeption {
AuthnStatement authn = getAuthnStatement();
@@ -229,7 +242,9 @@ public class AssertionAttributeExtractor {
}
/**
- * @return
+ * Get the LoA (QAA level) from assertion. This information is extracted from AuthnContext and AuthnContextClassRef
+ *
+ * @return LoA but never null
* @throws AssertionAttributeExtractorExeption
*/
public String getQAALevel() throws AssertionAttributeExtractorExeption {
@@ -247,6 +262,11 @@ public class AssertionAttributeExtractor {
throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");
}
+ /**
+ * Get full SAML2 assertion
+ *
+ * @return
+ */
public Assertion getFullAssertion() {
return assertion;
}
@@ -297,6 +317,29 @@ public class AssertionAttributeExtractor {
}
+ /**
+ * Get the AudienceRestriction from SAML2 Assertion
+ *
+ * @return AudienceRestriction, but never null
+ * @throws AssertionAttributeExtractorExeption
+ */
+ public List<Audience> getAudienceRestriction( ) throws AssertionAttributeExtractorExeption {
+ try {
+ List<AudienceRestriction> rest = getFullAssertion().getConditions().getAudienceRestrictions();
+ if (rest != null && rest.size() != 0) {
+ if (rest.size() == 1 && rest.get(0) != null)
+ return rest.get(0).getAudiences();
+
+ else
+ Logger.warn("More than one 'AudienceRestriction'! Extraction currently NOT supported");
+ }
+
+ } catch (NullPointerException e) { }
+
+ throw new AssertionAttributeExtractorExeption("AudienceRestriction");
+
+ }
+
private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
List<AuthnStatement> authnList = assertion.getAuthnStatements();
if (authnList.size() == 0)