+ requestContext.getInboundMessageIssuer(), e);
}
}
-
- /**
- * Writes an aduit log entry indicating the successful response to the attribute request.
- *
- * @param context current request context
- */
- protected void writeAuditLogEntry(BaseSAMLProfileRequestContext context) {
- AuditLogEntry auditLogEntry = new AuditLogEntry();
- auditLogEntry.setMessageProfile(getProfileId());
- auditLogEntry.setPrincipalAuthenticationMethod(context.getPrincipalAuthenticationMethod());
- auditLogEntry.setPrincipalName(context.getPrincipalName());
- auditLogEntry.setAssertingPartyId(context.getLocalEntityId());
- auditLogEntry.setRelyingPartyId(context.getInboundMessageIssuer());
- auditLogEntry.setRequestBinding(context.getMessageDecoder().getBindingURI());
- auditLogEntry.setRequestId(context.getInboundSAMLMessageId());
- auditLogEntry.setResponseBinding(context.getMessageEncoder().getBindingURI());
- auditLogEntry.setResponseId(context.getOutboundSAMLMessageId());
- if (context.getReleasedAttributes() != null) {
- auditLogEntry.getReleasedAttributes().addAll(context.getReleasedAttributes());
- }
-
- getAduitLog().info(auditLogEntry.toString());
- }
}
\ No newline at end of file
import org.opensaml.saml1.core.StatusMessage;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
+import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncodingException;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML1NameIdentifierEncoder;
import edu.internet2.middleware.shibboleth.common.attribute.provider.SAML1AttributeAuthority;
+import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
AudienceRestrictionCondition audienceRestriction = audienceRestrictionConditionBuilder.buildObject();
conditions.getAudienceRestrictionConditions().add(audienceRestriction);
-
+
Audience audience = audienceBuilder.buildObject();
audience.setUri(requestContext.getInboundMessageIssuer());
audienceRestriction.getAudiences().add(audience);
-
+
// add other audience restrictions
audiences = profileConfig.getAssertionAudiences();
if (audiences != null && audiences.size() > 0) {
ResponseAbstractType response) {
response.setID(getIdGenerator().generateIdentifier());
- if(requestContext != null){
+ if (requestContext != null) {
SAMLObject samlMessage = requestContext.getInboundSAMLMessage();
if (samlMessage != null && samlMessage instanceof RequestAbstractType) {
response.setInResponseTo(((RequestAbstractType) samlMessage).getID());
}
}
-
+
response.setVersion(SAMLVersion.VERSION_11);
}
throw new ProfileException("Unable to sign assertion", e);
}
}
+
+ /**
+ * Writes an audit log entry indicating the successful response to the attribute request.
+ *
+ * @param context current request context
+ */
+ protected void writeAuditLogEntry(BaseSAMLProfileRequestContext context) {
+ SAML1AuditLogEntry auditLogEntry = new SAML1AuditLogEntry();
+ auditLogEntry.setSAMLResponse((Response) context.getOutboundMessage());
+ auditLogEntry.setMessageProfile(getProfileId());
+ auditLogEntry.setPrincipalAuthenticationMethod(context.getPrincipalAuthenticationMethod());
+ auditLogEntry.setPrincipalName(context.getPrincipalName());
+ auditLogEntry.setAssertingPartyId(context.getLocalEntityId());
+ auditLogEntry.setRelyingPartyId(context.getInboundMessageIssuer());
+ auditLogEntry.setRequestBinding(context.getMessageDecoder().getBindingURI());
+ auditLogEntry.setRequestId(context.getInboundSAMLMessageId());
+ auditLogEntry.setResponseBinding(context.getMessageEncoder().getBindingURI());
+ auditLogEntry.setResponseId(context.getOutboundSAMLMessageId());
+ if (context.getReleasedAttributes() != null) {
+ auditLogEntry.getReleasedAttributes().addAll(context.getReleasedAttributes());
+ }
+
+ getAduitLog().info(auditLogEntry.toString());
+ }
+
+ /** SAML 1 specific audit log entry. */
+ protected class SAML1AuditLogEntry extends AuditLogEntry {
+
+ /** The response to the SAML 1 request. */
+ private Response samlResponse;
+
+ /**
+ * Gets the response to the SAML 1 request.
+ *
+ * @return the response to the SAML 1 request
+ */
+ public Response getSAMLResponse() {
+ return samlResponse;
+ }
+
+ /**
+ * Sets the response to the SAML 1 request.
+ *
+ * @param response the response to the SAML 1 request
+ */
+ public void setSAMLResponse(Response response) {
+ samlResponse = response;
+ }
+
+ /** {@inheritDoc} */
+ public String toString() {
+ StringBuilder entryString = new StringBuilder(super.toString());
+
+ NameIdentifier nameIdentifier = null;
+ StringBuilder assertionIds = new StringBuilder();
+ List<Assertion> assertions = samlResponse.getAssertions();
+ if(assertions != null && !assertions.isEmpty()){
+ for(Assertion assertion : assertions){
+ assertionIds.append(assertion.getID());
+ assertionIds.append(",");
+
+ if(nameIdentifier == null){
+ List<Statement> statements = assertion.getStatements();
+ if(statements != null && !statements.isEmpty()){
+ for(Statement statement : statements){
+ if(statement instanceof SubjectStatement){
+ if(((SubjectStatement)statement).getSubject() != null){
+ nameIdentifier = ((SubjectStatement)statement).getSubject().getNameIdentifier();
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if(nameIdentifier != null){
+ entryString.append(nameIdentifier.getNameIdentifier());
+ }
+ entryString.append("|");
+
+ entryString.append(assertionIds.toString());
+ entryString.append("|");
+
+ return entryString.toString();
+ }
+ }
}
\ No newline at end of file
package edu.internet2.middleware.shibboleth.idp.profile.saml2;
-import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.encryption.Encrypter;
import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
-import org.opensaml.saml2.metadata.AuthnAuthorityDescriptor;
import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.PDPDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SSODescriptor;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncodingException;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder;
import edu.internet2.middleware.shibboleth.common.attribute.provider.SAML2AttributeAuthority;
+import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
return kekCredentialResolver.resolveSingle(criteriaSet);
}
+
+
+ /**
+ * Writes an audit log entry indicating the successful response to the attribute request.
+ *
+ * @param context current request context
+ */
+ protected void writeAuditLogEntry(BaseSAMLProfileRequestContext context) {
+ SAML2AuditLogEntry auditLogEntry = new SAML2AuditLogEntry();
+ auditLogEntry.setSAMLResponse((Response) context.getOutboundMessage());
+ auditLogEntry.setMessageProfile(getProfileId());
+ auditLogEntry.setPrincipalAuthenticationMethod(context.getPrincipalAuthenticationMethod());
+ auditLogEntry.setPrincipalName(context.getPrincipalName());
+ auditLogEntry.setAssertingPartyId(context.getLocalEntityId());
+ auditLogEntry.setRelyingPartyId(context.getInboundMessageIssuer());
+ auditLogEntry.setRequestBinding(context.getMessageDecoder().getBindingURI());
+ auditLogEntry.setRequestId(context.getInboundSAMLMessageId());
+ auditLogEntry.setResponseBinding(context.getMessageEncoder().getBindingURI());
+ auditLogEntry.setResponseId(context.getOutboundSAMLMessageId());
+ if (context.getReleasedAttributes() != null) {
+ auditLogEntry.getReleasedAttributes().addAll(context.getReleasedAttributes());
+ }
+
+ getAduitLog().info(auditLogEntry.toString());
+ }
+
+ /** SAML 1 specific audit log entry. */
+ protected class SAML2AuditLogEntry extends AuditLogEntry {
+
+ /** The response to the SAML request. */
+ private Response samlResponse;
+
+ /**
+ * Gets the response to the SAML request.
+ *
+ * @return the response to the SAML request
+ */
+ public Response getSAMLResponse() {
+ return samlResponse;
+ }
+
+ /**
+ * Sets the response to the SAML request.
+ *
+ * @param response the response to the SAML request
+ */
+ public void setSAMLResponse(Response response) {
+ samlResponse = response;
+ }
+
+ /** {@inheritDoc} */
+ public String toString() {
+ StringBuilder entryString = new StringBuilder(super.toString());
+
+ NameID nameIdentifier = null;
+ StringBuilder assertionIds = new StringBuilder();
+ List<Assertion> assertions = samlResponse.getAssertions();
+ if(assertions != null && !assertions.isEmpty()){
+ for(Assertion assertion : assertions){
+ assertionIds.append(assertion.getID());
+ assertionIds.append(",");
+
+ if(nameIdentifier == null){
+ if(assertion.getSubject() != null){
+ nameIdentifier = assertion.getSubject().getNameID();
+ }
+ }
+ }
+ }
+
+ if(nameIdentifier != null){
+ entryString.append(nameIdentifier.getValue());
+ }
+ entryString.append("|");
+
+ entryString.append(assertionIds.toString());
+ entryString.append("|");
+
+ return entryString.toString();
+ }
+ }
}
\ No newline at end of file