Skip to content

Extract the context classes (AuthnContextClassRef) from the response #421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java
Original file line number Diff line number Diff line change
@@ -72,6 +72,11 @@ public class SamlResponse {
*/
private Map<String,String> nameIdData = null;

/**
* Context class (AuthnContextClassRef) in the response
*/
private String contextClass = null;

/**
* URL of the current host + current view
*/
@@ -88,7 +93,7 @@ public class SamlResponse {
private Exception validationException;

/**
* The respone status code and messages
* The response status code and messages
*/
private SamlResponseStatus responseStatus;

@@ -576,6 +581,18 @@ public String getNameIdSPNameQualifier() throws Exception {
return spNameQualifier;
}

public String getContextClass() throws XPathExpressionException, ValidationError {
if (this.contextClass == null) {
NodeList nodes = this.queryAssertion("/saml:AuthnStatement/saml:AuthnContext/saml:AuthnContextClassRef");
switch(nodes.getLength()) {
case 0: break; // None defined. There should be one, but no big deal if an IDP fails to provide it
case 1: this.contextClass = nodes.item(0).getTextContent(); break;
default: throw new ValidationError("Multiple AuthnContextClassRef found in the Assertion.", ValidationError.WRONG_NUMBER_OF_CONTEXT_CLASSES);
}
}
return this.contextClass;
}

/**
* Gets the Attributes from the AttributeStatement element.
*
Original file line number Diff line number Diff line change
@@ -54,6 +54,7 @@ public class ValidationError extends SAMLException {
public static final int KEY_ALGORITHM_ERROR = 47;
public static final int MISSING_ENCRYPTED_ELEMENT = 48;
public static final int INVALID_ISSUE_INSTANT_FORMAT = 49;
public static final int WRONG_NUMBER_OF_CONTEXT_CLASSES = 50;

private int errorCode;

11 changes: 11 additions & 0 deletions toolkit/src/main/java/com/onelogin/saml2/Auth.java
Original file line number Diff line number Diff line change
@@ -91,6 +91,11 @@ public class Auth {
*/
private String nameidSPNameQualifier;

/**
* AuthnContextClassRef - extracted from the AuthnStatement of the SAML Response
*/
private String contextClass;

/**
* SessionIndex. When the user is logged, this stored it from the AuthnStatement of the SAML Response
*/
@@ -1209,6 +1214,7 @@ public void processResponse(String requestId) throws Exception {
nameidFormat = samlResponse.getNameIdFormat();
nameidNameQualifier = samlResponse.getNameIdNameQualifier();
nameidSPNameQualifier = samlResponse.getNameIdSPNameQualifier();
contextClass = samlResponse.getContextClass();
authenticated = true;
attributes = samlResponse.getAttributes();
sessionIndex = samlResponse.getSessionIndex();
@@ -1442,6 +1448,11 @@ public final String getNameIdSPNameQualifier() {
return nameidSPNameQualifier;
}

/**
* @return the context class (AuthnContextClassRef) of the assertion
*/
public String getContextClass() { return contextClass; }

/**
* @return the SessionIndex of the assertion
*/
3 changes: 3 additions & 0 deletions toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java
Original file line number Diff line number Diff line change
@@ -528,9 +528,11 @@ public void testProcessResponse() throws Exception {
Auth auth = new Auth(settings, request, response);
assertFalse(auth.isAuthenticated());
assertTrue(auth.getErrors().isEmpty());
assertNull(auth.getContextClass());
auth.processResponse();
assertFalse(auth.isAuthenticated());
assertTrue(auth.getAttributes().isEmpty());
assertNull(auth.getContextClass());

samlResponseEncoded = Util.getFileAsString("data/responses/valid_response.xml.base64");
when(request.getParameterMap()).thenReturn(singletonMap("SAMLResponse", new String[]{samlResponseEncoded}));
@@ -564,6 +566,7 @@ public void testProcessResponse() throws Exception {
assertEquals(attrValues, auth2.getAttribute("uid"));
assertEquals(attrValues2, auth2.getAttribute("mail"));
assertEquals(attrValues3, auth2.getAttribute("eduPersonAffiliation"));
assertEquals("urn:oasis:names:tc:SAML:2.0:ac:classes:Password", auth2.getContextClass());
assertEquals(keys, auth2.getAttributesName());
}