cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Adding some SAML SSO code (temporarily) ported from CXF
Date Mon, 14 Jul 2014 14:12:27 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 79c744df1 -> 94a9a34b3


Adding some SAML SSO code (temporarily) ported from CXF


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/94a9a34b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/94a9a34b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/94a9a34b

Branch: refs/heads/master
Commit: 94a9a34b3e9990472117e18573f1477bcc835ca6
Parents: 79c744d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jul 14 15:11:24 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jul 14 15:11:24 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/config/SAMLProtocol.java     |  39 ++++-
 .../fediz/core/samlsso/AuthnRequestBuilder.java |  36 ++++
 .../fediz/core/samlsso/CompressionUtils.java    |  88 ++++++++++
 .../samlsso/DefaultAuthnRequestBuilder.java     | 107 ++++++++++++
 .../cxf/fediz/core/samlsso/RequestState.java    |  88 ++++++++++
 .../samlsso/SamlpRequestComponentBuilder.java   | 170 +++++++++++++++++++
 .../src/main/resources/schemas/FedizConfig.xsd  |   2 +
 7 files changed, 529 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a9a34b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
index adf6862..a137a6f 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
@@ -21,10 +21,17 @@ package org.apache.cxf.fediz.core.config;
 
 import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
 import org.apache.cxf.fediz.core.config.jaxb.SamlProtocolType;
+import org.apache.cxf.fediz.core.samlsso.AuthnRequestBuilder;
+import org.apache.cxf.fediz.core.samlsso.DefaultAuthnRequestBuilder;
+import org.apache.wss4j.common.util.Loader;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class SAMLProtocol extends Protocol {
 
-    // private static final Logger LOG = LoggerFactory.getLogger(SAMLProtocol.class);
+    private static final Logger LOG = LoggerFactory.getLogger(SAMLProtocol.class);
+    
+    private AuthnRequestBuilder authnRequestBuilder;
     
     public SAMLProtocol(ProtocolType protocolType) {
         super(protocolType);
@@ -94,5 +101,35 @@ public class SAMLProtocol extends Protocol {
         getSAMLProtocol().setStateTimeToLive(stateTimeToLive);
     }
 
+    public AuthnRequestBuilder getAuthnRequestBuilder() {
+        if (authnRequestBuilder != null) {
+            return authnRequestBuilder;
+        }
+        
+        // See if we have a custom AuthnRequestBuilder
+        String authnRequestBuilderStr = getSAMLProtocol().getAuthnRequestBuilder();
+        if (authnRequestBuilderStr != null && !"".equals(authnRequestBuilderStr))
{
+            try {
+                Class<?> authnRequestBuilderClass = Loader.loadClass(authnRequestBuilderStr);
+                authnRequestBuilder = (AuthnRequestBuilder) authnRequestBuilderClass.newInstance();
+            } catch (ClassNotFoundException ex) {
+                LOG.debug(ex.getMessage(), ex);
+            } catch (InstantiationException ex) {
+                LOG.debug(ex.getMessage(), ex);
+            } catch (IllegalAccessException ex) {
+                LOG.debug(ex.getMessage(), ex);
+            }
+        }
+        
+        // Default implementation
+        authnRequestBuilder = new DefaultAuthnRequestBuilder();
+        
+        return authnRequestBuilder;
+    }
+
+    public void setAuthnRequestBuilder(AuthnRequestBuilder authnRequestBuilder) {
+        this.authnRequestBuilder = authnRequestBuilder;
+    }
+
     
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a9a34b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/AuthnRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/AuthnRequestBuilder.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/AuthnRequestBuilder.java
new file mode 100644
index 0000000..bae10dc
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/AuthnRequestBuilder.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.samlsso;
+
+import org.opensaml.saml2.core.AuthnRequest;
+
+/**
+ * This interface defines a method to create a SAML 2.0 Protocol AuthnRequest.
+ */
+public interface AuthnRequestBuilder {
+    
+    /**
+     * Create a SAML 2.0 Protocol AuthnRequest
+     */
+    AuthnRequest createAuthnRequest(
+        String issuerId,
+        String assertionConsumerServiceAddress
+    ) throws Exception;
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a9a34b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
new file mode 100644
index 0000000..eb6a413
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.samlsso;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.SequenceInputStream;
+import java.util.zip.DataFormatException;
+import java.util.zip.Deflater;
+import java.util.zip.Inflater;
+
+public final class CompressionUtils {
+    private CompressionUtils() {
+        
+    }
+    public static InputStream inflate(byte[] deflatedToken) 
+        throws DataFormatException {
+        return inflate(deflatedToken, true);
+    }
+    public static InputStream inflate(byte[] deflatedToken, boolean nowrap) 
+        throws DataFormatException {
+        Inflater inflater = new Inflater(nowrap);
+        inflater.setInput(deflatedToken);
+        
+        byte[] input = new byte[deflatedToken.length * 2];
+        int inflatedLen = 0;
+        int inputLen = 0;
+        byte[] inflatedToken = input;
+        while (!inflater.finished()) {
+            inputLen = inflater.inflate(input);
+            if (!inflater.finished()) {
+                
+                if (inputLen == 0) {
+                    if (inflater.needsInput()) {
+                        throw new DataFormatException("Inflater can not inflate all the token
bytes");
+                    } else {
+                        break;
+                    }
+                }
+                
+                inflatedToken = new byte[input.length + inflatedLen];
+                System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
+                inflatedLen += inputLen;
+            }
+        }
+        InputStream is = new ByteArrayInputStream(input, 0, inputLen);
+        if (inflatedToken != input) {
+            is = new SequenceInputStream(new ByteArrayInputStream(inflatedToken, 0, inflatedLen),
+                                         is);
+        }
+        return is;
+    }
+    
+    public static byte[] deflate(byte[] tokenBytes) {
+        return deflate(tokenBytes, true);
+    }
+    
+    public static byte[] deflate(byte[] tokenBytes, boolean nowrap) {
+        Deflater compresser = new Deflater(Deflater.DEFLATED, nowrap);
+        
+        compresser.setInput(tokenBytes);
+        compresser.finish();
+        
+        byte[] output = new byte[tokenBytes.length * 2];
+        
+        int compressedDataLength = compresser.deflate(output);
+        
+        byte[] result = new byte[compressedDataLength];
+        System.arraycopy(output, 0, result, 0, compressedDataLength);
+        return result;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a9a34b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultAuthnRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultAuthnRequestBuilder.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultAuthnRequestBuilder.java
new file mode 100644
index 0000000..b6774d4
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultAuthnRequestBuilder.java
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.samlsso;
+
+import java.util.Collections;
+
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+
+/**
+ * A default implementation of the AuthnRequestBuilder interface to create a SAML 2.0
+ * Protocol AuthnRequest.
+ */
+public class DefaultAuthnRequestBuilder implements AuthnRequestBuilder {
+    
+    private boolean forceAuthn;
+    private boolean isPassive;
+    private String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+    
+    /**
+     * Create a SAML 2.0 Protocol AuthnRequest
+     */
+    public AuthnRequest createAuthnRequest(
+        String issuerId,
+        String assertionConsumerServiceAddress
+    ) throws Exception {
+        OpenSAMLUtil.initSamlEngine();
+        Issuer issuer =
+            SamlpRequestComponentBuilder.createIssuer(issuerId);
+        
+        NameIDPolicy nameIDPolicy =
+            SamlpRequestComponentBuilder.createNameIDPolicy(
+                true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", issuerId
+            );
+        
+        AuthnContextClassRef authnCtxClassRef =
+            SamlpRequestComponentBuilder.createAuthnCtxClassRef(
+                "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+            );
+        RequestedAuthnContext authnCtx =
+            SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
+                AuthnContextComparisonTypeEnumeration.EXACT,
+                Collections.singletonList(authnCtxClassRef), null
+            );
+        
+        //CHECKSTYLE:OFF
+        return SamlpRequestComponentBuilder.createAuthnRequest(
+                assertionConsumerServiceAddress, 
+                forceAuthn, 
+                isPassive,
+                protocolBinding, 
+                SAMLVersion.VERSION_20,
+                issuer, 
+                nameIDPolicy, 
+                authnCtx
+        );
+        
+    }
+
+    public boolean isForceAuthn() {
+        return forceAuthn;
+    }
+
+    public void setForceAuthn(boolean forceAuthn) {
+        this.forceAuthn = forceAuthn;
+    }
+
+    public boolean isPassive() {
+        return isPassive;
+    }
+
+    public void setPassive(boolean isPassive) {
+        this.isPassive = isPassive;
+    }
+
+    public String getProtocolBinding() {
+        return protocolBinding;
+    }
+
+    public void setProtocolBinding(String protocolBinding) {
+        this.protocolBinding = protocolBinding;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a9a34b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java
new file mode 100644
index 0000000..9b0ec22
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.samlsso;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RequestState implements Serializable {
+
+    private static final long serialVersionUID = 869323136115571943L;
+    
+    private String targetAddress;
+    private String idpServiceAddress;
+    private String samlRequestId;
+    private String issuerId;
+    private String webAppContext;
+    private String webAppDomain;
+    private long createdAt;
+ 
+    public RequestState() {
+        
+    }
+    
+    public RequestState(String targetAddress,
+                        String idpServiceAddress,
+                        String samlRequestId,
+                        String issuerId,
+                        String webAppContext,
+                        String webAppDomain,
+                        long createdAt) {
+        this.targetAddress = targetAddress;
+        this.idpServiceAddress = idpServiceAddress;
+        this.samlRequestId = samlRequestId;
+        this.issuerId = issuerId;
+        this.webAppContext = webAppContext;
+        this.webAppDomain = webAppDomain;
+        this.createdAt = createdAt;
+    }
+
+    public String getTargetAddress() {
+        return targetAddress;
+    }
+
+    public String getIdpServiceAddress() {
+        return idpServiceAddress;
+    }
+
+    public String getSamlRequestId() {
+        return samlRequestId;
+    }
+
+    public String getIssuerId() {
+        return issuerId;
+    }
+
+    public long getCreatedAt() {
+        return createdAt;
+    }
+
+    public String getWebAppContext() {
+        return webAppContext;
+    }
+
+    public String getWebAppDomain() {
+        return webAppDomain;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a9a34b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
new file mode 100644
index 0000000..426dc33
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.samlsso;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObjectBuilder;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnContextDeclRef;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+
+/**
+* A set of utility methods to construct SAMLP Request statements
+*/
+public final class SamlpRequestComponentBuilder {
+    
+    private static volatile SAMLObjectBuilder<AuthnRequest> authnRequestBuilder;
+    
+    private static volatile SAMLObjectBuilder<Issuer> issuerBuilder;
+    
+    private static volatile SAMLObjectBuilder<NameIDPolicy> nameIDBuilder;
+    
+    private static volatile SAMLObjectBuilder<RequestedAuthnContext> requestedAuthnCtxBuilder;
+    
+    private static volatile SAMLObjectBuilder<AuthnContextClassRef> requestedAuthnCtxClassRefBuilder;
+    
+    private static volatile XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    
+    private SamlpRequestComponentBuilder() {
+    }
+    
+    @SuppressWarnings("unchecked")
+    //CHECKSTYLE:OFF
+    public static AuthnRequest createAuthnRequest(
+        String serviceURL,
+        boolean forceAuthn,
+        boolean isPassive,
+        String protocolBinding,
+        SAMLVersion version,
+        Issuer issuer,
+        NameIDPolicy nameIDPolicy,
+        RequestedAuthnContext requestedAuthnCtx
+    ) {
+    //CHECKSTYLE:ON    
+        if (authnRequestBuilder == null) {
+            authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>)
+                builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
+        }
+        AuthnRequest authnRequest = authnRequestBuilder.buildObject();
+        authnRequest.setAssertionConsumerServiceURL(serviceURL);
+        authnRequest.setForceAuthn(forceAuthn);
+        authnRequest.setID(UUID.randomUUID().toString());
+        authnRequest.setIsPassive(isPassive);
+        authnRequest.setIssueInstant(new DateTime());
+        authnRequest.setProtocolBinding(protocolBinding);
+        authnRequest.setVersion(version);
+        
+        authnRequest.setIssuer(issuer);
+        authnRequest.setNameIDPolicy(nameIDPolicy);
+        authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
+        
+        return authnRequest;
+    }
+    
+    @SuppressWarnings("unchecked")
+    public static Issuer createIssuer(
+        String issuerValue
+    ) {
+        if (issuerBuilder == null) {
+            issuerBuilder = (SAMLObjectBuilder<Issuer>)
+                builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
+        }
+        Issuer issuer = issuerBuilder.buildObject();
+        issuer.setValue(issuerValue);
+        
+        return issuer;
+    }
+    
+    @SuppressWarnings("unchecked")
+    public static NameIDPolicy createNameIDPolicy(
+        boolean allowCreate,
+        String format,
+        String spNameQualifier
+    ) {
+        if (nameIDBuilder == null) {
+            nameIDBuilder = (SAMLObjectBuilder<NameIDPolicy>)
+                builderFactory.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
+        }
+        NameIDPolicy nameId = nameIDBuilder.buildObject();
+        nameId.setAllowCreate(allowCreate);
+        nameId.setFormat(format);
+        nameId.setSPNameQualifier(spNameQualifier);
+        
+        return nameId;
+    }
+    
+    @SuppressWarnings("unchecked")
+    public static RequestedAuthnContext createRequestedAuthnCtxPolicy(
+        AuthnContextComparisonTypeEnumeration comparison,
+        List<AuthnContextClassRef> authnCtxClassRefList,
+        List<AuthnContextDeclRef> authnCtxDeclRefList
+    ) {
+        if (requestedAuthnCtxBuilder == null) {
+            requestedAuthnCtxBuilder = (SAMLObjectBuilder<RequestedAuthnContext>)
+                builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
+        }
+        RequestedAuthnContext authnCtx = requestedAuthnCtxBuilder.buildObject();
+        authnCtx.setComparison(comparison);
+        
+        if (authnCtxClassRefList != null) {
+            List<AuthnContextClassRef> classRefList = authnCtx.getAuthnContextClassRefs();
+            if (classRefList == null) {
+                classRefList = new ArrayList<AuthnContextClassRef>();
+            }
+            classRefList.addAll(authnCtxClassRefList);
+        }
+        
+        if (authnCtxDeclRefList != null) {
+            List<AuthnContextDeclRef> declRefList = authnCtx.getAuthnContextDeclRefs();
+            if (declRefList == null) {
+                declRefList = new ArrayList<AuthnContextDeclRef>();
+            }
+            declRefList.addAll(authnCtxDeclRefList);
+        }
+        
+        return authnCtx;
+    }
+    
+    @SuppressWarnings("unchecked")
+    public static AuthnContextClassRef createAuthnCtxClassRef(
+        String authnCtxClassRefValue
+    ) {
+        if (requestedAuthnCtxClassRefBuilder == null) {
+            requestedAuthnCtxClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>)
+                builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
+        }
+        AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject();
+        authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue);
+        
+        return authnCtxClassRef;
+    }
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a9a34b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 984b8a6..3420b09 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -116,6 +116,7 @@
 					<xs:element ref="signRequest" />
 					<xs:element ref="stateTimeToLive" />
 					<xs:element ref="webAppDomain" />
+					<xs:element ref="authnRequestBuilder"/>
 				</xs:sequence>
 				<xs:attribute name="version" use="required" type="xs:string" />
 			</xs:extension>
@@ -130,6 +131,7 @@
 	<xs:element name="signRequest" type="xs:boolean" />
 	<xs:element name="stateTimeToLive" type="xs:long" default="120000" />
 	<xs:element name="webAppDomain" type="xs:string" />
+	<xs:element name="authnRequestBuilder" type="xs:string" />
 	
 	<xs:complexType name="protocolType" abstract="true">
 	    <xs:sequence>


Mime
View raw message