cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: CXF-7107 - Support inserting claims into tokens issued by the STS in conjunction with ActAs
Date Mon, 24 Oct 2016 10:56:06 GMT
CXF-7107 - Support inserting claims into tokens issued by the STS in conjunction with ActAs


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9c1b9404
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9c1b9404
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9c1b9404

Branch: refs/heads/master
Commit: 9c1b940416ab068e841fab27bab7b6533e1f7ff6
Parents: d46818b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Oct 24 11:42:46 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Oct 24 11:55:54 2016 +0100

----------------------------------------------------------------------
 .../ActAsAttributeStatementProvider.java        | 103 +++++++++++++++++++
 .../DefaultAttributeStatementProvider.java      |  58 +----------
 .../sts/token/provider/SAMLTokenProvider.java   |  11 +-
 .../cxf/sts/token/provider/SAMLClaimsTest.java  |  29 ------
 .../token/provider/SAMLProviderActAsTest.java   |  95 ++++++++++++++++-
 5 files changed, 209 insertions(+), 87 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9c1b9404/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
new file mode 100644
index 0000000..808cad2
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.provider;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
+import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.AttributeBean;
+import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
+import org.apache.wss4j.dom.WSConstants;
+
+/**
+ * An AttributeStatementProvider implementation to handle "ActAs". It adds an "ActAs "attribute"
with the name of
+ * the principal that this token is "acting as".
+ */
+public class ActAsAttributeStatementProvider implements AttributeStatementProvider {
+
+    /**
+     * Get an AttributeStatementBean using the given parameters.
+     */
+    public AttributeStatementBean getStatement(TokenProviderParameters providerParameters)
{
+        AttributeStatementBean attrBean = new AttributeStatementBean();
+
+        TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
+        ReceivedToken actAs = tokenRequirements.getActAs();
+        try {
+            if (actAs != null) {
+                List<AttributeBean> attributeList = new ArrayList<>();
+                String tokenType = tokenRequirements.getTokenType();
+                
+                AttributeBean parameterBean = 
+                    handleAdditionalParameters(actAs.getToken(), tokenType);
+                if (!parameterBean.getAttributeValues().isEmpty()) {
+                    attributeList.add(parameterBean);
+                }
+                
+                attrBean.setSamlAttributes(attributeList);
+            }
+        } catch (WSSecurityException ex) {
+            throw new STSException(ex.getMessage(), ex);
+        }
+        
+        return attrBean;
+    }
+    
+    /**
+     * Handle an ActAs element.
+     */
+    private AttributeBean handleAdditionalParameters(
+        Object parameter, 
+        String tokenType
+    ) throws WSSecurityException {
+        AttributeBean parameterBean = new AttributeBean();
+
+        String claimType = "ActAs";
+        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType))
{
+            parameterBean.setSimpleName(claimType);
+            parameterBean.setQualifiedName("http://cxf.apache.org/sts");
+        } else {
+            parameterBean.setQualifiedName(claimType);
+            parameterBean.setNameFormat("http://cxf.apache.org/sts");
+        }
+        if (parameter instanceof UsernameTokenType) {
+            parameterBean.addAttributeValue(
+                ((UsernameTokenType)parameter).getUsername().getValue()
+            );
+        } else if (parameter instanceof Element) {
+            SamlAssertionWrapper wrapper = new SamlAssertionWrapper((Element)parameter);
+            SAMLTokenPrincipal principal = new SAMLTokenPrincipalImpl(wrapper);
+            parameterBean.addAttributeValue(principal.getName());
+        }
+
+        return parameterBean;
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c1b9404/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
index b5807c9..885fd2b 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
@@ -21,24 +21,14 @@ package org.apache.cxf.sts.token.provider;
 import java.util.ArrayList;
 import java.util.List;
 
-import org.w3c.dom.Element;
-
-import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
-import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.dom.WSConstants;
 
 /**
- * A default AttributeStatementProvider implementation. It creates a default attribute with
- * value "authenticated". It also shows how to handle OnBehalfOf or ActAs elements by adding
an
- * Attribute for them.
+ * A default AttributeStatementProvider implementation. It simply creates a default attribute
with
+ * value "authenticated". 
  */
 public class DefaultAttributeStatementProvider implements AttributeStatementProvider {
 
@@ -54,19 +44,6 @@ public class DefaultAttributeStatementProvider implements AttributeStatementProv
         AttributeBean attributeBean = createDefaultAttribute(tokenType);
         attributeList.add(attributeBean);
         
-        ReceivedToken actAs = tokenRequirements.getActAs();
-        try {
-            if (actAs != null) {
-                AttributeBean parameterBean = 
-                    handleAdditionalParameters(actAs.getToken(), tokenType);
-                if (!parameterBean.getAttributeValues().isEmpty()) {
-                    attributeList.add(parameterBean);
-                }
-            }
-        } catch (WSSecurityException ex) {
-            throw new STSException(ex.getMessage(), ex);
-        }
-        
         attrBean.setSamlAttributes(attributeList);
         
         return attrBean;
@@ -92,35 +69,4 @@ public class DefaultAttributeStatementProvider implements AttributeStatementProv
         return attributeBean;
     }
 
-    /**
-     * Handle an ActAs element.
-     */
-    private AttributeBean handleAdditionalParameters(
-        Object parameter, 
-        String tokenType
-    ) throws WSSecurityException {
-        AttributeBean parameterBean = new AttributeBean();
-
-        String claimType = "ActAs";
-        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType))
{
-            parameterBean.setSimpleName(claimType);
-            parameterBean.setQualifiedName("http://cxf.apache.org/sts");
-        } else {
-            parameterBean.setQualifiedName(claimType);
-            parameterBean.setNameFormat("http://cxf.apache.org/sts");
-        }
-        if (parameter instanceof UsernameTokenType) {
-            parameterBean.addAttributeValue(
-                ((UsernameTokenType)parameter).getUsername().getValue()
-            );
-        } else if (parameter instanceof Element) {
-            SamlAssertionWrapper wrapper = new SamlAssertionWrapper((Element)parameter);
-            SAMLTokenPrincipal principal = new SAMLTokenPrincipalImpl(wrapper);
-            parameterBean.addAttributeValue(principal.getName());
-        }
-
-        return parameterBean;
-    }
-
-
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c1b9404/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
index 867f150..e0b4916 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
@@ -390,17 +390,26 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements
Toke
         
         // If no providers have been configured, then default to the ClaimsAttributeStatementProvider
         // If no Claims are available then use the DefaultAttributeStatementProvider
+        // Also handle "ActAs" via the ActAsAttributeStatementProvider
         if (!statementAdded) {
             attrBeanList = new ArrayList<>();
             AttributeStatementProvider attributeProvider = new ClaimsAttributeStatementProvider();
             AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
-            if (attributeBean != null) {
+            if (attributeBean != null && attributeBean.getSamlAttributes() != null
+                && !attributeBean.getSamlAttributes().isEmpty()) {
                 attrBeanList.add(attributeBean);
             } else {
                 attributeProvider = new DefaultAttributeStatementProvider();
                 attributeBean = attributeProvider.getStatement(tokenParameters);
                 attrBeanList.add(attributeBean);
             }
+            
+            attributeProvider = new ActAsAttributeStatementProvider();
+            attributeBean = attributeProvider.getStatement(tokenParameters);
+            if (attributeBean != null && attributeBean.getSamlAttributes() != null
+                && !attributeBean.getSamlAttributes().isEmpty()) {
+                attrBeanList.add(attributeBean);
+            } 
         }
         
         // Get the Subject and Conditions

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c1b9404/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
index 4331149..5cba585 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
@@ -34,12 +34,10 @@ import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.StaticSTSProperties;
 import org.apache.cxf.sts.claims.ClaimTypes;
-import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider;
 import org.apache.cxf.sts.claims.ClaimsHandler;
 import org.apache.cxf.sts.claims.ClaimsManager;
 import org.apache.cxf.sts.claims.StaticClaimsHandler;
 import org.apache.cxf.sts.claims.StaticEndpointClaimsHandler;
-import org.apache.cxf.sts.common.CustomAttributeProvider;
 import org.apache.cxf.sts.common.CustomClaimsHandler;
 import org.apache.cxf.sts.common.PasswordCallbackHandler;
 import org.apache.cxf.sts.request.KeyRequirements;
@@ -90,10 +88,6 @@ public class SAMLClaimsTest extends org.junit.Assert {
         ClaimCollection claims = createClaims();
         providerParameters.setRequestedPrimaryClaims(claims);
         
-        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
-        customProviderList.add(new CustomAttributeProvider());
-        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
-        
         assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
@@ -135,10 +129,6 @@ public class SAMLClaimsTest extends org.junit.Assert {
         secondaryClaims.add(claim);
         providerParameters.setRequestedSecondaryClaims(secondaryClaims);
         
-        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
-        customProviderList.add(new CustomAttributeProvider());
-        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
-        
         assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
@@ -184,10 +174,6 @@ public class SAMLClaimsTest extends org.junit.Assert {
         secondaryClaims.setDialect(ClaimTypes.URI_BASE);
         providerParameters.setRequestedSecondaryClaims(secondaryClaims);
         
-        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
-        customProviderList.add(new CustomAttributeProvider());
-        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
-        
         assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
@@ -228,10 +214,6 @@ public class SAMLClaimsTest extends org.junit.Assert {
         claims.add(claim);
         providerParameters.setRequestedPrimaryClaims(claims);
         
-        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
-        customProviderList.add(new ClaimsAttributeStatementProvider());
-        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
-        
         assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
@@ -285,10 +267,6 @@ public class SAMLClaimsTest extends org.junit.Assert {
         claims.add(claim);
         providerParameters.setRequestedPrimaryClaims(claims);
         
-        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
-        customProviderList.add(new ClaimsAttributeStatementProvider());
-        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
-        
         assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
@@ -344,9 +322,6 @@ public class SAMLClaimsTest extends org.junit.Assert {
         claims.add(claim);
         providerParameters.setRequestedPrimaryClaims(claims);
         
-        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
-        customProviderList.add(new ClaimsAttributeStatementProvider());
-        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
         assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
         
         try {
@@ -377,10 +352,6 @@ public class SAMLClaimsTest extends org.junit.Assert {
         claims.add(claim);
         providerParameters.setRequestedPrimaryClaims(claims);
         
-        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
-        customProviderList.add(new CustomAttributeProvider());
-        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
-        
         assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c1b9404/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
index c801906..768da57 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.sts.token.provider;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import java.util.Properties;
 
@@ -28,10 +29,16 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.jaxws.context.WrappedMessageContext;
 import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.ClaimsManager;
 import org.apache.cxf.sts.common.CustomAttributeProvider;
+import org.apache.cxf.sts.common.CustomClaimsHandler;
 import org.apache.cxf.sts.common.PasswordCallbackHandler;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
@@ -214,6 +221,73 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         assertTrue(tokenString.contains("CustomActAs"));
     }
     
+    @org.junit.Test
+    public void testSAML2ActAsUsernameTokenClaims() throws Exception {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        
+        UsernameTokenType usernameToken = new UsernameTokenType();
+        AttributedString username = new AttributedString();
+        username.setValue("bob");
+        usernameToken.setUsername(username);
+        JAXBElement<UsernameTokenType> usernameTokenType = 
+            new JAXBElement<UsernameTokenType>(
+                QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken
+            );
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(
+                WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType
+            );
+        //Principal must be set in ReceivedToken/ActAs
+        providerParameters.getTokenRequirements().getActAs().setPrincipal(
+                new CustomTokenPrincipal(username.getValue()));
+        
+        // Add Claims
+        ClaimsManager claimsManager = new ClaimsManager();
+        ClaimsHandler claimsHandler = new CustomClaimsHandler();
+        claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+        providerParameters.setClaimsManager(claimsManager);
+        
+        ClaimCollection claims = createClaims();
+        providerParameters.setRequestedPrimaryClaims(claims);
+        
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+        
+        // Verify the token
+        Element token = (Element)providerResponse.getToken();
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
+        Assert.assertEquals("technical-user", assertion.getSubjectName());
+        
+        boolean foundActAsAttribute = false;
+        for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement 
+            : assertion.getSaml2().getAttributeStatements()) {
+            for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes())
{
+                if ("ActAs".equals(attribute.getName())) {
+                    for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                        Element attributeValueElement = attributeValue.getDOM();
+                        String text = attributeValueElement.getTextContent();
+                        if (text.contains("bob")) {
+                            foundActAsAttribute = true;
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        
+        Assert.assertTrue(foundActAsAttribute);
+        
+        // Check that claims are also present
+        String tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(providerResponse.getTokenId()));
+        assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
+        assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
+        assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
+    }
+    
     private Element getSAMLAssertion() throws Exception {
         TokenProvider samlTokenProvider = new SAMLTokenProvider();
         TokenProviderParameters providerParameters = 
@@ -280,6 +354,25 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         return properties;
     }
     
-  
+    /**
+     * Create a set of parsed Claims
+     */
+    private ClaimCollection createClaims() {
+        ClaimCollection claims = new ClaimCollection();
+        
+        Claim claim = new Claim();
+        claim.setClaimType(ClaimTypes.FIRSTNAME);
+        claims.add(claim);
+        
+        claim = new Claim();
+        claim.setClaimType(ClaimTypes.LASTNAME);
+        claims.add(claim);
+        
+        claim = new Claim();
+        claim.setClaimType(ClaimTypes.EMAILADDRESS);
+        claims.add(claim);
+        
+        return claims;
+    }
     
 }


Mime
View raw message