how to create and process a saml assertion in java?

Question

i'm beginner in opensaml-j and i want to create an assertion to delegate capabilities i have the assertion written in SAML, here's the image: SAML-based representation of capability

so can someone help me to create the assertion shown in the image with opensaml-j and how to process this latter??

Answer 1

So one approach of creating assertion is to:

AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();

Set the mandatory attributes of your SAML 2.0 Request. It is up to you to decide what goes in your SAML request.

authnRequest.setID(<>));
authnRequest.setVersion(SAMLVersion.VERSION_20);
authnRequest.setIssueInstant(new DateTime());

authnRequest.setProtocolBinding(httpBinding);
authnRequest.setIssuer(issuer);
authnRequest.setNameIDPolicy(nameIdPolicy);
authnRequest.setRequestedAuthnContext(requestedAuthnContext);
authnRequest.setDestination(idpUrl);

Before you send it you may want to sign it, this is done by adding a signature to your request.

Once you receive a SMAL response you could validate it by verifying its signature:

// Signature validation
Signature signature = samlResponse.getSignature();
SignatureValidator signatureValidator = new SignatureValidator(
new X509CredentialImplementation(<>);

try {
    signatureValidator.validate(signature);
} catch (ValidationException e) {
    LOGGER.error("XML signature is not **validate**, or there is an error during the validation operation");
  return false;
}

It is not clear how and where you want to send the assertion. But this is the basic procedure.

• Create the request. Send it.
• Wait for a response from service provider or whatever.
• Validate the signature of the response.
• If is valid response, you can grant necessary permission to the user.