PicketLink :: Dealing With SAML Assertions

Sometime developers want to work with SAML Assertions. For this, they will require the SAML object model. PicketLink provides that to you. If you have the SAML Assertion and would like to get more details about its internals, there is a class in PicketLink called AssertionUtil.

 

FQN of AssertionUtil :   org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil

 

Some of the prominent methods from this utility class are:

 

Given a SAML Assertion, you want to convert to a String.

public static String asString(AssertionType assertion) throws ProcessingException

 

You an create an assertion with an id and an issuer.

You can create a subject in the assertion for a user.

public static AssertionType createAssertion(String id, NameIDType issuer)
public static SubjectType createAssertionSubject(String userName)

 

 

You can create a SAML2 attribute.

public static AttributeType createAttribute(String name, String nameFormat, Object... attributeValues)

 

 

Check whether an assertion has expired?

public static boolean hasExpired(AssertionType assertion) throws ConfigurationException

 

 

Given an assertion, pass in a list of keys that represent roles in the saml attributes inside the assertion and get back a list of role names from the assertion. If you are not sure on the keys, pass null for roleKeys.

public static List<String> getRoles(AssertionType assertion, List<String> roleKeys)