Support parsing SAML Responses containing multiple Assertion elements. The AuthenticationResponse contains all parsed assertions from the XML document.

Author: mmanes

build.savant

@@ -19,7 +19,7 @@ jakartaXMLBindVersion = "4.0.0"
 slf4jVersion = "2.0.7"
 testngVersion = "7.8.0"
 
-project(group: "io.fusionauth", name: "fusionauth-samlv2", version: "0.11.1", licenses: ["ApacheV2_0"]) {
+project(group: "io.fusionauth", name: "fusionauth-samlv2", version: "1.0.0", licenses: ["ApacheV2_0"]) {
   workflow {
     fetch {
       cache()

src/main/java/io/fusionauth/samlv2/domain/Assertion.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2019-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,17 +18,43 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Objects;
+import java.util.stream.Collectors;
 
 public class Assertion {
   public Map<String, List<String>> attributes = new HashMap<>();
 
   public Conditions conditions;
 
+  public String id;
+
   public String issuer;
 
   public Subject subject;
 
+  public Assertion() {
+  }
+
+  public Assertion(Assertion other) {
+    this.attributes = other.attributes
+        .entrySet()
+        .stream()
+        .collect(
+            Collectors.toMap(
+                Entry::getKey,
+                entry -> entry.getValue()
+                              .stream()
+                              .map(String::new)
+                              .toList()
+            )
+        );
+    this.conditions = other.conditions == null ? null : new Conditions(other.conditions);
+    this.id = other.id;
+    this.issuer = other.issuer;
+    this.subject = other.subject == null ? null : new Subject(other.subject);
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {
@@ -40,12 +66,13 @@ public boolean equals(Object o) {
     Assertion assertion = (Assertion) o;
     return Objects.equals(attributes, assertion.attributes) &&
         Objects.equals(conditions, assertion.conditions) &&
+        Objects.equals(id, assertion.id) &&
         Objects.equals(issuer, assertion.issuer) &&
         Objects.equals(subject, assertion.subject);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(attributes, conditions, issuer, subject);
+    return Objects.hash(attributes, conditions, id, issuer, subject);
   }
 }

src/main/java/io/fusionauth/samlv2/domain/AuthenticationResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2013-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 package io.fusionauth.samlv2.domain;
 
 import java.time.ZonedDateTime;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Objects;
 
 /**
@@ -24,14 +26,25 @@
  * @author Brian Pontarelli
  */
 public class AuthenticationResponse extends SAMLResponse {
-  public Assertion assertion = new Assertion();
+  public List<Assertion> assertions = new ArrayList<>();
 
   public String rawResponse;
 
   public ZonedDateTime sessionExpiry;
 
   public String sessionIndex;
 
+  public AuthenticationResponse() {
+  }
+
+  public AuthenticationResponse(AuthenticationResponse other) {
+    super(other);
+    this.assertions.addAll(other.assertions.stream().map(Assertion::new).toList());
+    this.rawResponse = other.rawResponse;
+    this.sessionExpiry = other.sessionExpiry;
+    this.sessionIndex = other.sessionIndex;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {
@@ -46,13 +59,13 @@ public boolean equals(Object o) {
     AuthenticationResponse that = (AuthenticationResponse) o;
     // The comparison does not include the rawResponse because different raw encoded responses can be parsed into
     // identical domain objects. This is mainly true for responses containing an encrypted assertion
-    return Objects.equals(assertion, that.assertion) &&
+    return Objects.equals(assertions, that.assertions) &&
         Objects.equals(sessionExpiry, that.sessionExpiry) &&
         Objects.equals(sessionIndex, that.sessionIndex);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(super.hashCode(), assertion, rawResponse, sessionExpiry, sessionIndex);
+    return Objects.hash(super.hashCode(), assertions, rawResponse, sessionExpiry, sessionIndex);
   }
 }

src/main/java/io/fusionauth/samlv2/domain/Conditions.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2019-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,15 @@ public class Conditions {
 
   public ZonedDateTime notOnOrAfter;
 
+  public Conditions() {
+  }
+
+  public Conditions(Conditions other) {
+    this.audiences.addAll(other.audiences);
+    this.notBefore = other.notBefore;
+    this.notOnOrAfter = other.notOnOrAfter;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {

src/main/java/io/fusionauth/samlv2/domain/NameID.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2019-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,15 @@ public class NameID {
 
   public String id;
 
+  public NameID() {
+
+  }
+
+  public NameID(NameID other) {
+    this.format = other.format;
+    this.id = other.id;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {

src/main/java/io/fusionauth/samlv2/domain/SAMLRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2021-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,6 +36,18 @@ public class SAMLRequest {
 
   public String xml;
 
+  public SAMLRequest() {
+  }
+
+  public SAMLRequest(SAMLRequest other) {
+    this.destination = other.destination;
+    this.id = other.id;
+    this.issueInstant = other.issueInstant;
+    this.issuer = other.issuer;
+    this.version = other.version;
+    this.xml = other.xml;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {

src/main/java/io/fusionauth/samlv2/domain/SAMLResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2021-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,15 @@ public class SAMLResponse extends SAMLRequest {
 
   public Status status = new Status();
 
+  public SAMLResponse() {
+  }
+
+  public SAMLResponse(SAMLResponse other) {
+    super(other);
+    this.inResponseTo = other.inResponseTo;
+    this.status = new Status(other.status);
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {

src/main/java/io/fusionauth/samlv2/domain/Status.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2019-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,14 @@ public class Status {
 
   public String message;
 
+  public Status() {
+  }
+
+  public Status(Status other) {
+    this.code = other.code;
+    this.message = other.message;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {

src/main/java/io/fusionauth/samlv2/domain/Subject.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2019-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,14 @@ public class Subject {
 
   public SubjectConfirmation subjectConfirmation;
 
+  public Subject() {
+  }
+
+  public Subject(Subject other) {
+    this.nameIDs = other.nameIDs == null ? null : other.nameIDs.stream().map(NameID::new).toList();
+    this.subjectConfirmation = other.subjectConfirmation == null ? null : new SubjectConfirmation(other.subjectConfirmation);
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {

src/main/java/io/fusionauth/samlv2/domain/SubjectConfirmation.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2024, Inversoft Inc., All Rights Reserved
+ * Copyright (c) 2013-2025, Inversoft Inc., All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,6 +32,17 @@ public class SubjectConfirmation {
 
   public String recipient;
 
+  public SubjectConfirmation() {
+  }
+
+  public SubjectConfirmation(SubjectConfirmation subjectConfirmation) {
+    this.address = subjectConfirmation.address;
+    this.inResponseTo = subjectConfirmation.inResponseTo;
+    this.method = subjectConfirmation.method;
+    this.notOnOrAfter = subjectConfirmation.notOnOrAfter;
+    this.recipient = subjectConfirmation.recipient;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {