private Conditions newConditions(final DateTime issuedAt, final String serviceId) { final Conditions conditions = newSamlObject(Conditions.class); conditions.setNotBefore(issuedAt); conditions.setNotOnOrAfter(issuedAt.plus(this.issueLength)); final AudienceRestrictionCondition audienceRestriction = newSamlObject(AudienceRestrictionCondition.class); final Audience audience = newSamlObject(Audience.class); audience.setUri(serviceId); audienceRestriction.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestriction); return conditions; }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException { Conditions conditions = (Conditions) samlElement; if (conditions.getNotBefore() != null) { String date = Configuration.getSAMLDateFormatter().print(conditions.getNotBefore()); domElement.setAttributeNS(null, Conditions.NOTBEFORE_ATTRIB_NAME, date); } if (conditions.getNotOnOrAfter() != null) { String date = Configuration.getSAMLDateFormatter().print(conditions.getNotOnOrAfter()); domElement.setAttributeNS(null, Conditions.NOTONORAFTER_ATTRIB_NAME, date); } } }
/** * Creates Conditions object. Analogous XML element is as follows, * <pre><saml:Conditions * NotBefore="2002-06-19T16:53:33.173Z" * NotOnOrAfter="2002-06-19T17:08:33.173Z"/></pre> * @param notBefore The validity of the Assertion starts from this value. * @param notOnOrAfter The validity ends from this value. * @return OpenSAML Conditions object. * @throws org.apache.rahas.TrustException If unable to find appropriate builder. */ public static Conditions createConditions(DateTime notBefore, DateTime notOnOrAfter) throws TrustException { Conditions conditions = (Conditions)CommonUtil.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME); conditions.setNotBefore(notBefore); conditions.setNotOnOrAfter(notOnOrAfter); return conditions; }
List<AudienceRestrictionCondition> audienceRestrictions = conditions.getAudienceRestrictionConditions(); if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { boolean audienceFound = false; boolean bearerFound = false; if (assertion.getConditions() != null && assertion.getConditions().getNotOnOrAfter() != null) { notOnOrAfterFromConditions = assertion.getConditions().getNotOnOrAfter();
org.opensaml.saml1.core.Conditions conditions = assertion.getSaml1().getConditions(); if (conditions != null && conditions.getAudienceRestrictionConditions() != null && !conditions.getAudienceRestrictionConditions().isEmpty()) { boolean foundAddress = false; for (org.opensaml.saml1.core.AudienceRestrictionCondition audienceRestriction : conditions.getAudienceRestrictionConditions()) { if (audienceRestriction.getAudiences() != null) { List<org.opensaml.saml1.core.Audience> audiences =
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { Conditions conditions = (Conditions) samlObject; if (Conditions.NOTBEFORE_ATTRIB_NAME.equals(attribute.getLocalName()) && !DatatypeHelper.isEmpty(attribute.getValue())) { conditions.setNotBefore(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else if (Conditions.NOTONORAFTER_ATTRIB_NAME.equals(attribute.getLocalName()) && !DatatypeHelper.isEmpty(attribute.getValue())) { conditions.setNotOnOrAfter(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else { processAttribute(samlObject, attribute); } } }
List<AudienceRestrictionCondition> audienceRestrictions = conditions.getAudienceRestrictionConditions(); if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { boolean audienceFound = false; boolean bearerFound = false; if (assertion.getConditions() != null && assertion.getConditions().getNotOnOrAfter() != null) { notOnOrAfterFromConditions = assertion.getConditions().getNotOnOrAfter();
org.opensaml.saml1.core.Conditions conditions = assertion.getSaml1().getConditions(); if (conditions != null && conditions.getAudienceRestrictionConditions() != null && !conditions.getAudienceRestrictionConditions().isEmpty()) { boolean foundAddress = false; for (org.opensaml.saml1.core.AudienceRestrictionCondition audienceRestriction : conditions.getAudienceRestrictionConditions()) { if (audienceRestriction.getAudiences() != null) { List<org.opensaml.saml1.core.Audience> audiences =
conditions.setNotBefore(newNotBefore); conditions.setNotOnOrAfter(newNotBefore.plusMinutes(5)); return conditions; ); conditions.setNotBefore(notBefore); conditions.setNotOnOrAfter(notAfter); } else { DateTime newNotBefore = new DateTime(); conditions.setNotBefore(newNotBefore); if (tokenPeriodMinutes <= 0) { tokenPeriodMinutes = 5; conditions.setNotOnOrAfter(newNotBefore.plusMinutes(tokenPeriodMinutes)); AudienceRestrictionCondition audienceRestriction = createSamlv1AudienceRestriction(conditionsBean.getAudienceURI()); conditions.getAudienceRestrictionConditions().add(audienceRestriction); AudienceRestrictionCondition audienceRestriction = createSamlv1AudienceRestriction(audienceRestrictionBean); conditions.getAudienceRestrictionConditions().add(audienceRestriction);
@Override protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } }
samlAssertion.getConditions().setNotBefore(new DateTime(creationTime)); samlAssertion.getConditions().setNotOnOrAfter(new DateTime(expirationTime));
conditions.setNotBefore(newNotBefore); conditions.setNotOnOrAfter(newNotBefore.plusMinutes(5)); return conditions; ); conditions.setNotBefore(notBefore); conditions.setNotOnOrAfter(notAfter); } else { DateTime newNotBefore = new DateTime(); conditions.setNotBefore(newNotBefore); if (tokenPeriodMinutes <= 0) { tokenPeriodMinutes = 5; conditions.setNotOnOrAfter(newNotBefore.plusMinutes(tokenPeriodMinutes)); AudienceRestrictionCondition audienceRestriction = createSamlv1AudienceRestriction(conditionsBean.getAudienceURI()); conditions.getAudienceRestrictionConditions().add(audienceRestriction); AudienceRestrictionCondition audienceRestriction = createSamlv1AudienceRestriction(audienceRestrictionBean); conditions.getAudienceRestrictionConditions().add(audienceRestriction);
} else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) { validFrom = assertion.getSaml1().getConditions().getNotBefore(); validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
@Override public void createSAMLAssertion(DateTime notAfter, DateTime notBefore, String assertionId) throws IdentityProviderException { assertion = (Assertion) buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME); Conditions conditions = (Conditions) buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME); conditions.setNotBefore(notBefore); conditions.setNotOnOrAfter(notAfter); ServerConfiguration config = ServerConfiguration.getInstance(); String host = "http://" + config.getFirstProperty("HostName"); assertion.setIssuer(host); assertion.setIssueInstant(new DateTime()); if (appilesTo != null) { Audience audience = (Audience) buildXMLObject(Audience.DEFAULT_ELEMENT_NAME); audience.setUri(appilesTo); AudienceRestrictionCondition audienceRestrictions = (AudienceRestrictionCondition) buildXMLObject(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME); audienceRestrictions.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestrictions); } assertion.setConditions(conditions); assertion.getAttributeStatements().add(this.attributeStmt); assertion.setID(assertionId); }
} else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) { validFrom = assertion.getSaml1().getConditions().getNotBefore(); validTill = assertion.getSaml1().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml1().getIssueInstant();
@Override public void createSAMLAssertion(DateTime notAfter, DateTime notBefore, String assertionId) throws IdentityProviderException { assertion = (Assertion) buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME); Conditions conditions = (Conditions) buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME); conditions.setNotBefore(notBefore); conditions.setNotOnOrAfter(notAfter); ServerConfiguration config = ServerConfiguration.getInstance(); String host = "http://" + config.getFirstProperty("HostName"); assertion.setIssuer(host); assertion.setIssueInstant(new DateTime()); if (appilesTo != null) { Audience audience = (Audience) buildXMLObject(Audience.DEFAULT_ELEMENT_NAME); audience.setUri(appilesTo); AudienceRestrictionCondition audienceRestrictions = (AudienceRestrictionCondition) buildXMLObject(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME); audienceRestrictions.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestrictions); } assertion.setConditions(conditions); assertion.getAttributeStatements().add(this.attributeStmt); assertion.setID(assertionId); }
} else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) { validFrom = assertion.getSaml1().getConditions().getNotBefore(); validTill = assertion.getSaml1().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml1().getIssueInstant();