List<SAML11StatementAbstractType> statements = assertion.getStatements(); for (SAML11StatementAbstractType statement : statements)
/** * Create an assertion * * @param id * @param issuer * @return */ public static SAML11AssertionType createSAML11Assertion(String id, XMLGregorianCalendar issueInstant, String issuer) { SAML11AssertionType assertion = new SAML11AssertionType(id, issueInstant); assertion.setIssuer(issuer); return assertion; }
/** * Check whether the assertion has expired * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; //Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); if (trace) log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { log.info("Assertion has expired with id=" + assertion.getID()); } } //TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
StaxUtil.writeAttribute(writer, SAML11Constants.ASSERTIONID, assertion.getID()); StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + ""); StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + ""); StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString()); String issuer = assertion.getIssuer(); if (issuer != null) SAML11ConditionsType conditions = assertion.getConditions(); if (conditions != null) SAML11AdviceType advice = assertion.getAdvice(); if (advice != null) throw new RuntimeException(ErrorCodes.NOT_IMPLEMENTED_YET + "Advice"); List<SAML11StatementAbstractType> statements = assertion.getStatements(); if (statements != null) Element sig = assertion.getSignature(); if (sig != null) StaxUtil.writeDOMElement(writer, sig);
if (this.revocationRegistry.isRevoked(SAMLUtil.SAML11_TOKEN_TYPE, oldAssertion.getID())) throw logger.samlAssertionRevokedCouldNotRenew(oldAssertion.getID()); SAML11ConditionsType conditions = oldAssertion.getConditions(); Lifetime lifetime = adjustLifetimeForClockSkew( wstContext.getRequestSecurityToken().getLifetime() ); conditions.setNotBefore(lifetime.getCreated()); statements.addAll(oldAssertion.getStatements()); SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions); newAssertion.setIssuer(wstContext.getTokenIssuer());
SAML11AssertionType assertionType = new SAML11AssertionType(assertionID, issueInstant); assertionType.setIssuer(issuerID); assertionType.addAllStatements(statements); try { AssertionUtil.createSAML11TimedConditions(assertionType, ASSERTION_VALIDITY, CLOCK_SKEW); SAML11AuthenticationStatementType stat = new SAML11AuthenticationStatementType(authenticationMethod, issueInstant); stat.setSubject(subject); assertionType.add(stat);
assertion.setIssuer(issuer); assertion.setSignature(StaxParserUtil.getDOMElement(xmlEventReader)); issuer = StaxParserUtil.getElementText(xmlEventReader); assertion.setIssuer(issuer); assertion.setConditions(conditions); assertion.add(authStat); assertion.add(attributeStatementType); assertion.add(authzStat);
SAML11AssertionType assertion = new SAML11AssertionType(assertionID, lifetime.getCreated()); assertion.add(authStatement); assertion.setConditions(conditions); assertion.setIssuer(wstContext.getTokenIssuer());
saml11Assertion.add(attributeStatement);
/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void cancelToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { this.tokenRegistry.removeToken(issuedAssertion.getID()); } catch (IOException e) { throw logger.processingError(e); } }
private SAML11AssertionType parseBaseAttributes(StartElement nextElement) throws ParsingException { Attribute idAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.ASSERTIONID)); if (idAttribute == null) throw logger.parserRequiredAttribute("AssertionID"); String id = StaxParserUtil.getAttributeValue(idAttribute); Attribute majVersionAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.MAJOR_VERSION)); String majVersion = StaxParserUtil.getAttributeValue(majVersionAttribute); StringUtil.match("1", majVersion); Attribute minVersionAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.MINOR_VERSION)); String minVersion = StaxParserUtil.getAttributeValue(minVersionAttribute); StringUtil.match("1", minVersion); Attribute issueInstantAttribute = nextElement.getAttributeByName(new QName(JBossSAMLConstants.ISSUE_INSTANT.get())); XMLGregorianCalendar issueInstant = XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(issueInstantAttribute)); return new SAML11AssertionType(id, issueInstant); } }
StaxUtil.writeAttribute(writer, SAML11Constants.ASSERTIONID, assertion.getID()); StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + ""); StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + ""); StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString()); String issuer = assertion.getIssuer(); if (issuer != null) { StaxUtil.writeAttribute(writer, SAML11Constants.ISSUER, issuer); SAML11ConditionsType conditions = assertion.getConditions(); if (conditions != null) { StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns); SAML11AdviceType advice = assertion.getAdvice(); if (advice != null) throw logger.notImplementedYet("Advice"); List<SAML11StatementAbstractType> statements = assertion.getStatements(); if (statements != null) { for (SAML11StatementAbstractType statement : statements) { Element sig = assertion.getSignature(); if (sig != null) StaxUtil.writeDOMElement(writer, sig);
if (this.revocationRegistry.isRevoked(SAMLUtil.SAML11_TOKEN_TYPE, oldAssertion.getID())) throw logger.samlAssertionRevokedCouldNotRenew(oldAssertion.getID()); SAML11ConditionsType conditions = oldAssertion.getConditions(); Lifetime lifetime = adjustLifetimeForClockSkew( wstContext.getRequestSecurityToken().getLifetime() ); conditions.setNotBefore(lifetime.getCreated()); statements.addAll(oldAssertion.getStatements()); SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions); newAssertion.setIssuer(wstContext.getTokenIssuer());
SAML11AssertionType assertionType = new SAML11AssertionType(assertionID, issueInstant); assertionType.setIssuer(issuerID); assertionType.addAllStatements(statements); try { AssertionUtil.createSAML11TimedConditions(assertionType, ASSERTION_VALIDITY, CLOCK_SKEW); SAML11AuthenticationStatementType stat = new SAML11AuthenticationStatementType(authenticationMethod, issueInstant); stat.setSubject(subject); assertionType.add(stat);
assertion.setIssuer(issuer); assertion.setSignature(StaxParserUtil.getDOMElement(xmlEventReader)); } else if (JBossSAMLConstants.ISSUER.get().equalsIgnoreCase(tag)) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); issuer = StaxParserUtil.getElementText(xmlEventReader); assertion.setIssuer(issuer); } else if (JBossSAMLConstants.SUBJECT.get().equalsIgnoreCase(tag)) { SAML11SubjectParser subjectParser = new SAML11SubjectParser(); assertion.setConditions(conditions); } else if (SAML11Constants.AUTHENTICATION_STATEMENT.equals(tag)) { startElement = (StartElement) xmlEvent; SAML11AuthenticationStatementType authStat = SAML11ParserUtil.parseAuthenticationStatement(xmlEventReader); assertion.add(authStat); } else if (SAML11Constants.ATTRIBUTE_STATEMENT.equalsIgnoreCase(tag)) { SAML11AttributeStatementType attributeStatementType = SAML11ParserUtil .parseSAML11AttributeStatement(xmlEventReader); assertion.add(attributeStatementType); } else if (SAML11Constants.AUTHORIZATION_DECISION_STATEMENT.equalsIgnoreCase(tag)) { SAML11AuthorizationDecisionStatementType authzStat = SAML11ParserUtil .parseSAML11AuthorizationDecisionStatement(xmlEventReader); assertion.add(authzStat); } else throw logger.parserUnknownTag(tag, peekedElement.getLocation());
SAML11AssertionType assertion = new SAML11AssertionType(assertionID, lifetime.getCreated()); assertion.add(authStatement); assertion.setConditions(conditions); assertion.setIssuer(wstContext.getTokenIssuer());
saml11Assertion.add(attributeStatement);
/** * Add validity conditions to the SAML2 Assertion * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void cancelToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { this.tokenRegistry.removeToken(issuedAssertion.getID()); } catch (IOException e) { throw logger.processingError(e); } }