/** * Gets the most recent authentication result from the IdP session. * * @param session IdP session to ask for authentication results. * * @return Latest authentication result. * * @throws IllegalStateException If no authentication results are found. */ private AuthenticationResult getLatestAuthenticationResult(final IdPSession session) { AuthenticationResult latest = null; for (final AuthenticationResult result : session.getAuthenticationResults()) { if (latest == null || result.getAuthenticationInstant() > latest.getAuthenticationInstant()) { latest = result; } } if (latest == null) { throw new IllegalStateException("Cannot find authentication results in IdP session"); } return latest; } }
/** {@inheritDoc} */ @Override public boolean equals(final Object obj) { if (obj == null) { return false; } if (this == obj) { return true; } if (obj instanceof AuthenticationResult) { return Objects.equals(getAuthenticationFlowId(), ((AuthenticationResult) obj).getAuthenticationFlowId()) && getAuthenticationInstant() == ((AuthenticationResult) obj).getAuthenticationInstant(); } return false; }
if (descriptor.isResultActive(candidate)) { if (authenticationContext.getMaxAge() > 0 && candidate.getAuthenticationInstant() + authenticationContext.getMaxAge() < System.currentTimeMillis()) { log.debug("{} Ignoring active result from login flow {} due to maxAge on request",
/** * Check if a result generated by this flow is still active. * * @param result {@link AuthenticationResult} to check * * @return true iff the result remains valid */ public boolean isResultActive(@Nonnull final AuthenticationResult result) { Constraint.isNotNull(result, "AuthenticationResult cannot be null"); Constraint.isTrue(result.getAuthenticationFlowId().equals(getId()), "AuthenticationResult was not produced by this flow"); final long now = System.currentTimeMillis(); if (getLifetime() > 0 && result.getAuthenticationInstant() + getLifetime() <= now) { return false; } else if (getInactivityTimeout() > 0 && result.getLastActivityInstant() + getInactivityTimeout() <= now) { return false; } return true; }
/** * Gets authentication date time. * * @return the authentication date time */ private static DateTime getAuthenticationDateTime(final ProfileRequestContext profileRequestContext) { final AuthenticationContext ctx = profileRequestContext.getSubcontext(AuthenticationContext.class); if (ctx != null && ctx.getAuthenticationResult() != null) { return new DateTime(ctx.getAuthenticationResult().getAuthenticationInstant()); } final SessionContext ctxSession = profileRequestContext.getSubcontext(SessionContext.class); if (ctxSession != null && ctxSession.getIdPSession() != null) { return new DateTime(ctxSession.getIdPSession().getCreationInstant()); } throw new OIDCException("Could not determine authentication time based on authentication or session context"); } }
if (maxAge > 0 && result.getAuthenticationInstant() + maxAge < now) { log.debug("{} Authentication result {} exceeds maxAge setting, skiping it", getLogPrefix(), result.getAuthenticationFlowId());
statement.setAuthenticationInstant(new DateTime(getAuthenticationResult().getAuthenticationInstant()));
final JsonGenerator gen = generatorFactory.createGenerator(sink); gen.writeStartObject().write(FLOW_ID_FIELD, instance.getAuthenticationFlowId()) .write(AUTHN_INSTANT_FIELD, instance.getAuthenticationInstant()) .writeStartArray(PRINCIPAL_ARRAY_FIELD);
statement.setAuthnInstant(new DateTime(getAuthenticationResult().getAuthenticationInstant()));
session.getId(), getPrincipalName(profileRequestContext), new Instant(authnResult.getAuthenticationInstant()), authnResult.getAuthenticationFlowId()); ticket = ticketServiceEx.createServiceTicket(