/** {@inheritDoc} */ @Nullable public String apply(@Nullable final MessageContext input) { if (input != null) { final SAMLSelfEntityContext selfContext = input.getSubcontext(SAMLSelfEntityContext.class); if (selfContext != null) { return selfContext.getEntityId(); } } return null; } }
/** * Get the outbound message issuer. * * @param messageContext the message context * @return the outbound message issuer */ @Nullable private String getOutboundMessageIssuer(@Nonnull final MessageContext<SAMLObject> messageContext) { final SAMLSelfEntityContext selfCtx = messageContext.getSubcontext(SAMLSelfEntityContext.class); if (selfCtx == null) { return null; } return selfCtx.getEntityId(); }
/** * Get the outbound message issuer. * * @param messageContext the message context * @return the outbound message issuer */ @Nullable private String getOutboundMessageIssuer(@Nonnull final MessageContext<SAMLObject> messageContext) { final SAMLSelfEntityContext selfCtx = messageContext.getSubcontext(SAMLSelfEntityContext.class); if (selfCtx == null) { return null; } return selfCtx.getEntityId(); }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final RelyingPartyContext input) { final BaseContext ctx = input != null ? input.getRelyingPartyIdContextTree() : null; if (ctx != null) { if (ctx instanceof SAMLPeerEntityContext) { return ((SAMLPeerEntityContext) ctx).getEntityId(); } else if (ctx instanceof SAMLSelfEntityContext) { return ((SAMLSelfEntityContext) ctx).getEntityId(); } } return null; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final MessageContext msgCtx = profileRequestContext.getInboundMessageContext(); final SAMLSelfEntityContext selfContext = msgCtx.getSubcontext(SAMLSelfEntityContext.class, true); selfContext.setEntityId(selfIdentityLookupStrategy.apply(profileRequestContext)); log.debug("{} Populated inbound message context with SAML self entityID: {}", getLogPrefix(), selfContext.getEntityId()); if (selfContext.getEntityId() == null) { ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX); } } }
/** * Get the valid audiences for attestation. * * <p> * This implementation returns a set containing the single entityID held by the message context's * {@link SAMLSelfEntityContext#getEntityId()}, if present. Otherwise an empty set is returned. * </p> * * @param input the assertion validation input * * @return set of audience URI's */ @Nonnull protected Set<String> getValidAudiences(@Nonnull final SAML20AssertionTokenValidationInput input) { LazySet<String> validAudiences = new LazySet<>(); SAMLSelfEntityContext selfContext = input.getMessageContext().getSubcontext(SAMLSelfEntityContext.class); if (selfContext != null && selfContext.getEntityId() != null) { validAudiences.add(selfContext.getEntityId()); } log.debug("Resolved valid audiences set: {}", validAudiences); return validAudiences; }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final MessageContext input) { if (input != null) { final SAMLPeerEntityContext peerCtx = input.getSubcontext(SAMLPeerEntityContext.class); if (peerCtx != null) { return peerCtx.getEntityId(); } final SAMLSelfEntityContext selfCtx = input.getSubcontext(SAMLSelfEntityContext.class); if (selfCtx != null) { return selfCtx.getEntityId(); } } return null; }
if (selfContext != null && selfContext.getEntityId() != null) { validRecipients.add(selfContext.getEntityId());
/** * Get the artifact source entityID. * * @return the source entityID, may be null */ @Nullable @NotEmpty public String getSourceEntityId() { if (sourceEntityId == null) { if (getParent() != null) { final SAMLSelfEntityContext self = getParent().getSubcontext(SAMLSelfEntityContext.class); if (self != null) { sourceEntityId = self.getEntityId(); } } } return sourceEntityId; }
@SuppressWarnings("unchecked") protected final LogoutResponse buildLogoutResponse(final SAML2MessageContext context, final SingleLogoutService ssoService) { final SAMLObjectBuilder<LogoutResponse> builder = (SAMLObjectBuilder<LogoutResponse>) this.builderFactory .getBuilder(LogoutResponse.DEFAULT_ELEMENT_NAME); final LogoutResponse response = builder.buildObject(); final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext(); response.setID(SAML2Utils.generateID()); response.setIssuer(getIssuer(selfContext.getEntityId())); response.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds)); response.setVersion(SAMLVersion.VERSION_20); response.setDestination(ssoService.getLocation()); response.setStatus(getSuccess()); final SAMLObject originalMessage = context.getMessage(); if (originalMessage != null && originalMessage instanceof RequestAbstractTypeImpl) { response.setInResponseTo(((RequestAbstractTypeImpl) originalMessage).getID()); } return response; }
/** * Validate assertionConditions * - notBefore * - notOnOrAfter * * @param conditions the conditions * @param context the context */ protected final void validateAssertionConditions(final Conditions conditions, final SAML2MessageContext context) { if (conditions == null) { return; } if (conditions.getNotBefore() != null && conditions.getNotBefore().minusSeconds(acceptedSkew).isAfterNow()) { throw new SAMLAssertionConditionException("Assertion condition notBefore is not valid"); } if (conditions.getNotOnOrAfter() != null && conditions.getNotOnOrAfter().plusSeconds(acceptedSkew).isBeforeNow()) { throw new SAMLAssertionConditionException("Assertion condition notOnOrAfter is not valid"); } final String entityId = context.getSAMLSelfEntityContext().getEntityId(); validateAudienceRestrictions(conditions.getAudienceRestrictions(), entityId); }
request.setIssuer(getIssuer(selfContext.getEntityId())); request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds)); request.setVersion(SAMLVersion.VERSION_20);
request.setIssuer(getIssuer(selfContext.getEntityId())); request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds)); request.setVersion(SAMLVersion.VERSION_20);
decodedCtx.getSAMLSelfEntityContext().setEntityId(context.getSAMLSelfEntityContext().getEntityId()); decodedCtx.getSAMLSelfEndpointContext().setEndpoint(context.getSAMLSelfEndpointContext().getEndpoint()); decodedCtx.getSAMLSelfEntityContext().setRole(context.getSAMLSelfEntityContext().getRole());