/** * Method getId returns the id of this AssertionWrapper model. * * @return the id (type String) of this AssertionWrapper model. */ public String getId() { String id = null; if (saml2 != null) { id = saml2.getID(); } else { log.error("AssertionWrapper: unable to return ID - no saml assertion model"); } if (id == null || id.length() == 0) { log.error("AssertionWrapper: ID was null, seeting a new ID value"); id = UUIDGenerator.getUUID(); if (saml2 != null) { saml2.setID(id); } } return id; }
/** * Checks that the ID attribute is present. * * @param assertion * @throws ValidationException */ protected void validateID(Assertion assertion) throws ValidationException { if (DatatypeHelper.isEmpty(assertion.getID())) { throw new ValidationException("ID is required attribute"); } }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { Assertion assertion = (Assertion) samlObject; if (assertion.getVersion() != null) { domElement.setAttributeNS(null, Assertion.VERSION_ATTRIB_NAME, assertion.getVersion().toString()); } if (assertion.getIssueInstant() != null) { String issueInstantStr = Configuration.getSAMLDateFormatter().print(assertion.getIssueInstant()); domElement.setAttributeNS(null, Assertion.ISSUE_INSTANT_ATTRIB_NAME, issueInstantStr); } if (assertion.getID() != null) { domElement.setAttributeNS(null, Assertion.ID_ATTRIB_NAME, assertion.getID()); domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } } }
/** * {@inheritDoc} */ public Assertion getSignedAuditingAssertion(List<SAML2Attribute> saml2AuditingAttributes,Assertion authnAssertion){ Assertion auditingAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(), StringConstants.ATTRIBUTE_INFO_DATA, new DateTime(), authnAssertion.getConditions().getNotBefore(), authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1), saml2AuditingAttributes); try { auditingAssertion = (Assertion)saml2XmlObjectSigner.sign(auditingAssertion); }catch(SignatureException e){ String message ="SAML2 assertion signing failed : "; logger.error(message,e); } return auditingAssertion; }
/** * Method getId returns the id of this AssertionWrapper object. * * @return the id (type String) of this AssertionWrapper object. */ public String getId() { String id = null; if (saml2 != null) { id = saml2.getID(); } else if (saml1 != null) { id = saml1.getID(); } else { LOG.error("AssertionWrapper: unable to return ID - no saml assertion object"); } if (id == null || id.length() == 0) { LOG.error("AssertionWrapper: ID was null, seeting a new ID value"); id = "_" + UUIDGenerator.getUUID(); if (saml2 != null) { saml2.setID(id); } else if (saml1 != null) { saml1.setID(id); } } return id; }
/** * Validates the <code>NotBefore</code> condition of the {@link SubjectConfirmationData}, if any is present. * * @param confirmation confirmation method, with {@link SubjectConfirmationData}, being validated * @param assertion assertion bearing the confirmation method * @param context current validation context * * @return the result of the validation evaluation */ protected ValidationResult validateNotBefore(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context) { DateTime skewedNow = new DateTime(ISOChronology.getInstanceUTC()).plus(getClockSkew(context)); DateTime notBefore = confirmation.getSubjectConfirmationData().getNotBefore(); if (notBefore != null && notBefore.isAfter(skewedNow)) { context.setValidationFailureMessage(String.format( "Subject confirmation, in assertion '%s', with NotBefore condition of '%s' is not yet valid"+ assertion.getID()+", "+ notBefore)); return ValidationResult.INVALID; } return ValidationResult.VALID; }
/** * Method getId returns the id of this AssertionWrapper object. * * @return the id (type String) of this AssertionWrapper object. */ public String getId() { String id = null; if (saml2 != null) { id = saml2.getID(); } else if (saml1 != null) { id = saml1.getID(); } else { LOG.error("AssertionWrapper: unable to return ID - no saml assertion object"); } if (id == null || id.length() == 0) { LOG.error("AssertionWrapper: ID was null, seeting a new ID value"); id = "_" + UUIDGenerator.getUUID(); if (saml2 != null) { saml2.setID(id); } else if (saml1 != null) { saml1.setID(id); } } return id; }
/** * {@inheritDoc} */ public Assertion getSignedAuthorizationAssertion(List<SAML2Attribute> saml2AuthorizationAttributes,Assertion authnAssertion) { Assertion authorizationAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(), StringConstants.ATTRIBUTE_AUTHORIZATION_DATA, new DateTime(), authnAssertion.getConditions().getNotBefore(), authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1), saml2AuthorizationAttributes); try { authorizationAssertion = (Assertion)saml2XmlObjectSigner.sign(authorizationAssertion); }catch(SignatureException e){ String message ="SAML2 assertion signing failed : "; logger.error(message,e); } return authorizationAssertion; }
/** * Validates the <code>NotOnOrAfter</code> condition of the {@link SubjectConfirmationData}, if any is present. * * @param confirmation confirmation method, with {@link SubjectConfirmationData}, being validated * @param assertion assertion bearing the confirmation method * @param context current validation context * * @return the result of the validation evaluation */ protected ValidationResult validateNotOnOrAfter(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context) { DateTime skewedNow = new DateTime(ISOChronology.getInstanceUTC()).minus(getClockSkew(context)); DateTime notOnOrAfter = confirmation.getSubjectConfirmationData().getNotOnOrAfter(); if (notOnOrAfter != null && notOnOrAfter.isBefore(skewedNow)) { context.setValidationFailureMessage(String.format( "Subject confirmation, in assertion '%s', with NotOnOrAfter condition of '%s' is no longer valid", assertion.getID(), notOnOrAfter)); return ValidationResult.INVALID; } return ValidationResult.VALID; }
public List<SAML2Attribute> parse(){ List<SAML2Attribute> ret = new ArrayList<SAML2Attribute>(); String logMess = "===== Incoming ticket name/value-list ====="; logger.info(logMess); for (Assertion assertion : assertions){ ret = parseAttributes(assertion); String name; String value; if ( !isBIF ){ //LkTj-biljetten stter frskrivarkoden som NameID name = assertion.getSubject().getNameID().getFormat(); value = assertion.getSubject().getNameID().getValue(); logMess = " " + name + " : " + value; logger.info(logMess); SAML2Attribute nameid = new SAML2Attribute(name,value); ret.add(nameid); } name = "AssertionID"; //TODO: remove hard coded string? value = assertion.getID(); logMess = " " + name + " : " + value; logger.info(logMess); SAML2Attribute assertID = new SAML2Attribute(name,value); ret.add(assertID); } return ret; }
.getID())); return ValidationResult.INVALID;
.getID())); return ValidationResult.INVALID;
protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); Subject subject = assertion.getSubject(); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } else { SubjectConfirmationData scData = subject.getSubjectConfirmations() .get(0).getSubjectConfirmationData(); if (scData.getNotBefore() != null) { this.setDateNotBefore(scData.getNotBefore().toDate()); } if (scData.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate()); } } }
if (possibleKeys.isEmpty()) { String msg = String.format( "No key information for holder of key subject confirmation in assertion '%s'", assertion.getID()); context.setValidationFailureMessage(msg); return ValidationResult.INVALID;
) throws WSSecurityException { byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler()); if (key != null && key.length > 0) { return new SAMLKeyInfo(key);
) throws WSSecurityException { byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler()); if (key != null && key.length > 0) { return new SAMLKeyInfo(key);
new SAML2SSOResponseBuilderException(StatusCode.RESPONDER_URI, "Error occurred while encrypting assertion.", e); ex.setInResponseTo(assertion.getID()); ex.setAcsUrl(response.getDestination()); throw ex; new SAML2SSOResponseBuilderException(StatusCode.RESPONDER_URI, "Error occurred while encrypting assertion.", e); ex.setInResponseTo(assertion.getID()); ex.setAcsUrl(response.getDestination()); throw ex;