/** * Checks that the IssueInstant attribute is present. * * @param assertion * @throws ValidationException */ protected void validateIssueInstant(Assertion assertion) throws ValidationException { if (assertion.getIssueInstant() == null) { throw new ValidationException("IssueInstant is required attribute"); } } }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { Assertion assertion = (Assertion) samlObject; if (assertion.getVersion() != null) { domElement.setAttributeNS(null, Assertion.VERSION_ATTRIB_NAME, assertion.getVersion().toString()); } if (assertion.getIssueInstant() != null) { String issueInstantStr = Configuration.getSAMLDateFormatter().print(assertion.getIssueInstant()); domElement.setAttributeNS(null, Assertion.ISSUE_INSTANT_ATTRIB_NAME, issueInstantStr); } if (assertion.getID() != null) { domElement.setAttributeNS(null, Assertion.ID_ATTRIB_NAME, assertion.getID()); domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } } }
public General(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); NameID nameID = credential.getNameID(); name = authentication.getName(); principal = authentication.getPrincipal(); nameId = nameID.getValue(); nameIdFormat = nameID.getFormat(); idp = credential.getAuthenticationAssertion().getIssuer().getValue(); assertionIssueTime = credential.getAuthenticationAssertion().getIssueInstant(); }
private void verifyAssertion(Assertion assertion, AuthnRequest request, BasicSAMLMessageContext context) throws SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, Exception { // Verify assertion time skew if (!isDateTimeSkewValid(MAX_ASSERTION_TIME, assertion.getIssueInstant())) { System.out.println("Authentication statement is too old to be used"+assertion.getIssueInstant()); throw new Exception("Users authentication credential is too old to be used"); } // Verify validity of assertion // Advice is ignored, core 574 verifyIssuer(assertion.getIssuer(), context); verifyAssertionSignature(assertion.getSignature(), context); verifySubject(assertion.getSubject(), request, context); // Assertion with authentication statement must contain audience restriction if (assertion.getAuthnStatements().size() > 0) { verifyAssertionConditions(assertion.getConditions(), context, true); for (AuthnStatement statement : assertion.getAuthnStatements()) { verifyAuthenticationStatement(statement, context); } } else { verifyAssertionConditions(assertion.getConditions(), context, false); } } /**
if (oElement.getIssueInstant() != null) { oSamlEvidAssert.setIssueInstant(oElement.getIssueInstant().toString()); log.debug("Assertion.SamlAuthzDecisionStatement.Evidence.Assertion.IssueInstant = " + oElement.getIssueInstant());
validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml2().getIssueInstant(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) {
validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml2().getIssueInstant(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) {
protected void verifyAssertion(Assertion assertion, AuthnRequest request, SAMLMessageContext context) throws AuthenticationException, SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, DecryptionException { // Verify storage time skew if (!isDateTimeSkewValid(getResponseSkew(), getMaxAssertionTime(), assertion.getIssueInstant())) { throw new SAMLException("Assertion is too old to be used, value can be customized by setting maxAssertionTime value " + assertion.getIssueInstant()); } // Verify validity of storage // Advice is ignored, core 574 verifyIssuer(assertion.getIssuer(), context); verifyAssertionSignature(assertion.getSignature(), context); // Check subject if (assertion.getSubject() != null) { verifySubject(assertion.getSubject(), request, context); } else { throw new SAMLException("Assertion does not contain subject and is discarded"); } // Assertion with authentication statement must contain audience restriction if (assertion.getAuthnStatements().size() > 0) { verifyAssertionConditions(assertion.getConditions(), context, true); for (AuthnStatement statement : assertion.getAuthnStatements()) { if (request != null) { verifyAuthenticationStatement(statement, request.getRequestedAuthnContext(), context); } else { verifyAuthenticationStatement(statement, null, context); } } } else { verifyAssertionConditions(assertion.getConditions(), context, false); } }
final DateTime instant = assertion.getIssueInstant(); if (instant != null) { if (instant.isBefore(now.minusDays(1).minusSeconds(slack))) {
DateTime instant = assertion.getIssueInstant(); if (instant != null) { if (instant.isBefore(now.minusSeconds(slack)))