protected void verifyAuthenticationStatement(AuthnStatement auth, BasicSAMLMessageContext context) throws Exception { // Validate that user wasn't authenticated too long time ago if (!isDateTimeSkewValid(MAX_AUTHENTICATION_TIME, auth.getAuthnInstant())) { System.out.println("Authentication statement is too old to be used"+auth.getAuthnInstant()); throw new Exception("Users authentication data is too old"); } // Validate users session is still valid if (auth.getSessionNotOnOrAfter() != null && auth.getSessionNotOnOrAfter().isAfter(new Date().getTime())) { System.out.println("Authentication session is not valid anymore"+auth.getSessionNotOnOrAfter()); throw new Exception("Users authentication is expired"); } if (auth.getSubjectLocality() != null) { HTTPInTransport httpInTransport = (HTTPInTransport) context.getInboundMessageTransport(); if (auth.getSubjectLocality().getAddress() != null) { if (!httpInTransport.getPeerAddress().equals(auth.getSubjectLocality().getAddress())) { throw new Exception("User is accessing the service from invalid address"); } } } }
if ((authnStatement.getSubjectLocality() != null) && (authnStatement.getSubjectLocality().getAddress() != null) && (authnStatement.getSubjectLocality().getAddress().length() > 0)) { samlAuthnStatement.setSubjectLocalityAddress(authnStatement.getSubjectLocality().getAddress()); log.debug("Assertion.samlAuthnStatement.subjectlocalityAddress = " + samlAuthnStatement.getSubjectLocalityAddress()); if ((authnStatement.getSubjectLocality() != null) && (authnStatement.getSubjectLocality().getDNSName() != null) && (authnStatement.getSubjectLocality().getDNSName().length() > 0)) { samlAuthnStatement.setSubjectLocalityDNSName(authnStatement.getSubjectLocality().getDNSName()); log.debug("Assertion.samlAuthnStatement.subjectlocalityDNSName = " + samlAuthnStatement.getSubjectLocalityDNSName());
public AuthenticationStatement(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Assertion assertion = credential.getAuthenticationAssertion(); List<AuthnStatement> authnStatements = assertion.getAuthnStatements(); AuthnStatement authnStatement = authnStatements.get(0); SubjectLocality subjectLocalityValue = authnStatement.getSubjectLocality(); authenticationInstance = authnStatement.getAuthnInstant(); sessionValidity = authnStatement.getSessionNotOnOrAfter(); authenticationContextClass = authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(); sessionIndex = authnStatement.getSessionIndex(); subjectLocality = subjectLocalityValue == null ? null : subjectLocalityValue.getAddress(); }
String subjectLocalityAddress = null; if (authnStatement.getSubjectLocality() != null && authnStatement.getSubjectLocality().getAddress() != null) { subjectLocalityAddress = authnStatement.getSubjectLocality().getAddress();
String subjectLocalityAddress = null; if (authnStatement.getSubjectLocality() != null && authnStatement.getSubjectLocality().getAddress() != null) { subjectLocalityAddress = authnStatement.getSubjectLocality().getAddress();