private DateTime getNotOnOrAfter(Assertion assertion) { return assertion.getConditions().getNotOnOrAfter(); }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { Conditions conditions = (Conditions) samlObject; if (conditions.getNotBefore() != null) { String notBeforeStr = Configuration.getSAMLDateFormatter().print(conditions.getNotBefore()); domElement.setAttributeNS(null, Conditions.NOT_BEFORE_ATTRIB_NAME, notBeforeStr); } if (conditions.getNotOnOrAfter() != null) { String notOnOrAfterStr = Configuration.getSAMLDateFormatter().print(conditions.getNotOnOrAfter()); domElement.setAttributeNS(null, Conditions.NOT_ON_OR_AFTER_ATTRIB_NAME, notOnOrAfterStr); } } }
private void validateDateTime(Assertion assertion) throws ValidationException{ DateTime now = new DateTime(); Conditions conditions = assertion.getConditions(); DateTime notBefore = conditions.getNotBefore(); DateTime notAfter = conditions.getNotOnOrAfter(); if (now.getMillis() < notBefore.getMillis()){ throw new ValidationException("notBefore validation failed!"); } if (now.getMillis() > notAfter.getMillis()){ throw new ValidationException("notOnOrAfter validation failed!"); } }
private void enforceConditions(Conditions conditions) throws SamlException { DateTime now = this.now != null ? this.now : DateTime.now(); DateTime notBefore = conditions.getNotBefore(); DateTime skewedNotBefore = notBefore.minus(notBeforeSkew); if (now.isBefore(skewedNotBefore)) { throw new SamlException( "The assertion cannot be used before " + notBefore.toString()); } DateTime notOnOrAfter = conditions.getNotOnOrAfter(); if (now.isAfter(notOnOrAfter)) { throw new SamlException( "The assertion cannot be used after " + notOnOrAfter.toString()); } }
public Conditions(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Assertion assertion = credential.getAuthenticationAssertion(); org.opensaml.saml2.core.Conditions conditions = assertion.getConditions(); List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions(); List<Audience> audiences = audienceRestrictions.get(0).getAudiences(); notBefore = conditions.getNotBefore(); notOnOrAfter = conditions.getNotOnOrAfter(); audienceRestriction = new ArrayList<>(); for(Audience audience : audiences){ audienceRestriction.add(audience.getAudienceURI()); } }
if (conditions.getNotOnOrAfter() != null) { if (conditions.getNotOnOrAfter().isBeforeNow()) { System.out.println("Assertion is no longer valid, invalidated by condition notOnOrAfter"+ conditions.getNotOnOrAfter()); throw new SAMLException("SAML response is not valid");
if (conditions.getNotOnOrAfter() != null) { if (conditions.getNotOnOrAfter().plusSeconds(getResponseSkew()).isBeforeNow()) { throw new SAMLException("Assertion is no longer valid, invalidated by condition notOnOrAfter " + conditions.getNotOnOrAfter());
DateTime validTill = assertion.getConditions().getNotOnOrAfter();
protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); Subject subject = assertion.getSubject(); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } else { SubjectConfirmationData scData = subject.getSubjectConfirmations() .get(0).getSubjectConfirmationData(); if (scData.getNotBefore() != null) { this.setDateNotBefore(scData.getNotBefore().toDate()); } if (scData.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate()); } } }
conditions.getNotOnOrAfter(), maxTimeOffset);
DateTime endTime = conditions.getNotOnOrAfter(); if (endTime != null && endTime.toGregorianCalendar() != null && endTime.toGregorianCalendar().getTime() != null) { String formEnd = endTime.toString();
&& assertion.getSaml2().getConditions() != null) { validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml2().getIssueInstant(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11)
&& assertion.getSaml2().getConditions() != null) { validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11) && assertion.getSaml1().getConditions() != null) {
DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter(); if (expires != null) { Date rightNow = new Date();
DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter(); if (expires != null) { Date rightNow = new Date();
&& assertion.getSaml2().getConditions() != null) { validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml2().getIssueInstant(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11)
/** * Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion * * @param assertion SAML Assertion element * @throws SSOAgentException */ private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException { if (assertion.getConditions() != null) { int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds(); DateTime validFrom = assertion.getConditions().getNotBefore(); DateTime validTill = assertion.getConditions().getNotOnOrAfter(); if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'"); } if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'"); } if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) { throw new SSOAgentException( "SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'"); } } }
/** * Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion * * @param assertion SAML Assertion element * @throws SSOAgentException */ private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException { if (assertion.getConditions() != null) { int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds(); DateTime validFrom = assertion.getConditions().getNotBefore(); DateTime validTill = assertion.getConditions().getNotOnOrAfter(); if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'"); } if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'"); } if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) { throw new SSOAgentException( "SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'"); } } }
DateTime validTill = assertion.getConditions().getNotOnOrAfter(); int timeStampSkewInSeconds = getTimeStampSkewInSeconds();
DateTime validTill = assertion.getConditions().getNotOnOrAfter(); int timeStampSkewInSeconds = getTimeStampSkewInSeconds();