protected void verifyAuthenticationStatement(AuthnStatement auth, BasicSAMLMessageContext context) throws Exception { // Validate that user wasn't authenticated too long time ago if (!isDateTimeSkewValid(MAX_AUTHENTICATION_TIME, auth.getAuthnInstant())) { System.out.println("Authentication statement is too old to be used"+auth.getAuthnInstant()); throw new Exception("Users authentication data is too old"); } // Validate users session is still valid if (auth.getSessionNotOnOrAfter() != null && auth.getSessionNotOnOrAfter().isAfter(new Date().getTime())) { System.out.println("Authentication session is not valid anymore"+auth.getSessionNotOnOrAfter()); throw new Exception("Users authentication is expired"); } if (auth.getSubjectLocality() != null) { HTTPInTransport httpInTransport = (HTTPInTransport) context.getInboundMessageTransport(); if (auth.getSubjectLocality().getAddress() != null) { if (!httpInTransport.getPeerAddress().equals(auth.getSubjectLocality().getAddress())) { throw new Exception("User is accessing the service from invalid address"); } } } }
if (context.getInboundMessageTransport() != null) { HTTPInTransport transport = (HTTPInTransport) context.getInboundMessageTransport(); sb.append(transport.getPeerAddress());