/** * Extract the expiration time from an {@link AssertionType} * * @param assertion * @return */ public static XMLGregorianCalendar getExpiration(AssertionType assertion) { XMLGregorianCalendar expiry = null; ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { expiry = conditionsType.getNotOnOrAfter(); } return expiry; }
/** * Extract the expiration time from an {@link AssertionType} * @param assertion * @return */ public static XMLGregorianCalendar getExpiration(AssertionType assertion) { XMLGregorianCalendar expiry = null; ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { expiry = conditionsType.getNotOnOrAfter(); } return expiry; }
/** * Extract the expiration time from an {@link AssertionType} * * @param assertion * * @return */ public static XMLGregorianCalendar getExpiration(AssertionType assertion) { XMLGregorianCalendar expiry = null; ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { expiry = conditionsType.getNotOnOrAfter(); } return expiry; }
/** * Extract the expiration time from an {@link AssertionType} * * @param assertion * * @return */ public static XMLGregorianCalendar getExpiration(AssertionType assertion) { XMLGregorianCalendar expiry = null; ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { expiry = conditionsType.getNotOnOrAfter(); } return expiry; }
/** * Extract the expiration time from an {@link AssertionType} * @param assertion * @return */ public static XMLGregorianCalendar getExpiration(AssertionType assertion) { XMLGregorianCalendar expiry = null; ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { expiry = conditionsType.getNotOnOrAfter(); } return expiry; }
/** * Gets the audience restriction condition. * @param assertion */ private static Set<String> getAudienceRestrictions(AssertionType assertion) { Set<String> rval = new HashSet<String>(); if (assertion == null || assertion.getConditions() == null || assertion.getConditions().getConditions() == null) return rval; List<ConditionAbstractType> conditions = assertion.getConditions().getConditions(); for (ConditionAbstractType conditionAbstractType : conditions) { if (conditionAbstractType instanceof AudienceRestrictionType) { AudienceRestrictionType art = (AudienceRestrictionType) conditionAbstractType; List<URI> audiences = art.getAudience(); for (URI uri : audiences) { rval.add(uri.toString()); } } } return rval; } }
/** * Gets the audience restriction condition. * * @param assertion */ private Set<String> getAudienceRestrictions(AssertionType assertion) { Set<String> rval = new HashSet<String>(); if (assertion == null || assertion.getConditions() == null || assertion.getConditions().getConditions() == null) { return rval; } List<ConditionAbstractType> conditions = assertion.getConditions().getConditions(); for (ConditionAbstractType conditionAbstractType : conditions) { if (conditionAbstractType instanceof AudienceRestrictionType) { AudienceRestrictionType art = (AudienceRestrictionType) conditionAbstractType; List<URI> audiences = art.getAudience(); for (URI uri : audiences) { rval.add(uri.toString()); } } } return rval; }
/** * Gets the audience restriction condition. * * @param assertion */ private Set<String> getAudienceRestrictions(AssertionType assertion) { Set<String> rval = new HashSet<String>(); if (assertion == null || assertion.getConditions() == null || assertion.getConditions().getConditions() == null) { return rval; } List<ConditionAbstractType> conditions = assertion.getConditions().getConditions(); for (ConditionAbstractType conditionAbstractType : conditions) { if (conditionAbstractType instanceof AudienceRestrictionType) { AudienceRestrictionType art = (AudienceRestrictionType) conditionAbstractType; List<URI> audiences = art.getAudience(); for (URI uri : audiences) { rval.add(uri.toString()); } } } return rval; }
/** * Creates a SAML Assertion that can be used as a bearer token when invoking REST * services. The REST service must be configured to accept SAML Assertion bearer * tokens. * * In JBoss this means protecting the REST services with {@link org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule}. * In Tomcat7 this means protecting the REST services with {@link org.overlord.commons.auth.tomcat7.SAMLBearerTokenAuthenticator}. * * @param principal * @param roles * @param issuerName * @param forService * @param timeValidInMillis */ public static String createSAMLAssertion(Principal principal, Set<String> roles, String issuerName, String forService, int timeValidInMillis) { try { NameIDType issuer = SAMLAssertionFactory.createNameID(null, null, issuerName); SubjectType subject = AssertionUtil.createAssertionSubject(principal.getName()); AssertionType assertion = AssertionUtil.createAssertion(UUID.randomUUID().toString(), issuer); assertion.setSubject(subject); AssertionUtil.createTimedConditions(assertion, timeValidInMillis); ConditionAbstractType restriction = SAMLAssertionFactory.createAudienceRestriction(forService); assertion.getConditions().addCondition(restriction); addRoleStatements(roles, assertion, principal); return AssertionUtil.asString(assertion); } catch (Exception e) { throw new RuntimeException(e); } }
/** * Check whether the assertion has expired * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(AssertionType assertion) throws ConfigurationException { boolean expiry = false; //Check for validity of assertion ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); if (trace) log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { log.info("Assertion has expired with id=" + assertion.getID()); } } //TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Check whether the assertion has expired * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(AssertionType assertion) throws ConfigurationException { boolean expiry = false; //Check for validity of assertion ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); if (trace) log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { log.info("Assertion has expired with id=" + assertion.getID()); } } //TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
ConditionsType conditionsType = assertionType.getConditions();
ConditionsType conditionsType = assertionType.getConditions();
ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null)
/** * Check whether the assertion has expired * * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(AssertionType assertion) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are * out of sync. * * @param assertion * @param clockSkewInMilis in miliseconds * @return * @throws ConfigurationException */ public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();