if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false) throw new SecurityException(ErrorCodes.IDP_AUTH_FAILED + "IDP forbid the user"); try String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS); if (StringUtil.isNotNull(skew)) expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis); expiredAssertion = AssertionUtil.hasExpired(assertion); throw new ProcessingException(e); AssertionExpiredException aee = new AssertionExpiredException(); throw new ProcessingException(ErrorCodes.EXPIRED_ASSERTION + "Assertion has expired", aee); throw new ProcessingException(ErrorCodes.NULL_VALUE + "Subject in the assertion"); response.setRoles(roles); Principal principal = new SerializablePrincipal(userName); if (handlerChainConfig.getParameter(GeneralConstants.ROLE_VALIDATOR_IGNORE) == null) .getParameter(GeneralConstants.ROLE_VALIDATOR); if (roleValidator == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Role Validator not provided");
SAMLParser parser = new SAMLParser(); SAML11ResponseType saml11Response = (SAML11ResponseType) parser.parse(base64DecodedResponse); SAML11AuthenticationStatementType subStat = (SAML11AuthenticationStatementType) statement; SAML11SubjectType subject = subStat.getSubject(); principal = new SerializablePrincipal(subject.getChoice().getNameID().getValue()); roles = AssertionUtil.getRoles(assertion, null); PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO); auditEvent.setType(PicketLinkAuditEventType.RESPONSE_FROM_IDP); auditEvent.setSubjectName(username); auditEvent.setWhoIsAuditing(servletContext.getContextPath()); auditHelper.audit(auditEvent);
String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS); if (isNotNull(skew)) { long skewMilis = Long.parseLong(skew); expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis); } else expiredAssertion = AssertionUtil.hasExpired(assertion); } catch (ConfigurationException e) { throw new ProcessingException(e); if (!AssertionUtil.isAudience(assertion, getSPConfiguration())) { throw logger.samlAssertionWrongAudience(getSPConfiguration().getServiceURL()); response.setRoles(roles); Principal principal = new SerializablePrincipal(userName); if (handlerChainConfig.getParameter(GeneralConstants.ROLE_VALIDATOR_IGNORE) == null) { .getParameter(GeneralConstants.ROLE_VALIDATOR); if (roleValidator == null) throw logger.nullValueError("Role Validator");
SAMLParser parser = new SAMLParser(); SAML11ResponseType saml11Response = (SAML11ResponseType) parser.parse(base64DecodedResponse); SAML11AuthenticationStatementType subStat = (SAML11AuthenticationStatementType) statement; SAML11SubjectType subject = subStat.getSubject(); principal = new SerializablePrincipal(subject.getChoice().getNameID().getValue()); roles = AssertionUtil.getRoles(assertion, null); PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO); auditEvent.setType(PicketLinkAuditEventType.RESPONSE_FROM_IDP); auditEvent.setSubjectName(username); auditEvent.setWhoIsAuditing(servletContext.getContextPath()); auditHelper.audit(auditEvent);
if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false) throw new SecurityException(ErrorCodes.IDP_AUTH_FAILED + "IDP forbid the user"); try String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS); if (StringUtil.isNotNull(skew)) expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis); expiredAssertion = AssertionUtil.hasExpired(assertion); throw new ProcessingException(e); AssertionExpiredException aee = new AssertionExpiredException(); throw new ProcessingException(ErrorCodes.EXPIRED_ASSERTION + "Assertion has expired", aee); throw new ProcessingException(ErrorCodes.NULL_VALUE + "Subject in the assertion"); response.setRoles(roles); Principal principal = new SerializablePrincipal(userName); if (handlerChainConfig.getParameter(GeneralConstants.ROLE_VALIDATOR_IGNORE) == null) .getParameter(GeneralConstants.ROLE_VALIDATOR); if (roleValidator == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Role Validator not provided");
String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS); if (isNotNull(skew)) { long skewMilis = Long.parseLong(skew); expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis); } else expiredAssertion = AssertionUtil.hasExpired(assertion); } catch (ConfigurationException e) { throw new ProcessingException(e); if (!AssertionUtil.isAudience(assertion, getSPConfiguration())) { throw logger.samlAssertionWrongAudience(getSPConfiguration().getServiceURL()); response.setRoles(roles); Principal principal = new SerializablePrincipal(userName); if (handlerChainConfig.getParameter(GeneralConstants.ROLE_VALIDATOR_IGNORE) == null) { .getParameter(GeneralConstants.ROLE_VALIDATOR); if (roleValidator == null) throw logger.nullValueError("Role Validator");
if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false) throw logger.samlHandlerIDPAuthenticationFailedError(); String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS); if (StringUtil.isNotNull(skew)) { long skewMilis = Long.parseLong(skew); expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis); } else expiredAssertion = AssertionUtil.hasExpired(assertion); } catch (ConfigurationException e) { throw new ProcessingException(e); AssertionExpiredException aee = new AssertionExpiredException(); aee.setId(assertion.getID()); throw logger.assertionExpiredError(aee); response.setRoles(roles); Principal principal = new SerializablePrincipal(userName); if (handlerChainConfig.getParameter(GeneralConstants.ROLE_VALIDATOR_IGNORE) == null) { .getParameter(GeneralConstants.ROLE_VALIDATOR); if (roleValidator == null) throw logger.nullValueError("Role Validator");