Examples with Conditions com.sun.identity.saml2.assertion.Conditions used on opensource projects

Search in sources :

Example 16 with Conditions

use of com.sun.identity.saml2.assertion.Conditions in project OpenAM by OpenRock.

the class DefaultConditionsProvider method get.

/**
     * @see org.forgerock.openam.sts.tokengeneration.saml2.statements.ConditionsProvider#get(
     * org.forgerock.openam.sts.config.user.SAML2Config, java.util.Date,
     * org.forgerock.openam.sts.token.SAML2SubjectConfirmation)
     */
public Conditions get(SAML2Config saml2Config, Date issueInstant, SAML2SubjectConfirmation saml2SubjectConfirmation) throws TokenCreationException {
    Conditions conditions = AssertionFactory.getInstance().createConditions();
    try {
        conditions.setNotBefore(issueInstant);
        conditions.setNotOnOrAfter(new Date(issueInstant.getTime() + (saml2Config.getTokenLifetimeInSeconds() * 1000)));
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting token lifetime state in SAML2TokenGenerationImpl: " + e, e);
    }
    String audience = saml2Config.getSpEntityId();
    /*
         Section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf specifies that
         Audiences specifying the entity ids of SPs, must be contained in the AudienceRestriction for bearer tokens.
         */
    if (((audience == null) || audience.isEmpty()) && SAML2SubjectConfirmation.BEARER.equals(saml2SubjectConfirmation)) {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "The audiences field in the SAML2Config is empty, " + "but the BEARER SubjectConfirmation is required. BEARER tokens must include Conditions with " + "AudienceRestrictions specifying the SP entity ids.");
    }
    if ((audience != null) && !audience.isEmpty()) {
        try {
            AudienceRestriction audienceRestriction = AssertionFactory.getInstance().createAudienceRestriction();
            List<String> audienceList = new ArrayList<String>(1);
            audienceList.add(audience);
            audienceRestriction.setAudience(audienceList);
            List<AudienceRestriction> audienceRestrictionList = new ArrayList<AudienceRestriction>(1);
            audienceRestrictionList.add(audienceRestriction);
            conditions.setAudienceRestrictions(audienceRestrictionList);
        } catch (SAML2Exception e) {
            throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting audience restriction state in SAML2TokenGenerationImpl: " + e, e);
        }
    }
    return conditions;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AudienceRestriction(com.sun.identity.saml2.assertion.AudienceRestriction) ArrayList(java.util.ArrayList) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) Conditions(com.sun.identity.saml2.assertion.Conditions) Date(java.util.Date)

Example 17 with Conditions

use of com.sun.identity.saml2.assertion.Conditions in project OpenAM by OpenRock.

the class DefaultConditionsProviderTest method testBearerWithAudiences.

@Test
public void testBearerWithAudiences() throws TokenCreationException, UnsupportedEncodingException {
    Date issueInstant = new Date();
    ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    Conditions conditions = conditionsProvider.get(createSAML2Config(), issueInstant, SAML2SubjectConfirmation.BEARER);
    assertTrue(issueInstant.equals(conditions.getNotBefore()));
    assertTrue((issueInstant.getTime() + (TOKEN_LIFETIME_SECONDS * 1000)) == conditions.getNotOnOrAfter().getTime());
    AudienceRestriction audienceRestriction = (AudienceRestriction) conditions.getAudienceRestrictions().get(0);
    assertTrue(audienceRestriction.getAudience().contains(AM_SP_AUDIENCE));
}
Also used : AudienceRestriction(com.sun.identity.saml2.assertion.AudienceRestriction) Date(java.util.Date) Conditions(com.sun.identity.saml2.assertion.Conditions) Test(org.testng.annotations.Test)

Aggregations

Conditions (com.sun.identity.saml2.assertion.Conditions)9 Date (java.util.Date)9 ArrayList (java.util.ArrayList)8 AudienceRestriction (com.sun.identity.saml2.assertion.AudienceRestriction)7 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)7 List (java.util.List)7 Assertion (com.sun.identity.saml2.assertion.Assertion)4 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)4 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)4 AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)3 AuthnStatement (com.sun.identity.saml2.assertion.AuthnStatement)3 Issuer (com.sun.identity.saml2.assertion.Issuer)3 Subject (com.sun.identity.saml2.assertion.Subject)3 AuthzDecisionStatement (com.sun.identity.saml2.assertion.AuthzDecisionStatement)2 Condition (com.sun.identity.saml2.assertion.Condition)2 OneTimeUse (com.sun.identity.saml2.assertion.OneTimeUse)2 ProxyRestriction (com.sun.identity.saml2.assertion.ProxyRestriction)2 Iterator (java.util.Iterator)2 Test (org.testng.annotations.Test)2 Element (org.w3c.dom.Element)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial