Example 1 with IssueInstantMissingException
use of org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException in project keycloak by keycloak.
the class AssertionUtil method createTimedConditions.
/**
* <p>
* Add validity conditions to the SAML2 Assertion
* </p>
* <p>
* There is no clock skew added.
*
* @param assertion
* @param durationInMilis
*
* @throws ConfigurationException
* @throws IssueInstantMissingException
* @see {{@link #createTimedConditions(AssertionType, long, long)}
* </p>
*/
public static void createTimedConditions(AssertionType assertion, long durationInMilis) throws ConfigurationException, IssueInstantMissingException {
XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
if (issueInstant == null)
throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT);
XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
ConditionsType conditionsType = new ConditionsType();
conditionsType.setNotBefore(issueInstant);
conditionsType.setNotOnOrAfter(assertionValidityLength);
assertion.setConditions(conditionsType);
}
Also used :
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType)
SAML11ConditionsType(org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType)
IssueInstantMissingException(org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException)
Example 2 with IssueInstantMissingException
use of org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException in project keycloak by keycloak.
the class AssertionUtil method createSAML11TimedConditions.
/**
* Add validity conditions to the SAML2 Assertion
*
* @param assertion
* @param durationInMilis
*
* @throws ConfigurationException
* @throws IssueInstantMissingException
*/
public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException {
XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
if (issueInstant == null)
throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT);
XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew);
SAML11ConditionsType conditionsType = new SAML11ConditionsType();
XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew);
conditionsType.setNotBefore(beforeInstant);
conditionsType.setNotOnOrAfter(assertionValidityLength);
assertion.setConditions(conditionsType);
}
Also used :
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
SAML11ConditionsType(org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType)
IssueInstantMissingException(org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException)
Example 3 with IssueInstantMissingException
use of org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException in project keycloak by keycloak.
the class SAML2Response method createResponseType.
/**
* Create a ResponseType
*
* <b>NOTE:</b>: The PicketLink STS is used to issue/update the assertion
*
* If you want to control over the assertion being issued, then use
* {@link #createResponseType(String, SPInfoHolder, IDPInfoHolder, IssuerInfoHolder, AssertionType)}
*
* @param ID id of the response
* @param sp holder with the information about the Service Provider
* @param idp holder with the information on the Identity Provider
* @param issuerInfo holder with information on the issuer
*
* @return
*
* @throws ConfigurationException
* @throws ProcessingException
*/
public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo) throws ProcessingException {
String responseDestinationURI = sp.getResponseDestinationURI();
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
// Create assertion -> subject
SubjectType subjectType = new SubjectType();
// subject -> nameid
NameIDType nameIDType = new NameIDType();
nameIDType.setFormat(idp.getNameIDFormat() == null ? null : URI.create(idp.getNameIDFormat()));
nameIDType.setValue(idp.getNameIDFormatValue());
SubjectType.STSubType subType = new SubjectType.STSubType();
subType.addBaseID(nameIDType);
subjectType.setSubType(subType);
SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod());
SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
subjectConfirmationData.setInResponseTo(sp.getRequestID());
subjectConfirmationData.setRecipient(responseDestinationURI);
// subjectConfirmationData.setNotBefore(issueInstant);
subjectConfirmationData.setNotOnOrAfter(issueInstant);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
subjectType.addConfirmation(subjectConfirmation);
AssertionType assertionType;
NameIDType issuerID = issuerInfo.getIssuer();
issueInstant = XMLTimeUtil.getIssueInstant();
ConditionsType conditions = null;
List<StatementAbstractType> statements = new LinkedList<>();
// generate an id for the new assertion.
String assertionID = IDGenerator.create("ID_");
assertionType = SAMLAssertionFactory.createAssertion(assertionID, issuerID, issueInstant, conditions, subjectType, statements);
try {
AssertionUtil.createTimedConditions(assertionType, ASSERTION_VALIDITY, CLOCK_SKEW);
} catch (ConfigurationException e) {
throw logger.processingError(e);
} catch (IssueInstantMissingException e) {
throw logger.processingError(e);
}
ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
// InResponseTo ID
responseType.setInResponseTo(sp.getRequestID());
// Destination
responseType.setDestination(responseDestinationURI);
return responseType;
}
Also used :
EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
LinkedList(java.util.LinkedList)
IssueInstantMissingException(org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType)
SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType)
SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
Aggregations
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)3
IssueInstantMissingException (org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException)3
SAML11ConditionsType (org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType)2
ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)2
LinkedList (java.util.LinkedList)1
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)1
EncryptedAssertionType (org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)1
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)1
StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)1
SubjectConfirmationDataType (org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType)1
SubjectConfirmationType (org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType)1
SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)1
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)1
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)1
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)1
