Search in sources :

Example 1 with IssuerInfoHolder

use of org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder in project keycloak by keycloak.

the class SAML2LoginResponseBuilder method buildModel.

public ResponseType buildModel() throws ConfigurationException, ProcessingException {
    ResponseType responseType = null;
    SAML2Response saml2Response = new SAML2Response();
    // Create a response type
    String id = IDGenerator.create("ID_");
    IssuerInfoHolder issuerHolder = new IssuerInfoHolder(issuer);
    issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue(nameId);
    idp.setNameIDFormat(nameIdFormat);
    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI(destination);
    sp.setRequestID(requestID);
    sp.setIssuer(requestIssuer);
    responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
    AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
    // Add request issuer as the audience restriction
    AudienceRestrictionType audience = new AudienceRestrictionType();
    audience.addAudience(URI.create(requestIssuer));
    assertion.getConditions().addCondition(audience);
    // Update Conditions NotOnOrAfter
    if (assertionExpiration > 0) {
        ConditionsType conditions = assertion.getConditions();
        conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), assertionExpiration * 1000L));
    }
    // Update SubjectConfirmationData NotOnOrAfter
    if (subjectExpiration > 0) {
        SubjectConfirmationDataType subjectConfirmationData = assertion.getSubject().getConfirmation().get(0).getSubjectConfirmationData();
        subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), subjectExpiration * 1000L));
    }
    // Create an AuthnStatementType
    if (!disableAuthnStatement) {
        String authContextRef = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
        if (isNotNull(authMethod))
            authContextRef = authMethod;
        AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(), authContextRef);
        if (sessionExpiration > 0)
            authnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(authnStatement.getAuthnInstant(), sessionExpiration * 1000L));
        if (sessionIndex != null)
            authnStatement.setSessionIndex(sessionIndex);
        else
            authnStatement.setSessionIndex(assertion.getID());
        assertion.addStatement(authnStatement);
    }
    if (includeOneTimeUseCondition) {
        assertion.getConditions().addCondition(new OneTimeUseType());
    }
    if (!this.extensions.isEmpty()) {
        ExtensionsType extensionsType = new ExtensionsType();
        for (NodeGenerator extension : this.extensions) {
            extensionsType.addExtension(extension);
        }
        responseType.setExtensions(extensionsType);
    }
    return responseType;
}
Also used : AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.SPInfoHolder) ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) IssuerInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder) SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) IDPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder)

Aggregations

AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)1 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)1 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)1 ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)1 OneTimeUseType (org.keycloak.dom.saml.v2.assertion.OneTimeUseType)1 SubjectConfirmationDataType (org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType)1 ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)1 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)1 SAML2Response (org.keycloak.saml.processing.api.saml.v2.response.SAML2Response)1 IDPInfoHolder (org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder)1 IssuerInfoHolder (org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder)1 SPInfoHolder (org.keycloak.saml.processing.core.saml.v2.holders.SPInfoHolder)1