Examples with Conditions org.opensaml.saml.saml1.core.Conditions used on opensource projects

Search in sources :

Example 1 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project cas by apereo.

the class GoogleAccountsServiceResponseBuilder method constructSamlResponse.

/**
     * Construct SAML response.
     * <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
     *
     * @param service the service
     * @return the SAML response
     */
protected String constructSamlResponse(final GoogleAccountsService service) {
    final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
    final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
    final RegisteredService registeredService = servicesManager.findServiceBy(service);
    if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }
    final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(service.getPrincipal(), service);
    final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, service.getId(), service);
    response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
    final String sessionIndex = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
    final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
    final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix, notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());
    final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant, currentDateTime.plusSeconds(this.skewAllowance), service.getId());
    assertion.setConditions(conditions);
    final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId, service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId());
    assertion.setSubject(subject);
    response.getAssertions().add(assertion);
    final StringWriter writer = new StringWriter();
    this.samlObjectBuilder.marshalSamlXmlObject(response, writer);
    final String result = writer.toString();
    LOGGER.debug("Generated Google SAML response: [{}]", result);
    return result;
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Assertion(org.opensaml.saml.saml2.core.Assertion) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) SecureRandom(java.security.SecureRandom) Conditions(org.opensaml.saml.saml2.core.Conditions) Subject(org.opensaml.saml.saml2.core.Subject) StringWriter(java.io.StringWriter) ZonedDateTime(java.time.ZonedDateTime) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)

Example 2 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project cas by apereo.

the class SamlProfileSamlConditionsBuilder method buildConditions.

private Conditions buildConditions(final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
    final Conditions conditions = newConditions(currentDateTime, currentDateTime.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance()), adaptor.getEntityId());
    return conditions;
}
Also used : ZonedDateTime(java.time.ZonedDateTime) Conditions(org.opensaml.saml.saml2.core.Conditions)

Example 3 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newConditions.

/**
 * New conditions element.
 *
 * @param notBefore    the not before
 * @param notOnOrAfter the not on or after
 * @param audienceUri  the service id
 * @return the conditions
 */
public Conditions newConditions(final ZonedDateTime notBefore, final ZonedDateTime notOnOrAfter, final String... audienceUri) {
    LOGGER.debug("Building conditions for audience [{}] that enforce not-before [{}] and not-after [{}]", audienceUri, notBefore, notOnOrAfter);
    final Conditions conditions = newSamlObject(Conditions.class);
    conditions.setNotBefore(DateTimeUtils.dateTimeOf(notBefore));
    conditions.setNotOnOrAfter(DateTimeUtils.dateTimeOf(notOnOrAfter));
    final AudienceRestriction audienceRestriction = newSamlObject(AudienceRestriction.class);
    Arrays.stream(audienceUri).forEach(audienceEntry -> {
        final Audience audience = newSamlObject(Audience.class);
        audience.setAudienceURI(audienceEntry);
        audienceRestriction.getAudiences().add(audience);
    });
    conditions.getAudienceRestrictions().add(audienceRestriction);
    return conditions;
}
Also used : AudienceRestriction(org.opensaml.saml.saml2.core.AudienceRestriction) Audience(org.opensaml.saml.saml2.core.Audience) Conditions(org.opensaml.saml.saml2.core.Conditions)

Example 4 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project cas by apereo.

the class Saml10ObjectBuilder method newConditions.

/**
 * New conditions element.
 *
 * @param issuedAt    the issued at
 * @param audienceUri the service id
 * @param issueLength the issue length
 * @return the conditions
 */
public Conditions newConditions(final ZonedDateTime issuedAt, final String audienceUri, final long issueLength) {
    final Conditions conditions = newSamlObject(Conditions.class);
    conditions.setNotBefore(DateTimeUtils.dateTimeOf(issuedAt));
    conditions.setNotOnOrAfter(DateTimeUtils.dateTimeOf(issuedAt.plus(issueLength, ChronoUnit.SECONDS)));
    final AudienceRestrictionCondition audienceRestriction = newSamlObject(AudienceRestrictionCondition.class);
    final Audience audience = newSamlObject(Audience.class);
    audience.setUri(audienceUri);
    audienceRestriction.getAudiences().add(audience);
    conditions.getAudienceRestrictionConditions().add(audienceRestriction);
    return conditions;
}
Also used : Audience(org.opensaml.saml.saml1.core.Audience) AudienceRestrictionCondition(org.opensaml.saml.saml1.core.AudienceRestrictionCondition) Conditions(org.opensaml.saml.saml1.core.Conditions)

Example 5 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project cas by apereo.

the class SamlProfileSamlConditionsBuilder method buildConditions.

/**
 * Build conditions conditions.
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the conditions
 * @throws SamlException the saml exception
 */
protected Conditions buildConditions(final RequestAbstractType authnRequest, final Object assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
    int skewAllowance = casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance();
    if (skewAllowance <= 0) {
        skewAllowance = casProperties.getSamlCore().getSkewAllowance();
    }
    final List<String> audienceUrls = new ArrayList<>();
    audienceUrls.add(adaptor.getEntityId());
    if (StringUtils.isNotBlank(service.getAssertionAudiences())) {
        final Set<String> audiences = org.springframework.util.StringUtils.commaDelimitedListToSet(service.getAssertionAudiences());
        audienceUrls.addAll(audiences);
    }
    final Conditions conditions = newConditions(currentDateTime, currentDateTime.plusSeconds(skewAllowance), audienceUrls.toArray(new String[] {}));
    return conditions;
}
Also used : ZonedDateTime(java.time.ZonedDateTime) ArrayList(java.util.ArrayList) Conditions(org.opensaml.saml.saml2.core.Conditions)

Aggregations

Conditions (org.opensaml.saml.saml2.core.Conditions)9 ZonedDateTime (java.time.ZonedDateTime)6 RegisteredService (org.apereo.cas.services.RegisteredService)4 Assertion (org.opensaml.saml.saml2.core.Assertion)4 ArrayList (java.util.ArrayList)3 Conditions (org.opensaml.saml.saml1.core.Conditions)3 Principal (org.apereo.cas.authentication.principal.Principal)2 Service (org.apereo.cas.authentication.principal.Service)2 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)2 XMLObject (org.opensaml.core.xml.XMLObject)2 Assertion (org.opensaml.saml.saml1.core.Assertion)2 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)2 SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)2 SubjectConfirmationData (org.opensaml.saml.saml2.core.SubjectConfirmationData)2 Element (org.w3c.dom.Element)2 BufferedReader (java.io.BufferedReader)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 InputStream (java.io.InputStream)1 InputStreamReader (java.io.InputStreamReader)1 StringWriter (java.io.StringWriter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial