private boolean matchSaml1AudienceRestriction( String appliesTo, List<AudienceRestrictionCondition> restrConditions ) { boolean found = false; if (restrConditions != null && !restrConditions.isEmpty()) { for (AudienceRestrictionCondition restrCondition : restrConditions) { if (restrCondition.getAudiences() != null) { for (Audience audience : restrCondition.getAudiences()) { if (appliesTo.equals(audience.getUri())) { return true; } } } } } return found; }
private boolean matchSaml1AudienceRestriction( String appliesTo, List<AudienceRestrictionCondition> restrConditions ) { boolean found = false; if (restrConditions != null && !restrConditions.isEmpty()) { for (AudienceRestrictionCondition restrCondition : restrConditions) { if (restrCondition.getAudiences() != null) { for (Audience audience : restrCondition.getAudiences()) { if (appliesTo.equals(audience.getUri())) { return true; } } } } } return found; }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { AudienceRestrictionCondition audienceRestrictionCondition = (AudienceRestrictionCondition) parentSAMLObject; if (childSAMLObject instanceof Audience) { audienceRestrictionCondition.getAudiences().add((Audience) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } } }
/** * Add the audiences obtained from a lookup function to the {@link AudienceRestrictionCondition}. If no * {@link AudienceRestrictionCondition} exists on the given Conditions one is created and added. * * @param profileRequestContext current profile request context * @param conditions condition that has, or will receive the created, {@link AudienceRestrictionCondition} */ private void addAudienceRestriction(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final org.opensaml.saml.saml1.core.Conditions conditions) { final AudienceRestrictionCondition condition = getAudienceRestrictionCondition(conditions); final SAMLObjectBuilder<org.opensaml.saml.saml1.core.Audience> audienceBuilder = (SAMLObjectBuilder<org.opensaml.saml.saml1.core.Audience>) XMLObjectProviderRegistrySupport.getBuilderFactory( ).<org.opensaml.saml.saml1.core.Audience>getBuilderOrThrow( org.opensaml.saml.saml1.core.Audience.DEFAULT_ELEMENT_NAME); for (final String audienceId : audiences) { log.debug("{} Adding {} as an Audience of the AudienceRestrictionCondition", getLogPrefix(), audienceId); final org.opensaml.saml.saml1.core.Audience audience = audienceBuilder.buildObject(); audience.setUri(audienceId); condition.getAudiences().add(audience); } }
/** * New conditions element. * * @param issuedAt the issued at * @param audienceUri the service id * @param issueLength the issue length * @return the conditions */ public Conditions newConditions(final DateTime issuedAt, final String audienceUri, final long issueLength) { final Conditions conditions = newSamlObject(Conditions.class); conditions.setNotBefore(issuedAt); conditions.setNotOnOrAfter(issuedAt.plus(issueLength)); final AudienceRestrictionCondition audienceRestriction = newSamlObject(AudienceRestrictionCondition.class); final Audience audience = newSamlObject(Audience.class); audience.setUri(audienceUri); audienceRestriction.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestriction); return conditions; }
credential.setNotOnOrAfter(ZonedDateTime.parse(conditions.getNotOnOrAfter().toDateTimeISO().toString())); if (!conditions.getAudienceRestrictionConditions().isEmpty()) { credential.setAudience(conditions.getAudienceRestrictionConditions().get(0).getAudiences().get(0).getUri());
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) { List<String> addresses = new ArrayList<>(); if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } } return addresses; }
/** * Create an AudienceRestrictionCondition object * * @param audienceRestrictionBean of type AudienceRestrictionBean * @return an AudienceRestrictionCondition object */ @SuppressWarnings("unchecked") public static AudienceRestrictionCondition createSamlv1AudienceRestriction(AudienceRestrictionBean audienceRestrictionBean) { if (audienceRestrictionV1Builder == null) { audienceRestrictionV1Builder = (SAMLObjectBuilder<AudienceRestrictionCondition>) builderFactory.getBuilder(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME); } if (audienceV1Builder == null) { audienceV1Builder = (SAMLObjectBuilder<Audience>) builderFactory.getBuilder(Audience.DEFAULT_ELEMENT_NAME); } AudienceRestrictionCondition audienceRestriction = audienceRestrictionV1Builder.buildObject(); for (String audienceURI : audienceRestrictionBean.getAudienceURIs()) { Audience audience = audienceV1Builder.buildObject(); audience.setUri(audienceURI); audienceRestriction.getAudiences().add(audience); } return audienceRestriction; }
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) { List<String> addresses = new ArrayList<>(); if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } } return addresses; }
credential.setNotBefore(conditions.getNotBefore()); credential.setNotOnOrAfter(conditions.getNotOnOrAfter()); credential.setAudience(conditions.getAudienceRestrictionConditions().get(0).getAudiences().get(0).getUri());
for (org.opensaml.saml.saml1.core.AudienceRestrictionCondition audienceRestriction : conditions.getAudienceRestrictionConditions()) { if (audienceRestriction.getAudiences() != null) { List<org.opensaml.saml.saml1.core.Audience> audiences = audienceRestriction.getAudiences(); for (org.opensaml.saml.saml1.core.Audience audience : audiences) { String audienceURI = audience.getUri();
final Audience audience = newSAMLObject(Audience.class, Audience.DEFAULT_ELEMENT_NAME); audience.setUri(request.getService()); audienceRestriction.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestriction); assertion.setConditions(conditions);