/** * Get the {@link AudienceRestrictionCondition} to which audiences will be added. * * @param conditions existing set of conditions * * @return the condition to which audiences will be added */ @Nonnull private AudienceRestrictionCondition getAudienceRestrictionCondition( @Nonnull final org.opensaml.saml.saml1.core.Conditions conditions) { final AudienceRestrictionCondition condition; if (!addingAudiencesToExistingRestriction || conditions.getAudienceRestrictionConditions().isEmpty()) { final SAMLObjectBuilder<AudienceRestrictionCondition> conditionBuilder = (SAMLObjectBuilder<AudienceRestrictionCondition>) XMLObjectProviderRegistrySupport .getBuilderFactory().<AudienceRestrictionCondition>getBuilderOrThrow( AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME); log.debug("{} Adding new AudienceRestrictionCondition", getLogPrefix()); condition = conditionBuilder.buildObject(); conditions.getAudienceRestrictionConditions().add(condition); } else { log.debug("{} Conditions already contained an AudienceRestrictionCondition, using it", getLogPrefix()); condition = conditions.getAudienceRestrictionConditions().get(0); } return condition; }
/** * New conditions element. * * @param issuedAt the issued at * @param audienceUri the service id * @param issueLength the issue length * @return the conditions */ public Conditions newConditions(final DateTime issuedAt, final String audienceUri, final long issueLength) { final Conditions conditions = newSamlObject(Conditions.class); conditions.setNotBefore(issuedAt); conditions.setNotOnOrAfter(issuedAt.plus(issueLength)); final AudienceRestrictionCondition audienceRestriction = newSamlObject(AudienceRestrictionCondition.class); final Audience audience = newSamlObject(Audience.class); audience.setUri(audienceUri); audienceRestriction.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestriction); return conditions; }
credential.setNotBefore(ZonedDateTime.parse(conditions.getNotBefore().toDateTimeISO().toString())); credential.setNotOnOrAfter(ZonedDateTime.parse(conditions.getNotOnOrAfter().toDateTimeISO().toString())); if (!conditions.getAudienceRestrictionConditions().isEmpty()) { credential.setAudience(conditions.getAudienceRestrictionConditions().get(0).getAudiences().get(0).getUri());
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) { List<String> addresses = new ArrayList<>(); if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } } return addresses; }
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) { List<String> addresses = new ArrayList<>(); if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } } return addresses; }
credential.setNotBefore(conditions.getNotBefore()); credential.setNotOnOrAfter(conditions.getNotOnOrAfter()); credential.setAudience(conditions.getAudienceRestrictionConditions().get(0).getAudiences().get(0).getUri());
if (conditions != null && conditions.getAudienceRestrictionConditions() != null && !conditions.getAudienceRestrictionConditions().isEmpty()) { boolean foundAddress = false; for (org.opensaml.saml.saml1.core.AudienceRestrictionCondition audienceRestriction : conditions.getAudienceRestrictionConditions()) { if (audienceRestriction.getAudiences() != null) { List<org.opensaml.saml.saml1.core.Audience> audiences =
AudienceRestrictionCondition audienceRestriction = createSamlv1AudienceRestriction(audienceRestrictionBean); conditions.getAudienceRestrictionConditions().add(audienceRestriction);
if (assertion.getSaml1() != null) { List<AudienceRestrictionCondition> restrConditions = assertion.getSaml1().getConditions().getAudienceRestrictionConditions(); if (!matchSaml1AudienceRestriction(appliesToAddress, restrConditions)) { LOG.log(Level.WARNING, "The AppliesTo address does not match the Audience Restriction");
if (assertion.getSaml1() != null) { List<AudienceRestrictionCondition> restrConditions = assertion.getSaml1().getConditions().getAudienceRestrictionConditions(); if (!matchSaml1AudienceRestriction(appliesToAddress, restrConditions)) { LOG.log(Level.WARNING, "The AppliesTo address does not match the Audience Restriction");
audience.setUri(request.getService()); audienceRestriction.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestriction); assertion.setConditions(conditions); assertion.getAuthenticationStatements().add(