/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { Conditions conditions = (Conditions) samlObject; if (Conditions.NOTBEFORE_ATTRIB_NAME.equals(attribute.getLocalName()) && !Strings.isNullOrEmpty(attribute.getValue())) { conditions.setNotBefore(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else if (Conditions.NOTONORAFTER_ATTRIB_NAME.equals(attribute.getLocalName()) && !Strings.isNullOrEmpty(attribute.getValue())) { conditions.setNotOnOrAfter(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else { processAttribute(samlObject, attribute); } } }
/** * New conditions element. * * @param issuedAt the issued at * @param audienceUri the service id * @param issueLength the issue length * @return the conditions */ public Conditions newConditions(final DateTime issuedAt, final String audienceUri, final long issueLength) { final Conditions conditions = newSamlObject(Conditions.class); conditions.setNotBefore(issuedAt); conditions.setNotOnOrAfter(issuedAt.plus(issueLength)); final AudienceRestrictionCondition audienceRestriction = newSamlObject(AudienceRestrictionCondition.class); final Audience audience = newSamlObject(Audience.class); audience.setUri(audienceUri); audienceRestriction.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestriction); return conditions; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final Long lifetime = assertionLifetimeStrategy != null ? assertionLifetimeStrategy.apply(profileRequestContext) : null; if (lifetime == null) { log.debug("{} No assertion lifetime supplied, using default", getLogPrefix()); } if (response instanceof org.opensaml.saml.saml1.core.Response) { for (final org.opensaml.saml.saml1.core.Assertion assertion : ((org.opensaml.saml.saml1.core.Response) response).getAssertions()) { final DateTime expiration = new DateTime(assertion.getIssueInstant()).plus( lifetime != null ? lifetime : defaultAssertionLifetime); log.debug("{} Added NotOnOrAfter condition, indicating an expiration of {}, to Assertion {}", new Object[] {getLogPrefix(), expiration, assertion.getID()}); SAML1ActionSupport.addConditionsToAssertion(this, assertion).setNotOnOrAfter(expiration); } } else if (response instanceof org.opensaml.saml.saml2.core.Response) { for (final org.opensaml.saml.saml2.core.Assertion assertion : ((org.opensaml.saml.saml2.core.Response) response).getAssertions()) { final DateTime expiration = new DateTime(assertion.getIssueInstant()).plus( lifetime != null ? lifetime : defaultAssertionLifetime); log.debug("{} Added NotOnOrAfter condition, indicating an expiration of {}, to Assertion {}", new Object[] {getLogPrefix(), expiration, assertion.getID()}); SAML2ActionSupport.addConditionsToAssertion(this, assertion).setNotOnOrAfter(expiration); } } }
DateTime newNotBefore = new DateTime(); conditions.setNotBefore(newNotBefore); conditions.setNotOnOrAfter(newNotBefore.plusMinutes(5)); return conditions; conditions.setNotOnOrAfter(notAfter); } else { DateTime newNotBefore = new DateTime(); new DateTime(newNotBefore.getMillis() + tokenPeriodSeconds * 1000L); conditions.setNotOnOrAfter(notOnOrAfter);
conditions.setNotOnOrAfter(now.plusSeconds(60)); final AudienceRestrictionCondition audienceRestriction = newSAMLObject( AudienceRestrictionCondition.class, AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);