/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { AuthnStatement authnStatement = (AuthnStatement) samlObject; if (authnStatement.getAuthnInstant() != null) { String authnInstantStr = SAMLConfigurationSupport.getSAMLDateFormatter().print( authnStatement.getAuthnInstant()); domElement.setAttributeNS(null, AuthnStatement.AUTHN_INSTANT_ATTRIB_NAME, authnInstantStr); } if (authnStatement.getSessionIndex() != null) { domElement.setAttributeNS(null, AuthnStatement.SESSION_INDEX_ATTRIB_NAME, authnStatement.getSessionIndex()); } if (authnStatement.getSessionNotOnOrAfter() != null) { String sessionNotOnOrAfterStr = SAMLConfigurationSupport.getSAMLDateFormatter().print( authnStatement.getSessionNotOnOrAfter()); domElement.setAttributeNS(null, AuthnStatement.SESSION_NOT_ON_OR_AFTER_ATTRIB_NAME, sessionNotOnOrAfterStr); } } }
/** * Validate the given authnStatements: * - authnInstant * - sessionNotOnOrAfter * * @param authnStatements the authn statements * @param context the context */ protected final void validateAuthenticationStatements(final List<AuthnStatement> authnStatements, final SAML2MessageContext context) { for (final AuthnStatement statement : authnStatements) { if (!isAuthnInstantValid(statement.getAuthnInstant())) { throw new SAMLAuthnInstantException("Authentication issue instant is too old or in the future"); } if (statement.getSessionNotOnOrAfter() != null && statement.getSessionNotOnOrAfter().isBeforeNow()) { throw new SAMLAuthnSessionCriteriaException("Authentication session between IDP and subject has ended"); } // TODO implement authnContext validation } }
final DateTime sessionBound = result.getSecond().getSessionNotOnOrAfter(); final long expiration; if (sessionBound != null) {
protected List<AuthenticationStatement> getAuthenticationStatements( List<AuthnStatement> authnStatements ) { List<AuthenticationStatement> result = new LinkedList<>(); for (AuthnStatement s : ofNullable(authnStatements).orElse(emptyList())) { AuthnContext authnContext = s.getAuthnContext(); AuthnContextClassRef authnContextClassRef = authnContext.getAuthnContextClassRef(); String ref = null; if (authnContextClassRef.getAuthnContextClassRef() != null) { ref = authnContextClassRef.getAuthnContextClassRef(); } result.add( new AuthenticationStatement() .setSessionIndex(s.getSessionIndex()) .setAuthInstant(s.getAuthnInstant()) .setSessionNotOnOrAfter(s.getSessionNotOnOrAfter()) .setAuthenticationContext( authnContext != null ? new AuthenticationContext() .setClassReference(AuthenticationContextClassReference.fromUrn(ref)) : null ) ); } return result; }
if (authnStatment.getSessionNotOnOrAfter() != null) { sessionNotOnOrAfter = Instant.ofEpochMilli(authnStatment.getSessionNotOnOrAfter().toDate().getTime());
if (authnStmt.getSessionNotOnOrAfter() != null) { responseTO.setNotOnOrAfter(authnStmt.getSessionNotOnOrAfter().toDate());
DateTime sessionNotOnOrAfter = authnStatement.getSessionNotOnOrAfter(); String subjectLocalityAddress = null;