final DateTime issueInstant = response.getIssueInstant(); if (issueInstant == null) { throw new SamlException("failed to get IssueInstant attribute");
/** * Constructs and adds a {@link Assertion} to the given {@link Response}. The {@link Assertion} is constructed * using the parameters supplied, and its issue instant is set to the issue instant of the given {@link Response}. * * @param action the current action * @param response the response to which the assertion will be added * @param idGenerator source of assertion ID * @param issuer value for assertion * * @return the assertion that was added to the response */ @Nonnull public static Assertion addAssertionToResponse(@Nonnull final AbstractProfileAction action, @Nonnull final Response response, @Nonnull final IdentifierGenerationStrategy idGenerator, @Nullable final String issuer) { final Assertion assertion = buildAssertion(action, idGenerator, issuer); assertion.setIssueInstant(response.getIssueInstant()); getLogger().debug("Profile Action {}: Added Assertion {} to Response {}", new Object[] {action.getClass().getSimpleName(), assertion.getID(), response.getID(),}); response.getAssertions().add(assertion); return assertion; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { if (response instanceof org.opensaml.saml.saml1.core.Response) { for (final org.opensaml.saml.saml1.core.Assertion assertion : ((org.opensaml.saml.saml1.core.Response) response).getAssertions()) { log.debug("{} Added NotBefore condition to Assertion {}", getLogPrefix(), assertion.getID()); SAML1ActionSupport.addConditionsToAssertion(this, assertion).setNotBefore( ((org.opensaml.saml.saml1.core.Response) response).getIssueInstant()); } } else if (response instanceof org.opensaml.saml.saml2.core.Response) { for (final org.opensaml.saml.saml2.core.Assertion assertion : ((org.opensaml.saml.saml2.core.Response) response).getAssertions()) { log.debug("{} Added NotBefore condition to Assertion {}", getLogPrefix(), assertion.getID()); SAML2ActionSupport.addConditionsToAssertion(this, assertion).setNotBefore( ((org.opensaml.saml.saml2.core.Response) response).getIssueInstant()); } } }
if (samlResponse.getIssueInstant() != null) { DateTime currentTime = new DateTime(); currentTime = currentTime.plusSeconds(futureTTL); if (samlResponse.getIssueInstant().isAfter(currentTime)) { LOG.fine("SAML Response IssueInstant not met"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
validatorResponse.setResponseId(samlResponse.getID()); validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter); if (samlResponse.getIssueInstant() != null) { validatorResponse.setCreated(Instant.ofEpochMilli(samlResponse.getIssueInstant().toDate().getTime()));
.setId(parsed.getID()) .setInResponseTo(parsed.getInResponseTo()) .setIssueInstant(parsed.getIssueInstant()) .setIssuer(getIssuer(parsed.getIssuer())) .setVersion(parsed.getVersion().toString())
final DateTime issueInstant = response.getIssueInstant(); if (issueInstant == null) { throw new SamlException("failed to get IssueInstant attribute");
validateIssueInstant(response.getIssueInstant());