private DateTime getNotBefore(Assertion assertion) { return assertion.getConditions().getNotBefore(); }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { Conditions conditions = (Conditions) samlObject; if (conditions.getNotBefore() != null) { String notBeforeStr = Configuration.getSAMLDateFormatter().print(conditions.getNotBefore()); domElement.setAttributeNS(null, Conditions.NOT_BEFORE_ATTRIB_NAME, notBeforeStr); } if (conditions.getNotOnOrAfter() != null) { String notOnOrAfterStr = Configuration.getSAMLDateFormatter().print(conditions.getNotOnOrAfter()); domElement.setAttributeNS(null, Conditions.NOT_ON_OR_AFTER_ATTRIB_NAME, notOnOrAfterStr); } } }
private void validateDateTime(Assertion assertion) throws ValidationException{ DateTime now = new DateTime(); Conditions conditions = assertion.getConditions(); DateTime notBefore = conditions.getNotBefore(); DateTime notAfter = conditions.getNotOnOrAfter(); if (now.getMillis() < notBefore.getMillis()){ throw new ValidationException("notBefore validation failed!"); } if (now.getMillis() > notAfter.getMillis()){ throw new ValidationException("notOnOrAfter validation failed!"); } }
private void enforceConditions(Conditions conditions) throws SamlException { DateTime now = this.now != null ? this.now : DateTime.now(); DateTime notBefore = conditions.getNotBefore(); DateTime skewedNotBefore = notBefore.minus(notBeforeSkew); if (now.isBefore(skewedNotBefore)) { throw new SamlException( "The assertion cannot be used before " + notBefore.toString()); } DateTime notOnOrAfter = conditions.getNotOnOrAfter(); if (now.isAfter(notOnOrAfter)) { throw new SamlException( "The assertion cannot be used after " + notOnOrAfter.toString()); } }
/** * {@inheritDoc} */ public Assertion getSignedAuthorizationAssertion(List<SAML2Attribute> saml2AuthorizationAttributes,Assertion authnAssertion) { Assertion authorizationAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(), StringConstants.ATTRIBUTE_AUTHORIZATION_DATA, new DateTime(), authnAssertion.getConditions().getNotBefore(), authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1), saml2AuthorizationAttributes); try { authorizationAssertion = (Assertion)saml2XmlObjectSigner.sign(authorizationAssertion); }catch(SignatureException e){ String message ="SAML2 assertion signing failed : "; logger.error(message,e); } return authorizationAssertion; }
/** * {@inheritDoc} */ public Assertion getSignedAuditingAssertion(List<SAML2Attribute> saml2AuditingAttributes,Assertion authnAssertion){ Assertion auditingAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(), StringConstants.ATTRIBUTE_INFO_DATA, new DateTime(), authnAssertion.getConditions().getNotBefore(), authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1), saml2AuditingAttributes); try { auditingAssertion = (Assertion)saml2XmlObjectSigner.sign(auditingAssertion); }catch(SignatureException e){ String message ="SAML2 assertion signing failed : "; logger.error(message,e); } return auditingAssertion; }
public Conditions(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Assertion assertion = credential.getAuthenticationAssertion(); org.opensaml.saml2.core.Conditions conditions = assertion.getConditions(); List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions(); List<Audience> audiences = audienceRestrictions.get(0).getAudiences(); notBefore = conditions.getNotBefore(); notOnOrAfter = conditions.getNotOnOrAfter(); audienceRestriction = new ArrayList<>(); for(Audience audience : audiences){ audienceRestriction.add(audience.getAudienceURI()); } }
if (conditions.getNotBefore() != null) { if (conditions.getNotBefore().isAfterNow()) { System.out.println("Assertion is not yet valid, invalidated by condition notBefore"+ conditions.getNotBefore()); throw new SAMLException("SAML response is not valid");
if (conditions.getNotBefore() != null) { if (conditions.getNotBefore().minusSeconds(getResponseSkew()).isAfterNow()) { throw new SAMLException("Assertion is not yet valid, invalidated by condition notBefore " + conditions.getNotBefore());
DateTime validFrom = assertion.getConditions().getNotBefore(); DateTime validTill = assertion.getConditions().getNotOnOrAfter();
protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); Subject subject = assertion.getSubject(); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } else { SubjectConfirmationData scData = subject.getSubjectConfirmations() .get(0).getSubjectConfirmationData(); if (scData.getNotBefore() != null) { this.setDateNotBefore(scData.getNotBefore().toDate()); } if (scData.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate()); } } }
validateTime(now, conditions.getNotBefore(), conditions.getNotOnOrAfter(), maxTimeOffset);
DateTime beginTime = conditions.getNotBefore(); if (beginTime != null && beginTime.toGregorianCalendar() != null && beginTime.toGregorianCalendar().getTime() != null) { String formBegin = beginTime.toString();
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20) && assertion.getSaml2().getConditions() != null) { validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11)
validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml2().getIssueInstant();
validFrom = assertion.getSaml2().getConditions().getNotBefore(); validTill = assertion.getSaml2().getConditions().getNotOnOrAfter(); issueInstant = assertion.getSaml2().getIssueInstant();
/** * Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion * * @param assertion SAML Assertion element * @throws SSOAgentException */ private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException { if (assertion.getConditions() != null) { int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds(); DateTime validFrom = assertion.getConditions().getNotBefore(); DateTime validTill = assertion.getConditions().getNotOnOrAfter(); if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'"); } if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'"); } if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) { throw new SSOAgentException( "SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'"); } } }
/** * Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion * * @param assertion SAML Assertion element * @throws SSOAgentException */ private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException { if (assertion.getConditions() != null) { int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds(); DateTime validFrom = assertion.getConditions().getNotBefore(); DateTime validTill = assertion.getConditions().getNotOnOrAfter(); if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'"); } if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) { throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'"); } if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) { throw new SSOAgentException( "SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'"); } } }
DateTime validFrom = assertion.getConditions().getNotBefore(); DateTime validTill = assertion.getConditions().getNotOnOrAfter(); int timeStampSkewInSeconds = getTimeStampSkewInSeconds();
DateTime validFrom = assertion.getConditions().getNotBefore(); DateTime validTill = assertion.getConditions().getNotOnOrAfter(); int timeStampSkewInSeconds = getTimeStampSkewInSeconds();