/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void cancelToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { this.tokenRegistry.removeToken(issuedAssertion.getID()); } catch (IOException e) { throw logger.processingError(e); } }
/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void cancelToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { this.tokenRegistry.removeToken(issuedAssertion.getID()); } catch (IOException e) { throw logger.processingError(e); } }
/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void cancelToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { this.tokenRegistry.removeToken(issuedAssertion.getID()); } catch (IOException e) { throw logger.processingError(e); } }
/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void validateToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { if (!AssertionUtil.hasExpired(issuedAssertion)) throw logger.samlAssertionExpiredError(); } catch (ConfigurationException e) { throw logger.processingError(e); } if (issuedAssertion == null) throw logger.assertionInvalidError(); if (this.tokenRegistry.getToken(issuedAssertion.getID()) == null) throw logger.assertionInvalidError(); }
/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void validateToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { if (AssertionUtil.hasExpired(issuedAssertion)) { throw logger.samlAssertionExpiredError(); } } catch (ConfigurationException e) { throw logger.processingError(e); } if (issuedAssertion == null) throw logger.assertionInvalidError(); if (this.tokenRegistry.getToken(issuedAssertion.getID()) == null) throw logger.assertionInvalidError(); }
/** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) */ public void validateToken(ProtocolContext context) throws ProcessingException { if (!(context instanceof SAML11ProtocolContext)) return; SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte); SAML11ProtocolContext samlProtocolContext = (SAML11ProtocolContext) context; SAML11AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion(); try { if (AssertionUtil.hasExpired(issuedAssertion)) { throw logger.samlAssertionExpiredError(); } } catch (ConfigurationException e) { throw logger.processingError(e); } if (issuedAssertion == null) throw logger.assertionInvalidError(); if (this.tokenRegistry.getToken(issuedAssertion.getID()) == null) throw logger.assertionInvalidError(); }
/** * Check whether the assertion has expired * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; //Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); if (trace) log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { log.info("Assertion has expired with id=" + assertion.getID()); } } //TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Check whether the assertion has expired * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; //Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); if (trace) log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { log.info("Assertion has expired with id=" + assertion.getID()); } } //TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
if (expiry) log.info("Assertion has expired with id=" + assertion.getID());
if (expiry) log.info("Assertion has expired with id=" + assertion.getID());
/** * Check whether the assertion has expired * * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Check whether the assertion has expired * * @param assertion * * @return * * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Check whether the assertion has expired * * @param assertion * * @return * * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are * out of sync. * * @param assertion * @param clockSkewInMilis in miliseconds * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
logger.samlAssertionExpired(assertion.getID());
logger.samlAssertionExpired(assertion.getID());