Java Code Examples for org.opensaml.saml2.core.AudienceRestriction#getAudiences()
The following examples show how to use
org.opensaml.saml2.core.AudienceRestriction#getAudiences() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultSAML2SSOManager.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * Validate the AudienceRestriction of SAML2 Response * * @param assertion SAML2 Assertion * @return validity */ private void validateAudienceRestriction(Assertion assertion) throws SAMLSSOException { if (assertion != null) { Conditions conditions = assertion.getConditions(); if (conditions != null) { List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions(); if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { for (AudienceRestriction audienceRestriction : audienceRestrictions) { if (CollectionUtils.isNotEmpty(audienceRestriction.getAudiences())) { boolean audienceFound = false; for (Audience audience : audienceRestriction.getAudiences()) { if (properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID) .equals(audience.getAudienceURI())) { audienceFound = true; break; } } if (!audienceFound) { throw new SAMLSSOException("SAML Assertion Audience Restriction validation failed"); } } else { throw new SAMLSSOException("SAML Response's AudienceRestriction doesn't contain Audiences"); } } } else { throw new SAMLSSOException("SAML Response doesn't contain AudienceRestrictions"); } } else { throw new SAMLSSOException("SAML Response doesn't contain Conditions"); } } }
Example 2
Source File: SAML2SSOAuthenticator.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * Validate the AudienceRestriction of SAML2 Assertion * * @param assertion SAML2 Assertion * @return validity */ public boolean validateAudienceRestrictionInAssertion(Assertion assertion) { if (assertion != null) { Conditions conditions = assertion.getConditions(); if (conditions != null) { List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions(); if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { for (AudienceRestriction audienceRestriction : audienceRestrictions) { if (audienceRestriction.getAudiences() != null && audienceRestriction.getAudiences().size() > 0) { for (Audience audience : audienceRestriction.getAudiences()) { String spId = org.wso2.carbon.identity.authenticator.saml2.sso.common.Util.getServiceProviderId(); if (spId == null) { org.wso2.carbon.identity.authenticator.saml2.sso.common.Util.initSSOConfigParams(); spId = org.wso2.carbon.identity.authenticator.saml2.sso.common.Util.getServiceProviderId(); } if (spId != null) { if (spId.equals(audience.getAudienceURI())) { return true; } } else { log.warn("No SAML2 service provider ID defined."); } } } else { log.warn("SAML2 Response's AudienceRestriction doesn't contain Audiences"); } } } else { log.error("SAML2 Response doesn't contain AudienceRestrictions"); } } else { log.error("SAML2 Response doesn't contain Conditions"); } } return false; }
Example 3
Source File: SAML2SSOManager.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * Validate the AudienceRestriction of SAML2 Response * * @param assertion SAML2 Assertion * @return validity */ protected void validateAudienceRestriction(Assertion assertion) throws SSOAgentException { if (assertion != null) { Conditions conditions = assertion.getConditions(); if (conditions != null) { List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions(); if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { boolean audienceFound = false; for (AudienceRestriction audienceRestriction : audienceRestrictions) { if (audienceRestriction.getAudiences() != null && !audienceRestriction.getAudiences().isEmpty() ) { for (Audience audience : audienceRestriction.getAudiences()) { if (ssoAgentConfig.getSAML2().getSPEntityId().equals(audience.getAudienceURI())) { audienceFound = true; break; } } } if (audienceFound) { break; } } if (!audienceFound) { throw new SSOAgentException("SAML2 Assertion Audience Restriction validation failed"); } } else { throw new SSOAgentException("SAML2 Response doesn't contain AudienceRestrictions"); } } else { throw new SSOAgentException("SAML2 Response doesn't contain Conditions"); } } }
Example 4
Source File: AudienceRestrictionSchemaValidator.java From lams with GNU General Public License v2.0 | 2 votes |
/** * Checks that at least one Audience is present. * * @param audienceRestriction * @throws ValidationException */ protected void validateAudiences(AudienceRestriction audienceRestriction) throws ValidationException { if (audienceRestriction.getAudiences() == null || audienceRestriction.getAudiences().size() == 0) { throw new ValidationException("Must contain one or more Audiences"); } }