org.opensaml.saml.saml2.core.Audience Java Examples

The following examples show how to use org.opensaml.saml.saml2.core.Audience. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractSaml20ObjectBuilder.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up 
/**
 * New conditions element.
 *
 * @param notBefore the not before
 * @param notOnOrAfter the not on or after
 * @param audienceUri the service id
 * @return the conditions
 */
public Conditions newConditions(final DateTime notBefore, final DateTime notOnOrAfter, final String audienceUri) {
    final Conditions conditions = newSamlObject(Conditions.class);
    conditions.setNotBefore(notBefore);
    conditions.setNotOnOrAfter(notOnOrAfter);

    final AudienceRestriction audienceRestriction = newSamlObject(AudienceRestriction.class);
    final Audience audience = newSamlObject(Audience.class);
    audience.setAudienceURI(audienceUri);
    audienceRestriction.getAudiences().add(audience);
    conditions.getAudienceRestrictions().add(audienceRestriction);
    return conditions;
}
Example #2
Source File: AssertionHelper.java    From verify-service-provider with MIT License 5 votes vote down vote up 
private static Conditions aConditions() {
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(DateTime.now());
    conditions.setNotOnOrAfter(DateTime.now().plusMinutes(10));
    AudienceRestriction audienceRestriction = new AudienceRestrictionBuilder().buildObject();
    Audience audience = new AudienceBuilder().buildObject();
    audience.setAudienceURI(TEST_RP);
    audienceRestriction.getAudiences().add(audience);
    conditions.getAudienceRestrictions().add(audienceRestriction);
    return conditions;
}
Example #3
Source File: AssertionHelper.java    From verify-service-provider with MIT License 5 votes vote down vote up 
private static Conditions aConditionsForEidas() {
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(DateTime.now());
    conditions.setNotOnOrAfter(DateTime.now().plusMinutes(10));
    AudienceRestriction audienceRestriction = new AudienceRestrictionBuilder().buildObject();
    Audience audience = new AudienceBuilder().buildObject();
    audience.setAudienceURI(HUB_CONNECTOR_ENTITY_ID);
    audienceRestriction.getAudiences().add(audience);
    conditions.getAudienceRestrictions().add(audienceRestriction);
    return conditions;
}
Example #4
Source File: SamlOAuthValidator.java    From cxf with Apache License 2.0 5 votes vote down vote up 
private void validateAudience(Message message, Conditions cs) {
    String absoluteAddress = getAbsoluteTargetAddress(message);

    List<AudienceRestriction> restrictions = cs.getAudienceRestrictions();
    for (AudienceRestriction ar : restrictions) {
        List<Audience> audiences = ar.getAudiences();
        for (Audience a : audiences) {
            if (absoluteAddress.equals(a.getAudienceURI())) {
                return;
            }
        }
    }
    throw ExceptionUtils.toNotAuthorizedException(null, null);
}
Example #5
Source File: SamlServiceProviderTest.java    From armeria with Apache License 2.0 4 votes vote down vote up 
private static Response getAuthResponse(String recipient) throws Exception {
    // IdP entity ID
    final Issuer issuer = build(Issuer.DEFAULT_ELEMENT_NAME);
    issuer.setValue("http://idp.example.com/post");

    final Assertion assertion = build(Assertion.DEFAULT_ELEMENT_NAME);
    final Subject subject = build(Subject.DEFAULT_ELEMENT_NAME);
    final SubjectConfirmation subjectConfirmation = build(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
    final SubjectConfirmationData data = build(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);

    data.setInResponseTo(requestIdManager.newId());
    data.setNotOnOrAfter(DateTime.now().plusMinutes(1));
    data.setRecipient(recipient);

    subjectConfirmation.setSubjectConfirmationData(data);
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");

    subject.getSubjectConfirmations().add(subjectConfirmation);

    assertion.setSubject(subject);

    assertion.setIssuer(XMLObjectSupport.cloneXMLObject(issuer));
    assertion.setIssueInstant(DateTime.now());
    assertion.setID(requestIdManager.newId());

    final AuthnStatement authnStatement = build(AuthnStatement.DEFAULT_ELEMENT_NAME);
    authnStatement.setSessionIndex("1");
    assertion.getAuthnStatements().add(authnStatement);

    final Conditions conditions = build(Conditions.DEFAULT_ELEMENT_NAME);
    conditions.setNotBefore(DateTime.now().minusMinutes(1));
    conditions.setNotOnOrAfter(DateTime.now().plusMinutes(1));

    final AudienceRestriction audienceRestriction = build(AudienceRestriction.DEFAULT_ELEMENT_NAME);
    final Audience audience = build(Audience.DEFAULT_ELEMENT_NAME);
    // Set SP entity ID as an audience.
    audience.setAudienceURI(spEntityId);
    audienceRestriction.getAudiences().add(audience);
    conditions.getAudienceRestrictions().add(audienceRestriction);

    assertion.setConditions(conditions);

    sign(assertion, idpCredential, signatureAlgorithm);

    final Response response = build(Response.DEFAULT_ELEMENT_NAME);
    response.getAssertions().add(assertion);

    response.setID(requestIdManager.newId());
    response.setIssuer(issuer);
    response.setIssueInstant(DateTime.now());

    final Status status = build(Status.DEFAULT_ELEMENT_NAME);
    final StatusCode statusCode = build(StatusCode.DEFAULT_ELEMENT_NAME);
    statusCode.setValue(StatusCode.SUCCESS);
    status.setStatusCode(statusCode);
    response.setStatus(status);

    return response;
}