com.onelogin.saml2.authn.SamlResponse Java Examples

The following examples show how to use com.onelogin.saml2.authn.SamlResponse. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthTokenProcessorHandler.java    From deprecated-security-advanced-modules with Apache License 2.0 6 votes vote down vote up 
private long getJwtExpiration(SamlResponse samlResponse) throws Exception {
    DateTime sessionNotOnOrAfter = samlResponse.getSessionNotOnOrAfter();

    if (this.expiryBaseValue == ExpiryBaseValue.NOW) {
        return System.currentTimeMillis() / 1000 + this.expiryOffset;
    } else if (this.expiryBaseValue == ExpiryBaseValue.SESSION) {
        if (sessionNotOnOrAfter != null) {
            return sessionNotOnOrAfter.getMillis() / 1000 + this.expiryOffset;
        } else {
            throw new Exception(
                    "Error while determining JWT expiration time: SamlResponse did not contain sessionNotOnOrAfter value");
        }
    } else {
        // AUTO

        if (sessionNotOnOrAfter != null) {
            return sessionNotOnOrAfter.getMillis() / 1000;
        } else {
            return System.currentTimeMillis() / 1000 + (this.expiryOffset > 0 ? this.expiryOffset : 60 * 60);
        }
    }
}
Example #2
Source File: AuthTokenProcessorHandler.java    From deprecated-security-advanced-modules with Apache License 2.0 6 votes vote down vote up 
private String[] extractRoles(SamlResponse samlResponse) throws XPathExpressionException, ValidationError {
    if (this.samlRolesKey == null) {
        return new String[0];
    }

    List<String> values = samlResponse.getAttributes().get(this.samlRolesKey);

    if (values == null || values.size() == 0) {
        return null;
    }

    if (samlRolesSeparator != null) {
        values = splitRoles(values);
    } else {
        values = trimRoles(values);
    }

    return values.toArray(new String[values.size()]);
}
Example #3
Source File: AuthTokenProcessorHandler.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up 
private String createJwt(SamlResponse samlResponse) throws Exception {
    JwtClaims jwtClaims = new JwtClaims();
    JwtToken jwt = new JwtToken(jwtClaims);

    jwtClaims.setNotBefore(System.currentTimeMillis() / 1000);
    jwtClaims.setExpiryTime(getJwtExpiration(samlResponse));

    jwtClaims.setProperty(this.jwtSubjectKey, this.extractSubject(samlResponse));

    if (this.samlSubjectKey != null) {
        jwtClaims.setProperty("saml_ni", samlResponse.getNameId());
    }

    if (samlResponse.getNameIdFormat() != null) {
        jwtClaims.setProperty("saml_nif", SamlNameIdFormat.getByUri(samlResponse.getNameIdFormat()).getShortName());
    }

    String sessionIndex = samlResponse.getSessionIndex();

    if (sessionIndex != null) {
        jwtClaims.setProperty("saml_si", sessionIndex);
    }

    if (this.samlRolesKey != null && this.jwtRolesKey != null) {
        String[] roles = this.extractRoles(samlResponse);

        jwtClaims.setProperty(this.jwtRolesKey, roles);
    }

    String encodedJwt = this.jwtProducer.processJwt(jwt);

    if (token_log.isDebugEnabled()) {
        token_log.debug("Created JWT: " + encodedJwt + "\n" + jsonMapReaderWriter.toJson(jwt.getJwsHeaders()) + "\n"
                + JwtUtils.claimsToJson(jwt.getClaims()));
    }

    return encodedJwt;
}
Example #4
Source File: AuthTokenProcessorHandler.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up 
private String extractSubject(SamlResponse samlResponse) throws Exception {
    if (this.samlSubjectKey == null) {
        return samlResponse.getNameId();
    }

    List<String> values = samlResponse.getAttributes().get(this.samlSubjectKey);

    if (values == null || values.size() == 0) {
        return null;
    }

    return values.get(0);
}
Example #5
Source File: SAMLResponseMap.java    From guacamole-client with Apache License 2.0 5 votes vote down vote up 
@Override
public void run() {

    // Loop through responses in map and remove ones that are no longer valid.
    Iterator<SamlResponse> responseIterator = samlResponseMap.values().iterator();
    while (responseIterator.hasNext()) {
        try {
            responseIterator.next().validateTimestamps();
        }
        catch (ValidationError e) {
            responseIterator.remove();
        }
    }

}
Example #6
Source File: SAMLResponseMap.java    From guacamole-client with Apache License 2.0 2 votes vote down vote up 
/**
 * Retrieve the SamlResponse from the map that is represented by the
 * provided hash, or null if no such object exists.
 * 
 * @param hash
 *     The SHA-256 hash of the SamlResponse.
 * 
 * @return 
 *     The SamlResponse object matching the hash provided.
 */
protected SamlResponse getSamlResponse(String hash) {
    return samlResponseMap.remove(hash);
}
Example #7
Source File: SAMLResponseMap.java    From guacamole-client with Apache License 2.0 2 votes vote down vote up 
/**
 * Place the provided mapping of hash to SamlResponse into the map.
 * 
 * @param hash
 *     The hash that will be the lookup key for this SamlResponse.
 * 
 * @param samlResponse 
 *     The SamlResponse object.
 */
protected void putSamlResponse(String hash, SamlResponse samlResponse) {
    samlResponseMap.put(hash, samlResponse);
}