Author: prabath
Date: Tue Apr 1 03:14:59 2008
New Revision: 15442
Log:
adding AudienceRestriction
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML1TokenBuilder.java
Tue Apr 1 03:14:59 2008
@@ -18,10 +18,12 @@
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.AttributeValue;
+import org.opensaml.saml1.core.Audience;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
+import org.opensaml.saml1.core.AudienceRestrictionCondition;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
@@ -38,6 +40,7 @@
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
+import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Element;
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;
@@ -53,6 +56,7 @@
protected AttributeStatement attributeStmt = null;
protected List signatureList = new ArrayList();
protected Element signedAssertion = null;
+ protected String appilesTo = null;
public static final String CONF_KEY =
"urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
@@ -74,6 +78,10 @@
Map mapClaims = ipData.getRequestedClaims();
+ if (rahasData.getAppliesToAddress() != null) {
+ appilesTo = rahasData.getAppliesToAddress();
+ }
+
Iterator ite = mapClaims.values().iterator();
while (ite.hasNext()) {
@@ -118,12 +126,18 @@
ServerConfiguration config = ServerConfiguration.getInstance();
String host = "http://"; + config.getFirstProperty("HostName");
assertion.setIssuer(host);
- /*
- * TODO : is this needed ??? AudienceRestriction audience =
- * (AudienceRestriction)
- *
SAMLTokenDirector.buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
- * audience. conditions.getAudienceRestrictionConditions()
- */
+ assertion.setIssueInstant(new DateTime());
+
+ if (appilesTo != null) {
+ Audience audience = (Audience)
buildXMLObject(Audience.DEFAULT_ELEMENT_NAME);
+ audience.setUri(appilesTo);
+ AudienceRestrictionCondition audienceRestrictions =
(AudienceRestrictionCondition)
buildXMLObject(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);
+ audienceRestrictions.getAudiences().add(audience);
+
+ conditions.getAudienceRestrictionConditions().add(
+ audienceRestrictions);
+ }
+
assertion.setConditions(conditions);
assertion.getAttributeStatements().add(this.attributeStmt);
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/saml/SAML2TokenBuilder.java
Tue Apr 1 03:14:59 2008
@@ -14,6 +14,8 @@
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.utils.Base64;
import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
@@ -56,6 +58,7 @@
protected AttributeStatement attributeStmt = null;
protected List signatureList = new ArrayList();
protected Element signedAssertion = null;
+ protected String appilesTo = null;
public static final String CONF_KEY =
"urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
@@ -67,6 +70,10 @@
attributeStmt = (AttributeStatement)
buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
Map mapClaims = ipData.getRequestedClaims();
+
+ if (rahasData.getAppliesToAddress() != null) {
+ appilesTo = rahasData.getAppliesToAddress();
+ }
Iterator ite = mapClaims.values().iterator();
@@ -128,12 +135,18 @@
Issuer issuer = (Issuer) buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
issuer.setValue(host);
assertion.setIssuer(issuer);
- /*
- * TODO : is this needed ??? AudienceRestriction audience =
- * (AudienceRestriction)
- *
SAMLTokenDirector.buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
- * audience. conditions.getAudienceRestrictionConditions()
- */
+ assertion.setIssueInstant(new DateTime());
+
+ if (appilesTo != null) {
+ Audience audience = (Audience)
buildXMLObject(Audience.DEFAULT_ELEMENT_NAME);
+ audience.setAudienceURI(appilesTo);
+ AudienceRestriction audienceRestrictions = (AudienceRestriction)
buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
+ audienceRestrictions.getAudiences().add(audience);
+
+ conditions.getAudienceRestrictions().add(
+ audienceRestrictions);
+ }
+
assertion.setConditions(conditions);
assertion.getAttributeStatements().add(this.attributeStmt);
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
