libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #1136 from dbarentine/master

Browse source 
KEYCLOAK-1202 Set AudienceRestriction to the issuer from the original re...
This commit is contained in:
Bill Burke 2015-04-13 20:15:49 -04:00
commit d4f138cadc
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2LoginResponseBuilder.java
View file

@ -17,8 +17,10 @@ import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.ConditionsType;
import org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType;
import org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
import java.net.URI;
import static org.keycloak.saml.common.util.StringUtil.isNotNull;
@ -156,6 +158,11 @@ public class SAML2LoginResponseBuilder {
AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
//Add request issuer as the audience restriction
AudienceRestrictionType audience = new AudienceRestrictionType();
audience.addAudience(URI.create(requestIssuer));
assertion.getConditions().addCondition(audience);
//Update Conditions NotOnOrAfter
if(assertionExpiration > 0) {
ConditionsType conditions = assertion.getConditions();