libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-1202 Set AudienceRestriction to the issuer from the original request.

Browse source
This commit is contained in:
Dane Barentine 2015-04-13 12:47:40 -07:00
parent 06ac706057
commit da70391677
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2LoginResponseBuilder.java
View file

@ -17,8 +17,10 @@ import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType; import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.ConditionsType; import org.keycloak.dom.saml.v2.assertion.ConditionsType;
import org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType; import org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType;
import org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType;
import org.keycloak.dom.saml.v2.protocol.ResponseType; import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import java.net.URI;
import static org.keycloak.saml.common.util.StringUtil.isNotNull; import static org.keycloak.saml.common.util.StringUtil.isNotNull;
@ -156,6 +158,11 @@ public class SAML2LoginResponseBuilder {
AssertionType assertion = responseType.getAssertions().get(0).getAssertion(); AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
//Add request issuer as the audience restriction
AudienceRestrictionType audience = new AudienceRestrictionType();
audience.addAudience(URI.create(requestIssuer));
assertion.getConditions().addCondition(audience);
//Update Conditions NotOnOrAfter //Update Conditions NotOnOrAfter
if(assertionExpiration > 0) { if(assertionExpiration > 0) {
ConditionsType conditions = assertion.getConditions(); ConditionsType conditions = assertion.getConditions();