Provided a mechanism for AuthN systems to supply the actual time of user authenticati...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 6 May 2005 19:22:22 +0000 (19:22 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 6 May 2005 19:22:22 +0000 (19:22 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1447 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/provider/E_AuthSSOHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/SSOHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/ShibbolethV1SSOHandler.java

index 4e81614..f06523e 100644 (file)
@@ -273,11 +273,10 @@ public class E_AuthSSOHandler extends SSOHandler implements IdPProtocolHandler {
 
                        // Put all attributes into an assertion
                        try {
-                               // TODO provide a way to override authN time
                                SAMLStatement attrStatement = new SAMLAttributeStatement((SAMLSubject) authNSubject.clone(), attributes);
                                SAMLStatement[] statements = {
-                                               new SAMLAuthenticationStatement(authNSubject, authenticationMethod, new Date(System
-                                                               .currentTimeMillis()), request.getRemoteAddr(), null, null), attrStatement};
+                                               new SAMLAuthenticationStatement(authNSubject, authenticationMethod, getAuthNTime(request),
+                                                               request.getRemoteAddr(), null, null), attrStatement};
                                SAMLAssertion assertion = new SAMLAssertion(issuer, new Date(System.currentTimeMillis()), new Date(
                                                System.currentTimeMillis() + 300000), null, null, Arrays.asList(statements));
                                if (log.isDebugEnabled()) {
index 4fa24b5..55cd5f6 100644 (file)
 
 package edu.internet2.middleware.shibboleth.idp.provider;
 
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
+import org.opensaml.SAMLException;
 import org.w3c.dom.Element;
 
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
@@ -55,4 +60,21 @@ public abstract class SSOHandler extends BaseHandler implements IdPProtocolHandl
                if ((req.getRemoteAddr() == null) || (req.getRemoteAddr().equals(""))) { throw new InvalidClientDataException(
                                "Unable to obtain client address."); }
        }
-}
+
+       protected Date getAuthNTime(HttpServletRequest request) throws SAMLException {
+
+               // Determine, if possible, when the authentication actually happened
+               String suppliedAuthNInstant = request.getHeader("SAMLAuthenticationInstant");
+               if (suppliedAuthNInstant != null && !suppliedAuthNInstant.equals("")) {
+                       try {
+                               return new SimpleDateFormat().parse(suppliedAuthNInstant);
+                       } catch (ParseException e) {
+                               log.error("An error was encountered while receiving authentication "
+                                               + "instant from authentication mechanism: " + e);
+                               throw new SAMLException(SAMLException.RESPONDER, "General error processing request.");
+                       }
+               } else {
+                       return new Date(System.currentTimeMillis());
+               }
+       }
+}
\ No newline at end of file
index ad78b7a..797b393 100644 (file)
@@ -177,10 +177,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                                log.debug("User was authenticated via the method (" + authenticationMethod + ").");
                        }
 
-                       // TODO Provide a mechanism for the authenticator to specify the auth time
-
                        SAMLSubject authNSubject = new SAMLSubject(nameId, null, null, null);
-
                        ArrayList assertions = new ArrayList();
 
                        // Is this artifact or POST?
@@ -223,7 +220,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
 
                authNSubject.addConfirmationMethod(SAMLSubject.CONF_ARTIFACT);
                assertions.add(generateAuthNAssertion(request, relyingParty, descriptor, nameId, authenticationMethod,
-                               new Date(System.currentTimeMillis()), authNSubject));
+                               getAuthNTime(request), authNSubject));
 
                // Sign the assertions, if necessary
                boolean metaDataIndicatesSignAssertions = false;
@@ -276,10 +273,9 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                        throws SAMLException, IOException, ServletException {
 
                log.debug("Responding with POST profile.");
-
                authNSubject.addConfirmationMethod(SAMLSubject.CONF_BEARER);
                assertions.add(generateAuthNAssertion(request, relyingParty, descriptor, nameId, authenticationMethod,
-                               new Date(System.currentTimeMillis()), authNSubject));
+                               getAuthNTime(request), authNSubject));
 
                // Sign the assertions, if necessary
                boolean metaDataIndicatesSignAssertions = false;