if (SamlUtils.hasAssertionExpired(assertion)) {
log.warn("Received assertion not processed because it has expired.");
return null;
}
AuthnStatementType authnStatement = extractValidAuthnStatement(assertion);
if (authnStatement == null) {
log.warn("Received assertion not processed because it doesn't contain a valid authnStatement.");
return null;
}
NameIDType nameId = validateSubjectAndExtractNameID(assertion);
if (nameId == null) {
log.warn("Received assertion not processed because it doesn't contain a valid subject.");
return null;
}
SamlPrincipalImpl principal = new SamlPrincipalImpl();
principal.setAssertion(assertion);
principal.setNameId(new SamlNameIdImpl(nameId.getValue(), nameId.getFormat(), nameId.getNameQualifier()));
SamlSpSessionImpl session = new SamlSpSessionImpl();
session.setSessionIndex(authnStatement.getSessionIndex());
session.setPrincipal(principal);
session.setIdentityProvider(idp);
for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement()) {
if (statement instanceof AttributeStatementType) {