Package com.nimbusds.oauth2.sdk.assertions.saml2

Class SAML2AssertionValidator

java.lang.Object
com.nimbusds.oauth2.sdk.assertions.saml2.SAML2AssertionValidator
@ThreadSafe public class SAML2AssertionValidator extends Object
SAML 2.0 assertion validator. Supports RSA signatures and HMAC. Provides static methods for each validation step for putting together tailored assertion validation strategies.

  • Constructor Details

  • Method Details

    • getDetailsVerifier

      public SAML2AssertionDetailsVerifier getDetailsVerifier()
      Gets the SAML 2.0 assertion details verifier.
      Returns:
      The SAML 2.0 assertion details verifier.

    • parse

      public static org.opensaml.saml.saml2.core.Assertion parse(String xml) throws ParseException
      Parses a SAML 2.0 assertion from the specified XML string.
      Parameters:
      xml - The XML string. Must not be null.
      Returns:
      The SAML 2.0 assertion.
      Throws:
      ParseException - If parsing of the assertion failed.

    • verifySignature

      public static void verifySignature(org.opensaml.xmlsec.signature.Signature signature, Key key) throws BadSAML2AssertionException
      Verifies the specified XML signature (HMAC, RSA or EC) with the provided key.
      Parameters:
      signature - The XML signature. Must not be null.
      key - The key to verify the signature. Should be an SecretKey instance for HMAC, RSAPublicKey for RSA signatures or ECPublicKey for EC signatures. Must not be null.
      Throws:
      BadSAML2AssertionException - If the key type doesn't match the signature, or the signature is invalid.

    • validate

      public org.opensaml.saml.saml2.core.Assertion validate(org.opensaml.saml.saml2.core.Assertion assertion, Issuer expectedIssuer, Key key) throws BadSAML2AssertionException
      Validates the specified SAML 2.0 assertion.
      Parameters:
      assertion - The SAML 2.0 assertion XML. Must not be null.
      expectedIssuer - The expected issuer. Must not be null.
      key - The key to verify the signature. Should be an SecretKey instance for HMAC, RSAPublicKey for RSA signatures or ECPublicKey for EC signatures. Must not be null.
      Returns:
      The validated SAML 2.0 assertion.
      Throws:
      BadSAML2AssertionException - If the assertion is invalid.

    • validate

      public org.opensaml.saml.saml2.core.Assertion validate(String xml, Issuer expectedIssuer, Key key) throws BadSAML2AssertionException
      Validates the specified SAML 2.0 assertion.
      Parameters:
      xml - The SAML 2.0 assertion XML. Must not be null.
      expectedIssuer - The expected issuer. Must not be null.
      key - The key to verify the signature. Should be an SecretKey instance for HMAC, RSAPublicKey for RSA signatures or ECPublicKey for EC signatures. Must not be null.
      Returns:
      The validated SAML 2.0 assertion.
      Throws:
      BadSAML2AssertionException - If the assertion is invalid.