Class SAML2AssertionValidator
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.assertions.saml2.SAML2AssertionValidator
-
@ThreadSafe public class SAML2AssertionValidator extends Object
SAML 2.0 assertion validator. Supports RSA signatures and HMAC. Provides static methods for each validation step for putting together tailored assertion validation strategies.
-
-
Constructor Summary
Constructors Constructor Description SAML2AssertionValidator(SAML2AssertionDetailsVerifier detailsVerifier)Creates a new SAML 2.0 assertion validator.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description SAML2AssertionDetailsVerifiergetDetailsVerifier()Gets the SAML 2.0 assertion details verifier.static org.opensaml.saml.saml2.core.Assertionparse(String xml)Parses a SAML 2.0 assertion from the specified XML string.org.opensaml.saml.saml2.core.Assertionvalidate(String xml, Issuer expectedIssuer, Key key)Validates the specified SAML 2.0 assertion.org.opensaml.saml.saml2.core.Assertionvalidate(org.opensaml.saml.saml2.core.Assertion assertion, Issuer expectedIssuer, Key key)Validates the specified SAML 2.0 assertion.static voidverifySignature(org.opensaml.xmlsec.signature.Signature signature, Key key)Verifies the specified XML signature (HMAC, RSA or EC) with the provided key.
-
-
-
Constructor Detail
-
SAML2AssertionValidator
public SAML2AssertionValidator(SAML2AssertionDetailsVerifier detailsVerifier)
Creates a new SAML 2.0 assertion validator.- Parameters:
detailsVerifier- The SAML 2.0 assertion details verifier. Must not benull.
-
-
Method Detail
-
getDetailsVerifier
public SAML2AssertionDetailsVerifier getDetailsVerifier()
Gets the SAML 2.0 assertion details verifier.- Returns:
- The SAML 2.0 assertion details verifier.
-
parse
public static org.opensaml.saml.saml2.core.Assertion parse(String xml) throws ParseException
Parses a SAML 2.0 assertion from the specified XML string.- Parameters:
xml- The XML string. Must not benull.- Returns:
- The SAML 2.0 assertion.
- Throws:
ParseException- If parsing of the assertion failed.
-
verifySignature
public static void verifySignature(org.opensaml.xmlsec.signature.Signature signature, Key key) throws BadSAML2AssertionException
Verifies the specified XML signature (HMAC, RSA or EC) with the provided key.- Parameters:
signature- The XML signature. Must not benull.key- The key to verify the signature. Should be anSecretKeyinstance for HMAC,RSAPublicKeyfor RSA signatures orECPublicKeyfor EC signatures. Must not benull.- Throws:
BadSAML2AssertionException- If the key type doesn't match the signature, or the signature is invalid.
-
validate
public org.opensaml.saml.saml2.core.Assertion validate(org.opensaml.saml.saml2.core.Assertion assertion, Issuer expectedIssuer, Key key) throws BadSAML2AssertionException
Validates the specified SAML 2.0 assertion.- Parameters:
assertion- The SAML 2.0 assertion XML. Must not benull.expectedIssuer- The expected issuer. Must not benull.key- The key to verify the signature. Should be anSecretKeyinstance for HMAC,RSAPublicKeyfor RSA signatures orECPublicKeyfor EC signatures. Must not benull.- Returns:
- The validated SAML 2.0 assertion.
- Throws:
BadSAML2AssertionException- If the assertion is invalid.
-
validate
public org.opensaml.saml.saml2.core.Assertion validate(String xml, Issuer expectedIssuer, Key key) throws BadSAML2AssertionException
Validates the specified SAML 2.0 assertion.- Parameters:
xml- The SAML 2.0 assertion XML. Must not benull.expectedIssuer- The expected issuer. Must not benull.key- The key to verify the signature. Should be anSecretKeyinstance for HMAC,RSAPublicKeyfor RSA signatures orECPublicKeyfor EC signatures. Must not benull.- Returns:
- The validated SAML 2.0 assertion.
- Throws:
BadSAML2AssertionException- If the assertion is invalid.
-
-