Class SAML2AssertionDetailsVerifier

  • All Implemented Interfaces:

    public class SAML2AssertionDetailsVerifier
    extends Object
    implements com.nimbusds.jwt.proc.ClockSkewAware
    SAML 2.0 bearer assertion details verifier for OAuth 2.0 client authentication and authorisation grants. Intended for initial validation of SAML 2.0 assertions:
    • Audience check
    • Expiration time check
    • Not-before time check (is set)

    Related specifications:

    • Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522).
    • Constructor Detail

      • SAML2AssertionDetailsVerifier

        public SAML2AssertionDetailsVerifier​(Set<Audience> expectedAudience)
        Creates a new SAML 2.0 bearer assertion details verifier.
        expectedAudience - The expected audience values. Must not be empty or null. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.
    • Method Detail

      • getMaxClockSkew

        public int getMaxClockSkew()
        Specified by:
        getMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware
      • setMaxClockSkew

        public void setMaxClockSkew​(int maxClockSkewSeconds)
        Specified by:
        setMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware