public class Saml2ResponseValidator extends Object
ExtendedSAMLMessageContext
with the correct SAML assertion and the corresponding nameID's Bearer subject if every checks succeeds.Constructor and Description |
---|
Saml2ResponseValidator() |
Modifier and Type | Method and Description |
---|---|
protected void |
decryptEncryptedAssertions(org.opensaml.saml2.core.Response response,
org.opensaml.saml2.encryption.Decrypter decrypter)
Decrypt encrypted assertions and add them to the assertions list of the response.
|
protected boolean |
isValidBearerSubjectConfirmationData(org.opensaml.saml2.core.SubjectConfirmationData data,
ExtendedSAMLMessageContext context)
Validate Bearer subject confirmation data
- notBefore
- NotOnOrAfter
- recipient
|
void |
setAcceptedSkew(int acceptedSkew) |
void |
setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime) |
protected void |
validateAssertion(org.opensaml.saml2.core.Assertion assertion,
ExtendedSAMLMessageContext context,
org.opensaml.xml.signature.SignatureTrustEngine engine,
org.opensaml.saml2.encryption.Decrypter decrypter)
Validate the given assertion:
- issueInstant
- issuer
- subject
- conditions
- authnStatements
- signature
|
protected void |
validateAssertionConditions(org.opensaml.saml2.core.Conditions conditions,
ExtendedSAMLMessageContext context)
Validate assertionConditions
- notBefore
- notOnOrAfter
|
protected void |
validateAssertionSignature(org.opensaml.xml.signature.Signature signature,
ExtendedSAMLMessageContext context,
org.opensaml.xml.signature.SignatureTrustEngine engine)
Validate assertion signature.
|
protected void |
validateAudienceRestrictions(List<org.opensaml.saml2.core.AudienceRestriction> audienceRestrictions,
String spEntityId)
Validate audience by matching the SP entityId.
|
protected void |
validateAuthenticationStatements(List<org.opensaml.saml2.core.AuthnStatement> authnStatements,
ExtendedSAMLMessageContext context)
Validate the given authnStatements:
- authnInstant
- sessionNotOnOrAfter
|
protected void |
validateIssuer(org.opensaml.saml2.core.Issuer issuer,
ExtendedSAMLMessageContext context)
Validate issuer format and value.
|
void |
validateSamlProtocolResponse(org.opensaml.saml2.core.Response response,
ExtendedSAMLMessageContext context,
org.opensaml.xml.signature.SignatureTrustEngine engine)
Validates the SAML protocol response:
- IssueInstant
- Issuer
- StatusCode
- Signature
|
void |
validateSamlResponse(ExtendedSAMLMessageContext context,
org.opensaml.xml.signature.SignatureTrustEngine engine,
org.opensaml.saml2.encryption.Decrypter decrypter)
Validates the SAML protocol response and the SAML SSO response.
|
void |
validateSamlSSOResponse(org.opensaml.saml2.core.Response response,
ExtendedSAMLMessageContext context,
org.opensaml.xml.signature.SignatureTrustEngine engine,
org.opensaml.saml2.encryption.Decrypter decrypter)
Validates the SAML SSO response by finding a valid assertion with authn statements.
|
protected void |
validateSignature(org.opensaml.xml.signature.Signature signature,
String idpEntityId,
org.opensaml.xml.signature.SignatureTrustEngine trustEngine)
Validate the given digital signature by checking its profile and value.
|
protected void |
validateSubject(org.opensaml.saml2.core.Subject subject,
ExtendedSAMLMessageContext context,
org.opensaml.saml2.encryption.Decrypter decrypter)
Validate the given subject by finding a valid Bearer confirmation.
|
public void validateSamlResponse(ExtendedSAMLMessageContext context, org.opensaml.xml.signature.SignatureTrustEngine engine, org.opensaml.saml2.encryption.Decrypter decrypter)
context
- engine
- decrypter
- public void validateSamlProtocolResponse(org.opensaml.saml2.core.Response response, ExtendedSAMLMessageContext context, org.opensaml.xml.signature.SignatureTrustEngine engine)
response
- context
- engine
- public void validateSamlSSOResponse(org.opensaml.saml2.core.Response response, ExtendedSAMLMessageContext context, org.opensaml.xml.signature.SignatureTrustEngine engine, org.opensaml.saml2.encryption.Decrypter decrypter)
ExtendedSAMLMessageContext
with a subjectAssertion and a subjectNameIdentifier.response
- context
- engine
- decrypter
- protected void decryptEncryptedAssertions(org.opensaml.saml2.core.Response response, org.opensaml.saml2.encryption.Decrypter decrypter)
response
- decrypter
- protected void validateIssuer(org.opensaml.saml2.core.Issuer issuer, ExtendedSAMLMessageContext context)
issuer
- context
- protected void validateAssertion(org.opensaml.saml2.core.Assertion assertion, ExtendedSAMLMessageContext context, org.opensaml.xml.signature.SignatureTrustEngine engine, org.opensaml.saml2.encryption.Decrypter decrypter)
assertion
- context
- engine
- decrypter
- protected void validateSubject(org.opensaml.saml2.core.Subject subject, ExtendedSAMLMessageContext context, org.opensaml.saml2.encryption.Decrypter decrypter)
subject
- The Subject from an assertion.context
- SAML message context.decrypter
- Decrypter used to decrypt some encrypted IDs, if they are present. May be null
, no decryption will be possible
then.protected boolean isValidBearerSubjectConfirmationData(org.opensaml.saml2.core.SubjectConfirmationData data, ExtendedSAMLMessageContext context)
data
- context
- protected void validateAssertionConditions(org.opensaml.saml2.core.Conditions conditions, ExtendedSAMLMessageContext context)
conditions
- context
- protected void validateAudienceRestrictions(List<org.opensaml.saml2.core.AudienceRestriction> audienceRestrictions, String spEntityId)
audienceRestrictions
- spEntityId
- protected void validateAuthenticationStatements(List<org.opensaml.saml2.core.AuthnStatement> authnStatements, ExtendedSAMLMessageContext context)
authnStatements
- context
- protected void validateAssertionSignature(org.opensaml.xml.signature.Signature signature, ExtendedSAMLMessageContext context, org.opensaml.xml.signature.SignatureTrustEngine engine)
signature
- context
- engine
- protected void validateSignature(org.opensaml.xml.signature.Signature signature, String idpEntityId, org.opensaml.xml.signature.SignatureTrustEngine trustEngine)
signature
- idpEntityId
- trustEngine
- public void setAcceptedSkew(int acceptedSkew)
public void setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime)
Copyright © 2015. All Rights Reserved.