public class SamlAssertionValidator extends SignatureTrustValidator
Constructor and Description |
---|
SamlAssertionValidator() |
Modifier and Type | Method and Description |
---|---|
void |
checkAudienceRestrictions(AssertionWrapper assertion,
List<String> audienceRestrictions)
Check the AudienceRestrictions of the Assertion
|
protected void |
checkAuthnStatements(AssertionWrapper assertion)
Check the AuthnStatements of the Assertion (if any)
|
protected void |
checkConditions(AssertionWrapper assertion)
Check the Conditions of the Assertion.
|
protected void |
checkOneTimeUse(AssertionWrapper samlAssertion,
RequestData data)
Check the "OneTimeUse" Condition of the Assertion.
|
String |
getRequiredSubjectConfirmationMethod() |
int |
getTtl() |
boolean |
isRequireBearerSignature() |
boolean |
isRequireStandardSubjectConfirmationMethod() |
boolean |
isValidateSignatureAgainstProfile()
Whether to validate the signature of the Assertion (if it exists) against the
relevant profile.
|
void |
setFutureTTL(int newFutureTTL)
Set the time in seconds in the future within which the NotBefore time of an incoming
Assertion is valid.
|
void |
setRequireBearerSignature(boolean requireBearerSignature) |
void |
setRequiredSubjectConfirmationMethod(String requiredSubjectConfirmationMethod) |
void |
setRequireStandardSubjectConfirmationMethod(boolean requireStandardSubjectConfirmationMethod) |
void |
setTtl(int ttl) |
void |
setValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile)
Whether to validate the signature of the Assertion (if it exists) against the
relevant profile.
|
Credential |
validate(Credential credential,
RequestData data)
Validate the credential argument.
|
protected void |
validateAssertion(AssertionWrapper assertion)
Validate the assertion against schemas/profiles
|
protected Credential |
verifySignedAssertion(AssertionWrapper assertion,
RequestData data)
Verify trust in the signature of a signed Assertion.
|
protected void |
verifySubjectConfirmationMethod(AssertionWrapper samlAssertion)
Check the Subject Confirmation method requirements
|
getCrypto, isCertificateInKeyStore, matches, validateCertificates, validatePublicKey, verifyTrustInCert, verifyTrustInCert, verifyTrustInCert, verifyTrustInCerts, verifyTrustInCerts, verifyTrustInCerts
public void setFutureTTL(int newFutureTTL)
public Credential validate(Credential credential, RequestData data) throws WSSecurityException
validate
in interface Validator
validate
in class SignatureTrustValidator
credential
- the Credential to be validateddata
- the RequestData associated with the requestWSSecurityException
- on a failed validationprotected void verifySubjectConfirmationMethod(AssertionWrapper samlAssertion) throws WSSecurityException
WSSecurityException
protected Credential verifySignedAssertion(AssertionWrapper assertion, RequestData data) throws WSSecurityException
assertion
- The signed Assertiondata
- The RequestData contextWSSecurityException
protected void checkConditions(AssertionWrapper assertion) throws WSSecurityException
WSSecurityException
public void checkAudienceRestrictions(AssertionWrapper assertion, List<String> audienceRestrictions) throws WSSecurityException
WSSecurityException
protected void checkAuthnStatements(AssertionWrapper assertion) throws WSSecurityException
WSSecurityException
protected void checkOneTimeUse(AssertionWrapper samlAssertion, RequestData data) throws WSSecurityException
WSSecurityException
protected void validateAssertion(AssertionWrapper assertion) throws WSSecurityException
WSSecurityException
public boolean isValidateSignatureAgainstProfile()
public void setValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile)
public String getRequiredSubjectConfirmationMethod()
public void setRequiredSubjectConfirmationMethod(String requiredSubjectConfirmationMethod)
public boolean isRequireStandardSubjectConfirmationMethod()
public void setRequireStandardSubjectConfirmationMethod(boolean requireStandardSubjectConfirmationMethod)
public boolean isRequireBearerSignature()
public void setRequireBearerSignature(boolean requireBearerSignature)
public int getTtl()
public void setTtl(int ttl)
Copyright © 2018 JBoss by Red Hat. All rights reserved.