public class SAML2LogoutResponseValidator extends Object implements SAML2ResponseValidator
Constructor and Description |
---|
SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine) |
SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine,
net.shibboleth.utilities.java.support.net.URIComparator uriComparator) |
Modifier and Type | Method and Description |
---|---|
protected org.opensaml.saml.saml2.core.NameID |
decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId,
org.opensaml.saml.saml2.encryption.Decrypter decrypter)
Decrypts an EncryptedID, using a decrypter.
|
protected boolean |
isValidBearerSubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData data,
SAML2MessageContext context)
Validate Bearer subject confirmation data
- notBefore
- NotOnOrAfter
- recipient
|
void |
setAcceptedSkew(int acceptedSkew) |
void |
setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime) |
Credentials |
validate(SAML2MessageContext context)
Validates the SAML protocol response and the SAML SSO response.
|
protected void |
validateAssertionConditions(org.opensaml.saml.saml2.core.Conditions conditions,
SAML2MessageContext context)
Validate assertionConditions
- notBefore
- notOnOrAfter
|
protected void |
validateAssertionSignature(org.opensaml.xmlsec.signature.Signature signature,
SAML2MessageContext context,
org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
Validate assertion signature.
|
protected void |
validateAudienceRestrictions(List<org.opensaml.saml.saml2.core.AudienceRestriction> audienceRestrictions,
String spEntityId)
Validate audience by matching the SP entityId.
|
protected void |
validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer,
SAML2MessageContext context)
Validate issuer format and value.
|
protected void |
validateSamlProtocolResponse(org.opensaml.saml.saml2.core.Response response,
SAML2MessageContext context,
org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
Validates the SAML protocol response:
- IssueInstant
- Issuer
- StatusCode
- Signature
|
protected void |
validateSignature(org.opensaml.xmlsec.signature.Signature signature,
String idpEntityId,
org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
Validate the given digital signature by checking its profile and value.
|
protected void |
verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint,
String destination) |
public SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine)
public SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
public Credentials validate(SAML2MessageContext context)
validate
in interface SAML2ResponseValidator
context
- the contextprotected final void validateSamlProtocolResponse(org.opensaml.saml.saml2.core.Response response, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
response
- the responsecontext
- the contextengine
- the engineprotected final void verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint, String destination)
protected final void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)
issuer
- the issuercontext
- the contextprotected final org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException
encryptedId
- The EncryptedID to be decrypted.decrypter
- The decrypter to use.null
if any input is null
.SAMLException
- If the input ID cannot be decrypted.protected final boolean isValidBearerSubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData data, SAML2MessageContext context)
data
- the datacontext
- the contextprotected final void validateAssertionConditions(org.opensaml.saml.saml2.core.Conditions conditions, SAML2MessageContext context)
conditions
- the conditionscontext
- the contextprotected final void validateAudienceRestrictions(List<org.opensaml.saml.saml2.core.AudienceRestriction> audienceRestrictions, String spEntityId)
audienceRestrictions
- the audience restrictionsspEntityId
- the sp entity idprotected final void validateAssertionSignature(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
signature
- the signaturecontext
- the contextengine
- the engineprotected final void validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
signature
- the signatureidpEntityId
- the idp entity idtrustEngine
- the trust enginepublic final void setAcceptedSkew(int acceptedSkew)
setAcceptedSkew
in interface SAML2ResponseValidator
public final void setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime)
setMaximumAuthenticationLifetime
in interface SAML2ResponseValidator
Copyright © 2017. All rights reserved.