org.pac4j.saml.sso.impl

Class SAML2LogoutResponseValidator

java.lang.Object

org.pac4j.saml.sso.impl.SAML2LogoutResponseValidator

All Implemented Interfaces:

SAML2ResponseValidator

public class SAML2LogoutResponseValidator
extends Object
implements SAML2ResponseValidator

Validator for SAML logout response

Since:

2.0.0

Author:

Matthieu Taggiasco

Constructor Summary

Constructors

Constructor and Description
SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine)
SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)

Method Summary

Modifier and Type	Method and Description
protected org.opensaml.saml.saml2.core.NameID	decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) Decrypts an EncryptedID, using a decrypter.
protected boolean	isValidBearerSubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData data, SAML2MessageContext context) Validate Bearer subject confirmation data - notBefore - NotOnOrAfter - recipient
void	setAcceptedSkew(int acceptedSkew)
void	setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime)
Credentials	validate(SAML2MessageContext context) Validates the SAML protocol response and the SAML SSO response.
protected void	validateAssertionConditions(org.opensaml.saml.saml2.core.Conditions conditions, SAML2MessageContext context) Validate assertionConditions - notBefore - notOnOrAfter
protected void	validateAssertionSignature(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine) Validate assertion signature.
protected void	validateAudienceRestrictions(List<org.opensaml.saml.saml2.core.AudienceRestriction> audienceRestrictions, String spEntityId) Validate audience by matching the SP entityId.
protected void	validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context) Validate issuer format and value.
protected void	validateSamlProtocolResponse(org.opensaml.saml.saml2.core.Response response, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine) Validates the SAML protocol response: - IssueInstant - Issuer - StatusCode - Signature
protected void	validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine) Validate the given digital signature by checking its profile and value.
protected void	verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint, String destination)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SAML2LogoutResponseValidator

public SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine)

SAML2LogoutResponseValidator

public SAML2LogoutResponseValidator(SAML2SignatureTrustEngineProvider engine,
                                    net.shibboleth.utilities.java.support.net.URIComparator uriComparator)

Method Detail

validate

public Credentials validate(SAML2MessageContext context)

Validates the SAML protocol response and the SAML SSO response. The method decrypt encrypted assertions if any.

Specified by:

validate in interface SAML2ResponseValidator

Parameters:

context - the context

validateSamlProtocolResponse

protected final void validateSamlProtocolResponse(org.opensaml.saml.saml2.core.Response response,
                                                  SAML2MessageContext context,
                                                  org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)

Validates the SAML protocol response: - IssueInstant - Issuer - StatusCode - Signature

Parameters:

response - the response

context - the context

engine - the engine

verifyEndpoint

protected final void verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint,
                                    String destination)

validateIssuer

protected final void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer,
                                    SAML2MessageContext context)

Validate issuer format and value.

Parameters:

issuer - the issuer

context - the context

decryptEncryptedId

protected final org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId,
                                                                       org.opensaml.saml.saml2.encryption.Decrypter decrypter)
                                                                throws SAMLException

Decrypts an EncryptedID, using a decrypter.

Parameters:

encryptedId - The EncryptedID to be decrypted.

decrypter - The decrypter to use.

Returns:

Decrypted ID or null if any input is null.

Throws:

SAMLException - If the input ID cannot be decrypted.

isValidBearerSubjectConfirmationData

protected final boolean isValidBearerSubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData data,
                                                             SAML2MessageContext context)

Validate Bearer subject confirmation data - notBefore - NotOnOrAfter - recipient

Parameters:

data - the data

context - the context

Returns:

true if all Bearer subject checks are passing

validateAssertionConditions

protected final void validateAssertionConditions(org.opensaml.saml.saml2.core.Conditions conditions,
                                                 SAML2MessageContext context)

Validate assertionConditions - notBefore - notOnOrAfter

Parameters:

conditions - the conditions

context - the context

validateAudienceRestrictions

protected final void validateAudienceRestrictions(List<org.opensaml.saml.saml2.core.AudienceRestriction> audienceRestrictions,
                                                  String spEntityId)

Validate audience by matching the SP entityId.

Parameters:

audienceRestrictions - the audience restrictions

spEntityId - the sp entity id

validateAssertionSignature

protected final void validateAssertionSignature(org.opensaml.xmlsec.signature.Signature signature,
                                                SAML2MessageContext context,
                                                org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)

Validate assertion signature. If none is found and the SAML response did not have one and the SP requires the assertions to be signed, the validation fails.

Parameters:

signature - the signature

context - the context

engine - the engine

validateSignature

protected final void validateSignature(org.opensaml.xmlsec.signature.Signature signature,
                                       String idpEntityId,
                                       org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)

Validate the given digital signature by checking its profile and value.

Parameters:

signature - the signature

idpEntityId - the idp entity id

trustEngine - the trust engine

setAcceptedSkew

public final void setAcceptedSkew(int acceptedSkew)

Specified by:

setAcceptedSkew in interface SAML2ResponseValidator

setMaximumAuthenticationLifetime

public final void setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime)

Specified by:

setMaximumAuthenticationLifetime in interface SAML2ResponseValidator