Package org.apache.wss4j.dom.validate

Class SamlAssertionValidator

  • All Implemented Interfaces:
    Validator
    public class SamlAssertionValidator
extends SignatureTrustValidator
    This class validates a SAML Assertion, which is wrapped in an "SamlAssertionWrapper" instance. It assumes that the SamlAssertionWrapper instance has already verified the signature on the assertion (done by the SAMLTokenProcessor). It verifies trust in the signature, and also checks that the Subject contains a KeyInfo (and processes it) for the holder-of-key case, and verifies that the Assertion is signed as well for holder-of-key.

    • Constructor Detail

      • SamlAssertionValidator

        public SamlAssertionValidator()

    • Method Detail

      • setFutureTTL

        public void setFutureTTL​(int newFutureTTL)
        Set the time in seconds in the future within which the NotBefore time of an incoming Assertion is valid. The default is 60 seconds.

      • verifySignedAssertion

        protected Credential verifySignedAssertion​(SamlAssertionWrapper samlAssertion,
                                           RequestData data)
                                    throws WSSecurityException
        Verify trust in the signature of a signed Assertion. This method is separate so that the user can override if if they want.
        Parameters:
        samlAssertion - The signed Assertion
        data - The RequestData context
        Returns:
        A Credential instance
        Throws:
        WSSecurityException

      • isValidateSignatureAgainstProfile

        public boolean isValidateSignatureAgainstProfile()
        Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true.

      • setValidateSignatureAgainstProfile

        public void setValidateSignatureAgainstProfile​(boolean validateSignatureAgainstProfile)
        Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true.

      • getRequiredSubjectConfirmationMethod

        public String getRequiredSubjectConfirmationMethod()

      • setRequiredSubjectConfirmationMethod

        public void setRequiredSubjectConfirmationMethod​(String requiredSubjectConfirmationMethod)

      • isRequireStandardSubjectConfirmationMethod

        public boolean isRequireStandardSubjectConfirmationMethod()

      • setRequireStandardSubjectConfirmationMethod

        public void setRequireStandardSubjectConfirmationMethod​(boolean requireStandardSubjectConfirmationMethod)

      • isRequireBearerSignature

        public boolean isRequireBearerSignature()

      • setRequireBearerSignature

        public void setRequireBearerSignature​(boolean requireBearerSignature)

      • getTtl

        public int getTtl()

      • setTtl

        public void setTtl​(int ttl)