Class DOMSAMLUtil


  • public final class DOMSAMLUtil
    extends Object
    Some SAML Utility methods only for use in the DOM code.
    • Method Detail

      • checkHolderOfKey

        public static boolean checkHolderOfKey​(SamlAssertionWrapper assertionWrapper,
                                               List<WSSecurityEngineResult> signedResults,
                                               Certificate[] tlsCerts)
        Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.
        Parameters:
        assertionWrapper - the SAML Assertion wrapper object
        signedResults - a list of all of the signed results
      • compareCredentials

        public static boolean compareCredentials​(SAMLKeyInfo subjectKeyInfo,
                                                 List<WSSecurityEngineResult> signedResults,
                                                 Certificate[] tlsCerts)
        Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match
        Parameters:
        subjectKeyInfo - the SAMLKeyInfo object
        signedResults - a list of all of the signed results
        Returns:
        true if the credentials of the assertion were used to verify a signature
      • checkSenderVouches

        public static boolean checkSenderVouches​(SamlAssertionWrapper assertionWrapper,
                                                 Certificate[] tlsCerts,
                                                 Element body,
                                                 List<WSSecurityEngineResult> signed)
        Check the sender-vouches requirements against the received assertion. The SAML Assertion and the SOAP Body must be signed by the same signature.