Package org.pac4j.saml.profile.impl

Class AbstractSAML2ResponseValidator

java.lang.Object
org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator
All Implemented Interfaces:
SAML2ResponseValidator
Direct Known Subclasses:
SAML2AuthnResponseValidator, SAML2LogoutValidator
public abstract class AbstractSAML2ResponseValidator extends Object implements SAML2ResponseValidator
The abstract class for all SAML response validators.
Since:
3.4.0
Author:
Jerome Leleu

  • Field Details

    • logger

      protected final org.slf4j.Logger logger

    • signatureTrustEngineProvider

      protected final SAML2SignatureTrustEngineProvider signatureTrustEngineProvider

    • uriComparator

      protected final net.shibboleth.shared.net.URIComparator uriComparator

    • decrypter

      protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter

    • logoutHandler

      protected final org.pac4j.core.logout.handler.LogoutHandler logoutHandler

    • replayCache

      protected final ReplayCacheProvider replayCache

    • acceptedSkew

      protected long acceptedSkew

  • Constructor Details

    • AbstractSAML2ResponseValidator

      protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, org.pac4j.core.logout.handler.LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.shared.net.URIComparator uriComparator)

  • Method Details

    • validateSuccess

      protected void validateSuccess(org.opensaml.saml.saml2.core.Status status)
      Validates that the response is a success.
      Parameters:
      status - the response status.

    • validateSignatureIfItExists

      protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)

    • validateSignature

      protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
      Validate the given digital signature by checking its profile and value.
      Parameters:
      signature - the signature
      idpEntityId - the idp entity id
      trustEngine - the trust engine

    • validateIssuerIfItExists

      protected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)

    • validateIssuer

      protected void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)
      Validate issuer format and value.
      Parameters:
      issuer - the issuer
      context - the context

    • validateIssueInstant

      protected void validateIssueInstant(Instant issueInstant)

    • isIssueInstantValid

      protected boolean isIssueInstantValid(Instant issueInstant)

    • isDateValid

      protected boolean isDateValid(Instant issueInstant, long interval)

    • verifyEndpoint

      protected void verifyEndpoint(List<String> endpoints, String destination, boolean isDestinationMandatory)

    • compareEndpoints

      protected boolean compareEndpoints(String destination, String endpoint)

    • verifyMessageReplay

      protected void verifyMessageReplay(SAML2MessageContext context)

    • decryptEncryptedId

      protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException
      Decrypts an EncryptedID, using a decrypter.
      Parameters:
      encryptedId - The EncryptedID to be decrypted.
      decrypter - The decrypter to use.
      Returns:
      Decrypted ID or null if any input is null.
      Throws:
      SAMLException - If the input ID cannot be decrypted.

    • computeSloKey

      protected String computeSloKey(String sessionIndex, SAML2Credentials.SAMLNameID nameId)

    • setAcceptedSkew

      public final void setAcceptedSkew(long acceptedSkew)
      Specified by:
      setAcceptedSkew in interface SAML2ResponseValidator