Class SamlSSOAssertionValidator
- java.lang.Object
-
- org.apache.wss4j.dom.validate.SignatureTrustValidator
-
- org.apache.wss4j.dom.validate.SamlAssertionValidator
-
- org.apache.cxf.rs.security.saml.sso.SamlSSOAssertionValidator
-
- All Implemented Interfaces:
org.apache.wss4j.dom.validate.Validator
public class SamlSSOAssertionValidator extends org.apache.wss4j.dom.validate.SamlAssertionValidatorAn extension of the WSS4J SamlAssertionValidator. We can weaken the subject confirmation method requirements a bit for SAML SSO. A Bearer Assertion does not have to be signed by default if the outer Response is signed.
-
-
Constructor Summary
Constructors Constructor Description SamlSSOAssertionValidator(boolean signedResponse)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidverifySubjectConfirmationMethod(org.apache.wss4j.common.saml.SamlAssertionWrapper samlAssertion)Check the Subject Confirmation method requirements-
Methods inherited from class org.apache.wss4j.dom.validate.SamlAssertionValidator
checkAuthnStatements, checkConditions, checkConditions, checkOneTimeUse, getRequiredSubjectConfirmationMethod, getTtl, isRequireBearerSignature, isRequireStandardSubjectConfirmationMethod, isValidateSignatureAgainstProfile, setFutureTTL, setRequireBearerSignature, setRequiredSubjectConfirmationMethod, setRequireStandardSubjectConfirmationMethod, setTtl, setValidateSignatureAgainstProfile, validate, validateAssertion, verifySignedAssertion
-
-
-
-
Method Detail
-
verifySubjectConfirmationMethod
protected void verifySubjectConfirmationMethod(org.apache.wss4j.common.saml.SamlAssertionWrapper samlAssertion) throws org.apache.wss4j.common.ext.WSSecurityExceptionCheck the Subject Confirmation method requirements- Overrides:
verifySubjectConfirmationMethodin classorg.apache.wss4j.dom.validate.SamlAssertionValidator- Throws:
org.apache.wss4j.common.ext.WSSecurityException
-
-