Package org.apache.cxf.sts.token.validator

Class SAMLTokenValidator

  • All Implemented Interfaces:
    TokenValidator
    public class SAMLTokenValidator
extends Object
implements TokenValidator
    Validate a SAML Assertion. It is valid if it was issued and signed by this STS.

    • Constructor Detail

      • SAMLTokenValidator

        public SAMLTokenValidator()

    • Method Detail

      • setSubjectConstraints

        public void setSubjectConstraints​(List<String> subjectConstraints)
        Set a list of Strings corresponding to regular expression constraints on the subject DN of a certificate that was used to sign a received Assertion

      • setValidator

        public void setValidator​(org.apache.wss4j.dom.validate.Validator validator)
        Set the WSS4J Validator instance to use to validate the token.
        Parameters:
        validator - the WSS4J Validator instance to use to validate the token

      • setSamlRealmCodec

        public void setSamlRealmCodec​(SAMLRealmCodec samlRealmCodec)
        Set the SAMLRealmCodec instance to use to return a realm from a validated token
        Parameters:
        samlRealmCodec - the SAMLRealmCodec instance to use to return a realm from a validated token

      • canHandleToken

        public boolean canHandleToken​(ReceivedToken validateTarget)
        Return true if this TokenValidator implementation is capable of validating the ReceivedToken argument.
        Specified by:
        canHandleToken in interface TokenValidator

      • canHandleToken

        public boolean canHandleToken​(ReceivedToken validateTarget,
                              String realm)
        Return true if this TokenValidator implementation is capable of validating the ReceivedToken argument. The realm is ignored in this Validator.
        Specified by:
        canHandleToken in interface TokenValidator

      • validateAssertion

        protected void validateAssertion​(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
                          throws org.apache.wss4j.common.ext.WSSecurityException
        Validate the assertion against schemas/profiles
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • validateConditions

        protected boolean validateConditions​(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion,
                                     ReceivedToken validateTarget)

      • setSamlRoleParser

        public void setSamlRoleParser​(SAMLRoleParser samlRoleParser)

      • isValidateSignatureAgainstProfile

        public boolean isValidateSignatureAgainstProfile()
        Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true.

      • setValidateSignatureAgainstProfile

        public void setValidateSignatureAgainstProfile​(boolean validateSignatureAgainstProfile)
        Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true.