com.mulesoft.modules.wss.internal.inbound

Class SamlValidator

java.lang.Object

org.apache.wss4j.dom.validate.SignatureTrustValidator

org.apache.wss4j.dom.validate.SamlAssertionValidator

com.mulesoft.modules.wss.internal.inbound.SamlValidator

All Implemented Interfaces:

org.apache.wss4j.dom.validate.Validator

public class SamlValidator
extends org.apache.wss4j.dom.validate.SamlAssertionValidator

Constructor Summary

Constructors

Constructor and Description
SamlValidator(org.apache.wss4j.dom.handler.RequestData data) data.getSigVerCrypto() checks if signature verification is enabled in that case, trust will be validated against configured trust-store

Method Summary

Modifier and Type	Method and Description
protected org.apache.wss4j.dom.validate.Credential	verifySignedAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper samlAssertion, org.apache.wss4j.dom.handler.RequestData data)

Methods inherited from class org.apache.wss4j.dom.validate.SamlAssertionValidator

checkAuthnStatements, checkConditions, checkConditions, checkOneTimeUse, getRequiredSubjectConfirmationMethod, getTtl, isRequireBearerSignature, isRequireStandardSubjectConfirmationMethod, isValidateSignatureAgainstProfile, setFutureTTL, setRequireBearerSignature, setRequiredSubjectConfirmationMethod, setRequireStandardSubjectConfirmationMethod, setTtl, setValidateSignatureAgainstProfile, validate, validateAssertion, verifySubjectConfirmationMethod

Methods inherited from class org.apache.wss4j.dom.validate.SignatureTrustValidator

getCrypto, validateCertificates, validatePublicKey, verifyTrustInCerts

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SamlValidator

public SamlValidator(org.apache.wss4j.dom.handler.RequestData data)

data.getSigVerCrypto() checks if signature verification is enabled in that case, trust will be validated against configured trust-store

Parameters:

data -

Method Detail

verifySignedAssertion

protected org.apache.wss4j.dom.validate.Credential verifySignedAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper samlAssertion,
                                                                         org.apache.wss4j.dom.handler.RequestData data)
                                                                  throws org.apache.wss4j.common.ext.WSSecurityException

Overrides:

verifySignedAssertion in class org.apache.wss4j.dom.validate.SamlAssertionValidator

Throws:

org.apache.wss4j.common.ext.WSSecurityException