org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSamlPolicyValidator

Direct Known Subclasses:: IssuedTokenPolicyValidator, SamlTokenPolicyValidator

public abstract class AbstractSamlPolicyValidator extends AbstractSecurityPolicyValidator

Some abstract functionality for validating SAML Assertions

Constructor Details
- AbstractSamlPolicyValidator
  
  public AbstractSamlPolicyValidator()
Method Details
- checkHolderOfKey
  
  public boolean checkHolderOfKey(org.apache.wss4j.common.saml.SamlAssertionWrapper assertionWrapper, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
  
  Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.
  
  Parameters:
  
  assertionWrapper - the SAML Assertion wrapper object
  
  signedResults - a list of all of the signed results
- compareCredentials
  
  protected boolean compareCredentials(org.apache.wss4j.common.saml.SAMLKeyInfo subjectKeyInfo, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
  
  Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match
  
  Parameters:
  
  subjectKeyInfo - the SAMLKeyInfo object
  
  signedResults - a list of all of the signed results
  
  Returns:
  
  true if the credentials of the assertion were used to verify a signature

Class AbstractSamlPolicyValidator

Constructor Summary