Class SAML2AssertionValidator
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.assertions.saml2.SAML2AssertionValidator
-
@ThreadSafe public class SAML2AssertionValidator extends Object
SAML 2.0 assertion validator. Supports RSA signatures and HMAC. Provides static methods for each validation step for putting together tailored assertion validation strategies.
-
-
Constructor Summary
Constructors Constructor Description SAML2AssertionValidator(SAML2AssertionDetailsVerifier detailsVerifier)
Creates a new SAML 2.0 assertion validator.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description SAML2AssertionDetailsVerifier
getDetailsVerifier()
Gets the SAML 2.0 assertion details verifier.static org.opensaml.saml.saml2.core.Assertion
parse(String xml)
Parses a SAML 2.0 assertion from the specified XML string.org.opensaml.saml.saml2.core.Assertion
validate(String xml, Issuer expectedIssuer, Key key)
Validates the specified SAML 2.0 assertion.org.opensaml.saml.saml2.core.Assertion
validate(org.opensaml.saml.saml2.core.Assertion assertion, Issuer expectedIssuer, Key key)
Validates the specified SAML 2.0 assertion.static void
verifySignature(org.opensaml.xmlsec.signature.Signature signature, Key key)
Verifies the specified XML signature (HMAC, RSA or EC) with the provided key.
-
-
-
Constructor Detail
-
SAML2AssertionValidator
public SAML2AssertionValidator(SAML2AssertionDetailsVerifier detailsVerifier)
Creates a new SAML 2.0 assertion validator.- Parameters:
detailsVerifier
- The SAML 2.0 assertion details verifier. Must not benull
.
-
-
Method Detail
-
getDetailsVerifier
public SAML2AssertionDetailsVerifier getDetailsVerifier()
Gets the SAML 2.0 assertion details verifier.- Returns:
- The SAML 2.0 assertion details verifier.
-
parse
public static org.opensaml.saml.saml2.core.Assertion parse(String xml) throws ParseException
Parses a SAML 2.0 assertion from the specified XML string.- Parameters:
xml
- The XML string. Must not benull
.- Returns:
- The SAML 2.0 assertion.
- Throws:
ParseException
- If parsing of the assertion failed.
-
verifySignature
public static void verifySignature(org.opensaml.xmlsec.signature.Signature signature, Key key) throws BadSAML2AssertionException
Verifies the specified XML signature (HMAC, RSA or EC) with the provided key.- Parameters:
signature
- The XML signature. Must not benull
.key
- The key to verify the signature. Should be anSecretKey
instance for HMAC,RSAPublicKey
for RSA signatures orECPublicKey
for EC signatures. Must not benull
.- Throws:
BadSAML2AssertionException
- If the key type doesn't match the signature, or the signature is invalid.
-
validate
public org.opensaml.saml.saml2.core.Assertion validate(org.opensaml.saml.saml2.core.Assertion assertion, Issuer expectedIssuer, Key key) throws BadSAML2AssertionException
Validates the specified SAML 2.0 assertion.- Parameters:
assertion
- The SAML 2.0 assertion XML. Must not benull
.expectedIssuer
- The expected issuer. Must not benull
.key
- The key to verify the signature. Should be anSecretKey
instance for HMAC,RSAPublicKey
for RSA signatures orECPublicKey
for EC signatures. Must not benull
.- Returns:
- The validated SAML 2.0 assertion.
- Throws:
BadSAML2AssertionException
- If the assertion is invalid.
-
validate
public org.opensaml.saml.saml2.core.Assertion validate(String xml, Issuer expectedIssuer, Key key) throws BadSAML2AssertionException
Validates the specified SAML 2.0 assertion.- Parameters:
xml
- The SAML 2.0 assertion XML. Must not benull
.expectedIssuer
- The expected issuer. Must not benull
.key
- The key to verify the signature. Should be anSecretKey
instance for HMAC,RSAPublicKey
for RSA signatures orECPublicKey
for EC signatures. Must not benull
.- Returns:
- The validated SAML 2.0 assertion.
- Throws:
BadSAML2AssertionException
- If the assertion is invalid.
-
-