org.apache.cxf.rs.security.saml.sso

Class SAMLSSOResponseValidator

java.lang.Object

org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator

public class SAMLSSOResponseValidator
extends Object

Validate a SAML 2.0 Protocol Response according to the Web SSO profile. The Response should be validated by the SAMLProtocolResponseValidator first.

Constructor Summary

Constructors

Constructor and Description
SAMLSSOResponseValidator()

Method Summary

Modifier and Type	Method and Description
String	getAssertionConsumerURL()
String	getClientAddress()
String	getIssuerIDP()
String	getRequestId()
String	getSpIdentifier()
boolean	isEnforceResponseSigned()
void	setAssertionConsumerURL(String assertionConsumerURL)
void	setClientAddress(String clientAddress)
void	setEnforceAssertionsSigned(boolean enforceAssertionsSigned) Enforce that Assertions contained in the Response must be signed (if the Response itself is not signed).
void	setEnforceKnownIssuer(boolean enforceKnownIssuer) Enforce that the Issuer of the received Response/Assertion is known.
void	setEnforceResponseSigned(boolean enforceResponseSigned) Enforce whether a SAML Response must be signed.
void	setIssuerIDP(String issuerIDP)
void	setReplayCache(TokenReplayCache<String> replayCache)
void	setRequestId(String requestId)
void	setSpIdentifier(String spIdentifier)
SSOValidatorResponse	validateSamlResponse(org.opensaml.saml.saml2.core.Response samlResponse, boolean postBinding) Validate a SAML 2 Protocol Response

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SAMLSSOResponseValidator

public SAMLSSOResponseValidator()

Method Detail

setEnforceAssertionsSigned

public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned)

Enforce that Assertions contained in the Response must be signed (if the Response itself is not signed). The default is true.

setEnforceKnownIssuer

public void setEnforceKnownIssuer(boolean enforceKnownIssuer)

Enforce that the Issuer of the received Response/Assertion is known. The default is true.

validateSamlResponse

public SSOValidatorResponse validateSamlResponse(org.opensaml.saml.saml2.core.Response samlResponse,
                                                 boolean postBinding)
                                          throws org.apache.wss4j.common.ext.WSSecurityException

Validate a SAML 2 Protocol Response

Parameters:

samlResponse -

postBinding -

Returns:

a SSOValidatorResponse object

Throws:

org.apache.wss4j.common.ext.WSSecurityException

getIssuerIDP

public String getIssuerIDP()

setIssuerIDP

public void setIssuerIDP(String issuerIDP)

getAssertionConsumerURL

public String getAssertionConsumerURL()

setAssertionConsumerURL

public void setAssertionConsumerURL(String assertionConsumerURL)

getClientAddress

public String getClientAddress()

setClientAddress

public void setClientAddress(String clientAddress)

getRequestId

public String getRequestId()

setRequestId

public void setRequestId(String requestId)

getSpIdentifier

public String getSpIdentifier()

setSpIdentifier

public void setSpIdentifier(String spIdentifier)

setReplayCache

public void setReplayCache(TokenReplayCache<String> replayCache)

isEnforceResponseSigned

public boolean isEnforceResponseSigned()

setEnforceResponseSigned

public void setEnforceResponseSigned(boolean enforceResponseSigned)

Enforce whether a SAML Response must be signed.