AbstractSamlPolicyValidator (Apache CXF JavaDoc 3.5.0 API)

java.lang.Object
- org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSecurityPolicyValidator
- - org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSamlPolicyValidator

All Implemented Interfaces:

SecurityPolicyValidator

Direct Known Subclasses:

IssuedTokenPolicyValidator, SamlTokenPolicyValidator
```
public abstract class AbstractSamlPolicyValidator
extends AbstractSecurityPolicyValidator
```
Some abstract functionality for validating SAML Assertions

Constructor Summary

Constructors
Constructor and Description

AbstractSamlPolicyValidator()

Constructors
Constructor and Description
`AbstractSamlPolicyValidator()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`checkHolderOfKey(org.apache.wss4j.common.saml.SamlAssertionWrapper assertionWrapper, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Check the holder-of-key requirements against the received assertion.
`protected boolean`	`compareCredentials(org.apache.wss4j.common.saml.SAMLKeyInfo subjectKeyInfo, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures.

Methods inherited from class org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSecurityPolicyValidator
isTokenRequired

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
canValidatePolicy, validatePolicies

- Constructor Detail
  - AbstractSamlPolicyValidator
```
public AbstractSamlPolicyValidator()
```
- Method Detail
  - checkHolderOfKey
```
public boolean checkHolderOfKey(org.apache.wss4j.common.saml.SamlAssertionWrapper assertionWrapper,
                                List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults,
                                Certificate[] tlsCerts)
```
    Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.
    
    Parameters:
    
    assertionWrapper - the SAML Assertion wrapper object
    
    signedResults - a list of all of the signed results
  - compareCredentials
```
protected boolean compareCredentials(org.apache.wss4j.common.saml.SAMLKeyInfo subjectKeyInfo,
                                     List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults,
                                     Certificate[] tlsCerts)
```
    Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match
    
    Parameters:
    
    subjectKeyInfo - the SAMLKeyInfo object
    
    signedResults - a list of all of the signed results
    
    Returns:
    
    true if the credentials of the assertion were used to verify a signature

Class AbstractSamlPolicyValidator

Constructor Summary

Method Summary

Methods inherited from class org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSecurityPolicyValidator

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator

Constructor Detail

AbstractSamlPolicyValidator

Method Detail

checkHolderOfKey

compareCredentials