Package se.swedenconnect.opensaml.sweid.saml2.validation

Class SwedishEidAuthnStatementValidator

java.lang.Object

org.opensaml.saml.saml2.assertion.impl.AuthnStatementValidator

se.swedenconnect.opensaml.saml2.assertion.validation.AuthnStatementValidator

se.swedenconnect.opensaml.sweid.saml2.validation.SwedishEidAuthnStatementValidator

All Implemented Interfaces:

org.opensaml.saml.saml2.assertion.StatementValidator

public class SwedishEidAuthnStatementValidator
extends AuthnStatementValidator

An AuthnStatementValidator that performs checks to assert that the assertion is compliant with the Swedish eID Framework.

Supports the following ValidationContext static parameters:

• The ones defined in AuthnStatementValidator.
• AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS: Holds a collection of AuthnContext URIs that are matched against the AuthnContextClassRef element of the authentication statement. If not supplied, the values are read from CoreValidatorParameters.AUTHN_REQUEST.
• HOLDER_OF_KEY_AUTHN_CONTEXT_URIS: Holds a collection of the authentication context URI:s that require the Holder-of-key profile.

Author:

Martin Lindström (martin@idsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
static final String	AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS	Key for a validation context parameter.
static final String	HOLDER_OF_KEY_AUTHN_CONTEXT_URIS	Key for a validation context parameter.

Fields inherited from class se.swedenconnect.opensaml.saml2.assertion.validation.AuthnStatementValidator

AUTHN_REQUEST_FORCE_AUTHN, AUTHN_REQUEST_ISSUE_INSTANT, MAX_ACCEPTED_SSO_SESSION_TIME

Constructor Summary

Constructors

Constructor	Description
SwedishEidAuthnStatementValidator()

Method Summary

Modifier and Type	Method	Description
protected Collection<String>	getHolderOfKeyAuthnContextUris(org.opensaml.saml.common.assertion.ValidationContext context)	Gets the authentication context URI:s that require that the Holder-of-key profile is used.
protected static Collection<String>	getRequestedAuthnContextUris(org.opensaml.saml.common.assertion.ValidationContext context)	Returns a collection of URIs that are the RequestedAuthnContext URIs given in the AuthnRequest.
protected org.opensaml.saml.common.assertion.ValidationResult	validateAuthnContext(org.opensaml.saml.saml2.core.AuthnStatement statement, org.opensaml.saml.saml2.core.Assertion assertion, org.opensaml.saml.common.assertion.ValidationContext context)	Overrides default implementation with checks that assert that a AuthnContextClassRef URI was received, and that it matches what was requested.

Methods inherited from class se.swedenconnect.opensaml.saml2.assertion.validation.AuthnStatementValidator

getAuthnRequestIssueInstant, getForceAuthnFlag, getMaxAcceptedSsoSessionTime, validate, validate, validateAuthnInstant, validateSessionIndex, validateSessionNotOnOrAfter, validateSsoAndSession

Methods inherited from class org.opensaml.saml.saml2.assertion.impl.AuthnStatementValidator

getServicedStatement, validateSubjectLocality

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS

public static final String AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS

Key for a validation context parameter. Carries a Collection holding the requested AuthnContext URIs included in the AuthnRequest.

See Also:

• Constant Field Values

HOLDER_OF_KEY_AUTHN_CONTEXT_URIS

public static final String HOLDER_OF_KEY_AUTHN_CONTEXT_URIS

Key for a validation context parameter. Carries a Collection holding the authentication context URI:s that require the Holder-of-key profile.

See Also:

• Constant Field Values

Constructor Details

SwedishEidAuthnStatementValidator

public SwedishEidAuthnStatementValidator()

Method Details

validateAuthnContext

protected org.opensaml.saml.common.assertion.ValidationResult validateAuthnContext(org.opensaml.saml.saml2.core.AuthnStatement statement,
 org.opensaml.saml.saml2.core.Assertion assertion,
 org.opensaml.saml.common.assertion.ValidationContext context)

Overrides default implementation with checks that assert that a AuthnContextClassRef URI was received, and that it matches what was requested.

Overrides:

validateAuthnContext in class AuthnStatementValidator

getRequestedAuthnContextUris

protected static Collection<String> getRequestedAuthnContextUris(org.opensaml.saml.common.assertion.ValidationContext context)

Returns a collection of URIs that are the RequestedAuthnContext URIs given in the AuthnRequest. The method will first check if the parameter AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS is set, and if not, use the CoreValidatorParameters.AUTHN_REQUEST.

Parameters:

context - the validation context

Returns:

a collection of URIs.

getHolderOfKeyAuthnContextUris

protected Collection<String> getHolderOfKeyAuthnContextUris(org.opensaml.saml.common.assertion.ValidationContext context)

Gets the authentication context URI:s that require that the Holder-of-key profile is used.

Parameters:

context - the validation context

Returns:

a list of URI:s