Class SwedishEidAuthnStatementValidator
java.lang.Object
org.opensaml.saml.saml2.assertion.impl.AuthnStatementValidator
se.swedenconnect.opensaml.saml2.assertion.validation.AuthnStatementValidator
se.swedenconnect.opensaml.sweid.saml2.validation.SwedishEidAuthnStatementValidator
- All Implemented Interfaces:
StatementValidator
An
AuthnStatementValidator that performs checks to assert that the assertion is compliant with the Swedish
eID Framework.
Supports the following ValidationContext static parameters:
- The ones defined in
AuthnStatementValidator. AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS: Holds a collection of AuthnContext URIs that are matched against theAuthnContextClassRefelement of the authentication statement. If not supplied, the values are read fromCoreValidatorParameters.AUTHN_REQUEST.HOLDER_OF_KEY_AUTHN_CONTEXT_URIS: Holds a collection of the authentication context URI:s that require the Holder-of-key profile.
- Author:
- Martin Lindström (martin@idsec.se)
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringKey for a validation context parameter.static final StringKey for a validation context parameter.Fields inherited from class se.swedenconnect.opensaml.saml2.assertion.validation.AuthnStatementValidator
AUTHN_REQUEST_FORCE_AUTHN, AUTHN_REQUEST_ISSUE_INSTANT, MAX_ACCEPTED_SSO_SESSION_TIME -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected Collection<String> Gets the authentication context URI:s that require that the Holder-of-key profile is used.protected static Collection<String> Returns a collection of URIs that are the RequestedAuthnContext URIs given in theAuthnRequest.protected ValidationResultvalidateAuthnContext(AuthnStatement statement, Assertion assertion, ValidationContext context) Overrides default implementation with checks that assert that aAuthnContextClassRefURI was received, and that it matches what was requested.Methods inherited from class se.swedenconnect.opensaml.saml2.assertion.validation.AuthnStatementValidator
getAuthnRequestIssueInstant, getForceAuthnFlag, getMaxAcceptedSsoSessionTime, validate, validate, validateAuthnInstant, validateSessionIndex, validateSessionNotOnOrAfter, validateSsoAndSessionMethods inherited from class org.opensaml.saml.saml2.assertion.impl.AuthnStatementValidator
getServicedStatement, validateSubjectLocality
-
Field Details
-
AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS
Key for a validation context parameter. Carries aCollectionholding the requested AuthnContext URIs included in theAuthnRequest.- See Also:
-
HOLDER_OF_KEY_AUTHN_CONTEXT_URIS
Key for a validation context parameter. Carries aCollectionholding the authentication context URI:s that require the Holder-of-key profile.- See Also:
-
-
Constructor Details
-
SwedishEidAuthnStatementValidator
public SwedishEidAuthnStatementValidator()
-
-
Method Details
-
validateAuthnContext
protected ValidationResult validateAuthnContext(AuthnStatement statement, Assertion assertion, ValidationContext context) Overrides default implementation with checks that assert that aAuthnContextClassRefURI was received, and that it matches what was requested.- Overrides:
validateAuthnContextin classAuthnStatementValidator
-
getRequestedAuthnContextUris
Returns a collection of URIs that are the RequestedAuthnContext URIs given in theAuthnRequest. The method will first check if the parameterAUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURISis set, and if not, use theCoreValidatorParameters.AUTHN_REQUEST.- Parameters:
context- the validation context- Returns:
- a collection of URIs.
-
getHolderOfKeyAuthnContextUris
Gets the authentication context URI:s that require that the Holder-of-key profile is used.- Parameters:
context- the validation context- Returns:
- a list of URI:s
-