Package se.swedenconnect.spring.saml.idp.authnrequest.validation

Class AuthnRequestSignatureValidator

java.lang.Object

se.swedenconnect.spring.saml.idp.authnrequest.validation.AuthnRequestSignatureValidator

All Implemented Interfaces:

AuthnRequestValidator

public class AuthnRequestSignatureValidator
extends Object
implements AuthnRequestValidator

Implementation of a AuthnRequestValidator using OpenSAML mechanisms to verify the signature of the AuthnRequest.

Author:

Martin Lindström

Constructor Summary

Constructors

Constructor	Description
AuthnRequestSignatureValidator(SignatureTrustEngine signatureTrustEngine)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected boolean	isSigned(Saml2AuthnRequestAuthenticationToken token)	Predicate that tells whether the received authentication request was signed.
protected boolean	isSignedAuthnRequestRequired(Saml2AuthnRequestAuthenticationToken token)	Given the IdP settings, and possibly also the SP EntityDescriptor we determine whether the received AuthnRequest is required to be signed.
void	validate(Saml2AuthnRequestAuthenticationToken token)	Performs validation of a feature/requirement regarding the supplied SAML 2 authentication request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthnRequestSignatureValidator

public AuthnRequestSignatureValidator(SignatureTrustEngine signatureTrustEngine)

Constructor.

Parameters:

signatureTrustEngine - the OpenSAML signature trust engine used to verify signatures

Method Details

validate

public void validate(Saml2AuthnRequestAuthenticationToken token)
              throws UnrecoverableSaml2IdpException

Performs validation of a feature/requirement regarding the supplied SAML 2 authentication request.

The method may update the supplied token with information useful in later stages.

Specified by:

validate in interface AuthnRequestValidator

Parameters:

token - the authentication request token

Throws:

UnrecoverableSaml2IdpException - for errors that can not be signalled back to the SAML SP

isSigned

protected boolean isSigned(Saml2AuthnRequestAuthenticationToken token)

Predicate that tells whether the received authentication request was signed.

Parameters:

token - the authentication request token

Returns:

true if the authentication request was signed, and false otherwise

isSignedAuthnRequestRequired

protected boolean isSignedAuthnRequestRequired(Saml2AuthnRequestAuthenticationToken token)

Given the IdP settings, and possibly also the SP EntityDescriptor we determine whether the received AuthnRequest is required to be signed.

Parameters:

token - the token

Returns:

true if the AuthnRequest must be signed, and false otherwise