Package org.apache.wss4j.dom.saml

Class DOMSAMLUtil

java.lang.Object
org.apache.wss4j.dom.saml.DOMSAMLUtil
public final class DOMSAMLUtil extends Object
Some SAML Utility methods only for use in the DOM code.

  • Method Details

    • validateSAMLResults

      public static void validateSAMLResults(WSHandlerResult handlerResults, Certificate[] tlsCerts, Element body) throws WSSecurityException
      Throws:
      WSSecurityException

    • checkHolderOfKey

      public static boolean checkHolderOfKey(SamlAssertionWrapper assertionWrapper, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
      Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.
      Parameters:
      assertionWrapper - the SAML Assertion wrapper object
      signedResults - a list of all of the signed results

    • compareCredentials

      public static boolean compareCredentials(SAMLKeyInfo subjectKeyInfo, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
      Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match
      Parameters:
      subjectKeyInfo - the SAMLKeyInfo object
      signedResults - a list of all of the signed results
      Returns:
      true if the credentials of the assertion were used to verify a signature

    • checkSenderVouches

      public static boolean checkSenderVouches(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts, Element body, List<WSSecurityEngineResult> signed)
      Check the sender-vouches requirements against the received assertion. The SAML Assertion and the SOAP Body must be signed by the same signature.