SAML2AssertionDetailsVerifier (Nimbus OAuth 2.0 SDK with OpenID Connect 1.0 extensions v5.64.2)

java.lang.Object
- com.nimbusds.oauth2.sdk.assertions.saml2.SAML2AssertionDetailsVerifier

All Implemented Interfaces:

com.nimbusds.jwt.proc.ClockSkewAware
```
@Immutable
public class SAML2AssertionDetailsVerifier
extends Object
implements com.nimbusds.jwt.proc.ClockSkewAware
```
SAML 2.0 bearer assertion details verifier for OAuth 2.0 client authentication and authorisation grants. Intended for initial validation of SAML 2.0 assertions:
- Audience check
- Expiration time check
- Not-before time check (is set)
Related specifications:
- Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522).

Field Summary

Fields
Modifier and Type Field Description

static int DEFAULT_MAX_CLOCK_SKEW_SECONDS
The default maximum acceptable clock skew, in seconds (60).

Fields
Modifier and Type	Field	Description
`static int`	`DEFAULT_MAX_CLOCK_SKEW_SECONDS`	The default maximum acceptable clock skew, in seconds (60).

Constructor Summary

Constructors
Constructor Description

SAML2AssertionDetailsVerifier(Set<Audience> expectedAudience)
Creates a new SAML 2.0 bearer assertion details verifier.

Constructors
Constructor	Description
`SAML2AssertionDetailsVerifier(Set<Audience> expectedAudience)`	Creates a new SAML 2.0 bearer assertion details verifier.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`Set<Audience>`	`getExpectedAudience()`	Returns the expected audience values.
`int`	`getMaxClockSkew()`
`void`	`setMaxClockSkew(int maxClockSkewSeconds)`
`void`	`verify(SAML2AssertionDetails assertionDetails)`	Verifies the specified SAML 2.0 bearer assertion details.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DEFAULT_MAX_CLOCK_SKEW_SECONDS
```
public static final int DEFAULT_MAX_CLOCK_SKEW_SECONDS
```
    The default maximum acceptable clock skew, in seconds (60).
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - SAML2AssertionDetailsVerifier
```
public SAML2AssertionDetailsVerifier(Set<Audience> expectedAudience)
```
    Creates a new SAML 2.0 bearer assertion details verifier.
    
    Parameters:
    
    expectedAudience - The expected audience values. Must not be empty or null. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.
- Method Detail
  - getExpectedAudience
```
public Set<Audience> getExpectedAudience()
```
    Returns the expected audience values.
    
    Returns:
    
    The expected audience values.
  - getMaxClockSkew
```
public int getMaxClockSkew()
```
    Specified by:
    
    getMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware
  - setMaxClockSkew
```
public void setMaxClockSkew(int maxClockSkewSeconds)
```
    Specified by:
    
    setMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware
  - verify
```
public void verify(SAML2AssertionDetails assertionDetails)
            throws BadSAML2AssertionException
```
    Verifies the specified SAML 2.0 bearer assertion details.
    
    Parameters:
    
    assertionDetails - The SAML 2.0 bearer assertion details. Must not be null.
    
    Throws:
    
    BadSAML2AssertionException - If verification didn't pass successfully.

Class SAML2AssertionDetailsVerifier

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DEFAULT_MAX_CLOCK_SKEW_SECONDS

Constructor Detail

SAML2AssertionDetailsVerifier

Method Detail

getExpectedAudience

getMaxClockSkew

setMaxClockSkew

verify