SAMLUtils (Apache CXF Runtime WS Security 2.7.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.cxf.ws.security.wss4j
Class SAMLUtils

java.lang.Object
  org.apache.cxf.ws.security.wss4j.SAMLUtils

public final class SAMLUtils
extends Object
extends Object

internal SAMLUtils to avoid direct reference to opensaml from WSS4J interceptors.

Method Summary
`static boolean`	`checkHolderOfKey(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper, List<org.apache.ws.security.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Check the holder-of-key requirements against the received assertion.
`static boolean`	`checkSenderVouches(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper, Certificate[] tlsCerts, Element body, List<org.apache.ws.security.WSSecurityEngineResult> signed)` Check the sender-vouches requirements against the received assertion.
`static boolean`	`compareCredentials(org.apache.ws.security.saml.SAMLKeyInfo subjectKeyInfo, List<org.apache.ws.security.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures.
`static Element`	`getAssertionElement(Object assertion)`
`static String`	`getIssuer(Object assertion)`
`static List<String>`	`parseRolesInAssertion(Object assertion, String roleAttributeName)`
`static void`	`validateSAMLResults(List<org.apache.ws.security.WSSecurityEngineResult> results, org.apache.cxf.message.Message message, Element body)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

parseRolesInAssertion

public static List<String> parseRolesInAssertion(Object assertion,
                                                 String roleAttributeName)

getIssuer

public static String getIssuer(Object assertion)

getAssertionElement

public static Element getAssertionElement(Object assertion)

validateSAMLResults

public static void validateSAMLResults(List<org.apache.ws.security.WSSecurityEngineResult> results,
                                       org.apache.cxf.message.Message message,
                                       Element body)
                                throws org.apache.ws.security.WSSecurityException

Throws:: org.apache.ws.security.WSSecurityException

checkHolderOfKey

public static boolean checkHolderOfKey(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper,
                                       List<org.apache.ws.security.WSSecurityEngineResult> signedResults,
                                       Certificate[] tlsCerts)

Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.

Parameters:: assertionWrapper - the SAML Assertion wrapper object; signedResults - a list of all of the signed results

compareCredentials

public static boolean compareCredentials(org.apache.ws.security.saml.SAMLKeyInfo subjectKeyInfo,
                                         List<org.apache.ws.security.WSSecurityEngineResult> signedResults,
                                         Certificate[] tlsCerts)

Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match

Parameters:: subjectKeyInfo - the SAMLKeyInfo object; signedResults - a list of all of the signed results
Returns:: true if the credentials of the assertion were used to verify a signature

checkSenderVouches

public static boolean checkSenderVouches(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper,
                                         Certificate[] tlsCerts,
                                         Element body,
                                         List<org.apache.ws.security.WSSecurityEngineResult> signed)

Check the sender-vouches requirements against the received assertion. The SAML Assertion and the SOAP Body must be signed by the same signature.