org.apache.cxf.ws.security.wss4j.policyvalidators
Class AbstractSamlPolicyValidator

java.lang.Object
  org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractTokenPolicyValidator
      org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSamlPolicyValidator

Direct Known Subclasses:

IssuedTokenPolicyValidator, SamlTokenPolicyValidator

public abstract class AbstractSamlPolicyValidator
extends AbstractTokenPolicyValidator

Some abstract functionality for validating SAML Assertions

Constructor Summary

AbstractSamlPolicyValidator()

Method Summary

boolean

checkHolderOfKey(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper, List<org.apache.ws.security.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts) Check the holder-of-key requirements against the received assertion.

Methods inherited from class org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractTokenPolicyValidator

isTokenRequired

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractSamlPolicyValidator

public AbstractSamlPolicyValidator()

Method Detail

checkHolderOfKey

public boolean checkHolderOfKey(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper,
                                List<org.apache.ws.security.WSSecurityEngineResult> signedResults,
                                Certificate[] tlsCerts)

Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.

Parameters:

assertionWrapper - the SAML Assertion wrapper object

signedResults - a list of all of the signed results