Signature sig = processedSAMLResponse.getSignature(); if (idpMetadata.getSigningCertificate() != null && sig != null) { BasicX509Credential credential = new BasicX509Credential();
/** * Validate the signature of a SAML2 Response * * @param response SAML2 Response * @param domainName domain name of the subject * @return true, if signature is valid. */ private boolean validateSignature(Response response, String domainName) { boolean isSignatureValid = false; if (response == null || response.getSignature() == null) { log.error("SAML Response is not signed or response not available. Authentication process will be " + "terminated."); } else { if (log.isDebugEnabled()) { log.debug("Validating SAML Response Signature."); } isSignatureValid = validateSignature(response.getSignature(), domainName); } return isSignatureValid; }
/** * Validate the signature of a SAML2 Response * * @param response SAML2 Response * @param domainName domain name of the subject * @return true, if signature is valid. */ private boolean validateSignature(Response response, String domainName) { boolean isSignatureValid = false; if (response == null || response.getSignature() == null) { log.error("SAML Response is not signed or response not available. Authentication process will be " + "terminated."); } else { if (log.isDebugEnabled()) { log.debug("Validating SAML Response Signature."); } isSignatureValid = validateSignature(response.getSignature(), domainName); } return isSignatureValid; }
private void validatePOST(final Response response) throws ValidationException { // signature must match our SP's signature. final Signature sig1 = response.getSignature(); sigValidator.validate(sig1); validate(response); }
signatureValidator.validate(resp.getSignature()); isSigValid = true; return isSigValid;
private void validateSignature(Response response) throws SamlException { Signature responseSignature = response.getSignature(); Signature assertionSignature = response.getAssertions().get(0).getSignature(); if (responseSignature == null && assertionSignature == null) { throw new SamlException("No signature is present in either response or assertion"); } if (responseSignature != null && !validate(responseSignature)) { throw new SamlException("The response signature is invalid"); } if (assertionSignature != null && !validate(assertionSignature)) { throw new SamlException("The assertion signature is invalid"); } }
if (validateSignature(samlResponseObject.getSignature())) { List<Assertion> assertionList = samlResponseObject.getAssertions();
if (null == samlResponse.getSignature() && expectResponseSigned) { throw new AuthenticationResponseProcessorException( "Expected a signed response but was not so! "); if (null != samlResponse.getSignature()) { .getCertificates(samlResponse.getSignature() .getKeyInfo());
if (validateSignature(samlResponseObject.getSignature())) { List<Assertion> assertionList = samlResponseObject.getAssertions();
if (null != response.getSignature()) { Saml2Util.validateSignature(response.getSignature());
validator.validate(assertion.getSignature()); if (isAuthnResponseSigned(identityProviderConfig)) { if (response.getSignature() == null) { throw new SAML2SSOAuthenticationException("SAMLResponse signing is enabled, but signature " + "element not found in Response element."); try { validator = new SignatureValidator(credential); validator.validate(response.getSignature()); } catch (ValidationException e) { throw new SAML2SSOAuthenticationException("Signature validation failed for Response", e);
.unmarshall(responseElement); LOG.debug("validate Response signature"); Saml2Util.validateSignature(tempResponse.getSignature());
/** * Validate the signature of a SAML2 Response and Assertion * * @param response SAML2 Response * @return true, if signature is valid. */ protected void validateSignature(Response response, Assertion assertion) throws SSOAgentException { if (SSOAgentDataHolder.getInstance().getSignatureValidator() != null) { //Custom implemetation of signature validation SAMLSignatureValidator signatureValidatorUtility = (SAMLSignatureValidator) SSOAgentDataHolder .getInstance().getSignatureValidator(); signatureValidatorUtility.validateSignature(response, assertion, ssoAgentConfig); } else { //If custom implementation not found, Execute the default implementation if (ssoAgentConfig.getSAML2().isResponseSigned()) { if (response.getSignature() == null) { throw new SSOAgentException("SAML2 Response signing is enabled, but signature element not found in SAML2 Response element"); } else { validateSignature(response.getSignature()); } } if (ssoAgentConfig.getSAML2().isAssertionSigned()) { if (assertion.getSignature() == null) { throw new SSOAgentException("SAML2 Assertion signing is enabled, but signature element not found in SAML2 Assertion element"); } else { validateSignature(assertion.getSignature()); } } } }
/** * Validate the signature of a SAML2 Response and Assertion * * @param response SAML2 Response * @return true, if signature is valid. */ protected void validateSignature(Response response, Assertion assertion) throws SSOAgentException { if (SSOAgentDataHolder.getInstance().getSignatureValidator() != null) { //Custom implemetation of signature validation SAMLSignatureValidator signatureValidatorUtility = (SAMLSignatureValidator) SSOAgentDataHolder .getInstance().getSignatureValidator(); signatureValidatorUtility.validateSignature(response, assertion, ssoAgentConfig); } else { //If custom implementation not found, Execute the default implementation if (ssoAgentConfig.getSAML2().isResponseSigned()) { if (response.getSignature() == null) { throw new SSOAgentException("SAML2 Response signing is enabled, but signature element not found in SAML2 Response element"); } else { validateSignature(response.getSignature()); } } if (ssoAgentConfig.getSAML2().isAssertionSigned()) { if (assertion.getSignature() == null) { throw new SSOAgentException("SAML2 Assertion signing is enabled, but signature element not found in SAML2 Assertion element"); } else { validateSignature(assertion.getSignature()); } } } }
if (response.getSignature() != null && !context.isInboundSAMLMessageAuthenticated()) { log.debug("Verifying Response signature"); verifySignature(response.getSignature(), context.getPeerEntityId(), context.getLocalTrustEngine()); context.setInboundSAMLMessageAuthenticated(true);
Signature sig = response.getSignature(); if (sig != null) sigValidator.validate(sig);
signObject(response.getSignature()); } else if (xmlObject instanceof org.opensaml.saml2.core.Assertion) { org.opensaml.saml2.core.Assertion saml2 =
signObject(response.getSignature()); } else if (xmlObject instanceof org.opensaml.saml2.core.Assertion) { org.opensaml.saml2.core.Assertion saml2 =