/** * Get a string token for logging/debugging purposes that contains role information and containing entityID. * * @param entityID the containing entityID * @param role the role descriptor * * @return the constructed role ID token. */ protected String getRoleIDToken(String entityID, RoleDescriptor role) { String roleName = role.getElementQName().getLocalPart(); return "[Role: " + entityID + "::" + roleName + "]"; } }
/** * Gets the effective name for the role. This is either the element QName for roles defined within the SAML metadata * specification or the element schema type QName for those that are not. * * @param role role to get the effective name for * * @return effective name of the role * * @throws FilterException thrown if the effective role name can not be determined */ protected QName getRoleName(RoleDescriptor role) throws FilterException { QName roleName = role.getElementQName(); if (extRoleDescriptor.equals(roleName)) { roleName = role.getSchemaType(); if (roleName == null) { throw new FilterException("Role descriptor element was " + extRoleDescriptor + " but did not contain a schema type. This is illegal."); } } return roleName; } }
if (!roleChild.isSigned()) { log.trace("RoleDescriptor member '{}' was not signed, skipping signature processing...", roleChild.getElementQName()); continue; } else { log.trace("Processing signed RoleDescriptor member: {}", roleChild.getElementQName()); log.error("RoleDescriptor '{}' subordinate to entity '{}' failed signature verification, " + "removing from metadata provider", roleChild.getElementQName(), entityID);