/** * Validates the SAML assertion's signature is valid. */ public static boolean isSAMLAssertionSignatureValid(Document samlAssertion, KeyPair keyPair) { return AssertionUtil.isSignatureValid(samlAssertion.getDocumentElement(), keyPair.getPublic()); }
/** * This method validates SAML Credential in following steps: <ol> <li>Validate the signing key embedded in SAML token is still * valid, not expired</li> <li>Validate the signing key embedded in SAML token is trusted against a local truststore, such as * certpath validation</li> <li>Validate SAML token is still valid, not expired</li> <li>Validate the SAML signature using the * embedded signing key in SAML token itself as you indicated below</li> </ol> * * If something goes wrong throws LoginException. * * @throws LoginException */ private void validateSAMLCredential() throws LoginException, ConfigurationException, CertificateExpiredException, CertificateNotYetValidException { X509Certificate cert = getX509Certificate(); // public certificate validation validateCertPath(cert); // check time validity of the certificate cert.checkValidity(); boolean sigValid = false; try { sigValid = AssertionUtil.isSignatureValid(credential.getAssertionAsElement(), cert.getPublicKey()); } catch (ProcessingException e) { logger.processingError(e); } if (!sigValid) { throw logger.authSAMLInvalidSignatureError(); } if (AssertionUtil.hasExpired(assertion)) { throw logger.authSAMLAssertionExpiredError(); } }
/** * This method validates SAML Credential in following steps: <ol> <li>Validate the signing key embedded in SAML token is still * valid, not expired</li> <li>Validate the signing key embedded in SAML token is trusted against a local truststore, such as * certpath validation</li> <li>Validate SAML token is still valid, not expired</li> <li>Validate the SAML signature using the * embedded signing key in SAML token itself as you indicated below</li> </ol> * * If something goes wrong throws LoginException. * * @throws LoginException */ private void validateSAMLCredential() throws LoginException, ConfigurationException, CertificateExpiredException, CertificateNotYetValidException { X509Certificate cert = getX509Certificate(); // public certificate validation validateCertPath(cert); // check time validity of the certificate cert.checkValidity(); boolean sigValid = false; try { sigValid = AssertionUtil.isSignatureValid(credential.getAssertionAsElement(), cert.getPublicKey()); } catch (ProcessingException e) { logger.processingError(e); } if (!sigValid) { throw logger.authSAMLInvalidSignatureError(); } if (AssertionUtil.hasExpired(assertion)) { throw logger.authSAMLAssertionExpiredError(); } }
boolean sigValid = AssertionUtil.isSignatureValid(assertionElement, publicKey); if (!sigValid) { throw logger.authSAMLInvalidSignatureError();
boolean sigValid = AssertionUtil.isSignatureValid(assertionElement, publicKey); if (!sigValid) { throw logger.authSAMLInvalidSignatureError();