public class AuthnStatementValidator extends Object implements StatementValidator
AuthnStatements.
Supports the following ValidationContext static parameters:
CoreValidatorParameters.AUTHN_REQUEST: Optional. If supplied will be used in a number of validations when
information from the corresponding AuthnRequest is needed. If not supplied, other, more detailed parameters
must be given.AUTHN_REQUEST_FORCE_AUTHN: If the above CoreValidatorParameters.AUTHN_REQUEST is not assigned,
this parameter gives the ForceAuthn flag. This is used to determine if a valid assertion was issued based on
SSO/non-SSO.AUTHN_REQUEST_ISSUE_INSTANT: If the above CoreValidatorParameters.AUTHN_REQUEST is not assigned,
this parameter gives the issue instant of the authentication request. This is used to determine if a valid assertion
was issued based on SSO/non-SSO.MAX_ACCEPTED_SSO_SESSION_TIME: For SSO, we may want to assert that the authentication is not too old. If
so, this parameter gives the maximum accepted session time.| Modifier and Type | Field and Description |
|---|---|
static String |
AUTHN_REQUEST_FORCE_AUTHN
Key for a validation context parameter.
|
static String |
AUTHN_REQUEST_ISSUE_INSTANT
Key for a validation context parameter.
|
static String |
MAX_ACCEPTED_SSO_SESSION_TIME
Key for a validation context parameter.
|
| Constructor and Description |
|---|
AuthnStatementValidator() |
| Modifier and Type | Method and Description |
|---|---|
protected Long |
getAuthnRequestIssueInstant(ValidationContext context)
Gets the issue instant of the
AuthnRequest from the validation context. |
protected Boolean |
getForceAuthnFlag(ValidationContext context)
Gets the
ForceAuthn flag from the validation context. |
QName |
getServicedStatement() |
protected ValidationResult |
validate(AuthnStatement statement,
Assertion assertion,
ValidationContext context)
Validates the
AuthnStatement. |
ValidationResult |
validate(Statement statement,
Assertion assertion,
ValidationContext context) |
protected ValidationResult |
validateAuthnContext(AuthnStatement statement,
Assertion assertion,
ValidationContext context)
Default implementation will only assert that the
AuthnContext element is present. |
protected ValidationResult |
validateAuthnInstant(AuthnStatement statement,
Assertion assertion,
ValidationContext context)
Validates the
AuthnInstant of the AuthnStatement. |
protected ValidationResult |
validateSessionIndex(AuthnStatement statement,
Assertion assertion,
ValidationContext context)
Default implementation does not perform any checks and returns
ValidationResult.VALID. |
protected ValidationResult |
validateSessionNotOnOrAfter(AuthnStatement statement,
Assertion assertion,
ValidationContext context)
Default implementation does not perform any checks and returns
ValidationResult.VALID. |
protected ValidationResult |
validateSsoAndSession(org.joda.time.DateTime authnInstant,
AuthnStatement statement,
Assertion assertion,
ValidationContext context)
Makes checks for SSO and session lengths.
|
protected ValidationResult |
validateSubjectLocality(AuthnStatement statement,
Assertion assertion,
ValidationContext context)
Default implementation does not perform any checks and returns
ValidationResult.VALID. |
public static final String AUTHN_REQUEST_FORCE_AUTHN
Boolean holding the value of the ForceAuthn flag from the
AuthnRequest.public static final String AUTHN_REQUEST_ISSUE_INSTANT
Long holding the issuance time for the AuthnRequest.public static final String MAX_ACCEPTED_SSO_SESSION_TIME
Long holding the maximum session time that we can accept
for SSO.public QName getServicedStatement()
getServicedStatement in interface StatementValidatorpublic final ValidationResult validate(Statement statement, Assertion assertion, ValidationContext context) throws AssertionValidationException
validate in interface StatementValidatorAssertionValidationExceptionprotected ValidationResult validate(AuthnStatement statement, Assertion assertion, ValidationContext context)
AuthnStatement.statement - the statement to validateassertion - the assertion containing the statementcontext - validation contextprotected ValidationResult validateAuthnInstant(AuthnStatement statement, Assertion assertion, ValidationContext context)
AuthnInstant of the AuthnStatement.statement - the statementassertion - the assertion containing the statementcontext - validation contextprotected ValidationResult validateSsoAndSession(org.joda.time.DateTime authnInstant, AuthnStatement statement, Assertion assertion, ValidationContext context)
authnInstant - the authentication instantstatement - the statementassertion - the assertion containing the statementcontext - validation contextprotected Boolean getForceAuthnFlag(ValidationContext context)
ForceAuthn flag from the validation context. The method primarily checks for the
AUTHN_REQUEST_FORCE_AUTHN parameter, and that does not exist, tries with the
CoreValidatorParameters.AUTHN_REQUEST parameter.context - the validation contextForceAuthn flag or null if this is not setprotected Long getAuthnRequestIssueInstant(ValidationContext context)
AuthnRequest from the validation context. The method primarily checks for the
AUTHN_REQUEST_ISSUE_INSTANT parameter, and that does not exist, tries with the
CoreValidatorParameters.AUTHN_REQUEST parameter.context - the validation contextprotected ValidationResult validateSessionIndex(AuthnStatement statement, Assertion assertion, ValidationContext context)
ValidationResult.VALID.statement - the statementassertion - the assertioncontext - the validation contextprotected ValidationResult validateSessionNotOnOrAfter(AuthnStatement statement, Assertion assertion, ValidationContext context)
ValidationResult.VALID.statement - the statementassertion - the assertioncontext - the validation contextprotected ValidationResult validateSubjectLocality(AuthnStatement statement, Assertion assertion, ValidationContext context)
ValidationResult.VALID.statement - the statementassertion - the assertioncontext - the validation contextprotected ValidationResult validateAuthnContext(AuthnStatement statement, Assertion assertion, ValidationContext context)
AuthnContext element is present.statement - the statementassertion - the assertioncontext - the validation contextCopyright © 2018 Litsec AB. All rights reserved.