Package se.litsec.swedisheid.opensaml.saml2.validation

Class SwedishEidAuthnStatementValidator

java.lang.Object

org.opensaml.saml.saml2.assertion.impl.AuthnStatementValidator

se.litsec.opensaml.saml2.common.assertion.AuthnStatementValidator

se.litsec.swedisheid.opensaml.saml2.validation.SwedishEidAuthnStatementValidator

All Implemented Interfaces:

StatementValidator

public class SwedishEidAuthnStatementValidator
extends AuthnStatementValidator

An AuthnStatementValidator that performs checks to assert that the assertion is compliant with the Swedish eID Framework.

Supports the following ValidationContext static parameters:

• The ones defined in AuthnStatementValidator.
• AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS: Holds a collection of AuthnContext URIs that are matched against the AuthnContextClassRef element of the authentication statement. If not supplied, the values are read from CoreValidatorParameters.AUTHN_REQUEST.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
static String	AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS	Key for a validation context parameter.

Fields inherited from class se.litsec.opensaml.saml2.common.assertion.AuthnStatementValidator

AUTHN_REQUEST_FORCE_AUTHN, AUTHN_REQUEST_ISSUE_INSTANT, MAX_ACCEPTED_SSO_SESSION_TIME

Constructor Summary

Constructors

Constructor	Description
SwedishEidAuthnStatementValidator()

Method Summary

Modifier and Type	Method	Description
protected static Collection<String>	getRequestedAuthnContextUris(ValidationContext context)	Returns a collection of URIs that are the RequestedAuthnContext URIs given in the AuthnRequest.
protected ValidationResult	validateAuthnContext(AuthnStatement statement, Assertion assertion, ValidationContext context)	Overrides default implementation with checks that assert that a AuthnContextClassRef URI was received, and that it matches what was requested.
protected ValidationResult	validateAuthnContextClassRef(String authnContextClassRef, Collection<String> requestedContextClassRefs, AuthnStatement statement, Assertion assertion, ValidationContext context)	Checks the issued AuthnContextClassRef against the ones that were requested.

Methods inherited from class se.litsec.opensaml.saml2.common.assertion.AuthnStatementValidator

getAuthnRequestIssueInstant, getForceAuthnFlag, getMaxAcceptedSsoSessionTime, validate, validate, validateAuthnInstant, validateSessionIndex, validateSessionNotOnOrAfter, validateSsoAndSession

Methods inherited from class org.opensaml.saml.saml2.assertion.impl.AuthnStatementValidator

getServicedStatement, validateSubjectLocality

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS

public static final String AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS

Key for a validation context parameter. Carries a Collection holding the requested AuthnContext URIs included in the AuthnRequest.

See Also:

Constant Field Values

Constructor Detail

SwedishEidAuthnStatementValidator

public SwedishEidAuthnStatementValidator()

Method Detail

validateAuthnContext

protected ValidationResult validateAuthnContext(AuthnStatement statement,
                                                Assertion assertion,
                                                ValidationContext context)

Overrides default implementation with checks that assert that a AuthnContextClassRef URI was received, and that it matches what was requested.

Overrides:

validateAuthnContext in class AuthnStatementValidator

validateAuthnContextClassRef

protected ValidationResult validateAuthnContextClassRef(String authnContextClassRef,
                                                        Collection<String> requestedContextClassRefs,
                                                        AuthnStatement statement,
                                                        Assertion assertion,
                                                        ValidationContext context)

Checks the issued AuthnContextClassRef against the ones that were requested. This method assumes "exact" matching.

Parameters:

authnContextClassRef - the AuthnContextClassRef from the assertion

requestedContextClassRefs - the requested levels

statement - the authentication statement

assertion - the assertion

context - the validation context

Returns:

validation result

getRequestedAuthnContextUris

protected static Collection<String> getRequestedAuthnContextUris(ValidationContext context)

Returns a collection of URIs that are the RequestedAuthnContext URIs given in the AuthnRequest. The method will first check if the parameter AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS is set, and if not, use the CoreValidatorParameters.AUTHN_REQUEST.

Parameters:

context - the validation context

Returns:

a collection of URIs.