@Override public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) { SignatureTrustEngine engine = samlContext.getLocalTrustEngine(); securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine)); }
/** * Perform pre-validation on the Signature token. * * @param signature the signature to evaluate * @throws SecurityPolicyException thrown if the signature element fails pre-validation */ protected void performPreValidation(Signature signature) throws SecurityPolicyException { if (getSignaturePrevalidator() != null) { try { getSignaturePrevalidator().validate(signature); } catch (ValidationException e) { log.debug("Protocol message signature failed signature pre-validation", e); throw new SecurityPolicyException("Protocol message signature failed signature pre-validation", e); } } } }
/** {@inheritDoc} */ public void evaluate(MessageContext messageContext) throws SecurityPolicyException { if (!(messageContext instanceof SAMLMessageContext)) { log.debug("Invalid message context type, this policy rule only supports SAMLMessageContext"); return; } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; SAMLObject samlMsg = samlMsgCtx.getInboundSAMLMessage(); if (!(samlMsg instanceof SignableSAMLObject)) { log.debug("Extracted SAML message was not a SignableSAMLObject, can not process signature"); return; } SignableSAMLObject signableObject = (SignableSAMLObject) samlMsg; if (!signableObject.isSigned()) { log.info("SAML protocol message was not signed, skipping XML signature processing"); return; } Signature signature = signableObject.getSignature(); performPreValidation(signature); doEvaluate(signature, signableObject, samlMsgCtx); }
msgType); if (evaluate(signature, contextIssuer, samlMsgCtx)) { log.info("Validation of protocol message signature succeeded, message type: {}", msgType); if (!samlMsgCtx.isInboundSAMLMessageAuthenticated()) {
@Override public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) { SignatureTrustEngine engine = samlContext.getLocalTrustEngine(); securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine)); }
@Override public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) { SignatureTrustEngine engine = samlContext.getLocalTrustEngine(); securityPolicy.add(new SAML2HTTPRedirectDeflateSignatureRule(engine)); securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine)); }
@Override public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) { SignatureTrustEngine engine = samlContext.getLocalTrustEngine(); securityPolicy.add(new SAML2HTTPPostSimpleSignRule(engine, parserPool, engine.getKeyInfoResolver())); securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine)); }