/** * Try to verify trust on the assertion. If it fails, then set a boolean and return. * @param assertion The signed Assertion * @param data The RequestData context * @return A Credential instance * @throws WSSecurityException */ @Override protected Credential verifySignedAssertion( SamlAssertionWrapper assertion, RequestData data ) throws WSSecurityException { try { Credential credential = super.verifySignedAssertion(assertion, data); trustVerificationSucceeded = true; return credential; } catch (WSSecurityException ex) { LOG.log(Level.WARNING, "Local trust verification of SAML assertion failed: " + ex.getMessage(), ex); trustVerificationSucceeded = false; return null; } }
/** * Try to verify trust on the assertion. If it fails, then set a boolean and return. * @param assertion The signed Assertion * @param data The RequestData context * @return A Credential instance * @throws WSSecurityException */ @Override protected Credential verifySignedAssertion( SamlAssertionWrapper assertion, RequestData data ) throws WSSecurityException { try { Credential credential = super.verifySignedAssertion(assertion, data); trustVerificationSucceeded = true; return credential; } catch (WSSecurityException ex) { LOG.log(Level.WARNING, "Local trust verification of SAML assertion failed: " + ex.getMessage(), ex); trustVerificationSucceeded = false; return null; } }
/** * Validate the credential argument. It must contain a non-null SamlAssertionWrapper. * A Crypto and a CallbackHandler implementation is also required to be set. * * @param credential the Credential to be validated * @param data the RequestData associated with the request * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { if (credential == null || credential.getSamlAssertion() == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } SamlAssertionWrapper samlAssertion = credential.getSamlAssertion(); // Check the Subject Confirmation requirements verifySubjectConfirmationMethod(samlAssertion); // Check conditions checkConditions(samlAssertion, data.getAudienceRestrictions()); // Check the AuthnStatements of the assertion (if any) checkAuthnStatements(samlAssertion); // Check OneTimeUse Condition checkOneTimeUse(samlAssertion, data); // Validate the assertion against schemas/profiles validateAssertion(samlAssertion); // Verify trust on the signature if (samlAssertion.isSigned()) { verifySignedAssertion(samlAssertion, data); } return credential; }