protected void verifyIssuer(Issuer issuer, BasicSAMLMessageContext context) throws SAMLException { // Validat format of issuer if (issuer.getFormat() != null && !issuer.getFormat().equals(NameIDType.ENTITY)) { System.out.println("Assertion invalidated by issuer type"+issuer.getFormat()); throw new SAMLException("SAML Assertion is invalid"); } // Validate that issuer is expected peer entity if (!context.getPeerEntityMetadata().getEntityID().equals(issuer.getValue())) { System.out.println("Assertion invalidated by unexpected issuer value"+ issuer.getValue()); throw new SAMLException("SAML Assertion is invalid"); } }
/** * Verifies signature of the assertion. In case signature is not present and SP required signatures in metadata * the exception is thrown. * @param signature signature to verify * @param context context * @throws SAMLException signature missing although required * @throws org.opensaml.xml.security.SecurityException signature can't be validated * @throws ValidationException signature is malformed */ protected void verifyAssertionSignature(Signature signature, BasicSAMLMessageContext context) throws SAMLException, org.opensaml.xml.security.SecurityException, ValidationException { SPSSODescriptor roleMetadata = (SPSSODescriptor) context.getLocalEntityRoleMetadata(); boolean wantSigned = roleMetadata.getWantAssertionsSigned(); if (signature != null && wantSigned) { verifySignature(signature, context.getPeerEntityMetadata().getEntityID()); } else if (wantSigned) { System.out.println("Assertion must be signed, but is not"); throw new SAMLException("SAML Assertion is invalid"); } }