use of org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator in project syncope by apache.
the class SAML2ReaderWriter method validate.
public SSOValidatorResponse validate(final Response samlResponse, final SAML2IdPEntity idp, final String assertionConsumerURL, final String requestId, final String spEntityID) throws WSSecurityException {
// validate the SAML response and, if needed, decrypt the provided assertion(s)
Merlin crypto = new Merlin();
crypto.setKeyStore(loader.getKeyStore());
crypto.setTrustStore(idp.getTrustStore());
SAMLProtocolResponseValidator protocolValidator = new SAMLProtocolResponseValidator();
protocolValidator.setKeyInfoMustBeAvailable(true);
protocolValidator.validateSamlResponse(samlResponse, crypto, callbackHandler);
SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator();
ssoResponseValidator.setAssertionConsumerURL(assertionConsumerURL);
ssoResponseValidator.setIssuerIDP(idp.getId());
ssoResponseValidator.setRequestId(requestId);
ssoResponseValidator.setSpIdentifier(spEntityID);
SSOValidatorResponse validatorResponse = ssoResponseValidator.validateSamlResponse(samlResponse, idp.getBindingType() == SAML2BindingType.POST);
if (LOG.isDebugEnabled()) {
try {
StringWriter writer = new StringWriter();
write(writer, samlResponse, false);
writer.close();
LOG.debug("SAML response with decrypted assertions: {}", writer.toString());
} catch (Exception e) {
LOG.error("Could not log the SAML response with decrypted assertions", e);
}
}
return validatorResponse;
}
Aggregations