use of org.opensaml.saml2.metadata.impl.EndpointImpl in project cloud-pipeline by epam.
the class CustomSamlClient method validateAssertion.
private void validateAssertion(Response response) throws SAMLException {
if (response.getAssertions().size() != 1) {
throw new SAMLException("The response doesn't contain exactly 1 assertion");
}
Assertion assertion = response.getAssertions().get(0);
// Verify storage time skew
if (!isDateTimeSkewValid(getResponseSkew(), getMaxAssertionTime(), assertion.getIssueInstant())) {
throw new SAMLException("Assertion is too old to be used, value can be customized by setting maxAssertionTime value " + assertion.getIssueInstant());
}
if (!assertion.getIssuer().getValue().equals(responseIssuer)) {
throw new SAMLException("The assertion issuer didn't match the expected value");
}
if (assertion.getSubject().getNameID() == null) {
throw new SAMLException("The NameID value is missing from the SAML response; this is likely an IDP configuration issue");
}
SAMLMessageContext context = new SAMLMessageContext();
context.setLocalEntityId(relyingPartyIdentifier);
context.setLocalEntityEndpoint(new EndpointImpl(null, "", "") {
@Override
public String getLocation() {
return relyingPartyIdentifier + SSO_ENDPOINT;
}
});
try {
verifySubject(assertion.getSubject(), null, context);
} catch (DecryptionException e) {
throw new SAMLException(e);
}
if (assertion.getAuthnStatements().size() > 0) {
verifyAssertionConditions(assertion.getConditions(), context, true);
for (AuthnStatement statement : assertion.getAuthnStatements()) {
verifyAuthenticationStatement(statement, null, context);
}
} else {
verifyAssertionConditions(assertion.getConditions(), context, false);
}
}
Aggregations