use of org.pac4j.saml.exceptions.SAMLInResponseToMismatchException in project pac4j by pac4j.
the class SAML2LogoutResponseValidator method validateSamlProtocolResponse.
/**
* Validates the SAML protocol response:
* - IssueInstant
* - Issuer
* - StatusCode
* - Signature
*
* @param response the response
* @param context the context
* @param engine the engine
*/
protected final void validateSamlProtocolResponse(final Response response, final SAML2MessageContext context, final SignatureTrustEngine engine) {
if (!StatusCode.SUCCESS.equals(response.getStatus().getStatusCode().getValue())) {
String status = response.getStatus().getStatusCode().getValue();
if (response.getStatus().getStatusMessage() != null) {
status += " / " + response.getStatus().getStatusMessage().getMessage();
}
throw new SAMLException("Logout response is not success ; actual " + status);
}
if (response.getSignature() != null) {
final String entityId = context.getSAMLPeerEntityContext().getEntityId();
validateSignature(response.getSignature(), entityId, engine);
context.getSAMLPeerEntityContext().setAuthenticated(true);
}
if (!isIssueInstantValid(response.getIssueInstant())) {
throw new SAMLIssueInstantException("Response issue instant is too old or in the future");
}
final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
if (messageStorage != null && response.getInResponseTo() != null) {
final XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo());
if (xmlObject == null) {
throw new SAMLInResponseToMismatchException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo());
} else if (!(xmlObject instanceof LogoutRequest)) {
throw new SAMLInResponseToMismatchException("Sent request was of different type than the expected LogoutRequest " + response.getInResponseTo());
}
}
verifyEndpoint(context.getSAMLEndpointContext().getEndpoint(), response.getDestination());
if (response.getIssuer() != null) {
validateIssuer(response.getIssuer(), context);
}
}
use of org.pac4j.saml.exceptions.SAMLInResponseToMismatchException in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method validateSamlProtocolResponse.
/**
* Validates the SAML protocol response:
* - IssueInstant
* - Issuer
* - StatusCode
* - Signature
*
* @param response the response
* @param context the context
* @param engine the engine
*/
protected final void validateSamlProtocolResponse(final Response response, final SAML2MessageContext context, final SignatureTrustEngine engine) {
if (!StatusCode.SUCCESS.equals(response.getStatus().getStatusCode().getValue())) {
String status = response.getStatus().getStatusCode().getValue();
if (response.getStatus().getStatusMessage() != null) {
status += " / " + response.getStatus().getStatusMessage().getMessage();
}
throw new SAMLException("Authentication response is not success ; actual " + status);
}
if (response.getSignature() != null) {
final String entityId = context.getSAMLPeerEntityContext().getEntityId();
validateSignature(response.getSignature(), entityId, engine);
context.getSAMLPeerEntityContext().setAuthenticated(true);
}
if (!isIssueInstantValid(response.getIssueInstant())) {
throw new SAMLIssueInstantException("Response issue instant is too old or in the future");
}
AuthnRequest request = null;
final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
if (messageStorage != null && response.getInResponseTo() != null) {
final XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo());
if (xmlObject == null) {
throw new SAMLInResponseToMismatchException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo());
} else if (xmlObject instanceof AuthnRequest) {
request = (AuthnRequest) xmlObject;
} else {
throw new SAMLInResponseToMismatchException("Sent request was of different type than the expected AuthnRequest " + response.getInResponseTo());
}
}
verifyEndpoint(context.getSAMLEndpointContext().getEndpoint(), response.getDestination());
if (request != null) {
verifyRequest(request, context);
}
if (response.getIssuer() != null) {
validateIssuer(response.getIssuer(), context);
}
}
Aggregations