com.onelogin.saml2.authn

Class SamlResponse

java.lang.Object

com.onelogin.saml2.authn.SamlResponse

public class SamlResponse
extends Object

SamlResponse class of OneLogin's Java Toolkit. A class that implements SAML 2 Authentication Response parser/validator

Constructor Summary

Constructors

Constructor and Description
SamlResponse(Saml2Settings settings, HttpRequest request) Constructor to have a Response object fully built and ready to validate the saml response.
SamlResponse(Saml2Settings settings, String currentUrl, String samlResponse) Constructor to have a Response object fully built and ready to validate the saml response.

Method Summary

Modifier and Type	Method and Description
Boolean	checkOneAuthnStatement() Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique.
Boolean	checkOneCondition() Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique.
void	checkStatus() Checks the Status
String	getAssertionId()
List<org.joda.time.Instant>	getAssertionNotOnOrAfter()
HashMap<String,List<String>>	getAttributes() Gets the Attributes from the AttributeStatement element.
List<String>	getAudiences() Gets the audiences.
String	getError() After execute a validation process, if fails this method returns the cause
String	getId()
List<String>	getIssuers() Gets the Issuers (from Response and Assertion).
String	getNameId() Gets the NameID value provided from the SAML Response String.
Map<String,String>	getNameIdData() Gets the NameID provided from the SAML Response Document.
String	getNameIdFormat() Gets the NameID Format provided from the SAML Response String.
String	getNameIdNameQualifier() Gets the NameID NameQualifier provided from the SAML Response String.
String	getNameIdSPNameQualifier() Gets the NameID SP NameQualifier provided from the SAML Response String.
SamlResponseStatus	getResponseStatus() Returns the ResponseStatus object
protected Document	getSAMLResponseDocument()
String	getSAMLResponseXml()
String	getSessionIndex() Gets the SessionIndex from the AuthnStatement.
org.joda.time.DateTime	getSessionNotOnOrAfter() Gets the SessionNotOnOrAfter from the AuthnStatement.
static SamlResponseStatus	getStatus(Document dom) Get Status from a Response
Exception	getValidationException() After execute a validation process, if fails this method returns the Exception object
boolean	isValid() Determines if the SAML Response is valid using the certificate.
boolean	isValid(String requestId) Determines if the SAML Response is valid using the certificate.
void	loadXmlFromBase64(String responseStr) Load a XML base64encoded SAMLResponse
ArrayList<String>	processSignedElements() Verifies the signature nodes: - Checks that are Response or Assertion - Check that IDs and reference URI are unique and consistent.
void	setDestinationUrl(String url) Aux method to set the destination url
protected void	validateAudiences() Validates the audiences.
protected void	validateDestination(Element element) Validate the destination.
Boolean	validateNumAssertions() Verifies that the document only contains a single Assertion (encrypted or not).
protected SubjectConfirmationIssue	validateRecipient(Node recipient, int index) Validate a subject confirmation recipient.
boolean	validateSignedElements(ArrayList<String> signedElements) Verifies that the document has the expected signed nodes.
protected void	validateSpNameQualifier(String spNameQualifier) Validates a SPNameQualifier.
boolean	validateTimestamps() Verifies that the document is still valid according Conditions Element.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SamlResponse

public SamlResponse(Saml2Settings settings,
                    String currentUrl,
                    String samlResponse)
             throws XPathExpressionException,
                    ParserConfigurationException,
                    SAXException,
                    IOException,
                    SettingsException,
                    ValidationError

Constructor to have a Response object fully built and ready to validate the saml response.

Parameters:

settings - Saml2Settings object. Setting data

currentUrl - URL of the current host + current view

samlResponse - A string containting the base64 encoded response from the IdP

Throws:

ValidationError

SettingsException

IOException

SAXException

ParserConfigurationException

XPathExpressionException

SamlResponse

public SamlResponse(Saml2Settings settings,
                    HttpRequest request)
             throws XPathExpressionException,
                    ParserConfigurationException,
                    SAXException,
                    IOException,
                    SettingsException,
                    ValidationError

Constructor to have a Response object fully built and ready to validate the saml response.

Parameters:

settings - Saml2Settings object. Setting data

request - the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...).

Throws:

ValidationError

SettingsException

IOException

SAXException

ParserConfigurationException

XPathExpressionException

NullPointerException

Method Detail

loadXmlFromBase64

public void loadXmlFromBase64(String responseStr)
                       throws ParserConfigurationException,
                              XPathExpressionException,
                              SAXException,
                              IOException,
                              SettingsException,
                              ValidationError

Load a XML base64encoded SAMLResponse

Parameters:

responseStr - Saml2Settings object. Setting data

Throws:

ParserConfigurationException

SettingsException

IOException

SAXException

XPathExpressionException

ValidationError

isValid

public boolean isValid(String requestId)

Determines if the SAML Response is valid using the certificate.

Parameters:

requestId - The ID of the AuthNRequest sent by this SP to the IdP

Returns:

if the response is valid or not

isValid

public boolean isValid()

Determines if the SAML Response is valid using the certificate.

Returns:

if the response is valid or not

getNameIdData

public Map<String,String> getNameIdData()
                                 throws Exception

Gets the NameID provided from the SAML Response Document.

Returns:

the Name ID Data (Value, Format, NameQualifier, SPNameQualifier)

Throws:

Exception

getNameId

public String getNameId()
                 throws Exception

Gets the NameID value provided from the SAML Response String.

Returns:

string Name ID Value

Throws:

Exception

getNameIdFormat

public String getNameIdFormat()
                       throws Exception

Gets the NameID Format provided from the SAML Response String.

Returns:

string NameID Format

Throws:

Exception

getNameIdNameQualifier

public String getNameIdNameQualifier()
                              throws Exception

Gets the NameID NameQualifier provided from the SAML Response String.

Returns:

string NameQualifier

Throws:

Exception

getNameIdSPNameQualifier

public String getNameIdSPNameQualifier()
                                throws Exception

Gets the NameID SP NameQualifier provided from the SAML Response String.

Returns:

string SP NameQualifier

Throws:

Exception

getAttributes

public HashMap<String,List<String>> getAttributes()
                                           throws XPathExpressionException,
                                                  ValidationError

Gets the Attributes from the AttributeStatement element.

Returns:

the attributes of the SAML Assertion

Throws:

XPathExpressionException

ValidationError

getResponseStatus

public SamlResponseStatus getResponseStatus()

Returns the ResponseStatus object

Returns:

checkStatus

public void checkStatus()
                 throws ValidationError

Checks the Status

Throws:

ValidationError - If status is not success

getStatus

public static SamlResponseStatus getStatus(Document dom)
                                    throws ValidationError

Get Status from a Response

Parameters:

dom - The Response as XML

Returns:

SamlResponseStatus

Throws:

IllegalArgumentException - if the response not contain status or if Unexpected XPath error

ValidationError

checkOneCondition

public Boolean checkOneCondition()
                          throws XPathExpressionException

Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique.

Returns:

true if the Conditions element exists and is unique

Throws:

XPathExpressionException

checkOneAuthnStatement

public Boolean checkOneAuthnStatement()
                               throws XPathExpressionException

Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique.

Returns:

true if the AuthnStatement element exists and is unique

Throws:

XPathExpressionException

getAudiences

public List<String> getAudiences()
                          throws XPathExpressionException

Gets the audiences.

Returns:

the audiences of the response

Throws:

XPathExpressionException

getIssuers

public List<String> getIssuers()
                        throws XPathExpressionException,
                               ValidationError

Gets the Issuers (from Response and Assertion).

Returns:

the issuers of the assertion/response

Throws:

XPathExpressionException

ValidationError

getSessionNotOnOrAfter

public org.joda.time.DateTime getSessionNotOnOrAfter()
                                              throws XPathExpressionException

Gets the SessionNotOnOrAfter from the AuthnStatement. Could be used to set the local session expiration

Returns:

the SessionNotOnOrAfter value

Throws:

XPathExpressionException

getSessionIndex

public String getSessionIndex()
                       throws XPathExpressionException

Gets the SessionIndex from the AuthnStatement. Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the SP, to set what specific session must be deleted

Returns:

the SessionIndex value

Throws:

XPathExpressionException

getId

public String getId()

Returns:

the ID of the Response

getAssertionId

public String getAssertionId()
                      throws XPathExpressionException

Returns:

the ID of the assertion in the Response

Throws:

XPathExpressionException

getAssertionNotOnOrAfter

public List<org.joda.time.Instant> getAssertionNotOnOrAfter()
                                                     throws XPathExpressionException

Returns:

a list of NotOnOrAfter values from SubjectConfirmationData nodes in this Response

Throws:

XPathExpressionException

validateNumAssertions

public Boolean validateNumAssertions()
                              throws IllegalArgumentException

Verifies that the document only contains a single Assertion (encrypted or not).

Returns:

true if the document passes.

Throws:

IllegalArgumentException

processSignedElements

public ArrayList<String> processSignedElements()
                                        throws XPathExpressionException,
                                               ValidationError

Verifies the signature nodes: - Checks that are Response or Assertion - Check that IDs and reference URI are unique and consistent.

Returns:

array Signed element tags

Throws:

XPathExpressionException

ValidationError

validateSignedElements

public boolean validateSignedElements(ArrayList<String> signedElements)
                               throws XPathExpressionException,
                                      ValidationError

Verifies that the document has the expected signed nodes.

Parameters:

signedElements - the elements to be validated

Returns:

true if is valid

Throws:

XPathExpressionException

ValidationError

validateTimestamps

public boolean validateTimestamps()
                           throws ValidationError

Verifies that the document is still valid according Conditions Element.

Returns:

true if still valid

Throws:

ValidationError

setDestinationUrl

public void setDestinationUrl(String url)

Aux method to set the destination url

Parameters:

url - the url to set as currentUrl

getError

public String getError()

After execute a validation process, if fails this method returns the cause

Returns:

the cause of the validation error as a string

getValidationException

public Exception getValidationException()

After execute a validation process, if fails this method returns the Exception object

Returns:

the cause of the validation error

getSAMLResponseXml

public String getSAMLResponseXml()

Returns:

the SAMLResponse XML, If the Assertion of the SAMLResponse was encrypted, returns the XML with the assertion decrypted

getSAMLResponseDocument

protected Document getSAMLResponseDocument()

Returns:

the SAMLResponse Document, If the Assertion of the SAMLResponse was encrypted, returns the Document with the assertion decrypted

validateAudiences

protected void validateAudiences()
                          throws XPathExpressionException,
                                 ValidationError

Validates the audiences.

Throws:

XPathExpressionException

ValidationError

validateDestination

protected void validateDestination(Element element)
                            throws ValidationError

Validate the destination.

Parameters:

element - element with the destination attribute

Throws:

ValidationError

validateRecipient

protected SubjectConfirmationIssue validateRecipient(Node recipient,
                                                     int index)

Validate a subject confirmation recipient.

Parameters:

recipient - recipient node

index - index of the subject confirmation node

Returns:

a subject confirmation issue or null

validateSpNameQualifier

protected void validateSpNameQualifier(String spNameQualifier)
                                throws ValidationError

Validates a SPNameQualifier.

Parameters:

spNameQualifier - the SPNameQualifier

Throws:

ValidationError