net.shibboleth.idp.test.flows.saml2

Class SAML2TestResponseValidator

java.lang.Object

net.shibboleth.idp.test.flows.saml2.SAML2TestStatusResponseTypeValidator

net.shibboleth.idp.test.flows.saml2.SAML2TestResponseValidator

public class SAML2TestResponseValidator
extends SAML2TestStatusResponseTypeValidator

SAML 2 #org.opensaml.saml.saml2.core.Response validator.

Field Summary

Fields

Modifier and Type	Field and Description
String	authnContextClassRef Authentication context class reference.
org.opensaml.saml.saml2.core.Attribute	eduPersonScopedAffiliationAttribute Expected eduPersonScopedAffiliation attribute.
org.opensaml.saml.saml2.core.Attribute	eppnAttribute Expected eppn attribute.
List<org.opensaml.saml.saml2.core.Attribute>	expectedAttributes Expected attributes.
List<org.opensaml.saml.saml2.core.Attribute>	expectedDesignatedAttributes Expected attributes.
org.opensaml.saml.saml2.core.Attribute	mailAttribute Expected mail attribute.
org.opensaml.saml.saml2.core.NameID	nameID Expected name identifier.
org.opensaml.security.credential.Credential	spCredential SP credential.
String	subjectConfirmationMethod Expected subject confirmation method.
org.opensaml.saml.saml2.core.Attribute	uidAttribute Expected uid attribute.
boolean	usedAttributeDesignators Whether attributes were limited by designators.
boolean	validateAuthnStatements Whether authn statements should be validated.
boolean	validateSubjectConfirmationData Whether subject confirmation data should be validated.

Fields inherited from class net.shibboleth.idp.test.flows.saml2.SAML2TestStatusResponseTypeValidator

destination, idpEntityID, spEntityID, statusCode, statusCodeNested, statusMessage

Constructor Summary

Constructors

Constructor and Description
SAML2TestResponseValidator() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
void	assertAssertion(org.opensaml.saml.saml2.core.Assertion assertion) Assert that : the assertion ID is not null nor empty the assertion issue instant is not null the assertion version is SAMLVersion.VERSION_20 the issuer is the expected IdP entity ID
void	assertAssertions(List<org.opensaml.saml.saml2.core.Assertion> assertions) Assert that a single assertion is present.
void	assertAttributeName(org.opensaml.saml.saml2.core.Attribute attribute, String name, String nameFormat, String friendlyName) Assert that the attribute name, name format, and friendly name are the supplied names.
void	assertAttributes(List<org.opensaml.saml.saml2.core.Attribute> attributes) Assert that the attributes from the response match the expected attributes.
void	assertAttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement attributeStatement) Assert that the attribute statement has attributes.
void	assertAttributeStatements(List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements) Assert that a single attribute statement is present.
void	assertAttributeValue(org.opensaml.saml.saml2.core.Attribute attribute, String attributeValue) Assert that the attribute value is the supplied String value.
void	assertAudienceRestriction(org.opensaml.saml.saml2.core.AudienceRestriction audienceRestriction) Assert that the audience restriction has a single audience whose URI is the expected SP entity ID.
void	assertAudienceRestrictions(List<org.opensaml.saml.saml2.core.AudienceRestriction> audienceRestrictions) Assert that a single audience restriction is present.
void	assertAuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef authnContext) Assert that the authn context class ref is AuthnContext.IP_AUTHN_CTX.
void	assertAuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement authnStatement) Assert that the authn statement has an authn instant and authn context class ref.
void	assertAuthnStatements(List<org.opensaml.saml.saml2.core.AuthnStatement> authnStatements) Assert that a single authn statement is present.
void	assertConditions(org.opensaml.saml.saml2.core.Conditions conditions) Assert that the conditions has NotBefore and NotOnOrAfter attributes.
void	assertNameID(org.opensaml.saml.saml2.core.NameID id) Assert that : the NameID is not null the NameID value is not null the NameID format is the expected format the NameID value is the expected value if the format is not transient the NameID name qualifier is the expected name qualifier the NameID SP name qualifier is the expected SP name qualifier
void	assertSubject(org.opensaml.saml.saml2.core.Subject subject) Assert that the subject has a nameID and subject confirmations.
void	assertSubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation subjectConfirmation) Assert that the subject confirmation has a confirmation method.
void	assertSubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData subjectConfirmationData) Assert that : the subject confirmation data address is "127.0.0.1" the subject confirmation data NotOnOrAfter is not null the subject confirmation data recipient is not null nor empty
void	assertSubjectConfirmationMethod(org.opensaml.saml.saml2.core.SubjectConfirmation method) Assert that the subject confirmation method is SubjectConfirmation.METHOD_BEARER.
void	assertSubjectConfirmations(List<org.opensaml.saml.saml2.core.SubjectConfirmation> subjectConfirmations) Assert that a single subject confirmation is present.
protected void	buildExpectedAttributes() Build expected attributes.
private org.opensaml.saml.saml2.core.Assertion	decryptAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion encrypted)
void	validateAttributeStatements(org.opensaml.saml.saml2.core.Assertion assertion) Validate the assertion attribute statements.
void	validateAuthnStatements(org.opensaml.saml.saml2.core.Assertion assertion) Validate the assertion authentication statements.
void	validateConditions(org.opensaml.saml.saml2.core.Assertion assertion) Validate the assertion conditions.
void	validateResponse(org.opensaml.saml.saml2.core.Response response) Validate the response.
void	validateSubject(org.opensaml.saml.saml2.core.Subject subject) Validate the subject.

Methods inherited from class net.shibboleth.idp.test.flows.saml2.SAML2TestStatusResponseTypeValidator

assertResponse, assertStatus, validateResponse

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authnContextClassRef

@Nonnull
public String authnContextClassRef

Authentication context class reference.

spCredential

@Nullable
public org.opensaml.security.credential.Credential spCredential

SP credential.

nameID

@Nonnull
public org.opensaml.saml.saml2.core.NameID nameID

Expected name identifier.

subjectConfirmationMethod

@Nonnull
public String subjectConfirmationMethod

Expected subject confirmation method.

validateAuthnStatements

@Nonnull
public boolean validateAuthnStatements

Whether authn statements should be validated.

validateSubjectConfirmationData

@Nonnull
public boolean validateSubjectConfirmationData

Whether subject confirmation data should be validated.

usedAttributeDesignators

public boolean usedAttributeDesignators

Whether attributes were limited by designators.

expectedAttributes

@Nonnull
public List<org.opensaml.saml.saml2.core.Attribute> expectedAttributes

Expected attributes.

expectedDesignatedAttributes

@Nonnull
public List<org.opensaml.saml.saml2.core.Attribute> expectedDesignatedAttributes

Expected attributes.

uidAttribute

@Nonnull
public org.opensaml.saml.saml2.core.Attribute uidAttribute

Expected uid attribute.

eppnAttribute

@Nonnull
public org.opensaml.saml.saml2.core.Attribute eppnAttribute

Expected eppn attribute.

mailAttribute

@Nonnull
public org.opensaml.saml.saml2.core.Attribute mailAttribute

Expected mail attribute.

eduPersonScopedAffiliationAttribute

@Nonnull
public org.opensaml.saml.saml2.core.Attribute eduPersonScopedAffiliationAttribute

Expected eduPersonScopedAffiliation attribute.

Constructor Detail

SAML2TestResponseValidator

public SAML2TestResponseValidator()

Constructor.

Method Detail

buildExpectedAttributes

protected void buildExpectedAttributes()

Build expected attributes.

decryptAssertion

private org.opensaml.saml.saml2.core.Assertion decryptAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion encrypted)
                                                         throws org.opensaml.xmlsec.encryption.support.DecryptionException

Throws:

org.opensaml.xmlsec.encryption.support.DecryptionException

validateResponse

public void validateResponse(@Nullable
                    org.opensaml.saml.saml2.core.Response response)

Validate the response.

Calls validate methods :

• validateSubject(Subject)
• validateConditions(Assertion)
• validateAuthnStatements(Assertion)
• validateAttributeStatements(Assertion)

Calls assert methods :

• #assertResponse(Response)
• SAML2TestStatusResponseTypeValidator.assertStatus(Status)
• assertAssertions(List)
• assertAssertion(Assertion)

Parameters:

response - the flow execution result

validateSubject

public void validateSubject(@Nullable
                   org.opensaml.saml.saml2.core.Subject subject)

Validate the subject.

Calls assert methods :

• assertSubject(Subject)
• assertNameID(NameID)
• assertSubjectConfirmations(List)
• assertSubjectConfirmation(SubjectConfirmation)
• assertSubjectConfirmationMethod(SubjectConfirmation)
• assertSubjectConfirmationData(SubjectConfirmationData)

Parameters:

subject - the subject

validateConditions

public void validateConditions(@Nullable
                      org.opensaml.saml.saml2.core.Assertion assertion)

Validate the assertion conditions.

Calls assert methods :

• assertConditions(Conditions)
• assertAudienceRestrictions(List)
• assertAudienceRestriction(AudienceRestriction)

Parameters:

assertion - the assertion

validateAuthnStatements

public void validateAuthnStatements(@Nullable
                           org.opensaml.saml.saml2.core.Assertion assertion)

Validate the assertion authentication statements.

Calls assert methods :

• assertAuthnStatements(List)
• assertAuthnStatement(AuthnStatement)
• assertAuthnContextClassRef(AuthnContextClassRef)

Parameters:

assertion - the assertion

validateAttributeStatements

public void validateAttributeStatements(@Nullable
                               org.opensaml.saml.saml2.core.Assertion assertion)

Validate the assertion attribute statements.

Calls assert methods :

• assertAttributeStatements(List)
• assertAttributeStatement(AttributeStatement)
• assertAttributes(List)

Parameters:

assertion - the assertion

assertAssertions

public void assertAssertions(@Nullable
                    List<org.opensaml.saml.saml2.core.Assertion> assertions)

Assert that a single assertion is present.

Parameters:

assertions - the assertions

assertAssertion

public void assertAssertion(@Nullable
                   org.opensaml.saml.saml2.core.Assertion assertion)

Assert that :

• the assertion ID is not null nor empty
• the assertion issue instant is not null
• the assertion version is SAMLVersion.VERSION_20
• the issuer is the expected IdP entity ID

Parameters:

assertion - the assertion

assertSubject

public void assertSubject(@Nullable
                 org.opensaml.saml.saml2.core.Subject subject)

Assert that the subject has a nameID and subject confirmations.

Parameters:

subject - the subject

assertSubjectConfirmations

public void assertSubjectConfirmations(@Nullable
                              List<org.opensaml.saml.saml2.core.SubjectConfirmation> subjectConfirmations)

Assert that a single subject confirmation is present.

Parameters:

subjectConfirmations - the subject confirmations

assertSubjectConfirmation

public void assertSubjectConfirmation(@Nullable
                             org.opensaml.saml.saml2.core.SubjectConfirmation subjectConfirmation)

Assert that the subject confirmation has a confirmation method.

Parameters:

subjectConfirmation - the subject confirmation

assertSubjectConfirmationMethod

public void assertSubjectConfirmationMethod(@Nullable
                                   org.opensaml.saml.saml2.core.SubjectConfirmation method)

Assert that the subject confirmation method is SubjectConfirmation.METHOD_BEARER.

Parameters:

method - the subject confirmation

assertSubjectConfirmationData

public void assertSubjectConfirmationData(@Nullable
                                 org.opensaml.saml.saml2.core.SubjectConfirmationData subjectConfirmationData)

Assert that :

• the subject confirmation data address is "127.0.0.1"
• the subject confirmation data NotOnOrAfter is not null
• the subject confirmation data recipient is not null nor empty

Parameters:

subjectConfirmationData - the subject confirmation data

assertNameID

public void assertNameID(@Nullable
                org.opensaml.saml.saml2.core.NameID id)

Assert that :

• the NameID is not null
• the NameID value is not null
• the NameID format is the expected format
• the NameID value is the expected value if the format is not transient
• the NameID name qualifier is the expected name qualifier
• the NameID SP name qualifier is the expected SP name qualifier

Parameters:

id - the NameID

assertConditions

public void assertConditions(@Nullable
                    org.opensaml.saml.saml2.core.Conditions conditions)

Assert that the conditions has NotBefore and NotOnOrAfter attributes.

Parameters:

conditions - the conditions

assertAudienceRestrictions

public void assertAudienceRestrictions(@Nullable
                              List<org.opensaml.saml.saml2.core.AudienceRestriction> audienceRestrictions)

Assert that a single audience restriction is present.

Parameters:

audienceRestrictions - the audience restrictions

assertAudienceRestriction

public void assertAudienceRestriction(@Nullable
                             org.opensaml.saml.saml2.core.AudienceRestriction audienceRestriction)

Assert that the audience restriction has a single audience whose URI is the expected SP entity ID.

Parameters:

audienceRestriction - the audience restriction

assertAuthnStatements

public void assertAuthnStatements(@Nullable
                         List<org.opensaml.saml.saml2.core.AuthnStatement> authnStatements)

Assert that a single authn statement is present.

Parameters:

authnStatements - the authn statements

assertAuthnStatement

public void assertAuthnStatement(@Nonnull
                        org.opensaml.saml.saml2.core.AuthnStatement authnStatement)

Assert that the authn statement has an authn instant and authn context class ref.

Parameters:

authnStatement - the authn statement

assertAuthnContextClassRef

public void assertAuthnContextClassRef(@Nullable
                              org.opensaml.saml.saml2.core.AuthnContextClassRef authnContext)

Assert that the authn context class ref is AuthnContext.IP_AUTHN_CTX.

Parameters:

authnContext - the authn context

assertAttributeStatements

public void assertAttributeStatements(@Nullable
                             List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements)

Assert that a single attribute statement is present.

Parameters:

attributeStatements - the attribute statements

assertAttributeStatement

public void assertAttributeStatement(@Nullable
                            org.opensaml.saml.saml2.core.AttributeStatement attributeStatement)

Assert that the attribute statement has attributes.

Parameters:

attributeStatement - the attribute statement

assertAttributes

public void assertAttributes(@Nullable
                    List<org.opensaml.saml.saml2.core.Attribute> attributes)

Assert that the attributes from the response match the expected attributes. Calls assert methods :

• assertAttributeName(Attribute, String, String, String)
• assertAttributeValue(Attribute, String)

Parameters:

attributes - the attributes

assertAttributeName

public void assertAttributeName(@Nullable
                       org.opensaml.saml.saml2.core.Attribute attribute,
                       @Nonnull
                       String name,
                       @Nonnull
                       String nameFormat,
                       @Nonnull
                       String friendlyName)

Assert that the attribute name, name format, and friendly name are the supplied names.

Parameters:

attribute - the attribute

name - the attribute name

nameFormat - the attribute name format

friendlyName - the attribute friendly name

assertAttributeValue

public void assertAttributeValue(@Nullable
                        org.opensaml.saml.saml2.core.Attribute attribute,
                        @Nonnull
                        String attributeValue)

Assert that the attribute value is the supplied String value.

Parameters:

attribute - the attribute

attributeValue - the attribute value