Examples of SAMLException

com.sun.xml.wss.saml.SAMLException
This class is an extension point for all SAML related exceptions.
org.opensaml.SAMLException
org.opensaml.common.SAMLException
Base exception for SAML related exception.
org.pac4j.saml.exceptions.SamlException
Root exception for SAML Client. @author Michael Remond @since 1.5.0

Examples of org.pac4j.saml.exceptions.SamlException

     * @param issuer
     * @param context
     */
    protected void validateIssuer(final Issuer issuer, final ExtendedSAMLMessageContext context) {
        if (issuer.getFormat() != null && !issuer.getFormat().equals(NameIDType.ENTITY)) {
            throw new SamlException("Issuer type is not entity but " + issuer.getFormat());
        }
        if (!context.getPeerEntityMetadata().getEntityID().equals(issuer.getValue())) {
            throw new SamlException("Issuer " + issuer.getValue() + " does not match idp entityId "
                    + context.getPeerEntityMetadata().getEntityID());
        }
    }

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException

     */
    protected void validateAssertion(final Assertion assertion, final ExtendedSAMLMessageContext context,
            final SignatureTrustEngine engine, final Decrypter decrypter) {


        if (!isIssueInstantValid(assertion.getIssueInstant())) {
            throw new SamlException("Assertion issue instant is too old or in the future");
        }


        validateIssuer(assertion.getIssuer(), context);


        if (assertion.getSubject() != null) {
            validateSubject(assertion.getSubject(), context, decrypter);
        } else {
            throw new SamlException("Assertion subject cannot be null");
        }


        validateAssertionConditions(assertion.getConditions(), context);


        validateAuthenticationStatements(assertion.getAuthnStatements(), context);

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException

                    return;
                }
            }
        }


        throw new SamlException("Subject confirmation validation failed");
    }

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException


        try {
            NameID decryptedId = (NameID) decrypter.decrypt(encryptedId);
            return decryptedId;
        } catch (DecryptionException e) {
            throw new SamlException("Decryption of an EncryptedID failed.", e);
        }
    }

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException

     * @param context
     */
    protected void validateAssertionConditions(final Conditions conditions, final ExtendedSAMLMessageContext context) {


        if (conditions == null) {
            throw new SamlException("Assertion conditions cannot be null");
        }


        if (conditions.getNotBefore() != null) {
            if (conditions.getNotBefore().minusSeconds(acceptedSkew).isAfterNow()) {
                throw new SamlException("Assertion condition notBefore is not valid");
            }
        }


        if (conditions.getNotOnOrAfter() != null) {
            if (conditions.getNotOnOrAfter().plusSeconds(acceptedSkew).isBeforeNow()) {
                throw new SamlException("Assertion condition notOnOrAfter is not valid");
            }
        }


        validateAudienceRestrictions(conditions.getAudienceRestrictions(), context.getLocalEntityId());

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException

     */
    protected void validateAudienceRestrictions(final List<AudienceRestriction> audienceRestrictions,
            final String spEntityId) {


        if (audienceRestrictions == null || audienceRestrictions.size() == 0) {
            throw new SamlException("Audience restrictions cannot be null or empty");
        }


        Set<String> audienceUris = new HashSet<String>();
        for (AudienceRestriction audienceRestriction : audienceRestrictions) {
            if (audienceRestriction.getAudiences() != null) {
                for (Audience audience : audienceRestriction.getAudiences()) {
                    audienceUris.add(audience.getAudienceURI());
                }
            }
        }
        if (!audienceUris.contains(spEntityId)) {
            throw new SamlException("Assertion audience " + audienceUris + " does not match SP configuration "
                    + spEntityId);
        }
    }

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException

    protected void validateAuthenticationStatements(final List<AuthnStatement> authnStatements,
            final ExtendedSAMLMessageContext context) {


        for (AuthnStatement statement : authnStatements) {
            if (!isAuthnInstantValid(statement.getAuthnInstant())) {
                throw new SamlException("Authentication issue instant is too old or in the future");
            }
            if (statement.getSessionNotOnOrAfter() != null && statement.getSessionNotOnOrAfter().isBeforeNow()) {
                throw new SamlException("Authentication session between IDP and subject has ended");
            }
            // TODO implement authnContext validation
        }
    }

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException

            final SignatureTrustEngine engine) {
        if (signature != null) {
            validateSignature(signature, context.getPeerEntityMetadata().getEntityID(), engine);
        } else if (((SPSSODescriptor) context.getLocalEntityRoleMetadata()).getWantAssertionsSigned()
                && !context.isInboundSAMLMessageAuthenticated()) {
            throw new SamlException("Assertion or response must be signed");
        }
    }

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException


        SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
        try {
            validator.validate(signature);
        } catch (ValidationException e) {
            throw new SamlException("SAMLSignatureProfileValidator failed to validate signature", e);
        }


        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
        criteriaSet.add(new EntityIDCriteria(idpEntityId));


        boolean valid = false;
        try {
            valid = trustEngine.validate(signature, criteriaSet);
        } catch (SecurityException e) {
            throw new SamlException("An error occured during signature validation", e);
        }
        if (!valid) {
            throw new SamlException("Signature is not trusted");
        }
    }

View Full Code Here

Examples of org.pac4j.saml.exceptions.SamlException

        for (SingleSignOnService service : services) {
            if (service.getBinding().equals(binding)) {
                return service;
            }
        }
        throw new SamlException("Identity provider has no single sign on service available for the selected profile"
                + idpssoDescriptor);


    }

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.