We are implementing Service provider for IDP initiated SSO. We are using open SAML v3 java library to parse the SAML response using POST.
I want to validate the SAML data and format, so trying to figure out is there any inbuilt methods which I can make use to validate the SAML data. I am able to validate the signature using SAMLSignatureProfileValidator and SignatureValidator but I also want to validate that SAML version, the entity provider,Audience, conditions and so on.
When I dive deep into the library I was able to find that the class WSSecuritySAML20AssertionTokenSecurityHandler which validate SAML when doInvoke() method is called but the message Should SOAP. This method uses SAML20AssertionValidator to validate.
I am planning to use SAML20AssertionValidator to validate the Assertion so I need help to instaniate the SAML20AssertionValidator. The constructor for SAML20AssertionValidator is as follows. Trying to understand the input parameters
public SAML20AssertionValidator(@Nullable final Collection<ConditionValidator> newConditionValidators,
@Nullable final Collection<SubjectConfirmationValidator> newConfirmationValidators,
@Nullable Collection<StatementValidator> newStatementValidators,
@Nullable final SignatureTrustEngine newTrustEngine,
@Nullable final SignaturePrevalidator newSignaturePrevalidator) {
Also want to make sure is this the right direction to go for validation or is there any other methods I can make use of?
Any directions on this is much appreciated.
