public SAMLSSOReqValidationResponseDTO validate() throws IdentityException {
try {
SAMLSSOReqValidationResponseDTO validationResponse = new SAMLSSOReqValidationResponseDTO();
Issuer issuer = authnReq.getIssuer();
Subject subject = authnReq.getSubject();
//Validate the version
if (!(authnReq.getVersion().equals(SAMLVersion.VERSION_20))) {
String errorResp = buildErrorResponse(SAMLSSOConstants.StatusCodes.VERSION_MISMATCH,
"Invalid SAML Version in Authentication Request. SAML Version should be equal to 2.0");
validationResponse.setResponse(errorResp);
validationResponse.setValid(false);
return validationResponse;
}
//validate the issuer
if (issuer.getValue() != null) {
validationResponse.setIssuer(issuer.getValue());
} else if (issuer.getSPProvidedID() != null) {
validationResponse.setIssuer(issuer.getSPProvidedID());
} else {
validationResponse.setValid(false);
String errorResp = buildErrorResponse(SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR,
"Issuer/ProviderName should not be empty in the Authentication Request.");
validationResponse.setResponse(errorResp);
validationResponse.setValid(false);
return validationResponse;
}
// set the custom login page URL, if available
SSOServiceProviderConfigManager spConfigManager = SSOServiceProviderConfigManager.getInstance();
SAMLSSOServiceProviderDO spDO = spConfigManager.getServiceProvider(issuer.getValue());
if(spDO != null){
validationResponse.setLoginPageURL(spDO.getLoginPageURL());
}
//TODO : Validate the NameID Format
if (subject != null) {
if (subject.getNameID() != null) {
validationResponse.setSubject(subject.getNameID().getValue());
}
}
//TODO : validate the signature
validationResponse.setId(authnReq.getID());
validationResponse.setAssertionConsumerURL(authnReq.getAssertionConsumerServiceURL());