String contextIssuer = samlMsgCtx.getInboundMessageIssuer();
if (contextIssuer != null) {
log.debug("Attempting to validate SAML protocol message simple signature using context issuer: {}",
contextIssuer);
CriteriaSet criteriaSet = buildCriteriaSet(contextIssuer, samlMsgCtx);
if (validateSignature(signature, signedContent, algorithmURI, criteriaSet, candidateCredentials)) {
log.info("Validation of request simple signature succeeded");
if (!samlMsgCtx.isInboundSAMLMessageAuthenticated()) {
log.info("Authentication via request simple signature succeeded for context issuer entity ID {}",
contextIssuer);
samlMsgCtx.setInboundSAMLMessageAuthenticated(true);
}
return;
} else {
log.warn("Validation of request simple signature failed for context issuer: {}", contextIssuer);
throw new SecurityPolicyException("Validation of request simple signature failed for context issuer");
}
}
String derivedIssuer = deriveSignerEntityID(samlMsgCtx);
if (derivedIssuer != null) {
log.debug("Attempting to validate SAML protocol message simple signature using derived issuer: {}",
derivedIssuer);
CriteriaSet criteriaSet = buildCriteriaSet(derivedIssuer, samlMsgCtx);
if (validateSignature(signature, signedContent, algorithmURI, criteriaSet, candidateCredentials)) {
log.info("Validation of request simple signature succeeded");
if (!samlMsgCtx.isInboundSAMLMessageAuthenticated()) {
log.info("Authentication via request simple signature succeeded for derived issuer {}",
derivedIssuer);