boolean bindingRequires = isIntendedDestinationEndpointURIRequired(messageContext);
if (messageDestination == null) {
if (bindingRequires) {
log.error("SAML message intended destination endpoint URI required by binding was empty");
throw new SecurityException("SAML message intended destination (required by binding) was not present");
} else {
log.debug("SAML message intended destination endpoint in message was empty, not required by binding, skipping");
return;
}
}
String receiverEndpoint = getActualReceiverEndpointURI(messageContext);
log.debug("Intended message destination endpoint: {}", messageDestination);
log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
boolean matched = compareEndpointURIs(messageDestination, receiverEndpoint);
if (!matched) {
log.error("SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'",
messageDestination, receiverEndpoint);
throw new SecurityException("SAML message intended destination endpoint did not match recipient endpoint");
} else {
log.debug("SAML message intended destination endpoint matched recipient endpoint");
}
}