Examples of org.pac4j.saml.exceptions.SamlException

• org.pac4j.saml.exceptions.SamlException
  Root exception for SAML Client. @author Michael Remond @since 1.5.0

        }

        try {
            encoder.encode(context);
        } catch (MessageEncodingException e) {
            throw new SamlException("Error encoding saml message", e);
        }

    }

        context.setSecurityPolicyResolver(resolver);

        try {
            decoder.decode(context);
        } catch (MessageDecodingException e) {
            throw new SamlException("Error decoding saml message", e);
        } catch (SecurityException e) {
            throw new SamlException("Error decoding saml message", e);
        }

        if (context.getPeerEntityMetadata() == null) {
            throw new SamlException("IDP Metadata cannot be null");
        }

        context.setPeerEntityId(context.getPeerEntityMetadata().getEntityID());
        context.setCommunicationProfileId(SAML2_WEBSSO_PROFILE_URI);
    }

            final Decrypter decrypter) {

        SAMLObject message = context.getInboundSAMLMessage();

        if (!(message instanceof Response)) {
            throw new SamlException("Response instance is an unsupported type");
        }
        Response response = (Response) message;

        validateSamlProtocolResponse(response, context, engine);

     */
    public void validateSamlProtocolResponse(final Response response, final ExtendedSAMLMessageContext context,
            final SignatureTrustEngine engine) {

        if (!isIssueInstantValid(response.getIssueInstant())) {
            throw new SamlException("Response issue instant is too old or in the future");
        }

        // TODO add Destination and inResponseTo Validation

        if (response.getIssuer() != null) {
            validateIssuer(response.getIssuer(), context);
        }

        if (!StatusCode.SUCCESS_URI.equals(response.getStatus().getStatusCode().getValue())) {
            String status = response.getStatus().getStatusCode().getValue();
            if (response.getStatus().getStatusMessage() != null) {
                status += " / " + response.getStatus().getStatusMessage().getMessage();
            }
            throw new SamlException("Authentication response is not success ; actual " + status);
        }

        if (response.getSignature() != null) {
            validateSignature(response.getSignature(), context.getPeerEntityId(), engine);
            context.setInboundSAMLMessageAuthenticated(true);

                break;
            }
        }

        if (context.getSubjectAssertion() == null) {
            throw new SamlException("No valid subject assertion found in response");
        }

        // We do not check EncryptedID here because it has been already decrypted and stored into NameID
        List<SubjectConfirmation> subjectConfirmations = context.getSubjectConfirmations();
        if ((context.getSubjectNameIdentifier() == null) && (context.getBaseID() == null)
                && ((subjectConfirmations == null) || (subjectConfirmations.size() == 0))) {
            throw new SamlException(
                    "Subject NameID, BaseID and EncryptedID cannot be both null at the same time if there are no Subject Confirmations.");
        }
    }

     * @param issuer
     * @param context
     */
    protected void validateIssuer(final Issuer issuer, final ExtendedSAMLMessageContext context) {
        if (issuer.getFormat() != null && !issuer.getFormat().equals(NameIDType.ENTITY)) {
            throw new SamlException("Issuer type is not entity but " + issuer.getFormat());
        }
        if (!context.getPeerEntityMetadata().getEntityID().equals(issuer.getValue())) {
            throw new SamlException("Issuer " + issuer.getValue() + " does not match idp entityId "
                    + context.getPeerEntityMetadata().getEntityID());
        }
    }

     */
    protected void validateAssertion(final Assertion assertion, final ExtendedSAMLMessageContext context,
            final SignatureTrustEngine engine, final Decrypter decrypter) {

        if (!isIssueInstantValid(assertion.getIssueInstant())) {
            throw new SamlException("Assertion issue instant is too old or in the future");
        }

        validateIssuer(assertion.getIssuer(), context);

        if (assertion.getSubject() != null) {
            validateSubject(assertion.getSubject(), context, decrypter);
        } else {
            throw new SamlException("Assertion subject cannot be null");
        }

        validateAssertionConditions(assertion.getConditions(), context);

        validateAuthenticationStatements(assertion.getAuthnStatements(), context);

                    return;
                }
            }
        }

        throw new SamlException("Subject confirmation validation failed");
    }

        try {
            NameID decryptedId = (NameID) decrypter.decrypt(encryptedId);
            return decryptedId;
        } catch (DecryptionException e) {
            throw new SamlException("Decryption of an EncryptedID failed.", e);
        }
    }

     * @param context
     */
    protected void validateAssertionConditions(final Conditions conditions, final ExtendedSAMLMessageContext context) {

        if (conditions == null) {
            throw new SamlException("Assertion conditions cannot be null");
        }

        if (conditions.getNotBefore() != null) {
            if (conditions.getNotBefore().minusSeconds(acceptedSkew).isAfterNow()) {
                throw new SamlException("Assertion condition notBefore is not valid");
            }
        }

        if (conditions.getNotOnOrAfter() != null) {
            if (conditions.getNotOnOrAfter().plusSeconds(acceptedSkew).isBeforeNow()) {
                throw new SamlException("Assertion condition notOnOrAfter is not valid");
            }
        }

        validateAudienceRestrictions(conditions.getAudienceRestrictions(), context.getLocalEntityId());