Ens.Util.XML.SecuritySignature
class Ens.Util.XML.SecuritySignature extends %Library.RegisteredObject
Used to check SAML Assertion signature outside SOAP frameworkMethod Inventory
Methods
classmethod FindAssertionAttributes(pSAML As %Stream.Object, ByRef pAssertionAttributes, Output pAttributes) as %Status
classmethod GetAssertionAttribute(pSAMLDoc As %XML.XPATH.Document, pNSP As %String = "", pSAMLVersion As %Integer = 2, pAssertAttribName As %String, ByRef pAssertAttribValues) as %Status
Retrieves SAML Assertion AttributeValue(s) from a SAML XPATH Doc for a given pAssertAttribName
classmethod ValidateSAML(pSAML As %GlobalCharacterStream, pValSpec As %String, pTrustedX509File As %String, pClockSkew As %String, ByRef pAttributes As %String, ByRef pAssertionAttributes As %String, Output pResults As %String, pXMLReader As %XML.Reader) as %Status
Check signatures and expiration as specified by pValSpec
This does not validate the XML schema used for the SAML token.
pValSpec Specifies types of Assertion validation to perform:
This does not validate the XML schema used for the SAML token.
pValSpec Specifies types of Assertion validation to perform:
- t - must contain a signed token
- a - token must contain a signed Assertion. If not found the error text is "No Assertion"
- u - token must contain an unsigned Assertion. If not found the error text is "No Unsigned Assertion".
- If both a and u are specified then either a signed or unsigned assertion needs to be present.
- s - combine with u - if unsigned assertions exist the s requires them be a children of signed elements. Note: The Assertion might be wrapped in a structure that does not follow from schema.
- r - require Assertions to contain both NotBefore and NotOnOrAfter time conditions.
- v - verify Assertion signature and, if present, NotBefore/NotOnOrAfter conditions. If option 'u' is specified and 'v' NotBefore/NotOnOrAfter conditions will also be checked.
- o - validate other signed nodes within the assertion such as TimeStamp. Signed reference elements with attribute name of ID or Id will be searched for. Set pClockSkew to the desired number of seconds or to -1 to prevent NotBefore/NotOnOrAfter condition checking.
To carry out schema validation of the input stream create an instance of %XML.Reader, setting the appropriate properties for validation and pass in as optional parameter pXMLReader
classmethod validateSignatures(pXMLReader As %XML.Reader, pCertFile As %String = "", Output pSignedNodes) as %Status
Inherited Members
Inherited Methods
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %ValidateObject()