How are SAML tokens validated?

[abdelrahman almahmoud <fi...@gmail.com>]

I am trying to use SAML tokens in my project but I need more
information on the method used to validate the tokens. Since
validating tokens is outside of the scope of SAML token specifications
I am not sure which method is used in rampart.
Is there more than one way to validate tokens? and which methods are
supported in rampart

Thank you,

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org

Re: How are SAML tokens validated?

[Suresh Attanayake <su...@gmail.com>]

Hi,

You can find the Rampart SAMLTokenValidator class here [1]. There basically
the signature of the token is validated. But you can validate various parts
of the SAMLAssertion as well such as the Subject, Conditions,
AuthenStatement, AttributeStatement etc.

[1].
http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java

Thanks,
-Suresh

On Tue, Sep 11, 2012 at 12:06 PM, abdelrahman almahmoud <
firestorm5002@gmail.com> wrote:

> I am trying to use SAML tokens in my project but I need more
> information on the method used to validate the tokens. Since
> validating tokens is outside of the scope of SAML token specifications
> I am not sure which method is used in rampart.
> Is there more than one way to validate tokens? and which methods are
> supported in rampart
>
> Thank you,
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>


-- 
Suresh Attanayake

Blog : http://sureshatt.blogspot.com/
LinkedIn : http://www.linkedin.com/pub/suresh-attanayake/16/165/181
Twitter : http://twitter.com/sureshatt