com.vmware.vapi.saml

Interface ValidatableSamlToken

All Superinterfaces:

SamlToken, XmlPresentable

All Known Subinterfaces:

ValidatableSamlTokenEx

public interface ValidatableSamlToken
extends SamlToken

Instances of this interface are not guaranteed to be valid (i.e. signed by a trusted authority, within lifetime range). Trying to invoke any method different than validate should result in a runtime exception.

Nested Class Summary

Nested classes/interfaces inherited from interface com.vmware.vapi.saml.SamlToken

SamlToken.TokenDelegate

Method Summary

Methods

Modifier and Type	Method and Description
void	validate(X509Certificate[] trustedRootCertificates, long clockToleranceSec) Validates that the token is signed using a trusted certificate and is within the lifetime range

Methods inherited from interface com.vmware.vapi.saml.SamlToken

equals, getAdvice, getAudience, getConfirmationCertificate, getConfirmationType, getDelegationChain, getExpirationTime, getGroupList, getId, getStartTime, getSubject, getSubjectNameId, hashCode, isDelegable, isRenewable, isSolution

Methods inherited from interface com.vmware.vapi.saml.XmlPresentable

importTo, toXml

Method Detail

validate

void validate(X509Certificate[] trustedRootCertificates,
            long clockToleranceSec)
              throws InvalidTokenException

Validates that the token is signed using a trusted certificate and is within the lifetime range

Parameters:

trustedRootCertificates - List of trusted root STS certificates that ValidatableSamlToken will use when validating the token's signature. Required.

clockToleranceSec - Tolerate that many seconds of discrepancy between the token's sender clock and the local system clock when validating the token's start and expiration time. This effectively "expands" the token's validity period with the given number of seconds.

Throws:

InvalidSignatureException - when the signature cannot be verified.

InvalidTimingException - when times in the token are malformed, invalid or divergent at the time of validation

MalformedTokenException - when the token or some of its elements are malformed

InvalidTokenException - if the token or some of its elements is invalid or malformed