The OpenSAML V2 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Validating XML and SAML Objects

Validation can be done in two ways, by validating the DOM (before unmarshalling or after marshalling) against the SAML schemas or by validating SAMLObjects (after unmarshalling or before marshalling) with Validators.

XML Schema Validation

org.opensaml.common.xml.ParesPoolManager provides two methods for validating a document against the SAML schemas. validate(Document) will validate XML documents using either the SAML 1.1 or SAML 2.0 schemas. validate10(Document) will validate XML document using either the SAML 1.0 or SAML 2.0 schemas. The reason for the two methods has to do with a mistake made when defining the SAML 1.1 XML Schema (namely putting it in the same namespace as the SAML 1.0 schema). However, both SAML 1.0 and SAML 1.1 schemas are composable with SAML 2.0 and so both methods allow for SAML 2.0 validation.

It should be noted that many products out there seem to produce invalid XML and so the usage of XML Schema validation is not recommended.

SAMLObject Validator Validation

The most common way to perform validator based validation is to use a ValidatorSuite (see the configuration file section to learn how to configure these). These suites can be used on a single SAMLObject, a tree of SAMLObjects, or multiple trees of SAMLObjects (i.e. they are stateless and traverse the , here's how:

  1. Retrieve the Validator suite using org.opensaml.xml.Configuration#getValidatorSuite(String) passing in the ID of the suite you wish to use
  2. Execute the validate(XMLObject) giving it the SAMLObject you wish to validate

The default configuration files for the library provide 6 validation suites:

  • saml1-schema-validator - validates SAMLObjects against the SAML 1.0/1.1 schema
  • saml1-spec-validator - validates SAMLObjects against the SAML 1.0/1.1 specification
  • saml2-schema-validator - validates SAMLObjects against the SAML 2.0 core schema
  • saml2-spec-validator - validates SAMLObjects against the SAML 2.0 core specification
  • saml2-metadata-schema-validator - validates SAMLObjects against the SAML 2.0 metadata schema
  • saml2-metadata-spec-validator - validates SAMLObjects against the SAML 2.0 metadata specification

Alternatively, you may wish to attach validators directly to the SAMLObject and evaluate them at some point later. You can do this by create instances of the validators you wish to be evaluated and registering them with the SAMLObject through the registerValidator(Validator) method. Then, when you're ready to perform the validation you can execute the validate(boolean) method. The boolean argument indicates whether you wish validators registered on the children objects to be executed as well.

  • No labels