The OpenSAML V2 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Trust Engines

Trust engines are used to validate and establish trust of untrusted tokens, such as Credential and Signature instances. They will typically be based on resolving trust material from a trusted information resolver of some kind.

Using Trust Engines

Trust Engines must implement the org.opensaml.xml.security.trust.TrustEngine interface. Particular implementations, some of which are described in the next section, may require some information at construction time, but once you have constructed an instance, the usage will be as described here.

The main trust engine interface method is validate(TokenType token, CriteriaSet trustBasisCriteria). A given trust engine implementation will be parameterized with the type of token it processes, such as a Credential or Signature.

The CriteriaSet parameter specifies the criteria for trust establishing trust. This will typically be criteria that will be passed to an underlying resolver of trusted information. This criteria set will contain one or more instances of org.opensaml.xml.security.Criteria. Typical examples of Criteria include:

  • org.opensaml.xml.security.criteria.EntityIDCriteria - the entity which owns or generated the token that is being processed
  • org.opensaml.xml.security.criteria.UsageCriteria - the usage specifier for a trusted credential
  • org.opensaml.security.MetadataCriteria - the SAML 2 metadata role and protocol associated with an entity whose token is being processed.

Other typical criteria may be found in package org.opensaml.xml.security.criteria.

Verifying Credentials

todo

Verifying XML Signatures

todo

  • No labels