EnsLib.SOAP.SAMLGenericService
class EnsLib.SOAP.SAMLGenericService extends EnsLib.SOAP.GenericService
SOAP Generic Service that can validate the signature and timestamps on a SAML tokenProperty Inventory
Method Inventory
Parameters
parameter SETTINGS = Validation:Connection,TrustedX509File:Connection;
Inherited description: Can't do grace period without an OnTask loop
Properties
property SAMLAttributes as %String;
Comma separated list of attributes to record for statistics.
The attribute names are case sensitive.
The attribute names are case sensitive.
Property methods: SAMLAttributesDisplayToLogical(), SAMLAttributesGet(), SAMLAttributesIsValid(), SAMLAttributesLogicalToDisplay(), SAMLAttributesLogicalToOdbc(), SAMLAttributesNormalize(), SAMLAttributesSet()
property TrustedX509File as %String (MAXLEN = 900);
Location of a file containing certificates that can be used to verify the signatures on received SAML tokens.
The file should contain one or more trusted X.509 certificates in PEM-encoded format.
These certificates should complete a 'chain of trust' from the signatures contained in the SAML tokens to a trusted root Certificate Authority.
If empty and the 'mgr' directory contains a 'iris.cer' file then that file will be used.
Property methods: TrustedX509FileDisplayToLogical(), TrustedX509FileGet(), TrustedX509FileIsValid(), TrustedX509FileLogicalToDisplay(), TrustedX509FileLogicalToOdbc(), TrustedX509FileNormalize(), TrustedX509FileSet()
property Validation as %String [ InitialExpression = "1" ];
Specifies types of Assertion validation to perform on element:
To change the skew allowance Set ^Ens.Config("SAML","ClockSkew",<ConfigName>) for a specific item or ^Ens.Config("SAML","ClockSkew") for all items using this validation to the desired number of seconds.
Set to -1 to prevent NotBefore/NotOnOrAfter condition checking for the relevant item or items.
This does not validate the XML schema used for the SAML token.
- t - must contain a signed SAML token
- a - token must contain an Assertion
- u - token must contain an unsigned Assertion. If not found the error text is "No Unsigned Assertion".
- If both a and u are specified then either a signed or unsigned assertion needs to be present.
- s - combine with u - if unsigned assertions exist the s requires them be a children of signed elements. Note: The Assertion might be wrapped in a structure that does not follow from schema.
- r - require Assertions to contain NotBefore/NotOnOrAfter time conditions
- v - verify Assertion signatures using a Trusted X.509 certificate and, if present, NotBefore/NotOnOrAfter conditions If option 'u' is specified and 'v' NotBefore/NotOnOrAfter conditions will also be checked.
- o - validate other signed nodes within the assertion such as TimeStamp. Signed reference elements with attribute name of ID or Id will be searched for.
To change the skew allowance Set ^Ens.Config("SAML","ClockSkew",<ConfigName>) for a specific item or ^Ens.Config("SAML","ClockSkew") for all items using this validation to the desired number of seconds.
Set to -1 to prevent NotBefore/NotOnOrAfter condition checking for the relevant item or items.
This does not validate the XML schema used for the SAML token.
Property methods: ValidationDisplayToLogical(), ValidationGet(), ValidationIsValid(), ValidationLogicalToDisplay(), ValidationLogicalToOdbc(), ValidationNormalize(), ValidationSet()
Methods
method OnValidate(pMsg As EnsLib.SOAP.GenericMessage, pValSpec As %String, Output pStatus As %Status) as %Boolean
Return non-zero to prevent default validation of the message (if any);
Convert to lower case, with inverse spec chars converted to upper case
Inherited Members
Inherited Properties
- %AlertStartTime
- %ConfigName
- %ConfigQueueName
- %ExcludeResponseHttpHeaders
- %LastActionTime
- %LastHandledTime
- %LastReportedError
- %OutsideCreated
- %PreserveSession
- %ProcessInputCalled
- %QuitTask
- %RequestHeader
- %SearchTableType
- %SessionId
- %SuperSession
- %SuperSessionCreatedBeforeSession
- %VDocFormat
- %WaitForNextCallInterval
- %WarnedLatest
- %isShadow
- Adapter
- AddressingIn
- AddressingOut
- AlertGracePeriod
- AlertGroups
- AlertOnError
- ArchiveIO
- Attachments
- Base64LineBreaks
- BodyId
- BodyXmlId
- BusinessPartner
- ContentId
- ContentLocation
- FaultAddressing
- FaultHeaders
- GatewayTimeout
- GenerateSuperSessionID
- HeaderDocType
- HeadersIn
- HeadersOut
- IOLogEntry
- ImportHandler
- InactivityTimeout
- IsMTOM
- KeepCSPPartition
- Location
- MTOMRequired
- MsgClass
- OutputTypeAttribute
- OverrideClientResponseWaitTimeout
- Password
- PersistInProcData
- ProcessHeaders
- RMSession
- ReferencesInline
- RequestMessageStart
- ResponseAttachments
- ResponseContentId
- ResponseContentLocation
- SAXFlags
- SOAPInvoked
- SearchTableClass
- SecurityContextToken
- SecurityIn
- SecurityNamespace
- SecurityOut
- SessionCookie
- SoapFault
- SoapVersion
- SupportDelayedSyncRequest
- TargetConfigName
- ThrottleDelay
- Timeout
- Transport
- UseSimulatedSync
- Username
- WSDL
- WriteSOAPBodyMethod
Inherited Methods
- %AddEnvelopeNamespace()
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OnClose()
- %OnCreateRMSession()
- %OnNew()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %SuperSessionSet()
- %ValidateObject()
- AdapterName()
- AssignOneSetting()
- CloseIOLogEntry()
- ConvertParameter()
- Decrypt()
- Encrypt()
- EnumerateSettingsClose()
- EnumerateSettingsExecute()
- EnumerateSettingsFetch()
- EscapeHTML()
- EscapeURL()
- FileWSDL()
- ForceSessionId()
- GatewayTimeout()
- GenerateSuperSession()
- GetBodyId()
- GetDeferredResponseToken()
- GetMsgHdrRequestKey()
- GetProductionSettingValue()
- GetProductionSettings()
- GetPropertyConnections()
- GetSettings()
- GetShadowInstance()
- HyperEventCall()
- HyperEventHead()
- Include()
- Initialize()
- InsertHiddenField()
- InsertHiddenFields()
- IsPrivate()
- Link()
- MakeFault()
- MakeFault12()
- MakeSecurityFault()
- MakeStatusFault()
- NewIOLogEntry()
- NormalizeName()
- OnAdapterHTTPResponse()
- OnAuthorize()
- OnCancelSecureConversation()
- OnError()
- OnErrorStream()
- OnGenerateSuperSession()
- OnGetConnections()
- OnHTTPHeader()
- OnHandleNoResponseYet()
- OnInit()
- OnKeepalive()
- OnMonitor()
- OnPageError()
- OnPopulateSendSyncHandling()
- OnPostHTTP()
- OnPostHyperEvent()
- OnPostWebMethod()
- OnPreHyperEvent()
- OnPreWebMethod()
- OnProcessInput()
- OnProductionStart()
- OnProductionStop()
- OnRequestMessage()
- OnResolveDocType()
- OnSOAPRequest()
- OnStartSecureConversation()
- OnTearDown()
- Page()
- PopulateSuperSession()
- Process()
- ProcessBinary()
- ProcessBody()
- ProcessBodyNode()
- QueueName()
- QuoteJS()
- Reset()
- ReturnFault()
- ReturnMethodStatusFault()
- ReturnOneWay()
- ReturnStatusFault()
- RewriteURL()
- SOAPLogContains()
- SaveIOLogEntry()
- SendAlert()
- SendDeferredResponse()
- SendRequestAsync()
- SendRequestSync()
- SetReturnStatusCode()
- ShowError()
- StartTimer()
- StopTimer()
- ThrowError()
- UnescapeHTML()
- UnescapeURL()
- VerifySendSyncHandlingInstructions()
- WSAddSignatureConfirmation()
- resolveAndIndex()
- resolveDocType()
- statusReturn()