You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2021/02/25 05:57:21 UTC
[nifi] 12/24: NIFI-8241 This closes #4833. Set the SAML context
provider to use the EmptyStorageFactory
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.13
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 2f7b43a4a1fab714bd741d2e05dd96298031c37f
Author: Bryan Bende <bb...@apache.org>
AuthorDate: Fri Feb 19 14:18:46 2021 -0500
NIFI-8241 This closes #4833. Set the SAML context provider to use the EmptyStorageFactory
Signed-off-by: Joe Witt <jo...@apache.org>
---
.../web/security/saml/impl/StandardSAMLConfigurationFactory.java | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
index e143524..c1ffd17 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
@@ -66,6 +66,7 @@ import org.springframework.security.saml.processor.HTTPSOAP11Binding;
import org.springframework.security.saml.processor.SAMLBinding;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.processor.SAMLProcessorImpl;
+import org.springframework.security.saml.storage.EmptyStorageFactory;
import org.springframework.security.saml.util.VelocityFactory;
import org.springframework.security.saml.websso.ArtifactResolutionProfileImpl;
import org.springframework.security.saml.websso.SingleLogoutProfile;
@@ -291,6 +292,13 @@ public class StandardSAMLConfigurationFactory implements SAMLConfigurationFactor
final NiFiSAMLContextProviderImpl contextProvider = new NiFiSAMLContextProviderImpl();
contextProvider.setMetadata(metadataManager);
contextProvider.setKeyManager(keyManager);
+
+ // Note - the default is HttpSessionStorageFactory, but since we don't use HttpSessions we can't rely on that,
+ // setting this to the EmptyStorageFactory simply disables checking of the InResponseTo field, if we ever want
+ // to bring that back we could possibly implement our own in-memory storage factory
+ // https://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-troubleshooting.html#d5e1935
+ contextProvider.setStorageFactory(new EmptyStorageFactory());
+
contextProvider.afterPropertiesSet();
return contextProvider;
}