You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2021/02/25 05:57:21 UTC

[nifi] 12/24: NIFI-8241 This closes #4833. Set the SAML context provider to use the EmptyStorageFactory

This is an automated email from the ASF dual-hosted git repository.

joewitt pushed a commit to branch support/nifi-1.13
in repository https://gitbox.apache.org/repos/asf/nifi.git

commit 2f7b43a4a1fab714bd741d2e05dd96298031c37f
Author: Bryan Bende <bb...@apache.org>
AuthorDate: Fri Feb 19 14:18:46 2021 -0500

    NIFI-8241 This closes #4833. Set the SAML context provider to use the EmptyStorageFactory
    
    Signed-off-by: Joe Witt <jo...@apache.org>
---
 .../web/security/saml/impl/StandardSAMLConfigurationFactory.java  | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
index e143524..c1ffd17 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
@@ -66,6 +66,7 @@ import org.springframework.security.saml.processor.HTTPSOAP11Binding;
 import org.springframework.security.saml.processor.SAMLBinding;
 import org.springframework.security.saml.processor.SAMLProcessor;
 import org.springframework.security.saml.processor.SAMLProcessorImpl;
+import org.springframework.security.saml.storage.EmptyStorageFactory;
 import org.springframework.security.saml.util.VelocityFactory;
 import org.springframework.security.saml.websso.ArtifactResolutionProfileImpl;
 import org.springframework.security.saml.websso.SingleLogoutProfile;
@@ -291,6 +292,13 @@ public class StandardSAMLConfigurationFactory implements SAMLConfigurationFactor
         final NiFiSAMLContextProviderImpl contextProvider = new NiFiSAMLContextProviderImpl();
         contextProvider.setMetadata(metadataManager);
         contextProvider.setKeyManager(keyManager);
+
+        // Note - the default is HttpSessionStorageFactory, but since we don't use HttpSessions we can't rely on that,
+        // setting this to the EmptyStorageFactory simply disables checking of the InResponseTo field, if we ever want
+        // to bring that back we could possibly implement our own in-memory storage factory
+        // https://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-troubleshooting.html#d5e1935
+        contextProvider.setStorageFactory(new EmptyStorageFactory());
+
         contextProvider.afterPropertiesSet();
         return contextProvider;
     }