You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/12 15:08:58 UTC
cxf git commit: Fallback to the SubjectConfirmationData NotOnOrAfter
if there is no Session NotOnOrAfter value
Repository: cxf
Updated Branches:
refs/heads/master fe89bf0fb -> 273e294c8
Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/273e294c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/273e294c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/273e294c
Branch: refs/heads/master
Commit: 273e294c8438441e9dc04c8f57a9fa3659541091
Parents: fe89bf0
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jan 12 14:08:37 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jan 12 14:08:37 2016 +0000
----------------------------------------------------------------------
.../saml/sso/SAMLSSOResponseValidator.java | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/273e294c/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 702145b..3ee7005 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -118,7 +118,9 @@ public class SAMLSSOResponseValidator {
if (assertion.getAuthnStatements() != null
&& !assertion.getAuthnStatements().isEmpty()) {
org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
- if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) {
+ org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf =
+ validateAuthenticationSubject(subject, assertion.getID(), postBinding);
+ if (subjectConf != null) {
validateAudienceRestrictionCondition(assertion.getConditions());
validAssertion = assertion;
// Store Session NotOnOrAfter
@@ -127,6 +129,10 @@ public class SAMLSSOResponseValidator {
sessionNotOnOrAfter = authnStatment.getSessionNotOnOrAfter().toDate();
}
}
+ // Fall back to the SubjectConfirmationData NotOnOrAfter if we have no session NotOnOrAfter
+ if (sessionNotOnOrAfter == null) {
+ sessionNotOnOrAfter = subjectConf.getSubjectConfirmationData().getNotOnOrAfter().toDate();
+ }
}
}
}
@@ -179,24 +185,24 @@ public class SAMLSSOResponseValidator {
/**
* Validate the Subject (of an Authentication Statement).
*/
- private boolean validateAuthenticationSubject(
+ private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject(
org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding
) throws WSSecurityException {
if (subject.getSubjectConfirmations() == null) {
- return false;
+ return null;
}
- boolean foundBearerSubjectConf = false;
+ org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null;
// We need to find a Bearer Subject Confirmation method
for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf
: subject.getSubjectConfirmations()) {
if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
- foundBearerSubjectConf = true;
validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding);
+ validSubjectConf = subjectConf;
}
}
- return foundBearerSubjectConf;
+ return validSubjectConf;
}
/**