You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/18 17:39:20 UTC
[1/2] cxf-fediz git commit: Updated some dependencies
Repository: cxf-fediz
Updated Branches:
refs/heads/master 1fc7ea23f -> 3d7c11793
Updated some dependencies
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b3887f45
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b3887f45
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b3887f45
Branch: refs/heads/master
Commit: b3887f4562ec70b80a0473eed67f724289caa54f
Parents: 1fc7ea2
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 18 12:49:32 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 18 12:50:00 2015 +0000
----------------------------------------------------------------------
pom.xml | 18 +++++++++---------
services/idp/pom.xml | 2 +-
services/sts/pom.xml | 2 +-
systests/kerberos/pom.xml | 2 +-
4 files changed, 12 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b3887f45/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 648b100..bb07177 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,14 +42,14 @@
<commons.logging.version>1.2</commons.logging.version>
<cxf.version>3.1.4</cxf.version>
<cxf.build-utils.version>3.1.0</cxf.build-utils.version>
- <easymock.version>3.3</easymock.version>
+ <easymock.version>3.4</easymock.version>
<ecj.version>4.4.2</ecj.version>
<ehcache.version>2.9.0</ehcache.version>
- <hibernate.version>5.1.1.Final</hibernate.version>
+ <hibernate.version>5.2.2.Final</hibernate.version>
<httpclient.version>4.3.5</httpclient.version>
- <hsqldb.version>2.3.2</hsqldb.version>
- <htmlunit.version>2.15</htmlunit.version>
- <javassist.version>3.16.1-GA</javassist.version>
+ <hsqldb.version>2.3.3</hsqldb.version>
+ <htmlunit.version>2.19</htmlunit.version>
+ <javassist.version>3.20.0-GA</javassist.version>
<javax.el.version>2.2</javax.el.version>
<javax.validation.version>1.1.0.Final</javax.validation.version>
<jericho.version>3.3</jericho.version>
@@ -57,14 +57,14 @@
<jetty9.version>9.3.3.v20150827</jetty9.version>
<junit.version>4.12</junit.version>
<log4j.version>1.2.17</log4j.version>
- <ognl.version>3.0.8</ognl.version>
+ <ognl.version>3.1.1</ognl.version>
<openjpa.version>2.4.0</openjpa.version>
<servlet.version>2.5</servlet.version>
- <slf4j.version>1.7.12</slf4j.version>
+ <slf4j.version>1.7.13</slf4j.version>
<spring.version>4.1.7.RELEASE</spring.version>
<spring.security.version>3.1.7.RELEASE</spring.security.version>
- <tomcat7.version>7.0.64</tomcat7.version>
- <tomcat8.version>8.0.26</tomcat8.version>
+ <tomcat7.version>7.0.65</tomcat7.version>
+ <tomcat8.version>8.0.28</tomcat8.version>
<wss4j.version>2.1.4</wss4j.version>
<xalan.version>2.7.2</xalan.version>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b3887f45/services/idp/pom.xml
----------------------------------------------------------------------
diff --git a/services/idp/pom.xml b/services/idp/pom.xml
index 31dd4fe..fe45ebe 100644
--- a/services/idp/pom.xml
+++ b/services/idp/pom.xml
@@ -187,7 +187,7 @@
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib-nodep</artifactId>
- <version>2.1_3</version>
+ <version>3.2.0</version>
</dependency>
<!--
<dependency>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b3887f45/services/sts/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/pom.xml b/services/sts/pom.xml
index 8bab90b..4a5a867 100644
--- a/services/sts/pom.xml
+++ b/services/sts/pom.xml
@@ -74,7 +74,7 @@
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
- <version>2.0.3.RELEASE</version>
+ <version>2.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b3887f45/systests/kerberos/pom.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index 2bac697..ffa2152 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -181,7 +181,7 @@
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<scope>test</scope>
- <version>1.52</version>
+ <version>1.53</version>
</dependency>
</dependencies>
[2/2] cxf-fediz git commit: Map claims from SAML -> JWT
Posted by co...@apache.org.
Map claims from SAML -> JWT
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3d7c1179
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3d7c1179
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3d7c1179
Branch: refs/heads/master
Commit: 3d7c117936c43997fbb5342a23cce5f22d31d61e
Parents: b3887f4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 18 16:39:08 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 18 16:39:08 2015 +0000
----------------------------------------------------------------------
.../service/oidc/LocalSamlTokenConverter.java | 65 ++++++++++++++++++--
.../fediz/service/oidc/OAuthDataManager.java | 3 +-
.../fediz/service/oidc/SamlTokenConverter.java | 6 +-
3 files changed, 67 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d7c1179/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
index 3f9443d..94b094b 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
@@ -18,21 +18,78 @@
*/
package org.apache.cxf.fediz.service.oidc;
-import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
public class LocalSamlTokenConverter implements SamlTokenConverter {
@Override
- public IdToken convertToIdToken(Document samlDoc, String subjectName, String clientId) {
+ public IdToken convertToIdToken(Element samlToken,
+ String subjectName,
+ ClaimCollection claims,
+ String clientId) {
IdToken idToken = new IdToken();
idToken.setSubject(subjectName);
idToken.setAudience(clientId);
idToken.setIssuer("accounts.fediz.com");
- idToken.setIssuedAt(System.currentTimeMillis() / 1000);
- idToken.setExpiryTime(System.currentTimeMillis() / 1000 + 60000);
+
+ long currentTimeInSeconds = System.currentTimeMillis() / 1000L;
+ idToken.setIssuedAt(currentTimeInSeconds);
+ idToken.setExpiryTime(currentTimeInSeconds + 60000L);
+
+ // Set the authInstant
+ try {
+ SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlToken);
+
+ if (wrapper.getSaml2() != null && !wrapper.getSaml2().getAuthnStatements().isEmpty()) {
+ long authInstant =
+ wrapper.getSaml2().getAuthnStatements().get(0).getAuthnInstant().getMillis();
+ idToken.setAuthenticationTime(authInstant / 1000L);
+ }
+ } catch (WSSecurityException ex) {
+ throw new OAuthServiceException("Error converting SAML token", ex);
+ }
+
+ // Map claims
+ if (claims != null) {
+ String firstName = null;
+ String lastName = null;
+ for (Claim c : claims) {
+ if (!(c.getValue() instanceof String)) {
+ continue;
+ }
+ if (ClaimTypes.FIRSTNAME == c.getClaimType()) {
+ idToken.setGivenName((String)c.getValue());
+ firstName = (String)c.getValue();
+ } else if (ClaimTypes.LASTNAME == c.getClaimType()) {
+ idToken.setFamilyName((String)c.getValue());
+ lastName = (String)c.getValue();
+ } else if (ClaimTypes.EMAILADDRESS == c.getClaimType()) {
+ idToken.setEmail((String)c.getValue());
+ } else if (ClaimTypes.DATEOFBIRTH == c.getClaimType()) {
+ idToken.setBirthDate((String)c.getValue());
+ } else if (ClaimTypes.HOMEPHONE == c.getClaimType()) {
+ idToken.setPhoneNumber((String)c.getValue());
+ } else if (ClaimTypes.GENDER == c.getClaimType()) {
+ idToken.setGender((String)c.getValue());
+ } else if (ClaimTypes.WEB_PAGE == c.getClaimType()) {
+ idToken.setWebsite((String)c.getValue());
+ }
+ }
+
+ if (firstName != null && lastName != null) {
+ idToken.setName(firstName + " " + lastName);
+ }
+ }
+
return idToken;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d7c1179/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index ae7e538..5e3ff4f 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -98,8 +98,9 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
}
protected String getJoseIdToken(FedizPrincipal principal, Client client) {
- IdToken idToken = tokenConverter.convertToIdToken(principal.getLoginToken().getOwnerDocument(),
+ IdToken idToken = tokenConverter.convertToIdToken(principal.getLoginToken(),
principal.getName(),
+ principal.getClaims(),
client.getClientId());
JwsJwtCompactProducer p = new JwsJwtCompactProducer(idToken);
return p.signWith(getJwsSignatureProvider(client));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d7c1179/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
index 93cd672..1fbb087 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
@@ -18,12 +18,14 @@
*/
package org.apache.cxf.fediz.service.oidc;
-import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.rs.security.oidc.common.IdToken;
public interface SamlTokenConverter {
- IdToken convertToIdToken(Document samlDoc,
+ IdToken convertToIdToken(Element samlToken,
String subjectName,
+ ClaimCollection claims,
String audience);
}