You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/25 18:03:20 UTC
[1/2] cxf-fediz git commit: Fixed a bug in the MetadataServlet
Repository: cxf-fediz
Updated Branches:
refs/heads/1.2.x-fixes fc77fdd84 -> 5f208683c
Fixed a bug in the MetadataServlet
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e18f3ae9
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e18f3ae9
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e18f3ae9
Branch: refs/heads/1.2.x-fixes
Commit: e18f3ae9a9fe61c3c7d446631a6b1c6da7b3954d
Parents: fc77fdd
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jan 25 11:34:40 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jan 25 17:03:02 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/idp/MetadataServlet.java | 3 +-
.../cxf/fediz/integrationtests/SAMLSSOTest.java | 42 ++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e18f3ae9/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
index 039d26f..0aab857 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
@@ -72,7 +72,8 @@ public class MetadataServlet extends HttpServlet {
TrustedIdp trustedIdp = idpConfig.findTrustedIdp(serviceRealm);
if (trustedIdp == null) {
LOG.error("No TrustedIdp found for desired realm: " + serviceRealm);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return;
}
ServiceMetadataWriter mw = new ServiceMetadataWriter();
Document metadata = mw.getMetaData(idpConfig, trustedIdp);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e18f3ae9/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index bf48c0a..df6c3ae 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -23,11 +23,16 @@ package org.apache.cxf.fediz.integrationtests;
import java.io.File;
import java.io.IOException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
import com.gargoylesoftware.htmlunit.CookieManager;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.xml.XmlPage;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleState;
@@ -35,11 +40,15 @@ import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.cxf.fediz.core.ClaimTypes;
import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Test;
/**
* This is a test for federation in the IdP. The RP application is configured to use a home realm of "realm b". The
@@ -263,6 +272,39 @@ public class SAMLSSOTest {
bodyTextContent.contains(claim + "=alice@realma.org"));
}
+ @Test
+ public void testIdPServiceMetadata() throws Exception {
+ String url = "https://localhost:" + getIdpHttpsPort()
+ + "/fediz-idp/metadata/urn:org:apache:cxf:fediz:idp:realm-B";
+
+ final WebClient webClient = new WebClient();
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setSSLClientCertificate(
+ this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
+
+ final XmlPage rpPage = webClient.getPage(url);
+ final String xmlContent = rpPage.asXml();
+ Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
+
+ // Now validate the Signature
+ Document doc = rpPage.getXmlDocument();
+
+ doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
+ Node signatureNode =
+ DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+ Assert.assertNotNull(signatureNode);
+
+ XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+ KeyInfo ki = signature.getKeyInfo();
+ Assert.assertNotNull(ki);
+ Assert.assertNotNull(ki.getX509Certificate());
+
+ Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+
+ webClient.close();
+ }
+
private static String login(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
//
[2/2] cxf-fediz git commit: Use the configured realm for the Metadata
EntityId instead of the URL
Posted by co...@apache.org.
Use the configured realm for the Metadata EntityId instead of the URL
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/5f208683
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/5f208683
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/5f208683
Branch: refs/heads/1.2.x-fixes
Commit: 5f208683cfcbbc5fc778859bb846f60a295b16e6
Parents: e18f3ae
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jan 25 12:05:19 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jan 25 17:03:14 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f208683/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
index 4b138e8..5eb794c 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
@@ -64,7 +64,7 @@ public class ServiceMetadataWriter {
writer.writeAttribute("ID", referenceID);
String serviceURL = config.getIdpUrl().toString();
- writer.writeAttribute("entityID", serviceURL);
+ writer.writeAttribute("entityID", config.getRealm());
writer.writeNamespace("md", SAML2_METADATA_NS);
writer.writeNamespace("fed", WS_FEDERATION_NS);