You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/01 17:00:34 UTC
[1/3] cxf-fediz git commit: Change whr to home_realm
Repository: cxf-fediz
Updated Branches:
refs/heads/master 21fd134c4 -> 18ea6f481
Change whr to home_realm
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/5a0c0b7b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/5a0c0b7b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/5a0c0b7b
Branch: refs/heads/master
Commit: 5a0c0b7b47eef202ab2b15bd8a089d37d050ee80
Parents: 21fd134
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 1 15:27:18 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 1 15:27:18 2016 +0000
----------------------------------------------------------------------
.../idp/beans/SigninParametersCacheAction.java | 10 -----
.../WEB-INF/flows/federation-signin-request.xml | 42 ++++++++++----------
.../flows/federation-validate-request.xml | 8 ++--
3 files changed, 25 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5a0c0b7b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index f719860..e3e055e 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -56,10 +56,6 @@ public class SigninParametersCacheAction {
if (value != null) {
signinParams.put(FederationConstants.PARAM_TREALM, value);
}
- value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM);
- if (value != null) {
- signinParams.put(FederationConstants.PARAM_HOME_REALM, value);
- }
value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
if (value != null) {
signinParams.put(IdpConstants.HOME_REALM, value);
@@ -100,12 +96,6 @@ public class SigninParametersCacheAction {
if (value != null) {
WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM, value);
}
- // TODO - Remove
- value = (String)signinParams.get(FederationConstants.PARAM_HOME_REALM);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_HOME_REALM, value);
- WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
- }
value = (String)signinParams.get(IdpConstants.HOME_REALM);
if (value != null) {
WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5a0c0b7b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index 194404b..59c2a67 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -29,14 +29,14 @@
<input name="wctx" />
<input name="wfresh" />
<input name="wauth" />
- <input name="whr" />
+ <input name="home_realm" />
<decision-state id="processHRDSExpression">
<on-entry>
- <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, flowScope.whr)"
- result="flowScope.whr" />
+ <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, flowScope.home_realm)"
+ result="flowScope.home_realm" />
</on-entry>
- <if test="flowScope.whr == null or flowScope.whr.trim().isEmpty()"
+ <if test="flowScope.home_realm == null or flowScope.home_realm.trim().isEmpty()"
then="provideIDPListForUser" else="checkIsThisIDP" />
</decision-state>
@@ -56,16 +56,16 @@
<var name="trustedIDPSelection"
class="org.apache.cxf.fediz.service.idp.model.TrustedIDPSelection" />
<binder>
- <binding property="whr" required="true" />
+ <binding property="home_realm" required="true" />
</binder>
<on-entry>
<set name="requestScope.idPConfig" value="flowScope.idpConfig" />
</on-entry>
<transition on="submit" to="checkIsThisIDP" bind="true"
validate="true">
- <set name="flowScope.whr" value="trustedIDPSelection.whr" />
+ <set name="flowScope.home_realm" value="trustedIDPSelection.home_realm" />
<evaluate
- expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.whr)" />
+ expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.home_realm)" />
</transition>
<transition on="cancel" to="checkDefaultToThisIDP"
bind="false" validate="false" />
@@ -73,7 +73,7 @@
<!-- Home Realm is known then we can store it in cookie -->
<decision-state id="checkIsThisIDP">
- <if test="flowScope.idpConfig.realm.equals(flowScope.whr)"
+ <if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
then="checkWauthTypeSupported" else="checkIdpTokenWhrWauth" />
</decision-state>
@@ -82,17 +82,17 @@
<!-- Is 'wresult/RP-IDP token' already received and validated (then stored
in session) from requestor IDP ? -->
<decision-state id="checkIdpTokenWhrWauth">
- <if test="externalContext.sessionMap[flowScope.whr] != null"
+ <if test="externalContext.sessionMap[flowScope.home_realm] != null"
then="wfreshParserRemoteAction" else="redirectToTrustedIDP" />
</decision-state>
<action-state id="wfreshParserRemoteAction">
<evaluate
- expression="idpTokenExpiredAction.isTokenExpired(flowScope.whr, flowRequestContext) or
- wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.whr, flowRequestContext)" />
+ expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
+ wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)" />
<transition on="yes" to="redirectToTrustedIDP" />
<transition on="no" to="validateWReply" >
- <set name="flowScope.idpToken" value="externalContext.sessionMap[whr]" />
+ <set name="flowScope.idpToken" value="externalContext.sessionMap[home_realm]" />
</transition>
<transition on-exception="java.lang.Throwable" to="viewBadRequest" />
</action-state>
@@ -107,7 +107,7 @@
<decision-state id="checkWauthTypeSupported">
<on-entry>
<!-- Here, home realm is guaranteed to be THIS realm -->
- <set name="flowScope.whr" value="flowScope.idpConfig.realm" />
+ <set name="flowScope.home_realm" value="flowScope.idpConfig.realm" />
</on-entry>
<if test="flowScope.idpConfig.getAuthenticationURIs() == null"
then="viewBadRequest" />
@@ -118,7 +118,7 @@
<decision-state id="checkIdpTokenWauth">
<!-- check presence of cached IDP token for THIS realm -->
- <if test="externalContext.sessionMap[flowScope.whr] == null"
+ <if test="externalContext.sessionMap[flowScope.home_realm] == null"
then="cacheSecurityToken" else="wfreshParserAction" />
</decision-state>
@@ -126,11 +126,11 @@
from 'IDP_TOKEN' -->
<action-state id="wfreshParserAction">
<evaluate
- expression="idpTokenExpiredAction.isTokenExpired(flowScope.whr, flowRequestContext) or
- wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.whr, flowRequestContext)" />
+ expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
+ wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)" />
<transition on="yes" to="redirectToLocalIDP" />
<transition on="no" to="validateWReply">
- <set name="flowScope.idpToken" value="externalContext.sessionMap[whr]" />
+ <set name="flowScope.idpToken" value="externalContext.sessionMap[home_realm]" />
</transition>
<transition on-exception="java.lang.Throwable" to="viewBadRequest" />
</action-state>
@@ -140,14 +140,14 @@
<evaluate expression="logoutAction.submit(flowRequestContext)" />
</on-entry>
<output name="wctx" value="flowScope.wctx" />
- <output name="whr" value="flowScope.whr" />
+ <output name="home_realm" value="flowScope.home_realm" />
</end-state>
<action-state id="cacheSecurityToken">
<secured attributes="IS_AUTHENTICATED_FULLY" />
<evaluate expression="cacheSecurityToken.submit(flowRequestContext)" />
<transition to="validateWReply">
- <set name="flowScope.idpToken" value="externalContext.sessionMap[whr]" />
+ <set name="flowScope.idpToken" value="externalContext.sessionMap[home_realm]" />
</transition>
</action-state>
@@ -155,7 +155,7 @@
<!-- normal exit point -->
<end-state id="requestRpToken">
- <output name="whr" value="flowScope.whr" />
+ <output name="home_realm" value="flowScope.home_realm" />
<output name="wctx" value="flowScope.wctx" />
<output name="idpToken" value="flowScope.idpToken" />
</end-state>
@@ -168,7 +168,7 @@
<on-entry>
<evaluate expression="signinParametersCacheAction.store(flowRequestContext)" />
</on-entry>
- <output name="whr" value="flowScope.whr" />
+ <output name="home_realm" value="flowScope.home_realm" />
<output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
</end-state>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5a0c0b7b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 446a65c..e0d86aa 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -98,22 +98,22 @@
<input name="wctx" value="flowScope.wctx" />
<input name="wfresh" value="flowScope.wfresh" />
<input name="wauth" value="flowScope.wauth" />
- <input name="whr" value="flowScope.whr" />
+ <input name="home_realm" value="flowScope.whr" />
- <output name="whr" />
+ <output name="home_realm" />
<output name="wctx" />
<output name="idpToken" />
<output name="trusted_idp_context" />
<transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.whr" value="currentEvent.attributes.whr" />
+ <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
<set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
<set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
</transition>
<transition on="viewBadRequest" to="viewBadRequest" />
<transition on="scInternalServerError" to="scInternalServerError" />
<transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
- <set name="flowScope.whr" value="currentEvent.attributes.whr" />
+ <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
<set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
</transition>
<transition on="redirectToLocalIDP" to="redirectToLocalIDP">
[3/3] cxf-fediz git commit: Minor cleanup
Posted by co...@apache.org.
Minor cleanup
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/18ea6f48
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/18ea6f48
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/18ea6f48
Branch: refs/heads/master
Commit: 18ea6f481a55c5130eee805bfc2b942d3a656a02
Parents: 4538aca
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 1 16:45:41 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 1 16:45:41 2016 +0000
----------------------------------------------------------------------
.../idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml | 3 ---
1 file changed, 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/18ea6f48/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index 2816487..e2bc680 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -102,9 +102,6 @@
<input name="home_realm" value="flowScope.whr" />
<input name="protocol" value="'samlsso'" />
- <output name="wtrealm" />
- <output name="wreply" />
- <output name="wctx" />
<output name="home_realm" />
<output name="idpToken" />
<output name="saml_authn_request" />
[2/3] cxf-fediz git commit: More refactoring of the caching code
Posted by co...@apache.org.
More refactoring of the caching code
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/4538aca7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/4538aca7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/4538aca7
Branch: refs/heads/master
Commit: 4538aca7cd22a4ab56587c113e6c96f91d2a4502
Parents: 5a0c0b7
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 1 16:41:03 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 1 16:41:03 2016 +0000
----------------------------------------------------------------------
.../idp/beans/SigninParametersCacheAction.java | 115 ++++++++++---------
.../WEB-INF/flows/federation-signin-request.xml | 3 +-
.../flows/federation-validate-request.xml | 2 +
.../WEB-INF/flows/saml-signin-request.xml | 3 +-
.../WEB-INF/flows/saml-validate-request.xml | 2 +
.../webapp/WEB-INF/flows/signin-response.xml | 3 +-
6 files changed, 73 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index e3e055e..18216e7 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -44,35 +44,40 @@ public class SigninParametersCacheAction {
private static final Logger LOG = LoggerFactory.getLogger(SigninParametersCacheAction.class);
- public void store(RequestContext context) {
+ public void store(RequestContext context, String protocol) {
Map<String, Object> signinParams = new HashMap<>();
String uuidKey = UUID.randomUUID().toString();
- Object value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
- if (value != null) {
- signinParams.put(FederationConstants.PARAM_REPLY, value);
- }
- value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
- if (value != null) {
- signinParams.put(FederationConstants.PARAM_TREALM, value);
- }
- value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
+ Object value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
if (value != null) {
signinParams.put(IdpConstants.HOME_REALM, value);
}
- value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
- if (value != null) {
- signinParams.put(FederationConstants.PARAM_CONTEXT, value);
- }
- // TODO
- value = WebUtils.getAttributeFromFlowScope(context, "RelayState");
- if (value != null) {
- signinParams.put("RelayState", value);
- }
- value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
- if (value != null) {
- signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value);
+
+ if ("wsfed".equals(protocol)) {
+ value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
+ if (value != null) {
+ signinParams.put(FederationConstants.PARAM_REPLY, value);
+ }
+ value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
+ if (value != null) {
+ signinParams.put(FederationConstants.PARAM_TREALM, value);
+ }
+ value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
+ if (value != null) {
+ signinParams.put(FederationConstants.PARAM_CONTEXT, value);
+ }
+ } else if ("samlsso".equals(protocol)) {
+ // TODO
+ value = WebUtils.getAttributeFromFlowScope(context, "RelayState");
+ if (value != null) {
+ signinParams.put("RelayState", value);
+ }
+ value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
+ if (value != null) {
+ signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value);
+ }
}
+
WebUtils.putAttributeInExternalContext(context, uuidKey, signinParams);
LOG.debug("SignIn parameters cached: {}", signinParams.toString());
@@ -80,7 +85,7 @@ public class SigninParametersCacheAction {
LOG.info("SignIn parameters cached and context set to [" + uuidKey + "].");
}
- public void restore(RequestContext context, String contextKey) {
+ public void restore(RequestContext context, String contextKey, String protocol) {
if (contextKey != null) {
@SuppressWarnings("unchecked")
@@ -88,44 +93,50 @@ public class SigninParametersCacheAction {
(Map<String, Object>)WebUtils.getAttributeFromExternalContext(context, contextKey);
if (signinParams != null) {
- String value = (String)signinParams.get(FederationConstants.PARAM_REPLY);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_REPLY, value);
- }
- value = (String)signinParams.get(FederationConstants.PARAM_TREALM);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM, value);
- }
- value = (String)signinParams.get(IdpConstants.HOME_REALM);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
- }
-
- SAMLAuthnRequest authnRequest =
- (SAMLAuthnRequest)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST);
- if (authnRequest != null) {
- WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
- }
+ LOG.debug("SignIn parameters restored: {}", signinParams.toString());
- // TODO
- value = (String)signinParams.get("RelayState");
+ String value = (String)signinParams.get(IdpConstants.HOME_REALM);
if (value != null) {
- WebUtils.putAttributeInFlowScope(context, "RelayState", value);
+ WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
}
- LOG.debug("SignIn parameters restored: {}", signinParams.toString());
- WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
- LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT + "["
- + contextKey + "] cleared.");
-
- value = (String)signinParams.get(FederationConstants.PARAM_CONTEXT);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, value);
+ if ("wsfed".equals(protocol)) {
+ value = (String)signinParams.get(FederationConstants.PARAM_REPLY);
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_REPLY, value);
+ }
+ value = (String)signinParams.get(FederationConstants.PARAM_TREALM);
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM, value);
+ }
+
+ WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
+ LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT + "["
+ + contextKey + "] cleared.");
+
+ value = (String)signinParams.get(FederationConstants.PARAM_CONTEXT);
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, value);
+ }
+ } else if ("samlsso".equals(protocol)) {
+ SAMLAuthnRequest authnRequest =
+ (SAMLAuthnRequest)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST);
+ if (authnRequest != null) {
+ WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
+ }
+
+ // TODO
+ value = (String)signinParams.get("RelayState");
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, "RelayState", value);
+ }
}
} else {
LOG.debug("Error in restoring security context");
}
+
+ WebUtils.removeAttributeFromFlowScope(context, contextKey);
} else {
LOG.debug("Error in restoring security context");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index 59c2a67..d62c115 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -30,6 +30,7 @@
<input name="wfresh" />
<input name="wauth" />
<input name="home_realm" />
+ <input name="protocol" />
<decision-state id="processHRDSExpression">
<on-entry>
@@ -166,7 +167,7 @@
<!-- redirects to requestor idp -->
<end-state id="redirectToTrustedIDP">
<on-entry>
- <evaluate expression="signinParametersCacheAction.store(flowRequestContext)" />
+ <evaluate expression="signinParametersCacheAction.store(flowRequestContext, protocol)" />
</on-entry>
<output name="home_realm" value="flowScope.home_realm" />
<output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index e0d86aa..e42c7ee 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -99,6 +99,7 @@
<input name="wfresh" value="flowScope.wfresh" />
<input name="wauth" value="flowScope.wauth" />
<input name="home_realm" value="flowScope.whr" />
+ <input name="protocol" value="'wsfed'" />
<output name="home_realm" />
<output name="wctx" />
@@ -131,6 +132,7 @@
<input name="state" value="flowScope.state" />
<input name="code" value="flowScope.code" />
<input name="home_realm" value="flowScope.whr" />
+ <input name="protocol" value="'wsfed'" />
<output name="wtrealm" />
<output name="wreply" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index 446aa8e..e385a25 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -27,6 +27,7 @@
<input name="SAMLRequest" />
<input name="RelayState" />
<input name="Signature" />
+ <input name="protocol" />
<action-state id="parseAuthnRequest">
<evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig,
@@ -180,7 +181,7 @@
<!-- redirects to requestor idp -->
<end-state id="redirectToTrustedIDP">
<on-entry>
- <evaluate expression="signinParametersCacheAction.store(flowRequestContext)" />
+ <evaluate expression="signinParametersCacheAction.store(flowRequestContext, protocol)" />
</on-entry>
<output name="home_realm" value="flowScope.home_realm" />
<output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index d45a48b..2816487 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -67,6 +67,7 @@
<input name="SAMLRequest" value="flowScope.SAMLRequest" />
<input name="RelayState" value="flowScope.RelayState" />
<input name="Signature" value="flowScope.Signature" />
+ <input name="protocol" value="'samlsso'" />
<output name="home_realm" />
<output name="idpToken" />
@@ -99,6 +100,7 @@
<input name="state" value="flowScope.state" />
<input name="code" value="flowScope.code" />
<input name="home_realm" value="flowScope.whr" />
+ <input name="protocol" value="'samlsso'" />
<output name="wtrealm" />
<output name="wreply" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
index 1a2aa2e..38c4392 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
@@ -36,10 +36,11 @@ subflow to get a RP token from the STS.
<input name="state" />
<input name="code" />
<input name="home_realm" />
+ <input name="protocol" />
<on-start>
<!-- restore the original request parameters for the current context -->
- <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context)" />
+ <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context, protocol)" />
</on-start>
<!-- validate token issued by requestor IDP given its home realm -->