You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/25 18:02:27 UTC
[1/2] cxf-fediz git commit: Use the configured realm for the Metadata
EntityId instead of the URL
Repository: cxf-fediz
Updated Branches:
refs/heads/master 77ae60143 -> 71faae7c6
Use the configured realm for the Metadata EntityId instead of the URL
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/71faae7c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/71faae7c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/71faae7c
Branch: refs/heads/master
Commit: 71faae7c6c58fcc2820e7789d7278e196e108303
Parents: 6d8baf8
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jan 25 12:05:19 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jan 25 16:30:53 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/71faae7c/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
index 4b138e8..5eb794c 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
@@ -64,7 +64,7 @@ public class ServiceMetadataWriter {
writer.writeAttribute("ID", referenceID);
String serviceURL = config.getIdpUrl().toString();
- writer.writeAttribute("entityID", serviceURL);
+ writer.writeAttribute("entityID", config.getRealm());
writer.writeNamespace("md", SAML2_METADATA_NS);
writer.writeNamespace("fed", WS_FEDERATION_NS);
[2/2] cxf-fediz git commit: Fixed a bug in the MetadataServlet
Posted by co...@apache.org.
Fixed a bug in the MetadataServlet
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6d8baf8b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6d8baf8b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6d8baf8b
Branch: refs/heads/master
Commit: 6d8baf8b8578bb76d01bdf8962bcecb758d975e6
Parents: 77ae601
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jan 25 11:34:40 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jan 25 16:30:53 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/idp/MetadataServlet.java | 3 +-
.../cxf/fediz/integrationtests/SAMLSSOTest.java | 42 ++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6d8baf8b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
index 039d26f..0aab857 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
@@ -72,7 +72,8 @@ public class MetadataServlet extends HttpServlet {
TrustedIdp trustedIdp = idpConfig.findTrustedIdp(serviceRealm);
if (trustedIdp == null) {
LOG.error("No TrustedIdp found for desired realm: " + serviceRealm);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return;
}
ServiceMetadataWriter mw = new ServiceMetadataWriter();
Document metadata = mw.getMetaData(idpConfig, trustedIdp);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6d8baf8b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index 8c0510a..af47527 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -23,23 +23,32 @@ package org.apache.cxf.fediz.integrationtests;
import java.io.File;
import java.io.IOException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
import com.gargoylesoftware.htmlunit.CookieManager;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.xml.XmlPage;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Test;
/**
* This is a test for federation in the IdP. The RP application is configured to use a home realm of "realm b". The
@@ -296,6 +305,39 @@ public class SAMLSSOTest {
bodyTextContent.contains(claim + "=alice@realma.org"));
}
+ @Test
+ public void testIdPServiceMetadata() throws Exception {
+ String url = "https://localhost:" + getIdpHttpsPort()
+ + "/fediz-idp/metadata/urn:org:apache:cxf:fediz:idp:realm-B";
+
+ final WebClient webClient = new WebClient();
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setSSLClientCertificate(
+ this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
+
+ final XmlPage rpPage = webClient.getPage(url);
+ final String xmlContent = rpPage.asXml();
+ Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
+
+ // Now validate the Signature
+ Document doc = rpPage.getXmlDocument();
+
+ doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
+ Node signatureNode =
+ DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+ Assert.assertNotNull(signatureNode);
+
+ XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+ KeyInfo ki = signature.getKeyInfo();
+ Assert.assertNotNull(ki);
+ Assert.assertNotNull(ki.getX509Certificate());
+
+ Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+
+ webClient.close();
+ }
+
private static String login(String url, String user, String password,
String idpPort, String rpIdpPort, boolean postBinding) throws IOException {
//