You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/03/18 18:19:25 UTC
[1/2] cxf-fediz git commit: Store the SAML SSO RequestId on the
context
Repository: cxf-fediz
Updated Branches:
refs/heads/master 8b0146d7d -> 9fa14d005
Store the SAML SSO RequestId on the context
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bd7dc9f1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bd7dc9f1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bd7dc9f1
Branch: refs/heads/master
Commit: bd7dc9f12a7f89ca87a894f50dfc46b1baea08a6
Parents: 8b0146d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Mar 18 16:11:58 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Mar 18 16:11:58 2015 +0000
----------------------------------------------------------------------
.../idp/protocols/TrustedIdpSAMLProtocolHandler.java | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bd7dc9f1/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 2cc03c3..4163b20 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -39,7 +39,6 @@ import javax.ws.rs.core.UriBuilder;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
@@ -82,6 +81,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
public static final String PROTOCOL = "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser";
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpSAMLProtocolHandler.class);
+ private static final String SAML_SSO_REQUEST_ID = "saml-sso-request-id";
private AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder();
// private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
@@ -131,6 +131,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
if (trustedIdp.isSignRequest()) {
signRequest(urlEncodedRequest, wctx, idp, ub);
}
+
+ // Store the Request ID
+ String authnRequestId = authnRequest.getID();
+ WebUtils.putAttributeInExternalContext(context, SAML_SSO_REQUEST_ID, authnRequestId);
// TODO How to set headers here?
// .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
@@ -367,7 +371,11 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
ssoResponseValidator.setClientAddress(servletRequest.getRemoteAddr());
ssoResponseValidator.setIssuerIDP(trustedIdp.getUrl());
- // TODO ssoResponseValidator.setRequestId(requestState.getSamlRequestId());
+
+ // Get the stored request ID
+ String requestId =
+ (String)WebUtils.getAttributeFromExternalContext(requestContext, SAML_SSO_REQUEST_ID);
+ ssoResponseValidator.setRequestId(requestId);
ssoResponseValidator.setSpIdentifier(idp.getRealm());
ssoResponseValidator.setEnforceAssertionsSigned(true);
ssoResponseValidator.setEnforceKnownIssuer(true);
[2/2] cxf-fediz git commit: More SAML SSO changes
Posted by co...@apache.org.
More SAML SSO changes
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/9fa14d00
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/9fa14d00
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/9fa14d00
Branch: refs/heads/master
Commit: 9fa14d0059ba8a1fe4520f40a742bd9452c113df
Parents: bd7dc9f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Mar 18 16:51:31 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Mar 18 16:51:31 2015 +0000
----------------------------------------------------------------------
.../TrustedIdpSAMLProtocolHandler.java | 31 ++++++++++----------
1 file changed, 16 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9fa14d00/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 4163b20..9cb089d 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -34,6 +34,7 @@ import java.security.cert.X509Certificate;
import java.util.zip.DataFormatException;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.UriBuilder;
@@ -136,9 +137,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
String authnRequestId = authnRequest.getID();
WebUtils.putAttributeInExternalContext(context, SAML_SSO_REQUEST_ID, authnRequestId);
- // TODO How to set headers here?
- // .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
- // .header("Pragma", "no-cache")
+ HttpServletResponse response = WebUtils.getHttpServletResponse(context);
+ response.addHeader("Cache-Control", "no-cache, no-store");
+ response.addHeader("Pragma", "no-cache");
+
return ub.build().toURL();
} catch (MalformedURLException ex) {
LOG.error("Invalid Redirect URL for Trusted Idp", ex);
@@ -157,10 +159,6 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
try {
- //String relayState = (String) WebUtils.getAttributeFromFlowScope(context,
- // SSOConstants.RELAY_STATE);
- // TODO Validate RelayState
-
String encodedSAMLResponse = (String) WebUtils.getAttributeFromFlowScope(context,
SSOConstants.SAML_RESPONSE);
@@ -180,14 +178,17 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
new SecurityToken(id, validatorResponse.getCreated(), validatorResponse.getSessionNotOnOrAfter());
idpToken.setToken(validatorResponse.getAssertionElement());
- // LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued by home realm [{}/{}]",
- // id, wfResp.getUsername(), wfResp.getUniqueTokenId(), whr, wfResp.getIssuer());
- //.debug("Created date={}", wfResp.getTokenCreated());
- //LOG.debug("Expired date={}", wfResp.getTokenExpires());
- //if (LOG.isDebugEnabled()) {
- // LOG.debug("Validated 'wresult' : "
- // + System.getProperty("line.separator") + wresult);
- //}
+
+ String whr = (String) WebUtils.getAttributeFromFlowScope(context,
+ FederationConstants.PARAM_HOME_REALM);
+ LOG.info("[IDP_TOKEN={}] created from [RP_TOKEN={}] issued by home realm [{}]",
+ id, validatorResponse.getResponseId(), whr);
+ LOG.debug("Created date={}", validatorResponse.getCreated());
+ LOG.debug("Expired date={}", validatorResponse.getSessionNotOnOrAfter());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Validated: "
+ + System.getProperty("line.separator") + validatorResponse.getAssertion());
+ }
return idpToken;
} catch (IllegalStateException ex) {
throw ex;