You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/11/07 17:26:03 UTC

[cxf] 01/02: Make sure we're getting the Session NotOnOrAfter from the right assertion

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit b3b99e136ef8d59fa445770b427e3bc0f7cf3e83
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Nov 7 17:10:38 2019 +0000

    Make sure we're getting the Session NotOnOrAfter from the right assertion
    
    (cherry picked from commit 67d670b34919dd2f64255505fcf9b3d222b56e7e)
    (cherry picked from commit 82ba7e90c8b526911639052d3b7563b3fa5139eb)
    
    # Conflicts:
    #	rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
---
 .../apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java  | 2 ++
 .../cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java     | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 0dd37e1..2d15037 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -124,6 +124,8 @@ public class SAMLSSOResponseValidator {
                 if (subjectConf != null) {
                     validateAudienceRestrictionCondition(assertion.getConditions());
                     validAssertion = assertion;
+                    sessionNotOnOrAfter = null;
+
                     // Store Session NotOnOrAfter
                     for (AuthnStatement authnStatment : assertion.getAuthnStatements()) {
                         if (authnStatment.getSessionNotOnOrAfter() != null) {
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
index 9a9b44b..30fed1a 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
@@ -82,7 +82,12 @@ public class SAMLSSOResponseValidatorTest extends org.junit.Assert {
         validator.setClientAddress("http://apache.org");
         validator.setRequestId("12345");
         validator.setSpIdentifier("http://service.apache.org");
-        validator.validateSamlResponse(response, false);
+
+        SSOValidatorResponse validateSamlResponse = validator.validateSamlResponse(response, false);
+        assertEquals(response.getID(), validateSamlResponse.getResponseId());
+        assertNotNull(validateSamlResponse.getAssertionElement());
+        assertNotNull(validateSamlResponse.getCreated());
+        assertNotNull(validateSamlResponse.getSessionNotOnOrAfter());
     }
 
     @org.junit.Test