You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/23 18:21:26 UTC
cxf-fediz git commit: [FEDIZ-134] Making the issuer property
configurabel,
defaulting to a SAML assertion issuer if the local property is not set
Repository: cxf-fediz
Updated Branches:
refs/heads/master 96d907f45 -> 65d264ef6
[FEDIZ-134] Making the issuer property configurabel, defaulting to a SAML assertion issuer if the local property is not set
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/65d264ef
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/65d264ef
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/65d264ef
Branch: refs/heads/master
Commit: 65d264ef62878e19f1ce16ca0835519f070773bf
Parents: 96d907f
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Nov 23 17:21:06 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Nov 23 17:21:06 2015 +0000
----------------------------------------------------------------------
.../service/oidc/LocalSamlTokenConverter.java | 26 +++++++++++++++++---
.../oidc/src/main/resources/data-manager.xml | 4 +++
2 files changed, 26 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/65d264ef/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
index 001c537..82505a8 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
@@ -26,11 +26,16 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.Issuer;
+
public class LocalSamlTokenConverter implements SamlTokenConverter {
+ private String issuer;
+
@Override
public IdToken convertToIdToken(Element samlToken,
String subjectName,
@@ -40,19 +45,19 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
IdToken idToken = new IdToken();
idToken.setSubject(subjectName);
idToken.setAudience(clientId);
- idToken.setIssuer("accounts.fediz.com");
long currentTimeInSeconds = System.currentTimeMillis() / 1000L;
idToken.setIssuedAt(currentTimeInSeconds);
idToken.setExpiryTime(currentTimeInSeconds + 60000L);
+ Assertion saml2Assertion = null;
// Set the authInstant
try {
SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlToken);
-
- if (wrapper.getSaml2() != null && !wrapper.getSaml2().getAuthnStatements().isEmpty()) {
+ saml2Assertion = wrapper.getSaml2();
+ if (saml2Assertion != null && !saml2Assertion.getAuthnStatements().isEmpty()) {
long authInstant =
- wrapper.getSaml2().getAuthnStatements().get(0).getAuthnInstant().getMillis();
+ saml2Assertion.getAuthnStatements().get(0).getAuthnInstant().getMillis();
idToken.setAuthenticationTime(authInstant / 1000L);
}
} catch (WSSecurityException ex) {
@@ -94,8 +99,21 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
if (nonce != null) {
idToken.setNonce(nonce);
}
+ if (issuer != null) {
+ idToken.setIssuer(issuer);
+ } else if (saml2Assertion != null) {
+ Issuer assertionIssuer = saml2Assertion.getIssuer();
+ if (assertionIssuer != null) {
+ idToken.setIssuer(assertionIssuer.getValue());
+ }
+ }
return idToken;
}
+
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/65d264ef/services/oidc/src/main/resources/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/resources/data-manager.xml b/services/oidc/src/main/resources/data-manager.xml
index 9bfa4b5..0996c8d 100644
--- a/services/oidc/src/main/resources/data-manager.xml
+++ b/services/oidc/src/main/resources/data-manager.xml
@@ -26,6 +26,9 @@
http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd">
+ <bean id="samlTokenConverter" class="org.apache.cxf.fediz.service.oidc.LocalSamlTokenConverter">
+ <property name="issuer" value="accounts.fediz.com"/>
+ </bean>
<bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager">
<!--
<property name="scopes">
@@ -37,6 +40,7 @@
<!--
<property name="signIdTokenWithClientSecret" value="true"/>
-->
+ <property name="tokenConverter" ref="samlTokenConverter"/>
</bean>
</beans>