You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/23 18:21:26 UTC

cxf-fediz git commit: [FEDIZ-134] Making the issuer property configurabel, defaulting to a SAML assertion issuer if the local property is not set

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 96d907f45 -> 65d264ef6


[FEDIZ-134] Making the issuer property configurabel, defaulting to a SAML assertion issuer if the local property is not set


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/65d264ef
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/65d264ef
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/65d264ef

Branch: refs/heads/master
Commit: 65d264ef62878e19f1ce16ca0835519f070773bf
Parents: 96d907f
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Nov 23 17:21:06 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Nov 23 17:21:06 2015 +0000

----------------------------------------------------------------------
 .../service/oidc/LocalSamlTokenConverter.java   | 26 +++++++++++++++++---
 .../oidc/src/main/resources/data-manager.xml    |  4 +++
 2 files changed, 26 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/65d264ef/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
index 001c537..82505a8 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
@@ -26,11 +26,16 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.Issuer;
+
 
 
 
 public class LocalSamlTokenConverter implements SamlTokenConverter {
 
+    private String issuer;
+    
     @Override
     public IdToken convertToIdToken(Element samlToken, 
                                     String subjectName, 
@@ -40,19 +45,19 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
         IdToken idToken = new IdToken();
         idToken.setSubject(subjectName);
         idToken.setAudience(clientId);
-        idToken.setIssuer("accounts.fediz.com");
         
         long currentTimeInSeconds = System.currentTimeMillis() / 1000L;
         idToken.setIssuedAt(currentTimeInSeconds);
         idToken.setExpiryTime(currentTimeInSeconds + 60000L);
         
+        Assertion saml2Assertion = null;
         // Set the authInstant
         try {
             SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlToken);
-            
-            if (wrapper.getSaml2() != null && !wrapper.getSaml2().getAuthnStatements().isEmpty()) {
+            saml2Assertion = wrapper.getSaml2();
+            if (saml2Assertion != null && !saml2Assertion.getAuthnStatements().isEmpty()) {
                 long authInstant = 
-                    wrapper.getSaml2().getAuthnStatements().get(0).getAuthnInstant().getMillis();
+                    saml2Assertion.getAuthnStatements().get(0).getAuthnInstant().getMillis();
                 idToken.setAuthenticationTime(authInstant / 1000L);
             }
         } catch (WSSecurityException ex) {
@@ -94,8 +99,21 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
         if (nonce != null) {
             idToken.setNonce(nonce);
         }
+        if (issuer != null) {
+            idToken.setIssuer(issuer);
+        } else if (saml2Assertion != null) {
+            Issuer assertionIssuer = saml2Assertion.getIssuer();
+            if (assertionIssuer != null) {
+                idToken.setIssuer(assertionIssuer.getValue());
+            }
+        }
         
         return idToken;
     }
 
+    
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/65d264ef/services/oidc/src/main/resources/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/resources/data-manager.xml b/services/oidc/src/main/resources/data-manager.xml
index 9bfa4b5..0996c8d 100644
--- a/services/oidc/src/main/resources/data-manager.xml
+++ b/services/oidc/src/main/resources/data-manager.xml
@@ -26,6 +26,9 @@
         http://cxf.apache.org/jaxrs
         http://cxf.apache.org/schemas/jaxrs.xsd">
 
+    <bean id="samlTokenConverter" class="org.apache.cxf.fediz.service.oidc.LocalSamlTokenConverter">
+        <property name="issuer" value="accounts.fediz.com"/>
+    </bean>
     <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager">
     <!--
         <property name="scopes">
@@ -37,6 +40,7 @@
     <!--
         <property name="signIdTokenWithClientSecret" value="true"/>
     -->
+        <property name="tokenConverter" ref="samlTokenConverter"/>
     </bean>
     
 </beans>