You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/08 18:41:02 UTC

[3/3] cxf-fediz git commit: [FEDIZ-162] - Make it possible to disable the requirement for a SAML SSO signature

[FEDIZ-162] - Make it possible to disable the requirement for a SAML SSO signature


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e34b37f1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e34b37f1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e34b37f1

Branch: refs/heads/master
Commit: e34b37f1d691bc36b212de9e23ef568f1cd4f5e5
Parents: 3285516
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Apr 8 15:54:24 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Apr 8 17:40:44 2016 +0100

----------------------------------------------------------------------
 .../idp/beans/samlsso/AuthnRequestValidator.java  | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e34b37f1/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
index 80f4d0c..0b99805 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
@@ -66,6 +66,8 @@ import org.springframework.webflow.execution.RequestContext;
 public class AuthnRequestValidator {
 
     private static final Logger LOG = LoggerFactory.getLogger(AuthnRequestValidator.class);
+    
+    private boolean requireSignature = true;
 
     public void validateAuthnRequest(RequestContext context, Idp idp, String signature,
                                      String relayState, String samlRequest, String realm) 
@@ -129,9 +131,11 @@ public class AuthnRequestValidator {
                 LOG.debug("Signature validation failed");
                 throw new ProcessingException(TYPE.BAD_REQUEST);
             }
-        } else {
+        } else if (requireSignature) {
             LOG.debug("No signature is present, therefore the request is rejected");
             throw new ProcessingException(TYPE.BAD_REQUEST);
+        } else {
+            LOG.debug("No signature is present, but this is allowed by configuration");
         }
     }
     
@@ -241,5 +245,17 @@ public class AuthnRequestValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
+
+    public boolean isRequireSignature() {
+        return requireSignature;
+    }
+
+    /**
+     * Whether to require a signature or not on the AuthnRequest
+     * @param requireSignature
+     */
+    public void setRequireSignature(boolean requireSignature) {
+        this.requireSignature = requireSignature;
+    }
     
 }