You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/08 18:41:02 UTC
[3/3] cxf-fediz git commit: [FEDIZ-162] - Make it possible to disable
the requirement for a SAML SSO signature
[FEDIZ-162] - Make it possible to disable the requirement for a SAML SSO signature
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e34b37f1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e34b37f1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e34b37f1
Branch: refs/heads/master
Commit: e34b37f1d691bc36b212de9e23ef568f1cd4f5e5
Parents: 3285516
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Apr 8 15:54:24 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Apr 8 17:40:44 2016 +0100
----------------------------------------------------------------------
.../idp/beans/samlsso/AuthnRequestValidator.java | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e34b37f1/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
index 80f4d0c..0b99805 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
@@ -66,6 +66,8 @@ import org.springframework.webflow.execution.RequestContext;
public class AuthnRequestValidator {
private static final Logger LOG = LoggerFactory.getLogger(AuthnRequestValidator.class);
+
+ private boolean requireSignature = true;
public void validateAuthnRequest(RequestContext context, Idp idp, String signature,
String relayState, String samlRequest, String realm)
@@ -129,9 +131,11 @@ public class AuthnRequestValidator {
LOG.debug("Signature validation failed");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
- } else {
+ } else if (requireSignature) {
LOG.debug("No signature is present, therefore the request is rejected");
throw new ProcessingException(TYPE.BAD_REQUEST);
+ } else {
+ LOG.debug("No signature is present, but this is allowed by configuration");
}
}
@@ -241,5 +245,17 @@ public class AuthnRequestValidator {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
+
+ public boolean isRequireSignature() {
+ return requireSignature;
+ }
+
+ /**
+ * Whether to require a signature or not on the AuthnRequest
+ * @param requireSignature
+ */
+ public void setRequireSignature(boolean requireSignature) {
+ this.requireSignature = requireSignature;
+ }
}