You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/07/30 22:59:38 UTC
[1/4] cxf git commit: Adding SAML SSO tests.
Repository: cxf
Updated Branches:
refs/heads/2.7.x-fixes c0df6ffe9 -> 5988f4731
Adding SAML SSO tests.
Conflicts:
rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/02245c65
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/02245c65
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/02245c65
Branch: refs/heads/2.7.x-fixes
Commit: 02245c656941f28b6b2be5e461e6db04a70d2436
Parents: c0df6ff
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jul 30 17:55:32 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jul 30 18:02:47 2015 +0100
----------------------------------------------------------------------
.../saml/sso/SAMLSSOResponseValidator.java | 15 +-
.../saml/sso/AbstractSAMLCallbackHandler.java | 4 +
.../saml/sso/CombinedValidatorTest.java | 218 +++++++++++++++++++
3 files changed, 233 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/02245c65/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 56d6b5f..776a75e 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -92,7 +92,7 @@ public class SAMLSSOResponseValidator {
}
// Validate Assertions
- boolean foundValidSubject = false;
+ org.opensaml.saml.saml2.core.Assertion validAssertion = null;
Date sessionNotOnOrAfter = null;
for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
// Check the Issuer
@@ -114,7 +114,7 @@ public class SAMLSSOResponseValidator {
org.opensaml.saml2.core.Subject subject = assertion.getSubject();
if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) {
validateAudienceRestrictionCondition(assertion.getConditions());
- foundValidSubject = true;
+ validAssertion = assertion;
// Store Session NotOnOrAfter
for (AuthnStatement authnStatment : assertion.getAuthnStatements()) {
if (authnStatment.getSessionNotOnOrAfter() != null) {
@@ -123,10 +123,9 @@ public class SAMLSSOResponseValidator {
}
}
}
-
}
- if (!foundValidSubject) {
+ if (validAssertion == null) {
LOG.fine("The Response did not contain any Authentication Statement that matched "
+ "the Subject Confirmation criteria");
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
@@ -136,8 +135,16 @@ public class SAMLSSOResponseValidator {
validatorResponse.setResponseId(samlResponse.getID());
validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
// the assumption for now is that SAMLResponse will contain only a single assertion
+<<<<<<< HEAD
Element assertionElement = samlResponse.getAssertions().get(0).getDOM();
validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
+=======
+ Element assertionElement = validAssertion.getDOM();
+ Element clonedAssertionElement = (Element)assertionElement.cloneNode(true);
+ validatorResponse.setAssertionElement(clonedAssertionElement);
+ validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
+
+>>>>>>> 1c2a530... Adding SAML SSO tests.
return validatorResponse;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/02245c65/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index 528b7bd..a115cd6 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
@@ -132,6 +132,10 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
this.subjectLocalityDnsAddress = dnsAddress;
}
+ public void setSubjectName(String subjectName) {
+ this.subjectName = subjectName;
+ }
+
public void setResource(String resource) {
this.resource = resource;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/02245c65/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
new file mode 100644
index 0000000..53aed3e
--- /dev/null
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -0,0 +1,218 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.saml.sso;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.util.Collections;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.joda.time.DateTime;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+
+/**
+ * Some unit tests for the SAMLProtocolResponseValidator and the SAMLSSOResponseValidator
+ */
+public class CombinedValidatorTest extends org.junit.Assert {
+
+ static {
+ WSSConfig.init();
+ OpenSAMLUtil.initSamlEngine();
+ }
+
+ @org.junit.Test
+ public void testSuccessfulValidation() throws Exception {
+
+ Element responseElement = createResponse();
+ Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(responseElement);
+
+ Crypto issuerCrypto = new Merlin();
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ ClassLoader loader = Loader.getClassLoader(CombinedValidatorTest.class);
+ InputStream input = Merlin.loadInputStream(loader, "alice.jks");
+ keyStore.load(input, "password".toCharArray());
+ ((Merlin)issuerCrypto).setKeyStore(keyStore);
+
+ // Validate the Response
+ SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
+ validator.validateSamlResponse(
+ marshalledResponse, issuerCrypto, new KeystorePasswordCallback()
+ );
+
+ // Test SSO validation
+ SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator();
+ ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer");
+ ssoValidator.setAssertionConsumerURL("http://recipient.apache.org");
+ ssoValidator.setClientAddress("http://apache.org");
+ ssoValidator.setRequestId("12345");
+ ssoValidator.setSpIdentifier("http://service.apache.org");
+
+ // Parse the response
+ SSOValidatorResponse ssoResponse =
+ ssoValidator.validateSamlResponse(marshalledResponse, false);
+ SamlAssertionWrapper parsedAssertion =
+ new SamlAssertionWrapper(ssoResponse.getAssertionElement());
+
+ assertEquals("alice", parsedAssertion.getSubjectName());
+ }
+
+ @org.junit.Test
+ public void testWrappingAttack3() throws Exception {
+ Element responseElement = createResponse();
+
+ // Get Assertion Element
+ Element assertionElement =
+ (Element)responseElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "Assertion").item(0);
+ assertNotNull(assertionElement);
+
+ // Clone it, strip the Signature, modify the Subject, change Subj Conf
+ Element clonedAssertion = (Element)assertionElement.cloneNode(true);
+ clonedAssertion.setAttributeNS(null, "ID", "_12345623562");
+ Element sigElement =
+ (Element)clonedAssertion.getElementsByTagNameNS(WSConstants.SIG_NS, "Signature").item(0);
+ clonedAssertion.removeChild(sigElement);
+
+ Element subjElement =
+ (Element)clonedAssertion.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "Subject").item(0);
+ Element subjNameIdElement =
+ (Element)subjElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "NameID").item(0);
+ subjNameIdElement.setTextContent("bob");
+
+ Element subjConfElement =
+ (Element)subjElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "SubjectConfirmation").item(0);
+ subjConfElement.setAttributeNS(null, "Method", SAML2Constants.CONF_SENDER_VOUCHES);
+
+ // Now insert the modified cloned Assertion into the Response before actual assertion
+ responseElement.insertBefore(clonedAssertion, assertionElement);
+
+ // System.out.println(DOM2Writer.nodeToString(responseElement));
+
+ Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(responseElement);
+
+ Crypto issuerCrypto = new Merlin();
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ ClassLoader loader = Loader.getClassLoader(CombinedValidatorTest.class);
+ InputStream input = Merlin.loadInputStream(loader, "alice.jks");
+ keyStore.load(input, "password".toCharArray());
+ ((Merlin)issuerCrypto).setKeyStore(keyStore);
+
+ // Validate the Response
+ SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
+ validator.validateSamlResponse(
+ marshalledResponse, issuerCrypto, new KeystorePasswordCallback()
+ );
+
+ // Test SSO validation
+ SAMLSSOResponseValidator ssoValidator = new SAMLSSOResponseValidator();
+ ssoValidator.setIssuerIDP("http://cxf.apache.org/issuer");
+ ssoValidator.setAssertionConsumerURL("http://recipient.apache.org");
+ ssoValidator.setClientAddress("http://apache.org");
+ ssoValidator.setRequestId("12345");
+ ssoValidator.setSpIdentifier("http://service.apache.org");
+
+ // Parse the response
+ SSOValidatorResponse ssoResponse =
+ ssoValidator.validateSamlResponse(marshalledResponse, false);
+ SamlAssertionWrapper parsedAssertion =
+ new SamlAssertionWrapper(ssoResponse.getAssertionElement());
+
+ assertEquals("alice", parsedAssertion.getSubjectName());
+ }
+
+ private Element createResponse() throws Exception {
+ DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+ docBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
+ Document doc = docBuilder.newDocument();
+
+ Status status =
+ SAML2PResponseComponentBuilder.createStatus(
+ SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null
+ );
+ Response response =
+ SAML2PResponseComponentBuilder.createSAMLResponse(
+ "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status
+ );
+
+ // Create an AuthenticationAssertion
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("http://cxf.apache.org/issuer");
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ callbackHandler.setSubjectName("alice");
+
+ SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
+ subjectConfirmationData.setAddress("http://apache.org");
+ subjectConfirmationData.setInResponseTo("12345");
+ subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
+ subjectConfirmationData.setRecipient("http://recipient.apache.org");
+ callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
+
+ ConditionsBean conditions = new ConditionsBean();
+ conditions.setNotBefore(new DateTime());
+ conditions.setNotAfter(new DateTime().plusMinutes(5));
+
+ AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
+ audienceRestriction.setAudienceURIs(Collections.singletonList("http://service.apache.org"));
+ conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
+ callbackHandler.setConditions(conditions);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+
+ Crypto issuerCrypto = new Merlin();
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ ClassLoader loader = Loader.getClassLoader(CombinedValidatorTest.class);
+ InputStream input = Merlin.loadInputStream(loader, "alice.jks");
+ keyStore.load(input, "password".toCharArray());
+ ((Merlin)issuerCrypto).setKeyStore(keyStore);
+
+ assertion.signAssertion("alice", "password", issuerCrypto, false);
+
+ response.getAssertions().add(assertion.getSaml2());
+
+ Element policyElement = OpenSAMLUtil.toDom(response, doc);
+ doc.appendChild(policyElement);
+ assertNotNull(policyElement);
+
+ return policyElement;
+ }
+}
[4/4] cxf git commit: Fixing merge
Posted by co...@apache.org.
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5988f473
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5988f473
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5988f473
Branch: refs/heads/2.7.x-fixes
Commit: 5988f47316feb71692d98f372e7c4992fa0ca4af
Parents: fdaf2f3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jul 30 21:59:25 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jul 30 21:59:25 2015 +0100
----------------------------------------------------------------------
.../saml/sso/SAMLSSOResponseValidator.java | 11 +----
.../saml/sso/CombinedValidatorTest.java | 48 ++++++++++----------
2 files changed, 27 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/5988f473/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 65fe7b5..2d864a5 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -134,17 +134,10 @@ public class SAMLSSOResponseValidator {
SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
validatorResponse.setResponseId(samlResponse.getID());
validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
- // the assumption for now is that SAMLResponse will contain only a single assertion
-<<<<<<< HEAD
- Element assertionElement = samlResponse.getAssertions().get(0).getDOM();
- validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
-=======
+
Element assertionElement = validAssertion.getDOM();
- Element clonedAssertionElement = (Element)assertionElement.cloneNode(true);
- validatorResponse.setAssertionElement(clonedAssertionElement);
- validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
+ validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
->>>>>>> 1c2a530... Adding SAML SSO tests.
return validatorResponse;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5988f473/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
index 5893af8..7b9a9c1 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -20,6 +20,7 @@
package org.apache.cxf.rs.security.saml.sso;
import java.io.InputStream;
+import java.io.StringReader;
import java.security.KeyStore;
import java.util.Collections;
@@ -28,20 +29,19 @@ import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.Merlin;
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
-import org.apache.wss4j.common.saml.bean.ConditionsBean;
-import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.apache.wss4j.common.util.Loader;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.Merlin;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.saml.ext.bean.AudienceRestrictionBean;
+import org.apache.ws.security.saml.ext.bean.ConditionsBean;
+import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.ws.security.util.Loader;
import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Response;
@@ -87,10 +87,11 @@ public class CombinedValidatorTest extends org.junit.Assert {
// Parse the response
SSOValidatorResponse ssoResponse =
ssoValidator.validateSamlResponse(marshalledResponse, false);
- SamlAssertionWrapper parsedAssertion =
- new SamlAssertionWrapper(ssoResponse.getAssertionElement());
+ Document assertionDoc = StaxUtils.read(new StringReader(ssoResponse.getAssertion()));
+ AssertionWrapper parsedAssertion =
+ new AssertionWrapper(assertionDoc.getDocumentElement());
- assertEquals("alice", parsedAssertion.getSubjectName());
+ assertEquals("alice", parsedAssertion.getSaml2().getSubject().getNameID().getValue());
}
@org.junit.Test
@@ -150,10 +151,11 @@ public class CombinedValidatorTest extends org.junit.Assert {
// Parse the response
SSOValidatorResponse ssoResponse =
ssoValidator.validateSamlResponse(marshalledResponse, false);
- SamlAssertionWrapper parsedAssertion =
- new SamlAssertionWrapper(ssoResponse.getAssertionElement());
+ Document assertionDoc = StaxUtils.read(new StringReader(ssoResponse.getAssertion()));
+ AssertionWrapper parsedAssertion =
+ new AssertionWrapper(assertionDoc.getDocumentElement());
- assertEquals("alice", parsedAssertion.getSubjectName());
+ assertEquals("alice", parsedAssertion.getSaml2().getSubject().getNameID().getValue());
}
private Element createResponse() throws Exception {
@@ -194,9 +196,9 @@ public class CombinedValidatorTest extends org.junit.Assert {
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(conditions);
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
Crypto issuerCrypto = new Merlin();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
[3/4] cxf git commit: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
Recording .gitmergeinfo Changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fdaf2f35
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fdaf2f35
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fdaf2f35
Branch: refs/heads/2.7.x-fixes
Commit: fdaf2f358924571c4b56227db16eef202c8f3b0d
Parents: e3e52bb
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jul 30 18:02:52 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jul 30 18:02:52 2015 +0100
----------------------------------------------------------------------
.gitmergeinfo | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/fdaf2f35/.gitmergeinfo
----------------------------------------------------------------------
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 2d5197a..1f5fa4d 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -1780,6 +1780,7 @@ B cc0ba3f09068df3397adf5f7c55362bdffb96174
B cc5172ceaffb018e3852c9ae3d9e3487cb65d80e
B cc5a0385b83abf493446948267f2d1945bb4ee5c
B cc674df55d596c8774d732ff537e490a159abfe5
+B cca2a91ebce431822b78515460acc4a7b41a830f
B ccb5aadd38ca375fb66086f5909f05f35dcdc18c
B ccd9bdfa3ba91a53fece97f683555e2235c46799
B cd058a9772ad8148cd4f67782f7692d9b4770b63
@@ -2322,6 +2323,7 @@ M 1ab9f70d4112432482f7030ea43b3870d524bd0d
M 1b3101542c14b6c761a83d39547d79fa732e9603
M 1bec032480a2dbe6c2ba7b6c4c8d2b99d1fad257
M 1c218c8f21311db0c9e77ca401ddbe339f18dc06
+M 1c2a53080004d6ce275f2e70f46a0098d4140787
M 1c8cbd98259ac6a6d45e2ba58945d100bffa8d83
M 1c96e19bdc570947b18b343f143c6a85a27c0acb
M 1cb8ea77bd878b694dbb739d2e08bcbe3e8c62df
[2/4] cxf git commit: Fixing merge
Posted by co...@apache.org.
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e3e52bbb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e3e52bbb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e3e52bbb
Branch: refs/heads/2.7.x-fixes
Commit: e3e52bbba527c534928efa3c91ee91635ce7d187
Parents: 02245c6
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jul 30 18:02:00 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jul 30 18:02:52 2015 +0100
----------------------------------------------------------------------
.../cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java | 2 +-
.../apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e3e52bbb/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 776a75e..65fe7b5 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -92,7 +92,7 @@ public class SAMLSSOResponseValidator {
}
// Validate Assertions
- org.opensaml.saml.saml2.core.Assertion validAssertion = null;
+ org.opensaml.saml2.core.Assertion validAssertion = null;
Date sessionNotOnOrAfter = null;
for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
// Check the Issuer
http://git-wip-us.apache.org/repos/asf/cxf/blob/e3e52bbb/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
index 53aed3e..5893af8 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -43,9 +43,9 @@ import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.joda.time.DateTime;
-import org.opensaml.saml.common.xml.SAMLConstants;
-import org.opensaml.saml.saml2.core.Response;
-import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Status;
/**
* Some unit tests for the SAMLProtocolResponseValidator and the SAMLSSOResponseValidator