You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/05/29 18:15:29 UTC

svn commit: r1343810 - in /cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso: SamlRedirectBindingFilter.java state/RequestState.java state/ResponseState.java

Author: coheigea
Date: Tue May 29 16:15:28 2012
New Revision: 1343810

URL: http://svn.apache.org/viewvc?rev=1343810&view=rev
Log:
Fixed signature creation for the redirect binding of Web SSO

Modified:
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java?rev=1343810&r1=1343809&r2=1343810&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java Tue May 29 16:15:28 2012
@@ -59,7 +59,7 @@ public class SamlRedirectBindingFilter e
                 ub.queryParam(SSOConstants.SAML_REQUEST, urlEncodedRequest);
                 ub.queryParam(SSOConstants.RELAY_STATE, info.getRelayState());
                 if (isSignRequest()) {
-                    signRequest(ub);
+                    signRequest(urlEncodedRequest, info.getRelayState(), ub);
                 }
                 
                 String contextCookie = createCookie(SSOConstants.RELAY_STATE,
@@ -95,7 +95,11 @@ public class SamlRedirectBindingFilter e
     /**
      * Sign a request according to the redirect binding spec for Web SSO
      */
-    private void signRequest(UriBuilder ub) throws Exception {
+    private void signRequest(
+        String authnRequest,
+        String relayState,
+        UriBuilder ub
+    ) throws Exception {
         Crypto crypto = getSignatureCrypto();
         if (crypto == null) {
             LOG.fine("No crypto instance of properties file configured for signature");
@@ -148,7 +152,13 @@ public class SamlRedirectBindingFilter e
         // Sign the request
         Signature signature = Signature.getInstance(jceSigAlgo);
         signature.initSign(privateKey);
-        signature.update(ub.toString().getBytes("UTF-8"));
+       
+        String requestToSign = 
+            SSOConstants.SAML_REQUEST + "=" + authnRequest + "&"
+            + SSOConstants.RELAY_STATE + "=" + relayState + "&"
+            + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, "UTF-8");
+
+        signature.update(requestToSign.getBytes("UTF-8"));
         byte[] signBytes = signature.sign();
         
         String encodedSignature = Base64.encode(signBytes);

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java?rev=1343810&r1=1343809&r2=1343810&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java Tue May 29 16:15:28 2012
@@ -18,8 +18,15 @@
  */
 package org.apache.cxf.rs.security.saml.sso.state;
 
-public class RequestState {
+import java.io.Serializable;
 
+public class RequestState implements Serializable {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 869323136115571943L;
+    
     private String targetAddress;
     private String idpServiceAddress;
     private String samlRequestId;

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java?rev=1343810&r1=1343809&r2=1343810&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java Tue May 29 16:15:28 2012
@@ -18,9 +18,16 @@
  */
 package org.apache.cxf.rs.security.saml.sso.state;
 
+import java.io.Serializable;
 
-public class ResponseState {
 
+public class ResponseState implements Serializable {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -3247188797004342462L;
+    
     private String assertion;
     private String relayState;
     private String webAppContext;