You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/09 18:56:31 UTC
[1/4] cxf-fediz git commit: Removing some unnecessary stuff from the
IdP config files
Repository: cxf-fediz
Updated Branches:
refs/heads/master 54adad652 -> be7868b69
Removing some unnecessary stuff from the IdP config files
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7fa6e4ea
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7fa6e4ea
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7fa6e4ea
Branch: refs/heads/master
Commit: 7fa6e4ea596ef7085649ad11374fc8a91367ae88
Parents: 54adad6
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 9 17:17:53 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 9 17:17:53 2016 +0000
----------------------------------------------------------------------
services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml | 2 +-
services/idp/src/main/webapp/WEB-INF/idp-servlet.xml | 1 -
services/idp/src/main/webapp/WEB-INF/security-config.xml | 3 ---
3 files changed, 1 insertion(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7fa6e4ea/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml b/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
index 1bba46e..8a8760a 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
@@ -28,7 +28,7 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/mvc
- http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
+ http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/webflow-config
http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7fa6e4ea/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml b/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
index eebda37..e7c24ee 100644
--- a/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
+++ b/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
@@ -19,7 +19,6 @@
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:webflow="http://www.springframework.org/schema/webflow-config"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7fa6e4ea/services/idp/src/main/webapp/WEB-INF/security-config.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/security-config.xml b/services/idp/src/main/webapp/WEB-INF/security-config.xml
index b25b903..e51f906 100644
--- a/services/idp/src/main/webapp/WEB-INF/security-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/security-config.xml
@@ -21,7 +21,6 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
@@ -29,8 +28,6 @@
http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
">
<context:property-placeholder location="classpath:realm.properties" />
[2/4] cxf-fediz git commit: More refactoring of the spring webflow
signin flow
Posted by co...@apache.org.
More refactoring of the spring webflow signin flow
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/25471cfc
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/25471cfc
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/25471cfc
Branch: refs/heads/master
Commit: 25471cfcd40237f528dd948b8067fda89360d9bf
Parents: 7fa6e4e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 9 18:02:33 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 9 18:02:33 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/idp/IdpConstants.java | 18 +++++----
.../idp/beans/SigninParametersCacheAction.java | 40 ++++++++++----------
.../WEB-INF/flows/federation-signin-request.xml | 27 ++++++-------
.../flows/federation-validate-request.xml | 4 +-
.../WEB-INF/flows/saml-signin-request.xml | 32 ++++++----------
.../WEB-INF/flows/saml-validate-request.xml | 3 ++
6 files changed, 58 insertions(+), 66 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25471cfc/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
index 9a9d70f..bcc5b6f 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
@@ -22,29 +22,33 @@ package org.apache.cxf.fediz.service.idp;
public final class IdpConstants {
public static final String IDP_CONFIG = "idpConfig";
-
+
/**
* A key used to store context/state when communicating with a trusted third party IdP.
*/
public static final String TRUSTED_IDP_CONTEXT = "trusted_idp_context";
-
+
/**
* A key used to store the home realm for the given request.
*/
public static final String HOME_REALM = "home_realm";
-
+
/**
* The SAML Authn Request
*/
public static final String SAML_AUTHN_REQUEST = "saml_authn_request";
-
+
/**
* A Context variable associated with the request (independent of protocol)
*/
public static final String CONTEXT = "request_context";
-
-
-
+
+ /**
+ * A key used to store the return address for the given request
+ */
+ public static final String RETURN_ADDRESS = "return_address";
+
+
private IdpConstants() {
// complete
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25471cfc/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index 42c8873..5451508 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -45,14 +45,14 @@ public class SigninParametersCacheAction {
public void store(RequestContext context, String protocol) {
Map<String, Object> signinParams = new HashMap<>();
String uuidKey = UUID.randomUUID().toString();
-
+
Object value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
if (value != null) {
signinParams.put(IdpConstants.HOME_REALM, value);
}
-
+
if ("wsfed".equals(protocol)) {
- value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
+ value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.RETURN_ADDRESS);
if (value != null) {
signinParams.put(FederationConstants.PARAM_REPLY, value);
}
@@ -75,29 +75,29 @@ public class SigninParametersCacheAction {
signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value);
}
}
-
+
WebUtils.putAttributeInExternalContext(context, uuidKey, signinParams);
-
+
LOG.debug("SignIn parameters cached: {}", signinParams.toString());
WebUtils.putAttributeInFlowScope(context, IdpConstants.TRUSTED_IDP_CONTEXT, uuidKey);
LOG.info("SignIn parameters cached and context set to [" + uuidKey + "].");
}
-
+
public void restore(RequestContext context, String contextKey, String protocol) {
-
+
if (contextKey != null) {
@SuppressWarnings("unchecked")
Map<String, Object> signinParams =
(Map<String, Object>)WebUtils.getAttributeFromExternalContext(context, contextKey);
-
+
if (signinParams != null) {
LOG.debug("SignIn parameters restored: {}", signinParams.toString());
-
+
String value = (String)signinParams.get(IdpConstants.HOME_REALM);
if (value != null) {
WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
}
-
+
if ("wsfed".equals(protocol)) {
value = (String)signinParams.get(FederationConstants.PARAM_REPLY);
if (value != null) {
@@ -107,33 +107,33 @@ public class SigninParametersCacheAction {
if (value != null) {
WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM, value);
}
-
+
WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
- LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT + "["
+ LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT + "["
+ contextKey + "] cleared.");
-
+
value = (String)signinParams.get(FederationConstants.PARAM_CONTEXT);
if (value != null) {
WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, value);
}
} else if ("samlsso".equals(protocol)) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null) {
WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
}
-
+
// TODO
value = (String)signinParams.get("RelayState");
if (value != null) {
WebUtils.putAttributeInFlowScope(context, "RelayState", value);
}
}
-
+
} else {
LOG.debug("Error in restoring security context");
}
-
+
WebUtils.removeAttributeFromFlowScope(context, contextKey);
} else {
LOG.debug("Error in restoring security context");
@@ -146,15 +146,15 @@ public class SigninParametersCacheAction {
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, IdpConstants.IDP_CONFIG);
if (wtrealm == null || idpConfig == null) {
return;
- }
-
+ }
+
Application serviceConfig = idpConfig.findApplication(wtrealm);
if (serviceConfig != null) {
if (serviceConfig.getPassiveRequestorEndpoint() == null) {
String url = guessPassiveRequestorURL(context, wtrealm);
serviceConfig.setPassiveRequestorEndpoint(url);
}
-
+
@SuppressWarnings("unchecked")
Map<String, Application> realmConfigMap =
(Map<String, Application>)WebUtils
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25471cfc/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index 8c908c7..785d6a8 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -25,12 +25,12 @@
<input name="idpConfig" />
<input name="wtrealm" />
- <input name="wreply" />
<input name="wctx" />
<input name="wfresh" />
<input name="wauth" />
<input name="home_realm" />
<input name="protocol" />
+ <input name="return_address" />
<!-- ===== Home Realm Discovery ===== -->
@@ -77,19 +77,17 @@
<!-- Home Realm is known then we can store it in cookie -->
<decision-state id="checkIsThisIDP">
<if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
- then="checkWauthTypeSupported" else="checkIdpTokenHomeRealm" />
+ then="checkWauthTypeSupported" else="checkRemoteIdpToken" />
</decision-state>
- <!-- ============================================================================================================= -->
+ <!-- ===== Home Realm != this realm ===== -->
- <!-- Is 'wresult/RP-IDP token' already received and validated (then stored
- in session) from requestor IDP ? -->
- <decision-state id="checkIdpTokenHomeRealm">
+ <decision-state id="checkRemoteIdpToken">
<if test="externalContext.sessionMap[flowScope.home_realm] != null"
- then="wfreshParserRemoteAction" else="redirectToTrustedIDP" />
+ then="checkRemoteIdpTokenExpiry" else="redirectToTrustedIDP" />
</decision-state>
- <action-state id="wfreshParserRemoteAction">
+ <action-state id="checkRemoteIdpTokenExpiry">
<evaluate
expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)" />
@@ -101,13 +99,13 @@
</action-state>
<action-state id="validateReturnAddress">
- <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)
- and passiveRequestorValidator.isValid(flowRequestContext, flowScope.wreply, flowScope.wtrealm)"/>
+ <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
+ and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address, flowScope.wtrealm)"/>
<transition on="yes" to="requestRpToken" />
<transition on="no" to="viewBadRequest" />
</action-state>
- <!-- ============================================================================================================= -->
+ <!-- ===== Home Realm == this realm ===== -->
<decision-state id="checkWauthTypeSupported">
<on-entry>
@@ -124,12 +122,10 @@
<decision-state id="checkIdpTokenWauth">
<!-- check presence of cached IDP token for THIS realm -->
<if test="externalContext.sessionMap[flowScope.home_realm] == null"
- then="cacheSecurityToken" else="wfreshParserAction" />
+ then="cacheSecurityToken" else="checkLocalIdPTokenExpiry" />
</decision-state>
- <!-- parse wfresh parameter, provided by resource RP, overriding ttl
- from 'IDP_TOKEN' -->
- <action-state id="wfreshParserAction">
+ <action-state id="checkLocalIdPTokenExpiry">
<evaluate
expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)" />
@@ -161,7 +157,6 @@
<!-- normal exit point -->
<end-state id="requestRpToken">
<output name="home_realm" value="flowScope.home_realm" />
- <output name="wctx" value="flowScope.wctx" />
<output name="idpToken" value="flowScope.idpToken" />
</end-state>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25471cfc/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index e42c7ee..1b0e3c2 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -94,21 +94,19 @@
<subflow-state id="signinRequest" subflow="signinRequest">
<input name="idpConfig" value="flowScope.idpConfig" />
<input name="wtrealm" value="flowScope.wtrealm" />
- <input name="wreply" value="flowScope.wreply" />
<input name="wctx" value="flowScope.wctx" />
<input name="wfresh" value="flowScope.wfresh" />
<input name="wauth" value="flowScope.wauth" />
<input name="home_realm" value="flowScope.whr" />
<input name="protocol" value="'wsfed'" />
+ <input name="return_address" value="flowScope.wreply" />
<output name="home_realm" />
- <output name="wctx" />
<output name="idpToken" />
<output name="trusted_idp_context" />
<transition on="requestRpToken" to="requestRpToken">
<set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
<set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
</transition>
<transition on="viewBadRequest" to="viewBadRequest" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25471cfc/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index f167198..d0f010c 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -28,6 +28,7 @@
<input name="protocol" />
<input name="saml_authn_request" />
<input name="home_realm" />
+ <input name="return_address" />
<!-- ===== Home Realm Discovery ===== -->
@@ -74,19 +75,17 @@
<!-- Home Realm is known then we can store it in cookie -->
<decision-state id="checkIsThisIDP">
<if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
- then="homeRealmSignInEntryPoint" else="checkIdpTokenHomeRealm" />
+ then="homeRealmSignInEntryPoint" else="checkRemoteIdpToken" />
</decision-state>
- <!-- ============================================================================================================= -->
+ <!-- ===== Home Realm != this realm ===== -->
- <!-- Is 'wresult/RP-IDP token' already received and validated (then stored
- in session) from requestor IDP ? -->
- <decision-state id="checkIdpTokenHomeRealm">
+ <decision-state id="checkRemoteIdpToken">
<if test="externalContext.sessionMap[flowScope.home_realm] != null"
- then="wfreshParserRemoteAction" else="redirectToTrustedIDP" />
+ then="checkRemoteIdpTokenExpiry" else="redirectToTrustedIDP" />
</decision-state>
- <action-state id="wfreshParserRemoteAction">
+ <action-state id="checkRemoteIdpTokenExpiry">
<evaluate
expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext)
or authnRequestParser.isForceAuthentication(flowRequestContext)" />
@@ -98,17 +97,13 @@
</action-state>
<action-state id="validateReturnAddress">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="flowScope.consumerURL"/>
- </on-entry>
- <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.consumerURL)
- and passiveRequestorValidator.isValid(flowRequestContext, flowScope.consumerURL, flowScope.realm)"/>
+ <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
+ and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address, flowScope.realm)"/>
<transition on="yes" to="requestRpToken" />
<transition on="no" to="viewBadRequest" />
</action-state>
- <!-- ============================================================================================================= -->
+ <!-- ===== Home Realm == this realm ===== -->
<decision-state id="homeRealmSignInEntryPoint">
<on-entry>
@@ -119,10 +114,10 @@
then="viewBadRequest" />
<!-- check presence of cached IDP token for THIS realm -->
<if test="externalContext.sessionMap[flowScope.home_realm] == null"
- then="cacheSecurityToken" else="checkTokenExpiry" />
+ then="cacheSecurityToken" else="checkLocalIdPTokenExpiry" />
</decision-state>
- <action-state id="checkTokenExpiry">
+ <action-state id="checkLocalIdPTokenExpiry">
<evaluate
expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext)
or authnRequestParser.isForceAuthentication(flowRequestContext)" />
@@ -130,7 +125,7 @@
<transition on="no" to="validateEndpointAddress">
<set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
</transition>
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
+ <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
</action-state>
<end-state id="redirectToLocalIDP">
@@ -171,9 +166,6 @@
<!-- abnormal exit point -->
<end-state id="viewBadRequest" />
- <!-- abnormal exit point -->
- <end-state id="scInternalServerError" />
-
<!-- redirects to requestor idp -->
<end-state id="redirectToTrustedIDP">
<on-entry>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25471cfc/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index 4a430d7..32de331 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -78,6 +78,8 @@
<evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig,
flowScope.SAMLRequest, flowScope.Signature,
flowScope.RelayState)" />
+ <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
+ result="flowScope.consumerURL"/>
<transition to="signinSAMLRequest"/>
<transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
</action-state>
@@ -90,6 +92,7 @@
<input name="protocol" value="'samlsso'" />
<input name="saml_authn_request" value="flowScope.saml_authn_request" />
<input name="home_realm" value="null" />
+ <input name="return_address" value="flowScope.consumerURL" />
<output name="home_realm" />
<output name="idpToken" />
[4/4] cxf-fediz git commit: Fixing previous commits
Posted by co...@apache.org.
Fixing previous commits
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/be7868b6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/be7868b6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/be7868b6
Branch: refs/heads/master
Commit: be7868b69f8301797995df7288002720c2340768
Parents: eca606d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 9 18:56:19 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 9 18:56:19 2016 +0000
----------------------------------------------------------------------
.../src/main/webapp/WEB-INF/flows/saml-validate-request.xml | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be7868b6/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index 32de331..9d4288b 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -63,7 +63,7 @@
</decision-state>
<decision-state id="selectOIDCAuthorizationCodeFlowProcess">
- <on-entry>
+ <on-entry>
<set name="flowScope.state" value="requestParameters.state" />
<set name="flowScope.request_context" value="requestParameters.state" />
<set name="flowScope.code" value="requestParameters.code" />
@@ -78,6 +78,11 @@
<evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig,
flowScope.SAMLRequest, flowScope.Signature,
flowScope.RelayState)" />
+ <transition to="retrieveConsumerURL"/>
+ <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
+ </action-state>
+
+ <action-state id="retrieveConsumerURL">
<evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
result="flowScope.consumerURL"/>
<transition to="signinSAMLRequest"/>
[3/4] cxf-fediz git commit: Minor fix
Posted by co...@apache.org.
Minor fix
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/eca606d5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/eca606d5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/eca606d5
Branch: refs/heads/master
Commit: eca606d51b97382234c2753c0510acf923917124
Parents: 25471cf
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 9 18:04:40 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 9 18:04:40 2016 +0000
----------------------------------------------------------------------
.../idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/eca606d5/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index d0f010c..2ca686c 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -145,12 +145,10 @@
<action-state id="validateEndpointAddress">
<on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="flowScope.consumerURL"/>
<evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)"
result="flowScope.realm"/>
</on-entry>
- <evaluate expression="passiveRequestorValidator.isValid(flowRequestContext, flowScope.consumerURL, flowScope.realm)"/>
+ <evaluate expression="passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address, flowScope.realm)"/>
<transition on="yes" to="requestRpToken" />
<transition on="no" to="viewBadRequest" />
</action-state>