You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/08 17:03:11 UTC
[2/4] cxf-fediz git commit: More flow refactoring
More flow refactoring
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/775b209c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/775b209c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/775b209c
Branch: refs/heads/master
Commit: 775b209c05df1996427a1c450e9fb6c393982e87
Parents: 9fdf81d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 8 15:16:29 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 8 15:16:29 2016 +0000
----------------------------------------------------------------------
.../webapp/WEB-INF/flows/federation-signin-request.xml | 10 +++++++---
.../main/webapp/WEB-INF/flows/saml-signin-request.xml | 11 +++++++----
.../main/webapp/WEB-INF/flows/saml-validate-request.xml | 1 +
3 files changed, 15 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/775b209c/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index d62c115..6051182 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -31,6 +31,8 @@
<input name="wauth" />
<input name="home_realm" />
<input name="protocol" />
+
+ <!-- ===== Home Realm Discovery ===== -->
<decision-state id="processHRDSExpression">
<on-entry>
@@ -75,14 +77,14 @@
<!-- Home Realm is known then we can store it in cookie -->
<decision-state id="checkIsThisIDP">
<if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
- then="checkWauthTypeSupported" else="checkIdpTokenWhrWauth" />
+ then="checkWauthTypeSupported" else="checkIdpTokenHomeRealm" />
</decision-state>
<!-- ============================================================================================================= -->
<!-- Is 'wresult/RP-IDP token' already received and validated (then stored
in session) from requestor IDP ? -->
- <decision-state id="checkIdpTokenWhrWauth">
+ <decision-state id="checkIdpTokenHomeRealm">
<if test="externalContext.sessionMap[flowScope.home_realm] != null"
then="wfreshParserRemoteAction" else="redirectToTrustedIDP" />
</decision-state>
@@ -104,7 +106,9 @@
<transition on="yes" to="requestRpToken" />
<transition on="no" to="viewBadRequest" />
</action-state>
-
+
+ <!-- ============================================================================================================= -->
+
<decision-state id="checkWauthTypeSupported">
<on-entry>
<!-- Here, home realm is guaranteed to be THIS realm -->
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/775b209c/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index 0198ae0..59ea18b 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -27,10 +27,13 @@
<input name="RelayState" />
<input name="protocol" />
<input name="saml_authn_request" />
+ <input name="home_realm" />
+
+ <!-- ===== Home Realm Discovery ===== -->
<decision-state id="processHRDSExpression">
<on-entry>
- <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, null)"
+ <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, flowScope.home_realm)"
result="flowScope.home_realm" />
</on-entry>
<if test="flowScope.home_realm == null or flowScope.home_realm.trim().isEmpty()"
@@ -71,14 +74,14 @@
<!-- Home Realm is known then we can store it in cookie -->
<decision-state id="checkIsThisIDP">
<if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
- then="homeRealmSignInEntryPoint" else="checkIdpTokenWhrWauth" />
+ then="homeRealmSignInEntryPoint" else="checkIdpTokenHomeRealm" />
</decision-state>
<!-- ============================================================================================================= -->
<!-- Is 'wresult/RP-IDP token' already received and validated (then stored
in session) from requestor IDP ? -->
- <decision-state id="checkIdpTokenWhrWauth">
+ <decision-state id="checkIdpTokenHomeRealm">
<if test="externalContext.sessionMap[flowScope.home_realm] != null"
then="wfreshParserRemoteAction" else="redirectToTrustedIDP" />
</decision-state>
@@ -109,7 +112,7 @@
<set name="flowScope.home_realm" value="flowScope.idpConfig.realm" />
</on-entry>
<if test="flowScope.idpConfig.getAuthenticationURIs() == null"
- then="scInternalServerError" />
+ then="viewBadRequest" />
<!-- check presence of cached IDP token for THIS realm -->
<if test="externalContext.sessionMap[flowScope.home_realm] == null"
then="cacheSecurityToken" else="checkTokenExpiry" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/775b209c/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index 7aeb494..4a430d7 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -89,6 +89,7 @@
<input name="Signature" value="flowScope.Signature" />
<input name="protocol" value="'samlsso'" />
<input name="saml_authn_request" value="flowScope.saml_authn_request" />
+ <input name="home_realm" value="null" />
<output name="home_realm" />
<output name="idpToken" />