cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [03/11] git commit: updated refs/heads/saml-production-grade to 89a290f
Date Fri, 29 May 2015 13:43:55 GMT
CLOUDSTACK-8459: Authn requests must use either HTTP POST/Artifact binding

As per SAML v2.0 spec section 4.1.2, the SP provider should create authn requests using
either HTTP POST or HTTP Artifact binding to transfer the message through a
user agent (browser in our case). The use of HTTP Redirect was one of the reasons
why this plugin failed to work for some IdP servers that enforce this.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bea84a77
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bea84a77
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bea84a77

Branch: refs/heads/saml-production-grade
Commit: bea84a774dc690d30132eb57b3d0a1ebcb2f0743
Parents: 389213e
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Fri May 29 15:32:09 2015 +0200
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Fri May 29 15:43:33 2015 +0200

----------------------------------------------------------------------
 .../org/apache/cloudstack/utils/auth/SAMLUtils.java  | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bea84a77/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index a6d2d34..7641cb0 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -35,8 +35,6 @@ import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.LogoutRequest;
 import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.SessionIndex;
@@ -45,7 +43,6 @@ import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
 import org.opensaml.saml2.core.impl.IssuerBuilder;
 import org.opensaml.saml2.core.impl.LogoutRequestBuilder;
 import org.opensaml.saml2.core.impl.NameIDBuilder;
-import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
 import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
 import org.opensaml.saml2.core.impl.SessionIndexBuilder;
 import org.opensaml.xml.ConfigurationException;
@@ -130,13 +127,6 @@ public class SAMLUtils {
         Issuer issuer = issuerBuilder.buildObject();
         issuer.setValue(spId);
 
-        // NameIDPolicy
-        NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
-        NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
-        nameIdPolicy.setFormat(NameIDType.PERSISTENT);
-        nameIdPolicy.setSPNameQualifier(spId);
-        nameIdPolicy.setAllowCreate(true);
-
         // AuthnContextClass
         AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
         AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(
@@ -160,12 +150,11 @@ public class SAMLUtils {
         authnRequest.setVersion(SAMLVersion.VERSION_20);
         authnRequest.setForceAuthn(false);
         authnRequest.setIsPassive(false);
-        authnRequest.setIssuer(issuer);
         authnRequest.setIssueInstant(new DateTime());
-        authnRequest.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+        authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
         authnRequest.setAssertionConsumerServiceURL(consumerUrl);
         authnRequest.setProviderName(spId);
-        authnRequest.setNameIDPolicy(nameIdPolicy);
+        authnRequest.setIssuer(issuer);
         authnRequest.setRequestedAuthnContext(requestedAuthnContext);
 
         return authnRequest;


Mime
View raw message