cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1344724 - /cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
Date Thu, 31 May 2012 13:50:04 GMT
Author: coheigea
Date: Thu May 31 13:50:03 2012
New Revision: 1344724

URL: http://svn.apache.org/viewvc?rev=1344724&view=rev
Log:
Check that the received Issuer for SAML Web SSO is a prefix of the configured IDP rather than
match the Strings directly

Modified:
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java?rev=1344724&r1=1344723&r2=1344724&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
Thu May 31 13:50:03 2012
@@ -141,8 +141,8 @@ public class SAMLSSOResponseValidator {
             return;
         }
         
-        // Issuer value must match Issuer IDP
-        if (!issuer.getValue().equals(issuerIDP)) {
+        // Issuer value must match (be contained in) Issuer IDP
+        if (!issuerIDP.startsWith(issuer.getValue())) {
             LOG.fine("Issuer value: " + issuer.getValue() + " does not match issuer IDP:
" 
                 + issuerIDP);
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");



Mime
View raw message