cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf-fediz git commit: More SAML SSO changes
Date Wed, 18 Mar 2015 17:19:26 GMT
More SAML SSO changes


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/9fa14d00
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/9fa14d00
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/9fa14d00

Branch: refs/heads/master
Commit: 9fa14d0059ba8a1fe4520f40a742bd9452c113df
Parents: bd7dc9f
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Mar 18 16:51:31 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Mar 18 16:51:31 2015 +0000

----------------------------------------------------------------------
 .../TrustedIdpSAMLProtocolHandler.java          | 31 ++++++++++----------
 1 file changed, 16 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9fa14d00/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 4163b20..9cb089d 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -34,6 +34,7 @@ import java.security.cert.X509Certificate;
 import java.util.zip.DataFormatException;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.UriBuilder;
 
@@ -136,9 +137,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
             String authnRequestId = authnRequest.getID();
             WebUtils.putAttributeInExternalContext(context, SAML_SSO_REQUEST_ID, authnRequestId);
 
-            // TODO How to set headers here?
-            // .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
-            // .header("Pragma", "no-cache") 
+            HttpServletResponse response = WebUtils.getHttpServletResponse(context);
+            response.addHeader("Cache-Control", "no-cache, no-store");
+            response.addHeader("Pragma", "no-cache");
+
             return ub.build().toURL();
         } catch (MalformedURLException ex) {
             LOG.error("Invalid Redirect URL for Trusted Idp", ex);
@@ -157,10 +159,6 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
     public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
 
         try {
-            //String relayState = (String) WebUtils.getAttributeFromFlowScope(context,
-            //                                                                SSOConstants.RELAY_STATE);
-            // TODO Validate RelayState
-
             String encodedSAMLResponse = (String) WebUtils.getAttributeFromFlowScope(context,

                                                                                      SSOConstants.SAML_RESPONSE);
             
@@ -180,14 +178,17 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
                 new SecurityToken(id, validatorResponse.getCreated(), validatorResponse.getSessionNotOnOrAfter());
 
             idpToken.setToken(validatorResponse.getAssertionElement());
-            // LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued by
home realm [{}/{}]",
-            //         id, wfResp.getUsername(), wfResp.getUniqueTokenId(), whr, wfResp.getIssuer());
-            //.debug("Created date={}", wfResp.getTokenCreated());
-            //LOG.debug("Expired date={}", wfResp.getTokenExpires());
-            //if (LOG.isDebugEnabled()) {
-            //    LOG.debug("Validated 'wresult' : "
-            //        + System.getProperty("line.separator") + wresult);
-            //}
+            
+            String whr = (String) WebUtils.getAttributeFromFlowScope(context,
+                                                                     FederationConstants.PARAM_HOME_REALM);
+            LOG.info("[IDP_TOKEN={}] created from [RP_TOKEN={}] issued by home realm [{}]",
+                     id, validatorResponse.getResponseId(), whr);
+            LOG.debug("Created date={}", validatorResponse.getCreated());
+            LOG.debug("Expired date={}", validatorResponse.getSessionNotOnOrAfter());
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Validated: "
+                    + System.getProperty("line.separator") + validatorResponse.getAssertion());
+            }
             return idpToken;
         } catch (IllegalStateException ex) {
             throw ex;


Mime
View raw message