cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: Updating SAML SSO validators
Date Mon, 21 Dec 2015 16:29:39 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 983cd4066 -> e8da76141


Updating SAML SSO validators


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/fcb03c9f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/fcb03c9f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/fcb03c9f

Branch: refs/heads/master
Commit: fcb03c9f3d0145dd73869f2078625b9043a746f3
Parents: 983cd40
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Dec 21 16:19:28 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Dec 21 16:19:28 2015 +0000

----------------------------------------------------------------------
 .../fediz/core/samlsso/SAMLSSOResponseValidator.java | 15 +++++++++------
 .../cxf/fediz/core/samlsso/SSOValidatorResponse.java | 11 +++++++++++
 2 files changed, 20 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fcb03c9f/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
index 7313406..f3030e5 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
@@ -93,7 +93,7 @@ public class SAMLSSOResponseValidator {
         }
         
         // Validate Assertions
-        boolean foundValidSubject = false;
+        org.opensaml.saml.saml2.core.Assertion validAssertion = null;
         Date sessionNotOnOrAfter = null;
         for (org.opensaml.saml.saml2.core.Assertion assertion : samlResponse.getAssertions())
{
             // Check the Issuer
@@ -115,7 +115,7 @@ public class SAMLSSOResponseValidator {
                 org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
                 if (validateAuthenticationSubject(subject, assertion.getID(), postBinding))
{
                     validateAudienceRestrictionCondition(assertion.getConditions());
-                    foundValidSubject = true;
+                    validAssertion = assertion;
                     // Store Session NotOnOrAfter
                     for (AuthnStatement authnStatment : assertion.getAuthnStatements()) {
                         if (authnStatment.getSessionNotOnOrAfter() != null) {
@@ -127,7 +127,7 @@ public class SAMLSSOResponseValidator {
             
         }
         
-        if (!foundValidSubject) {
+        if (validAssertion == null) {
             LOG.debug("The Response did not contain any Authentication Statement that matched
"
                      + "the Subject Confirmation criteria");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
@@ -136,9 +136,12 @@ public class SAMLSSOResponseValidator {
         SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
         validatorResponse.setResponseId(samlResponse.getID());
         validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
-        // the assumption for now is that SAMLResponse will contain only a single assertion
-        Element assertionElement = samlResponse.getAssertions().get(0).getDOM();
-        validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
+        
+        Element assertionElement = validAssertion.getDOM();
+        Element clonedAssertionElement = (Element)assertionElement.cloneNode(true);
+        validatorResponse.setAssertionElement(clonedAssertionElement);
+        validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
+        
         return validatorResponse;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fcb03c9f/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
index 13bd839..61e748d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
@@ -20,6 +20,8 @@ package org.apache.cxf.fediz.core.samlsso;
 
 import java.util.Date;
 
+import org.w3c.dom.Element;
+
 /**
  * Some information that encapsulates a successful validation by the SAMLSSOResponseValidator
  */
@@ -27,6 +29,7 @@ public class SSOValidatorResponse {
     private Date sessionNotOnOrAfter;
     private String responseId;
     private String assertion;
+    private Element assertionElement;
 
     public String getAssertion() {
         return assertion;
@@ -51,4 +54,12 @@ public class SSOValidatorResponse {
     public void setResponseId(String responseId) {
         this.responseId = responseId;
     }
+    
+    public Element getAssertionElement() {
+        return assertionElement;
+    }
+
+    public void setAssertionElement(Element assertionElement) {
+        this.assertionElement = assertionElement;
+    }
 }


Mime
View raw message