Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Mon, 21 Dec 2015 16:39:54 -0000
Message-Id: <a4862921a3fd4bd39aeca6a1a73c560a@git.apache.org>
Subject: [1/3] cxf-fediz git commit: Updating SAML SSO validators

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.2.x-fixes 4e78c68e6 -> 7f5761547


Updating SAML SSO validators


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3854680b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3854680b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3854680b

Branch: refs/heads/1.2.x-fixes
Commit: 3854680bc21c2ebb0f1c7143bf4932b8829ba444
Parents: 4e78c68
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Dec 21 16:19:28 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Dec 21 16:30:10 2015 +0000

----------------------------------------------------------------------
 .../fediz/core/samlsso/SAMLSSOResponseValidator.java | 15 +++++++++------
 .../cxf/fediz/core/samlsso/SSOValidatorResponse.java | 11 +++++++++++
 2 files changed, 20 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3854680b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
index 86bb005..3ecce44 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
@@ -94,7 +94,7 @@ public class SAMLSSOResponseValidator {
         }
         
         // Validate Assertions
-        boolean foundValidSubject = false;
+        org.opensaml.saml.saml2.core.Assertion validAssertion = null;
         Date sessionNotOnOrAfter = null;
         for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
             // Check the Issuer
@@ -116,7 +116,7 @@ public class SAMLSSOResponseValidator {
                 org.opensaml.saml2.core.Subject subject = assertion.getSubject();
                 if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) {
                     validateAudienceRestrictionCondition(assertion.getConditions());
-                    foundValidSubject = true;
+                    validAssertion = assertion;
                     // Store Session NotOnOrAfter
                     for (AuthnStatement authnStatment : assertion.getAuthnStatements()) {
                         if (authnStatment.getSessionNotOnOrAfter() != null) {
@@ -128,7 +128,7 @@ public class SAMLSSOResponseValidator {
             
         }
         
-        if (!foundValidSubject) {
+        if (validAssertion == null) {
             LOG.debug("The Response did not contain any Authentication Statement that matched "
                      + "the Subject Confirmation criteria");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
@@ -137,9 +137,12 @@ public class SAMLSSOResponseValidator {
         SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
         validatorResponse.setResponseId(samlResponse.getID());
         validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
-        // the assumption for now is that SAMLResponse will contain only a single assertion
-        Element assertionElement = samlResponse.getAssertions().get(0).getDOM();
-        validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
+        
+        Element assertionElement = validAssertion.getDOM();
+        Element clonedAssertionElement = (Element)assertionElement.cloneNode(true);
+        validatorResponse.setAssertionElement(clonedAssertionElement);
+        validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
+        
         return validatorResponse;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3854680b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
index 13bd839..61e748d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
@@ -20,6 +20,8 @@ package org.apache.cxf.fediz.core.samlsso;
 
 import java.util.Date;
 
+import org.w3c.dom.Element;
+
 /**
  * Some information that encapsulates a successful validation by the SAMLSSOResponseValidator
  */
@@ -27,6 +29,7 @@ public class SSOValidatorResponse {
     private Date sessionNotOnOrAfter;
     private String responseId;
     private String assertion;
+    private Element assertionElement;
 
     public String getAssertion() {
         return assertion;
@@ -51,4 +54,12 @@ public class SSOValidatorResponse {
     public void setResponseId(String responseId) {
         this.responseId = responseId;
     }
+    
+    public Element getAssertionElement() {
+        return assertionElement;
+    }
+
+    public void setAssertionElement(Element assertionElement) {
+        this.assertionElement = assertionElement;
+    }
 }