cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf-fediz git commit: Validate the Issuer Format
Date Thu, 24 Mar 2016 17:50:06 GMT
Validate the Issuer Format


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/10ca1955
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/10ca1955
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/10ca1955

Branch: refs/heads/master
Commit: 10ca19558f830491ec18399092b6b32b377cdeac
Parents: 0f2067a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Mar 24 17:46:02 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Mar 24 17:46:02 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java  | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/10ca1955/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java
index c32e467..1fa58c6 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java
@@ -103,6 +103,13 @@ public class AuthnRequestValidator {
             LOG.debug("No Issuer is present in the AuthnRequest");
             throw new ProcessingException(TYPE.BAD_REQUEST);
         }
+        
+        String format = authnRequest.getIssuer().getFormat();
+        if (format != null
+            && !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format))
{
+            LOG.debug("An invalid Format attribute was received: {}", format);
+            throw new ProcessingException(TYPE.BAD_REQUEST);
+        }
     }
     
     private void checkDestination(RequestContext context, AuthnRequest authnRequest) throws
ProcessingException {


Mime
View raw message