cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: Enforce ForceAuthn
Date Sat, 26 Mar 2016 18:15:27 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master a1111af73 -> e5492d868


Enforce ForceAuthn


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b0c4e1af
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b0c4e1af
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b0c4e1af

Branch: refs/heads/master
Commit: b0c4e1afd56a5caacbede0a33892f79940791e48
Parents: a1111af
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Sat Mar 26 18:12:28 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Sat Mar 26 18:12:28 2016 +0000

----------------------------------------------------------------------
 .../idp/beans/samlsso/AuthnRequestParser.java   | 28 +++++++++++++++-----
 .../WEB-INF/flows/saml-signin-request.xml       |  7 ++++-
 2 files changed, 28 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b0c4e1af/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
index 565de41..0f8dd49 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
@@ -53,12 +53,16 @@ public class AuthnRequestParser {
         if (samlRequest == null) {
             WebUtils.removeAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
         } else {
-            try {
-                parsedRequest = extractRequest(samlRequest);
-                WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST,
parsedRequest);
-                LOG.debug("SAML Request with id '{}' successfully parsed", parsedRequest.getID());
-            } catch (Exception ex) {
-                LOG.warn("Error parsing request: {}", ex.getMessage());
+            parsedRequest = 
+                (AuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
+            if (parsedRequest == null) {
+                try {
+                    parsedRequest = extractRequest(samlRequest);
+                    WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST,
parsedRequest);
+                    LOG.debug("SAML Request with id '{}' successfully parsed", parsedRequest.getID());
+                } catch (Exception ex) {
+                    LOG.warn("Error parsing request: {}", ex.getMessage());
+                }
             }
         }
     }
@@ -118,6 +122,17 @@ public class AuthnRequestParser {
         return null;
     }
     
+    public boolean isForceAuthentication(RequestContext context) {
+        AuthnRequest authnRequest = 
+            (AuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
+        if (authnRequest != null) {
+            return authnRequest.isForceAuthn().booleanValue();
+        }
+        
+        LOG.debug("No AuthnRequest available to be parsed");
+        return false;
+    }
+    
     private AuthnRequest extractRequest(String samlRequest) throws Exception {
         byte[] deflatedToken = Base64Utility.decode(samlRequest);
         InputStream tokenStream = new DeflateEncoderDecoder().inflateToken(deflatedToken);
@@ -130,4 +145,5 @@ public class AuthnRequestParser {
         }
         return request;
     }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b0c4e1af/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index a5c16f1..a609ae1 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -41,8 +41,13 @@
     </decision-state>
 
     <action-state id="checkTokenExpiry">
+        <on-entry>
+            <evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext,
flowScope.idpConfig,
+                                                                  flowScope.SAMLRequest)"
/>
+        </on-entry>
         <evaluate
-            expression="idpTokenExpiredAction.isTokenExpired(flowScope.homerealm, flowRequestContext)"
/>
+            expression="idpTokenExpiredAction.isTokenExpired(flowScope.homerealm, flowRequestContext)
+                        or authnRequestParser.isForceAuthentication(flowRequestContext)"
/>
         <transition on="yes" to="redirectToLocalIDP" />
         <transition on="no" to="parseAndValidateSAMLRequest">
             <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.homerealm]"
/>


Mime
View raw message