cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject cxf-fediz git commit: [Fediz-157] use REALM instead of URL for SAMLP 3rd party issuer validation
Date Wed, 09 Mar 2016 09:12:02 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 4deab7509 -> d45d94f06


[Fediz-157] use REALM instead of URL for SAMLP 3rd party issuer validation


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d45d94f0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d45d94f0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d45d94f0

Branch: refs/heads/master
Commit: d45d94f06986fb4a635c52bc0d42382fd4296481
Parents: 4deab75
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Wed Mar 2 13:13:44 2016 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Wed Mar 9 09:37:07 2016 +0100

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/domain/TrustedIdp.java       | 13 ++++++++++++-
 .../idp/protocols/TrustedIdpSAMLProtocolHandler.java   |  9 ++++++++-
 .../service/idp/service/jpa/TrustedIdpDAOJPAImpl.java  |  2 ++
 .../service/idp/service/jpa/TrustedIdpEntity.java      | 10 ++++++++++
 4 files changed, 32 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
index 262914d..b3262b5 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
@@ -27,7 +27,7 @@ import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlType;
 
 @XmlRootElement(name = "trustedIdp", namespace = "http://org.apache.cxf.fediz/")
-@XmlType(propOrder = {"realm", "url", "name", "description", "protocol", "trustType",
+@XmlType(propOrder = {"realm", "issuer", "url", "name", "description", "protocol", "trustType",
                       "certificate", "federationType", "cacheTokens", "logo", "id", "parameters"
})
 //@XmlAttribute on Id must be set on getter, not on attribute, otherwise error
 public class TrustedIdp implements Serializable {
@@ -39,6 +39,9 @@ public class TrustedIdp implements Serializable {
 
     //@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
     protected String realm;  //wtrealm, whr
+    
+    //@Column(name = "Issuer", nullable = true, length = FIELD_LENGTH)
+    protected String issuer;  //SAMLResponse issuer name
 
     // Should tokens be cached from trusted IDPs
     // to avoid redirection to the trusted IDP again for next SignIn request
@@ -84,6 +87,14 @@ public class TrustedIdp implements Serializable {
         this.id = id;
     }
     
+    public String getIssuer() {
+        return issuer;
+    }
+    
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    
     public String getRealm() {
         return realm;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 44f9bda..1254eb4 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -413,7 +413,14 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
             HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(requestContext);
             ssoResponseValidator.setClientAddress(servletRequest.getRemoteAddr());
 
-            ssoResponseValidator.setIssuerIDP(trustedIdp.getUrl());
+            String issuer = trustedIdp.getIssuer();
+            if (issuer == null || issuer.isEmpty()) {
+                LOG.debug("Issuer name is not defined in trusted 3rd party configuration.
"
+                    + "Using URL instead for issuer validation");
+                issuer = trustedIdp.getUrl();
+            }
+            LOG.debug("Using {} for issuer validation", issuer);
+            ssoResponseValidator.setIssuerIDP(issuer);
             
             // Get the stored request ID
             String requestId = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
index f24e6a0..16d05f1 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
@@ -127,6 +127,7 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
         entity.setName(trustedIDP.getName());
         entity.setProtocol(trustedIDP.getProtocol());
         entity.setRealm(trustedIDP.getRealm());
+        entity.setIssuer(trustedIDP.getIssuer());
         entity.setTrustType(trustedIDP.getTrustType());
         entity.setUrl(trustedIDP.getUrl());
         entity.setParameters(trustedIDP.getParameters());
@@ -143,6 +144,7 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
         trustedIDP.setName(entity.getName());
         trustedIDP.setProtocol(entity.getProtocol());
         trustedIDP.setRealm(entity.getRealm());
+        trustedIDP.setIssuer(entity.getIssuer());
         trustedIDP.setTrustType(entity.getTrustType());
         trustedIDP.setUrl(entity.getUrl());
         trustedIDP.setParameters(entity.getParameters());

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
index 0054b7e..a4c6592 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
@@ -47,6 +47,8 @@ public class TrustedIdpEntity {
     @Index
     @NotNull
     private String realm;  //wtrealm, whr
+    
+    private String issuer;  //Validation of issuer name in SAMLResponse
 
     // Should tokens be cached from trusted IDPs
     // to avoid redirection to the trusted IDP again for next SignIn request
@@ -100,6 +102,14 @@ public class TrustedIdpEntity {
         this.id = id;
     }
 
+    public String getIssuer() {
+        return issuer;
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    
     public String getRealm() {
         return realm;
     }


Mime
View raw message