Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C0FEC19C38 for ; Thu, 24 Mar 2016 17:50:05 +0000 (UTC) Received: (qmail 78130 invoked by uid 500); 24 Mar 2016 17:50:05 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 78058 invoked by uid 500); 24 Mar 2016 17:50:05 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 77932 invoked by uid 99); 24 Mar 2016 17:50:05 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Mar 2016 17:50:05 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 7E790DFE61; Thu, 24 Mar 2016 17:50:05 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Thu, 24 Mar 2016 17:50:06 -0000 Message-Id: <6e18776d20a94b1ea82a9eaeca1e54b0@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/2] cxf-fediz git commit: Validate the Issuer Format Validate the Issuer Format Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/10ca1955 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/10ca1955 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/10ca1955 Branch: refs/heads/master Commit: 10ca19558f830491ec18399092b6b32b377cdeac Parents: 0f2067a Author: Colm O hEigeartaigh Authored: Thu Mar 24 17:46:02 2016 +0000 Committer: Colm O hEigeartaigh Committed: Thu Mar 24 17:46:02 2016 +0000 ---------------------------------------------------------------------- .../cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java | 7 +++++++ 1 file changed, 7 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/10ca1955/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java index c32e467..1fa58c6 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/AuthnRequestValidator.java @@ -103,6 +103,13 @@ public class AuthnRequestValidator { LOG.debug("No Issuer is present in the AuthnRequest"); throw new ProcessingException(TYPE.BAD_REQUEST); } + + String format = authnRequest.getIssuer().getFormat(); + if (format != null + && !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format)) { + LOG.debug("An invalid Format attribute was received: {}", format); + throw new ProcessingException(TYPE.BAD_REQUEST); + } } private void checkDestination(RequestContext context, AuthnRequest authnRequest) throws ProcessingException {