Return-Path: 
 <commits-return-41075-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D6E961963B
	for <apmail-cxf-commits-archive@www.apache.org>;
 Wed,  9 Mar 2016 09:12:02 +0000 (UTC)
Received: (qmail 79111 invoked by uid 500); 9 Mar 2016 09:12:02 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 79045 invoked by uid 500); 9 Mar 2016 09:12:02 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 79036 invoked by uid 99); 9 Mar 2016 09:12:02 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Mar 2016 09:12:02 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 63828DFC56; Wed,  9 Mar 2016 09:12:02 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jbernhardt@apache.org
To: commits@cxf.apache.org
Message-Id: <d65298f08cb84f58a0817d0788bfc7fb@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf-fediz git commit: [Fediz-157] use REALM instead of URL for SAMLP
 3rd party issuer validation
Date: Wed,  9 Mar 2016 09:12:02 +0000 (UTC)

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 4deab7509 -> d45d94f06


[Fediz-157] use REALM instead of URL for SAMLP 3rd party issuer validation


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d45d94f0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d45d94f0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d45d94f0

Branch: refs/heads/master
Commit: d45d94f06986fb4a635c52bc0d42382fd4296481
Parents: 4deab75
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Wed Mar 2 13:13:44 2016 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Wed Mar 9 09:37:07 2016 +0100

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/domain/TrustedIdp.java       | 13 ++++++++++++-
 .../idp/protocols/TrustedIdpSAMLProtocolHandler.java   |  9 ++++++++-
 .../service/idp/service/jpa/TrustedIdpDAOJPAImpl.java  |  2 ++
 .../service/idp/service/jpa/TrustedIdpEntity.java      | 10 ++++++++++
 4 files changed, 32 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
index 262914d..b3262b5 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
@@ -27,7 +27,7 @@ import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlType;
 
 @XmlRootElement(name = "trustedIdp", namespace = "http://org.apache.cxf.fediz/")
-@XmlType(propOrder = {"realm", "url", "name", "description", "protocol", "trustType",
+@XmlType(propOrder = {"realm", "issuer", "url", "name", "description", "protocol", "trustType",
                       "certificate", "federationType", "cacheTokens", "logo", "id", "parameters" })
 //@XmlAttribute on Id must be set on getter, not on attribute, otherwise error
 public class TrustedIdp implements Serializable {
@@ -39,6 +39,9 @@ public class TrustedIdp implements Serializable {
 
     //@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
     protected String realm;  //wtrealm, whr
+    
+    //@Column(name = "Issuer", nullable = true, length = FIELD_LENGTH)
+    protected String issuer;  //SAMLResponse issuer name
 
     // Should tokens be cached from trusted IDPs
     // to avoid redirection to the trusted IDP again for next SignIn request
@@ -84,6 +87,14 @@ public class TrustedIdp implements Serializable {
         this.id = id;
     }
     
+    public String getIssuer() {
+        return issuer;
+    }
+    
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    
     public String getRealm() {
         return realm;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 44f9bda..1254eb4 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -413,7 +413,14 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
             HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(requestContext);
             ssoResponseValidator.setClientAddress(servletRequest.getRemoteAddr());
 
-            ssoResponseValidator.setIssuerIDP(trustedIdp.getUrl());
+            String issuer = trustedIdp.getIssuer();
+            if (issuer == null || issuer.isEmpty()) {
+                LOG.debug("Issuer name is not defined in trusted 3rd party configuration. "
+                    + "Using URL instead for issuer validation");
+                issuer = trustedIdp.getUrl();
+            }
+            LOG.debug("Using {} for issuer validation", issuer);
+            ssoResponseValidator.setIssuerIDP(issuer);
             
             // Get the stored request ID
             String requestId = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
index f24e6a0..16d05f1 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
@@ -127,6 +127,7 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
         entity.setName(trustedIDP.getName());
         entity.setProtocol(trustedIDP.getProtocol());
         entity.setRealm(trustedIDP.getRealm());
+        entity.setIssuer(trustedIDP.getIssuer());
         entity.setTrustType(trustedIDP.getTrustType());
         entity.setUrl(trustedIDP.getUrl());
         entity.setParameters(trustedIDP.getParameters());
@@ -143,6 +144,7 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
         trustedIDP.setName(entity.getName());
         trustedIDP.setProtocol(entity.getProtocol());
         trustedIDP.setRealm(entity.getRealm());
+        trustedIDP.setIssuer(entity.getIssuer());
         trustedIDP.setTrustType(entity.getTrustType());
         trustedIDP.setUrl(entity.getUrl());
         trustedIDP.setParameters(entity.getParameters());

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d45d94f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
index 0054b7e..a4c6592 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
@@ -47,6 +47,8 @@ public class TrustedIdpEntity {
     @Index
     @NotNull
     private String realm;  //wtrealm, whr
+    
+    private String issuer;  //Validation of issuer name in SAMLResponse
 
     // Should tokens be cached from trusted IDPs
     // to avoid redirection to the trusted IDP again for next SignIn request
@@ -100,6 +102,14 @@ public class TrustedIdpEntity {
         this.id = id;
     }
 
+    public String getIssuer() {
+        return issuer;
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    
     public String getRealm() {
         return realm;
     }