cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf-fediz git commit: [FEDIZ-162] - Make it possible to disable the requirement for a SAML SSO signature
Date Fri, 08 Apr 2016 16:41:02 GMT
[FEDIZ-162] - Make it possible to disable the requirement for a SAML SSO signature


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e34b37f1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e34b37f1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e34b37f1

Branch: refs/heads/master
Commit: e34b37f1d691bc36b212de9e23ef568f1cd4f5e5
Parents: 3285516
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Apr 8 15:54:24 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Apr 8 17:40:44 2016 +0100

----------------------------------------------------------------------
 .../idp/beans/samlsso/AuthnRequestValidator.java  | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e34b37f1/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
index 80f4d0c..0b99805 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java
@@ -66,6 +66,8 @@ import org.springframework.webflow.execution.RequestContext;
 public class AuthnRequestValidator {
 
     private static final Logger LOG = LoggerFactory.getLogger(AuthnRequestValidator.class);
+    
+    private boolean requireSignature = true;
 
     public void validateAuthnRequest(RequestContext context, Idp idp, String signature,
                                      String relayState, String samlRequest, String realm)

@@ -129,9 +131,11 @@ public class AuthnRequestValidator {
                 LOG.debug("Signature validation failed");
                 throw new ProcessingException(TYPE.BAD_REQUEST);
             }
-        } else {
+        } else if (requireSignature) {
             LOG.debug("No signature is present, therefore the request is rejected");
             throw new ProcessingException(TYPE.BAD_REQUEST);
+        } else {
+            LOG.debug("No signature is present, but this is allowed by configuration");
         }
     }
     
@@ -241,5 +245,17 @@ public class AuthnRequestValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
+
+    public boolean isRequireSignature() {
+        return requireSignature;
+    }
+
+    /**
+     * Whether to require a signature or not on the AuthnRequest
+     * @param requireSignature
+     */
+    public void setRequireSignature(boolean requireSignature) {
+        this.requireSignature = requireSignature;
+    }
     
 }


Mime
View raw message