cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf-fediz git commit: Extensive refactoring of Fediz response web flow
Date Fri, 25 Nov 2016 18:06:33 GMT
Extensive refactoring of Fediz response web flow


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f637eedf
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f637eedf
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f637eedf

Branch: refs/heads/master
Commit: f637eedfc0eacd5b9e538665f053032a2846d1cc
Parents: 861d366
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 25 18:05:55 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 25 18:05:55 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/IdpConstants.java     |  2 +-
 .../idp/beans/SigninParametersCacheAction.java  | 23 +++------
 .../TrustedIdpFacebookProtocolHandler.java      |  5 +-
 .../TrustedIdpOIDCProtocolHandler.java          |  5 +-
 .../TrustedIdpSAMLProtocolHandler.java          |  4 +-
 .../TrustedIdpWSFedProtocolHandler.java         |  3 +-
 .../flows/federation-signin-response.xml        | 17 +++---
 .../flows/federation-validate-request.xml       | 20 ++++----
 .../WEB-INF/flows/saml-validate-request.xml     | 54 +++++++++++++-------
 9 files changed, 68 insertions(+), 65 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
index 5d9c0f2..fc4e831 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
@@ -41,7 +41,7 @@ public final class IdpConstants {
     /**
      * A Context variable associated with the request (independent of protocol)
      */
-    public static final String CONTEXT = "context";
+    public static final String CONTEXT = "context_key";
     
     
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index 2ecb08e..f719860 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -24,14 +24,12 @@ import java.util.Map;
 import java.util.UUID;
 
 import org.apache.cxf.fediz.core.FederationConstants;
-import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.service.idp.IdpConstants;
 import org.apache.cxf.fediz.service.idp.domain.Application;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.samlsso.SAMLAuthnRequest;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
@@ -86,21 +84,12 @@ public class SigninParametersCacheAction {
         LOG.info("SignIn parameters cached and context set to [" + uuidKey + "].");
     }
     
-    public void restore(RequestContext context) {
+    public void restore(RequestContext context, String contextKey) {
         
-        String uuidKey = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
-        
-        if (uuidKey == null) {
-            uuidKey = (String)WebUtils.getAttributeFromFlowScope(context, SAMLSSOConstants.RELAY_STATE);
-        }
-        if (uuidKey == null) {
-            uuidKey = (String)WebUtils.getAttributeFromFlowScope(context, OAuthConstants.STATE);
-        }
-        
-        if (uuidKey != null) {
+        if (contextKey != null) {
             @SuppressWarnings("unchecked")
             Map<String, Object> signinParams =
-                (Map<String, Object>)WebUtils.getAttributeFromExternalContext(context,
uuidKey);
+                (Map<String, Object>)WebUtils.getAttributeFromExternalContext(context,
contextKey);
             
             if (signinParams != null) {
                 String value = (String)signinParams.get(FederationConstants.PARAM_REPLY);
@@ -111,14 +100,14 @@ public class SigninParametersCacheAction {
                 if (value != null) {
                     WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM,
value);
                 }
+                // TODO - Remove
                 value = (String)signinParams.get(FederationConstants.PARAM_HOME_REALM);
                 if (value != null) {
                     WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_HOME_REALM,
value);
+                    WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
                 }
-                // TODO...
                 value = (String)signinParams.get(IdpConstants.HOME_REALM);
                 if (value != null) {
-                    WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_HOME_REALM,
value);
                     WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
                 }
                 
@@ -137,7 +126,7 @@ public class SigninParametersCacheAction {
                 LOG.debug("SignIn parameters restored: {}", signinParams.toString());
                 WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
                 LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT
+ "[" 
-                    + uuidKey + "] cleared.");
+                    + contextKey + "] cleared.");
                 
                 value = (String)signinParams.get(FederationConstants.PARAM_CONTEXT);
                 if (value != null) {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
index 643eb7c..36db3ae 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
@@ -30,7 +30,7 @@ import javax.ws.rs.core.Response;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.service.idp.IdpConstants;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
@@ -118,8 +118,7 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P
             // user's claims
             String subjectName = getSubjectName(apiEndpoint, accessToken.getTokenKey(), trustedIdp);
             try {
-                String whr = (String) WebUtils.getAttributeFromFlowScope(context,
-                                                                         FederationConstants.PARAM_HOME_REALM);
+                String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
                 if (whr == null) {
                     LOG.warn("Home realm is null");
                     throw new IllegalStateException("Home realm is null");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
index 8eb8af8..b45c763 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
@@ -33,10 +33,10 @@ import javax.ws.rs.core.Response;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.util.CertsUtils;
 import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.cxf.fediz.service.idp.IdpConstants;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
@@ -157,8 +157,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
             client.close();
             
             try {
-                String whr = (String) WebUtils.getAttributeFromFlowScope(context,
-                                                                         FederationConstants.PARAM_HOME_REALM);
+                String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
                 if (whr == null) {
                     LOG.warn("Home realm is null");
                     throw new IllegalStateException("Home realm is null");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 3f5c0a2..4214705 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -42,7 +42,6 @@ import org.w3c.dom.Element;
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.util.CertsUtils;
 import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.service.idp.IdpConstants;
@@ -200,8 +199,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
                 new SecurityToken(id, validatorResponse.getCreated(), validatorResponse.getSessionNotOnOrAfter());
 
             idpToken.setToken(validatorResponse.getAssertionElement());
-            String whr = (String) WebUtils.getAttributeFromFlowScope(context,
-                                                                     FederationConstants.PARAM_HOME_REALM);
+            String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
             LOG.info("[IDP_TOKEN={}] created from [RP_TOKEN={}] issued by home realm [{}]",
                      id, validatorResponse.getResponseId(), whr);
             LOG.debug("Created date={}", validatorResponse.getCreated());

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index 25a5e9c..ea8feb4 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -115,8 +115,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
     public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
 
         try {
-            String whr = (String) WebUtils.getAttributeFromFlowScope(context,
-                                                                     FederationConstants.PARAM_HOME_REALM);
+            String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
     
             if (whr == null) {
                 LOG.warn("Home realm is null");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
index 3e459cd..8d8f4ec 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
@@ -29,23 +29,22 @@ subflow to get a RP token from the STS.
         http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
 
     <input name="idpConfig" />
-    <input name="wctx" />
-    <input name="wauth" />
+    <input name="context_key" />
     <input name="wresult" />
     <input name="RelayState" />
     <input name="SAMLResponse" />
     <input name="state" />
     <input name="code" />
-    <input name="whr" />
+    <input name="home_realm" />
 
     <on-start>
         <!-- restore the original request parameters for the current context -->
-        <evaluate expression="signinParametersCacheAction.restore(flowRequestContext)"
/>
+        <evaluate expression="signinParametersCacheAction.restore(flowRequestContext,
context_key)" />
     </on-start>
     
-    <!-- validate token issued by requestor IDP ('wresult') given its 'whr' -->
+    <!-- validate token issued by requestor IDP given its home realm -->
     <action-state id="validateToken">
-        <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext,
whr)"
+        <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext,
home_realm)"
             result="flowScope.idpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken"
/>
         <transition to="checkCacheTrustedIdpToken" />
         <transition
@@ -55,16 +54,16 @@ subflow to get a RP token from the STS.
     </action-state>
     
     <action-state id="checkCacheTrustedIdpToken">
-        <evaluate expression="idpConfig.findTrustedIdp(flowScope.whr).cacheTokens" />
+        <evaluate expression="idpConfig.findTrustedIdp(flowScope.home_realm).cacheTokens"
/>
         <transition on="yes" to="requestRpToken">
-            <set name="externalContext.sessionMap[flowScope.whr]"
+            <set name="externalContext.sessionMap[flowScope.home_realm]"
                     value="flowScope.idpToken" />
         </transition>
         <transition on="no" to="requestRpToken" />
     </action-state>
 
     <end-state id="requestRpToken">
-        <output name="whr" value="flowScope.whr" />
+        <output name="home_realm" value="flowScope.home_realm" />
         <output name="wctx" value="flowScope.wctx" />
         <output name="wreply" value="flowScope.wreply" />
         <output name="wtrealm" value="flowScope.wtrealm" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 1ac194d..578be04 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -39,6 +39,7 @@
             <set name="flowScope.wtrealm" value="requestParameters.wtrealm" />
             <set name="flowScope.wreply" value="requestParameters.wreply" />
             <set name="flowScope.wctx" value="requestParameters.wctx" />
+            <set name="flowScope.context_key" value="requestParameters.wctx" />
             <set name="flowScope.wfresh" value="requestParameters.wfresh" />
             <set name="flowScope.whr" value="requestParameters.whr" />
             <set name="flowScope.wresult" value="requestParameters.wresult" />
@@ -57,22 +58,24 @@
     <decision-state id="selectSAMLProcess">
         <on-entry>
             <set name="flowScope.RelayState" value="requestParameters.RelayState" />
+            <set name="flowScope.context_key" value="requestParameters.RelayState" />
             <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse"
/>
         </on-entry>
-        <if test="requestParameters.RelayState == null or requestParameters.RelayState.length()
== 0"
+        <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
             then="viewBadRequest" />
-        <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.length()
== 0"
+        <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
             then="viewBadRequest" else="signinResponse" />
     </decision-state>
     
     <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
          <on-entry>
             <set name="flowScope.state" value="requestParameters.state" />
+            <set name="flowScope.context_key" value="requestParameters.state" />
             <set name="flowScope.code" value="requestParameters.code" />
         </on-entry>
-        <if test="requestParameters.code == null or requestParameters.code.length() ==
0"
+        <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
             then="viewBadRequest" />
-        <if test="requestParameters.state == null or requestParameters.state.length()
== 0"
+        <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
             then="viewBadRequest" else="signinResponse" />
     </decision-state>
     
@@ -121,23 +124,22 @@
     <subflow-state id="signinResponse" subflow="signinResponse">
         <input name="idpConfig" value="flowScope.idpConfig" />
         <input name="wfresh" value="flowScope.wfresh" />
-        <input name="wctx" value="flowScope.wctx" />
-        <input name="wauth" value="flowScope.wauth" />
+        <input name="context_key" value="flowScope.context_key" />
         <input name="wresult" value="flowScope.wresult" />
         <input name="RelayState" value="flowScope.RelayState" />
         <input name="SAMLResponse" value="flowScope.SAMLResponse" />
         <input name="state" value="flowScope.state" />
         <input name="code" value="flowScope.code" />
-        <input name="whr" value="flowScope.whr" />
+        <input name="home_realm" value="flowScope.whr" />
 
         <output name="wtrealm" />
         <output name="wreply" />
         <output name="wctx" />
-        <output name="whr" />
+        <output name="home_realm" />
         <output name="idpToken" />
 
         <transition on="requestRpToken" to="requestRpToken">
-            <set name="flowScope.whr" value="currentEvent.attributes.whr" />
+            <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
             <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
             <set name="flowScope.wtrealm" value="currentEvent.attributes.wtrealm" />
             <set name="flowScope.wreply" value="currentEvent.attributes.wreply" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f637eedf/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index b52d122..4bb0531 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -22,25 +22,44 @@
     xsi:schemaLocation="http://www.springframework.org/schema/webflow
                           http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
 
-    <!-- protocol check -->
-    <decision-state id="SAMLRequestCheck">
+    <decision-state id="evaluateProtocol">
+        <on-entry>
+            <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())"
/>
+        </on-entry>
+        <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
+        <if test="requestParameters.SAMLRequest != null or requestParameters.SAMLResponse
!= null" 
+            then="selectSAMLProcess" else="viewBadRequest"
+        />
+    </decision-state>
+    
+    <decision-state id="selectWsFedProcess">
+        <on-entry>
+            <set name="flowScope.wresult" value="requestParameters.wresult" />
+            <set name="flowScope.wctx" value="requestParameters.wctx" />
+            <set name="flowScope.context_key" value="requestParameters.wctx" />
+        </on-entry>
+        <if test="requestParameters.wctx == null or requestParameters.wctx.isEmpty()"
+            then="viewBadRequest" />
+        <if test="requestParameters.wresult == null or requestParameters.wresult.isEmpty()"
+            then="viewBadRequest" />
+        <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
+            then="signinResponse" else="viewBadRequest" />
+    </decision-state>
+    
+    <decision-state id="selectSAMLProcess">
         <on-entry>
             <set name="flowScope.RelayState" value="requestParameters.RelayState" />
+            <set name="flowScope.context_key" value="requestParameters.RelayState" />
+            <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse"
/>
             <set name="flowScope.SAMLRequest" value="requestParameters.SAMLRequest" />
             <set name="flowScope.Signature" value="requestParameters.Signature" />
-            <set name="flowScope.wresult" value="requestParameters.wresult" />
-            <set name="flowScope.wctx" value="requestParameters.wctx" />
-            <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())"
/>
         </on-entry>
+        <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
+            then="handleBadRequestError" />
         <if test="requestParameters.SAMLRequest != null and !requestParameters.SAMLRequest.isEmpty()"
             then="signinSAMLRequest" />
-        <if test="requestParameters.wresult != null and !requestParameters.wresult.isEmpty()"
-            then="signinResponse" />
-        <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.length()
== 0"
-            then="viewBadRequest" else="signinResponse" />
-        <!-- TODO Refactor this -->
-        <if test="requestParameters.RelayState == null or requestParameters.RelayState.length()
== 0"
-            then="handleBadRequestError" />
+        <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
+            then="handleBadRequestError" else="signinResponse" />
     </decision-state>
     
     <subflow-state id="signinSAMLRequest" subflow="signinSAMLRequest">
@@ -73,25 +92,24 @@
      <subflow-state id="signinResponse" subflow="signinResponse">
         <input name="idpConfig" value="flowScope.idpConfig" />
         <input name="wfresh" value="flowScope.wfresh" />
-        <input name="wctx" value="flowScope.wctx" />
-        <input name="wauth" value="flowScope.wauth" />
+        <input name="context_key" value="flowScope.context_key" />
         <input name="wresult" value="flowScope.wresult" />
         <input name="RelayState" value="flowScope.RelayState" />
         <input name="SAMLResponse" value="flowScope.SAMLResponse" />
         <input name="state" value="flowScope.state" />
         <input name="code" value="flowScope.code" />
-        <input name="whr" value="flowScope.whr" />
+        <input name="home_realm" value="flowScope.whr" />
 
         <output name="wtrealm" />
         <output name="wreply" />
         <output name="wctx" />
-        <output name="whr" />
+        <output name="home_realm" />
         <output name="idpToken" />
         <output name="saml_authn_request" />
         <output name="RelayState" />
 
         <transition on="requestRpToken" to="requestRpToken">
-            <set name="flowScope.home_realm" value="currentEvent.attributes.whr" />
+            <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm"
/>
             <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
             <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request"
/>
             <set name="flowScope.RelayState" value="currentEvent.attributes.RelayState"
/>
@@ -153,7 +171,7 @@
                       result="requestScope.samlAction"/>
         </on-entry>
         <!-- See if we managed to at least parse the request to get the response URL -->
-        <if test="requestScope.samlAction == null or requestScope.samlAction.length()
== 0"
+        <if test="requestScope.samlAction == null or requestScope.samlAction.isEmpty()"
             then="viewBadRequestParsingError" else="viewBadRequest"/>
     </decision-state>
     


Mime
View raw message