cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fixing an issue if a SAML SSO Response is signed
Date Tue, 15 Aug 2017 16:50:16 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes b6547f75a -> 23c419318


Fixing an issue if a SAML SSO Response is signed


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/23c41931
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/23c41931
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/23c41931

Branch: refs/heads/3.1.x-fixes
Commit: 23c4193184ef79d80213fbd7fc43b82479b1c8af
Parents: b6547f7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Aug 15 17:48:04 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Aug 15 17:49:01 2017 +0100

----------------------------------------------------------------------
 .../saml/sso/SAMLProtocolResponseValidator.java        | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/23c41931/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 9a3df86..65f24cd 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -30,6 +30,7 @@ import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.security.auth.callback.CallbackHandler;
 
+import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -222,6 +223,12 @@ public class SAMLProtocolResponseValidator {
             return;
         }
 
+        // Required to make IdResolver happy in OpenSAML
+        Attr idAttr = samlResponse.getDOM().getAttributeNodeNS(null, "ID");
+        if (idAttr != null) {
+            samlResponse.getDOM().setIdAttributeNode(idAttr, true);
+        }
+
         validateResponseSignature(
             samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(),
             sigCrypto, callbackHandler
@@ -240,6 +247,12 @@ public class SAMLProtocolResponseValidator {
             return;
         }
 
+        // Required to make IdResolver happy in OpenSAML
+        Attr idAttr = samlResponse.getDOM().getAttributeNodeNS(null, "ID");
+        if (idAttr != null) {
+            samlResponse.getDOM().setIdAttributeNode(idAttr, true);
+        }
+
         validateResponseSignature(
             samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(),
             sigCrypto, callbackHandler


Mime
View raw message