cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fixing an issue if a SAML SSO Response is signed
Date Tue, 15 Aug 2017 16:48:21 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5a259a2d6 -> efde6fe8b


Fixing an issue if a SAML SSO Response is signed


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/efde6fe8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/efde6fe8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/efde6fe8

Branch: refs/heads/master
Commit: efde6fe8b35019d4845b9d3f757c2fda6e0e9773
Parents: 5a259a2
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Aug 15 17:48:04 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Aug 15 17:48:04 2017 +0100

----------------------------------------------------------------------
 .../saml/sso/SAMLProtocolResponseValidator.java        | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/efde6fe8/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 94d369d..2383fde 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -30,6 +30,7 @@ import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.security.auth.callback.CallbackHandler;
 
+import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -222,6 +223,12 @@ public class SAMLProtocolResponseValidator {
             return;
         }
 
+        // Required to make IdResolver happy in OpenSAML
+        Attr idAttr = samlResponse.getDOM().getAttributeNodeNS(null, "ID");
+        if (idAttr != null) {
+            samlResponse.getDOM().setIdAttributeNode(idAttr, true);
+        }
+
         validateResponseSignature(
             samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(),
             sigCrypto, callbackHandler
@@ -240,6 +247,12 @@ public class SAMLProtocolResponseValidator {
             return;
         }
 
+        // Required to make IdResolver happy in OpenSAML
+        Attr idAttr = samlResponse.getDOM().getAttributeNodeNS(null, "ID");
+        if (idAttr != null) {
+            samlResponse.getDOM().setIdAttributeNode(idAttr, true);
+        }
+
         validateResponseSignature(
             samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(),
             sigCrypto, callbackHandler


Mime
View raw message