Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 75E572004F3 for ; Tue, 15 Aug 2017 18:50:18 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 7490E166F62; Tue, 15 Aug 2017 16:50:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id BC26C166F5D for ; Tue, 15 Aug 2017 18:50:17 +0200 (CEST) Received: (qmail 57365 invoked by uid 500); 15 Aug 2017 16:50:16 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 57356 invoked by uid 99); 15 Aug 2017 16:50:16 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Aug 2017 16:50:16 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 2D259E10A6; Tue, 15 Aug 2017 16:50:16 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: <1dfdac0c23f848d08a3f580e1b49c262@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Fixing an issue if a SAML SSO Response is signed Date: Tue, 15 Aug 2017 16:50:16 +0000 (UTC) archived-at: Tue, 15 Aug 2017 16:50:18 -0000 Repository: cxf Updated Branches: refs/heads/3.1.x-fixes b6547f75a -> 23c419318 Fixing an issue if a SAML SSO Response is signed Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/23c41931 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/23c41931 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/23c41931 Branch: refs/heads/3.1.x-fixes Commit: 23c4193184ef79d80213fbd7fc43b82479b1c8af Parents: b6547f7 Author: Colm O hEigeartaigh Authored: Tue Aug 15 17:48:04 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Aug 15 17:49:01 2017 +0100 ---------------------------------------------------------------------- .../saml/sso/SAMLProtocolResponseValidator.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/23c41931/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java index 9a3df86..65f24cd 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java @@ -30,6 +30,7 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.security.auth.callback.CallbackHandler; +import org.w3c.dom.Attr; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -222,6 +223,12 @@ public class SAMLProtocolResponseValidator { return; } + // Required to make IdResolver happy in OpenSAML + Attr idAttr = samlResponse.getDOM().getAttributeNodeNS(null, "ID"); + if (idAttr != null) { + samlResponse.getDOM().setIdAttributeNode(idAttr, true); + } + validateResponseSignature( samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(), sigCrypto, callbackHandler @@ -240,6 +247,12 @@ public class SAMLProtocolResponseValidator { return; } + // Required to make IdResolver happy in OpenSAML + Attr idAttr = samlResponse.getDOM().getAttributeNodeNS(null, "ID"); + if (idAttr != null) { + samlResponse.getDOM().setIdAttributeNode(idAttr, true); + } + validateResponseSignature( samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(), sigCrypto, callbackHandler