syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] syncope git commit: Take the valid SAML Assertion from the validator response instead.
Date Fri, 11 Aug 2017 12:15:13 GMT
Repository: syncope
Updated Branches:
  refs/heads/master 5da5326ac -> 883911633


Take the valid SAML Assertion from the validator response instead.


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/88391163
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/88391163
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/88391163

Branch: refs/heads/master
Commit: 88391163320f5d73ca51e4c03b0edc5371ab6e1e
Parents: d8d5fe5
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Aug 11 12:51:22 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Aug 11 13:15:07 2017 +0100

----------------------------------------------------------------------
 .../apache/syncope/core/logic/SAML2SPLogic.java | 65 ++++++++++----------
 .../core/logic/saml2/SAML2ReaderWriter.java     |  8 ++-
 2 files changed, 39 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/88391163/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 31ef8c4..03576ab 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -37,6 +37,7 @@ import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
 import org.apache.syncope.common.lib.AbstractBaseBean;
 import org.apache.syncope.common.lib.SyncopeClientException;
 import org.apache.syncope.common.lib.to.AttrTO;
@@ -371,8 +372,10 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean>
{
         if (idp.getConnObjectKeyItem() == null) {
             throw new IllegalArgumentException("No mapping provided for SAML 2.0 IdP '" +
idp.getId() + "'");
         }
+
+        SSOValidatorResponse validatorResponse = null;
         try {
-            saml2rw.validate(
+            validatorResponse = saml2rw.validate(
                     samlResponse,
                     idp,
                     getAssertionConsumerURL(response.getSpEntityID(), response.getUrlContext()),
@@ -390,47 +393,45 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean>
{
         responseTO.setIdp(idp.getId());
         responseTO.setSloSupported(idp.getSLOLocation(idp.getBindingType()) != null);
 
-        NameID nameID = null;
+        Assertion assertion = validatorResponse.getOpensamlAssertion();
+        NameID nameID = assertion.getSubject().getNameID();
         String keyValue = null;
-        for (Assertion assertion : samlResponse.getAssertions()) {
-            nameID = assertion.getSubject().getNameID();
-            if (StringUtils.isNotBlank(nameID.getValue())
-                    && idp.getConnObjectKeyItem().getExtAttrName().equals("NameID"))
{
+        if (StringUtils.isNotBlank(nameID.getValue())
+            && idp.getConnObjectKeyItem().getExtAttrName().equals("NameID")) {
 
-                keyValue = nameID.getValue();
-            }
+            keyValue = nameID.getValue();
+        }
 
-            if (assertion.getConditions().getNotOnOrAfter() != null) {
-                responseTO.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter().toDate());
-            }
-            for (AuthnStatement authnStmt : assertion.getAuthnStatements()) {
-                responseTO.setSessionIndex(authnStmt.getSessionIndex());
+        if (assertion.getConditions().getNotOnOrAfter() != null) {
+            responseTO.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter().toDate());
+        }
+        for (AuthnStatement authnStmt : assertion.getAuthnStatements()) {
+            responseTO.setSessionIndex(authnStmt.getSessionIndex());
 
-                responseTO.setAuthInstant(authnStmt.getAuthnInstant().toDate());
-                if (authnStmt.getSessionNotOnOrAfter() != null) {
-                    responseTO.setNotOnOrAfter(authnStmt.getSessionNotOnOrAfter().toDate());
-                }
+            responseTO.setAuthInstant(authnStmt.getAuthnInstant().toDate());
+            if (authnStmt.getSessionNotOnOrAfter() != null) {
+                responseTO.setNotOnOrAfter(authnStmt.getSessionNotOnOrAfter().toDate());
             }
+        }
 
-            for (AttributeStatement attrStmt : assertion.getAttributeStatements()) {
-                for (Attribute attr : attrStmt.getAttributes()) {
-                    if (!attr.getAttributeValues().isEmpty()) {
-                        String attrName = attr.getFriendlyName() == null ? attr.getName()
: attr.getFriendlyName();
-                        if (attrName.equals(idp.getConnObjectKeyItem().getExtAttrName())
-                                && attr.getAttributeValues().get(0) instanceof XSString)
{
+        for (AttributeStatement attrStmt : assertion.getAttributeStatements()) {
+            for (Attribute attr : attrStmt.getAttributes()) {
+                if (!attr.getAttributeValues().isEmpty()) {
+                    String attrName = attr.getFriendlyName() == null ? attr.getName() : attr.getFriendlyName();
+                    if (attrName.equals(idp.getConnObjectKeyItem().getExtAttrName())
+                        && attr.getAttributeValues().get(0) instanceof XSString)
{
 
-                            keyValue = ((XSString) attr.getAttributeValues().get(0)).getValue();
-                        }
+                        keyValue = ((XSString) attr.getAttributeValues().get(0)).getValue();
+                    }
 
-                        AttrTO attrTO = new AttrTO();
-                        attrTO.setSchema(attrName);
-                        for (XMLObject value : attr.getAttributeValues()) {
-                            if (value.getDOM() != null) {
-                                attrTO.getValues().add(value.getDOM().getTextContent());
-                            }
+                    AttrTO attrTO = new AttrTO();
+                    attrTO.setSchema(attrName);
+                    for (XMLObject value : attr.getAttributeValues()) {
+                        if (value.getDOM() != null) {
+                            attrTO.getValues().add(value.getDOM().getTextContent());
                         }
-                        responseTO.getAttrs().add(attrTO);
                     }
+                    responseTO.getAttrs().add(attrTO);
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/88391163/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
index fa48e77..3c2d547 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
@@ -44,6 +44,7 @@ import javax.xml.transform.stream.StreamResult;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
 import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator;
 import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator;
+import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.syncope.common.lib.SSOConstants;
 import org.apache.syncope.common.lib.types.SAML2BindingType;
@@ -203,7 +204,7 @@ public class SAML2ReaderWriter {
         return Base64.getEncoder().encodeToString(deflatedBytes);
     }
 
-    public void validate(
+    public SSOValidatorResponse validate(
             final Response samlResponse,
             final SAML2IdPEntity idp,
             final String assertionConsumerURL,
@@ -225,7 +226,8 @@ public class SAML2ReaderWriter {
         ssoResponseValidator.setIssuerIDP(idp.getId());
         ssoResponseValidator.setRequestId(requestId);
         ssoResponseValidator.setSpIdentifier(spEntityID);
-        ssoResponseValidator.validateSamlResponse(samlResponse, idp.getBindingType() == SAML2BindingType.POST);
+        SSOValidatorResponse validatorResponse =
+            ssoResponseValidator.validateSamlResponse(samlResponse, idp.getBindingType()
== SAML2BindingType.POST);
 
         if (LOG.isDebugEnabled()) {
             try {
@@ -238,5 +240,7 @@ public class SAML2ReaderWriter {
                 LOG.error("Could not log the SAML response with decrypted assertions", e);
             }
         }
+
+        return validatorResponse;
     }
 }


Mime
View raw message