Author: coheigea
Date: Thu May 31 13:50:03 2012
New Revision: 1344724
URL: http://svn.apache.org/viewvc?rev=1344724&view=rev
Log:
Check that the received Issuer for SAML Web SSO is a prefix of the configured
IDP rather than match the Strings directly
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java?rev=1344724&r1=1344723&r2=1344724&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
Thu May 31 13:50:03 2012
@@ -141,8 +141,8 @@ public class SAMLSSOResponseValidator {
return;
}
- // Issuer value must match Issuer IDP
- if (!issuer.getValue().equals(issuerIDP)) {
+ // Issuer value must match (be contained in) Issuer IDP
+ if (!issuerIDP.startsWith(issuer.getValue())) {
LOG.fine("Issuer value: " + issuer.getValue() + " does not match
issuer IDP: "
+ issuerIDP);
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidSAMLsecurity");
