Repository: cxf-fediz Updated Branches: refs/heads/master 8b0146d7d -> 9fa14d005
Store the SAML SSO RequestId on the context Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bd7dc9f1 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bd7dc9f1 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bd7dc9f1 Branch: refs/heads/master Commit: bd7dc9f12a7f89ca87a894f50dfc46b1baea08a6 Parents: 8b0146d Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Mar 18 16:11:58 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Mar 18 16:11:58 2015 +0000 ---------------------------------------------------------------------- .../idp/protocols/TrustedIdpSAMLProtocolHandler.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bd7dc9f1/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java index 2cc03c3..4163b20 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java @@ -39,7 +39,6 @@ import javax.ws.rs.core.UriBuilder; import org.w3c.dom.Document; import org.w3c.dom.Element; - import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64Utility; import org.apache.cxf.common.util.StringUtils; @@ -82,6 +81,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler public static final String PROTOCOL = "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser"; private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpSAMLProtocolHandler.class); + private static final String SAML_SSO_REQUEST_ID = "saml-sso-request-id"; private AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder(); // private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME; @@ -131,6 +131,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler if (trustedIdp.isSignRequest()) { signRequest(urlEncodedRequest, wctx, idp, ub); } + + // Store the Request ID + String authnRequestId = authnRequest.getID(); + WebUtils.putAttributeInExternalContext(context, SAML_SSO_REQUEST_ID, authnRequestId); // TODO How to set headers here? // .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store") @@ -367,7 +371,11 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler ssoResponseValidator.setClientAddress(servletRequest.getRemoteAddr()); ssoResponseValidator.setIssuerIDP(trustedIdp.getUrl()); - // TODO ssoResponseValidator.setRequestId(requestState.getSamlRequestId()); + + // Get the stored request ID + String requestId = + (String)WebUtils.getAttributeFromExternalContext(requestContext, SAML_SSO_REQUEST_ID); + ssoResponseValidator.setRequestId(requestId); ssoResponseValidator.setSpIdentifier(idp.getRealm()); ssoResponseValidator.setEnforceAssertionsSigned(true); ssoResponseValidator.setEnforceKnownIssuer(true);
