[FEDIZ-162] - Make it possible to disable the requirement for a SAML SSO signature
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e34b37f1 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e34b37f1 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e34b37f1 Branch: refs/heads/master Commit: e34b37f1d691bc36b212de9e23ef568f1cd4f5e5 Parents: 3285516 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Apr 8 15:54:24 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Apr 8 17:40:44 2016 +0100 ---------------------------------------------------------------------- .../idp/beans/samlsso/AuthnRequestValidator.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e34b37f1/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java index 80f4d0c..0b99805 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestValidator.java @@ -66,6 +66,8 @@ import org.springframework.webflow.execution.RequestContext; public class AuthnRequestValidator { private static final Logger LOG = LoggerFactory.getLogger(AuthnRequestValidator.class); + + private boolean requireSignature = true; public void validateAuthnRequest(RequestContext context, Idp idp, String signature, String relayState, String samlRequest, String realm) @@ -129,9 +131,11 @@ public class AuthnRequestValidator { LOG.debug("Signature validation failed"); throw new ProcessingException(TYPE.BAD_REQUEST); } - } else { + } else if (requireSignature) { LOG.debug("No signature is present, therefore the request is rejected"); throw new ProcessingException(TYPE.BAD_REQUEST); + } else { + LOG.debug("No signature is present, but this is allowed by configuration"); } } @@ -241,5 +245,17 @@ public class AuthnRequestValidator { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } } + + public boolean isRequireSignature() { + return requireSignature; + } + + /** + * Whether to require a signature or not on the AuthnRequest + * @param requireSignature + */ + public void setRequireSignature(boolean requireSignature) { + this.requireSignature = requireSignature; + } }
