Repository: cxf-fediz Updated Branches: refs/heads/master 47c11c804 -> 623c960b8
Initial attempt at supporting processing of WS-Fed response for SAML SSO IdP Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/ccf669be Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/ccf669be Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/ccf669be Branch: refs/heads/master Commit: ccf669be3ab4ec845f8f74be9d6b246a6c3896d6 Parents: 47c11c8 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Oct 28 16:24:12 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Oct 28 16:24:12 2016 +0100 ---------------------------------------------------------------------- .../idp/beans/SigninParametersCacheAction.java | 9 +++++ .../WEB-INF/flows/saml-validate-request.xml | 37 ++++++++++++++++++-- 2 files changed, 44 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ccf669be/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java index 99b36e6..0c139c3 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java @@ -65,6 +65,10 @@ public class SigninParametersCacheAction { if (value != null) { signinParams.put(FederationConstants.PARAM_CONTEXT, value); } + value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST); + if (value != null) { + signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value); + } WebUtils.putAttributeInExternalContext(context, uuidKey, signinParams); LOG.debug("SignIn parameters cached: {}", signinParams.toString()); @@ -111,6 +115,11 @@ public class SigninParametersCacheAction { if (value != null) { WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, value); } + + value = (String)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST); + if (value != null) { + WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, value); + } } else { LOG.debug("Error in restoring security context"); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ccf669be/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml index 872c7d0..ca154ba 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml @@ -28,12 +28,18 @@ <set name="flowScope.RelayState" value="requestParameters.RelayState" /> <set name="flowScope.SAMLRequest" value="requestParameters.SAMLRequest" /> <set name="flowScope.Signature" value="requestParameters.Signature" /> + <set name="flowScope.wresult" value="requestParameters.wresult" /> <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())" /> </on-entry> + <if test="requestParameters.SAMLRequest != null and !requestParameters.SAMLRequest.isEmpty()" + then="signinSAMLRequest" /> + <if test="requestParameters.wresult != null and !requestParameters.wresult.isEmpty()" + then="signinResponse" /> + <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.length() == 0" + then="viewBadRequest" else="signinResponse" /> + <!-- TODO Refactor this --> <if test="requestParameters.RelayState == null or requestParameters.RelayState.length() == 0" then="handleBadRequestError" /> - <if test="requestParameters.SAMLRequest != null and !requestParameters.SAMLRequest.isEmpty()" - then="signinSAMLRequest" else="handleBadRequestError" /> </decision-state> <subflow-state id="signinSAMLRequest" subflow="signinSAMLRequest"> @@ -63,6 +69,33 @@ </transition> </subflow-state> + <subflow-state id="signinResponse" subflow="signinResponse"> + <input name="idpConfig" value="flowScope.idpConfig" /> + <input name="wfresh" value="flowScope.wfresh" /> + <input name="wctx" value="flowScope.wctx" /> + <input name="wauth" value="flowScope.wauth" /> + <input name="wresult" value="flowScope.wresult" /> + <input name="RelayState" value="flowScope.RelayState" /> + <input name="SAMLResponse" value="flowScope.SAMLResponse" /> + <input name="state" value="flowScope.state" /> + <input name="code" value="flowScope.code" /> + <input name="whr" value="flowScope.whr" /> + + <output name="wtrealm" /> + <output name="wreply" /> + <output name="wctx" /> + <output name="whr" /> + <output name="idpToken" /> + + <transition on="requestRpToken" to="requestRpToken"> + <set name="flowScope.homerealm" value="currentEvent.attributes.whr" /> + <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" /> + <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" /> + </transition> + <transition on="viewBadRequest" to="viewBadRequest" /> + <transition on="scInternalServerError" to="scInternalServerError" /> + </subflow-state> + <!-- produce RP security token (as String type) --> <action-state id="requestRpToken"> <on-entry>
