Repository: cxf-fediz Updated Branches: refs/heads/master bd0511cab -> a4ba98893
Moving SAML Request parsing out of subflow Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/9fdf81d5 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/9fdf81d5 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/9fdf81d5 Branch: refs/heads/master Commit: 9fdf81d521c59a4395084ecfb6e3d39a7900fd82 Parents: bd0511c Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Dec 8 12:44:19 2016 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Dec 8 12:44:19 2016 +0000 ---------------------------------------------------------------------- .../WEB-INF/flows/saml-signin-request.xml | 20 ++++---------------- .../WEB-INF/flows/saml-validate-request.xml | 17 +++++++++++------ 2 files changed, 15 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9fdf81d5/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml index c4adbe5..0198ae0 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml @@ -24,19 +24,10 @@ http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd";> <input name="idpConfig" /> - <input name="SAMLRequest" /> <input name="RelayState" /> - <input name="Signature" /> <input name="protocol" /> + <input name="saml_authn_request" /> - <action-state id="parseAuthnRequest"> - <evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig, - flowScope.SAMLRequest, flowScope.Signature, - flowScope.RelayState)" /> - <transition to="processHRDSExpression"/> - <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" /> - </action-state> - <decision-state id="processHRDSExpression"> <on-entry> <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, null)" @@ -62,14 +53,14 @@ <var name="trustedIDPSelection" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPSelection" /> <binder> - <binding property="whr" required="true" /> + <binding property="home_realm" required="true" /> </binder> <on-entry> <set name="requestScope.idPConfig" value="flowScope.idpConfig" /> </on-entry> <transition on="submit" to="checkIsThisIDP" bind="true" validate="true"> - <set name="flowScope.home_realm" value="trustedIDPSelection.whr" /> + <set name="flowScope.home_realm" value="trustedIDPSelection.home_realm" /> <evaluate expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.home_realm)" /> </transition> @@ -168,13 +159,10 @@ <end-state id="requestRpToken"> <output name="home_realm" value="flowScope.home_realm" /> <output name="idpToken" value="flowScope.idpToken" /> - <output name="saml_authn_request" value="flowScope.saml_authn_request" /> </end-state> <!-- abnormal exit point --> - <end-state id="viewBadRequest"> - <output name="saml_authn_request" value="flowScope.saml_authn_request" /> - </end-state> + <end-state id="viewBadRequest" /> <!-- abnormal exit point --> <end-state id="scInternalServerError" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9fdf81d5/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml index 36ac3a8..7aeb494 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml @@ -57,7 +57,7 @@ <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()" then="viewBadRequest" /> <if test="requestParameters.SAMLRequest != null and !requestParameters.SAMLRequest.isEmpty()" - then="signinSAMLRequest" /> + then="parseSAMLAuthnRequest" /> <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()" then="viewBadRequest" else="signinResponse" /> </decision-state> @@ -74,26 +74,31 @@ then="viewBadRequest" else="signinResponse" /> </decision-state> + <action-state id="parseSAMLAuthnRequest"> + <evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig, + flowScope.SAMLRequest, flowScope.Signature, + flowScope.RelayState)" /> + <transition to="signinSAMLRequest"/> + <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" /> + </action-state> + <subflow-state id="signinSAMLRequest" subflow="signinSAMLRequest"> <input name="idpConfig" value="flowScope.idpConfig" /> <input name="SAMLRequest" value="flowScope.SAMLRequest" /> <input name="RelayState" value="flowScope.RelayState" /> <input name="Signature" value="flowScope.Signature" /> <input name="protocol" value="'samlsso'" /> + <input name="saml_authn_request" value="flowScope.saml_authn_request" /> <output name="home_realm" /> <output name="idpToken" /> <output name="trusted_idp_context" /> - <output name="saml_authn_request" /> <transition on="requestRpToken" to="requestRpToken"> <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" /> <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" /> - <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" /> - </transition> - <transition on="viewBadRequest" to="viewBadRequest"> - <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" /> </transition> + <transition on="viewBadRequest" to="viewBadRequest" /> <transition on="scInternalServerError" to="scInternalServerError" /> <transition on="redirectToLocalIDP" to="redirectToLocalIDP" /> <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
