More flow refactoring
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/775b209c Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/775b209c Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/775b209c Branch: refs/heads/master Commit: 775b209c05df1996427a1c450e9fb6c393982e87 Parents: 9fdf81d Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Dec 8 15:16:29 2016 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Dec 8 15:16:29 2016 +0000 ---------------------------------------------------------------------- .../webapp/WEB-INF/flows/federation-signin-request.xml | 10 +++++++--- .../main/webapp/WEB-INF/flows/saml-signin-request.xml | 11 +++++++---- .../main/webapp/WEB-INF/flows/saml-validate-request.xml | 1 + 3 files changed, 15 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/775b209c/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml index d62c115..6051182 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml @@ -31,6 +31,8 @@ <input name="wauth" /> <input name="home_realm" /> <input name="protocol" /> + + <!-- ===== Home Realm Discovery ===== --> <decision-state id="processHRDSExpression"> <on-entry> @@ -75,14 +77,14 @@ <!-- Home Realm is known then we can store it in cookie --> <decision-state id="checkIsThisIDP"> <if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)" - then="checkWauthTypeSupported" else="checkIdpTokenWhrWauth" /> + then="checkWauthTypeSupported" else="checkIdpTokenHomeRealm" /> </decision-state> <!-- ============================================================================================================= --> <!-- Is 'wresult/RP-IDP token' already received and validated (then stored in session) from requestor IDP ? --> - <decision-state id="checkIdpTokenWhrWauth"> + <decision-state id="checkIdpTokenHomeRealm"> <if test="externalContext.sessionMap[flowScope.home_realm] != null" then="wfreshParserRemoteAction" else="redirectToTrustedIDP" /> </decision-state> @@ -104,7 +106,9 @@ <transition on="yes" to="requestRpToken" /> <transition on="no" to="viewBadRequest" /> </action-state> - + + <!-- ============================================================================================================= --> + <decision-state id="checkWauthTypeSupported"> <on-entry> <!-- Here, home realm is guaranteed to be THIS realm --> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/775b209c/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml index 0198ae0..59ea18b 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml @@ -27,10 +27,13 @@ <input name="RelayState" /> <input name="protocol" /> <input name="saml_authn_request" /> + <input name="home_realm" /> + + <!-- ===== Home Realm Discovery ===== --> <decision-state id="processHRDSExpression"> <on-entry> - <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, null)" + <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, flowScope.home_realm)" result="flowScope.home_realm" /> </on-entry> <if test="flowScope.home_realm == null or flowScope.home_realm.trim().isEmpty()" @@ -71,14 +74,14 @@ <!-- Home Realm is known then we can store it in cookie --> <decision-state id="checkIsThisIDP"> <if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)" - then="homeRealmSignInEntryPoint" else="checkIdpTokenWhrWauth" /> + then="homeRealmSignInEntryPoint" else="checkIdpTokenHomeRealm" /> </decision-state> <!-- ============================================================================================================= --> <!-- Is 'wresult/RP-IDP token' already received and validated (then stored in session) from requestor IDP ? --> - <decision-state id="checkIdpTokenWhrWauth"> + <decision-state id="checkIdpTokenHomeRealm"> <if test="externalContext.sessionMap[flowScope.home_realm] != null" then="wfreshParserRemoteAction" else="redirectToTrustedIDP" /> </decision-state> @@ -109,7 +112,7 @@ <set name="flowScope.home_realm" value="flowScope.idpConfig.realm" /> </on-entry> <if test="flowScope.idpConfig.getAuthenticationURIs() == null" - then="scInternalServerError" /> + then="viewBadRequest" /> <!-- check presence of cached IDP token for THIS realm --> <if test="externalContext.sessionMap[flowScope.home_realm] == null" then="cacheSecurityToken" else="checkTokenExpiry" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/775b209c/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml index 7aeb494..4a430d7 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml @@ -89,6 +89,7 @@ <input name="Signature" value="flowScope.Signature" /> <input name="protocol" value="'samlsso'" /> <input name="saml_authn_request" value="flowScope.saml_authn_request" /> + <input name="home_realm" value="null" /> <output name="home_realm" /> <output name="idpToken" />
