Repository: cxf-fediz Updated Branches: refs/heads/master 94cafcf36 -> 6fc7f301d
More spring webflow consolidation Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/44633f3d Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/44633f3d Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/44633f3d Branch: refs/heads/master Commit: 44633f3d6914224b74917a64e68e186731b06850 Parents: 94cafcf Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Dec 14 10:50:40 2016 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Dec 14 10:50:40 2016 +0000 ---------------------------------------------------------------------- .../idp/beans/SigninParametersCacheAction.java | 26 ++++++-------------- .../WEB-INF/flows/federation-signin-request.xml | 9 ++++--- .../flows/federation-validate-request.xml | 5 ++-- .../WEB-INF/flows/saml-signin-request.xml | 12 +++++---- .../WEB-INF/flows/saml-validate-request.xml | 5 ++-- .../webapp/WEB-INF/flows/signin-response.xml | 3 +-- 6 files changed, 27 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/44633f3d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java index 4572bb5..538841d 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java @@ -50,6 +50,10 @@ public class SigninParametersCacheAction { if (value != null) { signinParams.put(IdpConstants.HOME_REALM, value); } + value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.CONTEXT); + if (value != null) { + signinParams.put(IdpConstants.CONTEXT, value); + } if ("wsfed".equals(protocol)) { value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.RETURN_ADDRESS); @@ -60,16 +64,7 @@ public class SigninParametersCacheAction { if (value != null) { signinParams.put(IdpConstants.REALM, value); } - value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT); - if (value != null) { - signinParams.put(FederationConstants.PARAM_CONTEXT, value); - } } else if ("samlsso".equals(protocol)) { - // TODO - value = WebUtils.getAttributeFromFlowScope(context, "RelayState"); - if (value != null) { - signinParams.put("RelayState", value); - } value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST); if (value != null) { signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value); @@ -112,22 +107,17 @@ public class SigninParametersCacheAction { LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT + "[" + contextKey + "] cleared."); - value = (String)signinParams.get(FederationConstants.PARAM_CONTEXT); - if (value != null) { - WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, value); - } } else if ("samlsso".equals(protocol)) { SAMLAuthnRequest authnRequest = (SAMLAuthnRequest)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST); if (authnRequest != null) { WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest); } + } - // TODO - value = (String)signinParams.get("RelayState"); - if (value != null) { - WebUtils.putAttributeInFlowScope(context, "RelayState", value); - } + value = (String)signinParams.get(IdpConstants.CONTEXT); + if (value != null) { + WebUtils.putAttributeInFlowScope(context, IdpConstants.CONTEXT, value); } } else { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/44633f3d/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml index e202c57..d9e8558 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml @@ -24,13 +24,12 @@ http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd";> <input name="idpConfig" /> - <input name="wctx" /> <input name="wfresh" /> - <input name="wauth" /> <input name="realm" /> <input name="home_realm" /> <input name="protocol" /> <input name="return_address" /> + <input name="request_context" /> <!-- ===== Home Realm Discovery ===== --> @@ -99,7 +98,8 @@ <action-state id="checkRemoteIdpTokenExpiry"> <evaluate expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or - wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)" /> + protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext) + or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" /> <transition on="yes" to="redirectToTrustedIDP" /> <transition on="no" to="validateReturnAddress" > <set name="flowScope.idpToken" value="externalContext.sessionMap[home_realm]" /> @@ -125,7 +125,8 @@ <action-state id="checkLocalIdPTokenExpiry"> <evaluate expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or - wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)" /> + protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext) + or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" /> <transition on="yes" to="redirectToLocalIDP" /> <transition on="no" to="validateReturnAddress"> <set name="flowScope.idpToken" value="externalContext.sessionMap[home_realm]" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/44633f3d/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml index 81098a9..52b5d04 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml @@ -100,6 +100,7 @@ <input name="home_realm" value="flowScope.whr" /> <input name="protocol" value="'wsfed'" /> <input name="return_address" value="flowScope.wreply" /> + <input name="request_context" value="flowScope.request_context" /> <output name="home_realm" /> <output name="idpToken" /> @@ -134,13 +135,13 @@ <output name="realm" /> <output name="wreply" /> - <output name="wctx" /> + <output name="request_context" /> <output name="home_realm" /> <output name="idpToken" /> <transition on="requestRpToken" to="requestRpToken"> <set name="flowScope.whr" value="currentEvent.attributes.home_realm" /> - <set name="flowScope.wctx" value="currentEvent.attributes.wctx" /> + <set name="flowScope.wctx" value="currentEvent.attributes.request_context" /> <set name="flowScope.wtrealm" value="currentEvent.attributes.realm" /> <set name="flowScope.wreply" value="currentEvent.attributes.wreply" /> <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/44633f3d/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml index f79b331..c3f6dbe 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml @@ -24,12 +24,12 @@ http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd";> <input name="idpConfig" /> - <input name="RelayState" /> <input name="saml_authn_request" /> <input name="realm" /> <input name="home_realm" /> <input name="protocol" /> <input name="return_address" /> + <input name="request_context" /> <!-- ===== Home Realm Discovery ===== --> @@ -97,8 +97,9 @@ <action-state id="checkRemoteIdpTokenExpiry"> <evaluate - expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) - or authnRequestParser.isForceAuthentication(flowRequestContext)" /> + expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or + protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext) + or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" /> <transition on="yes" to="redirectToTrustedIDP" /> <transition on="no" to="validateReturnAddress" > <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" /> @@ -123,8 +124,9 @@ <action-state id="checkLocalIdPTokenExpiry"> <evaluate - expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) - or authnRequestParser.isForceAuthentication(flowRequestContext)" /> + expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or + protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext) + or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" /> <transition on="yes" to="redirectToLocalIDP" /> <transition on="no" to="validateReturnAddress"> <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/44633f3d/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml index 2e6cdad..17d6067 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml @@ -106,6 +106,7 @@ <input name="realm" value="flowScope.realm" /> <input name="home_realm" value="null" /> <input name="return_address" value="flowScope.consumerURL" /> + <input name="request_context" value="flowScope.request_context" /> <output name="home_realm" /> <output name="idpToken" /> @@ -139,13 +140,13 @@ <output name="home_realm" /> <output name="idpToken" /> <output name="saml_authn_request" /> - <output name="RelayState" /> + <output name="request_context" /> <transition on="requestRpToken" to="requestRpToken"> <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" /> <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" /> <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" /> - <set name="flowScope.RelayState" value="currentEvent.attributes.RelayState" /> + <set name="flowScope.RelayState" value="currentEvent.attributes.request_context" /> </transition> <transition on="viewBadRequest" to="viewBadRequest" /> <transition on="scInternalServerError" to="scInternalServerError" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/44633f3d/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml index 09a9716..4f63155 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml @@ -66,12 +66,11 @@ subflow to get a RP token from the STS. <end-state id="requestRpToken"> <output name="home_realm" value="flowScope.home_realm" /> - <output name="wctx" value="flowScope.wctx" /> + <output name="request_context" value="flowScope.request_context" /> <output name="wreply" value="flowScope.wreply" /> <output name="realm" value="flowScope.realm" /> <output name="idpToken" value="flowScope.idpToken" /> <output name="saml_authn_request" value="flowScope.saml_authn_request" /> - <output name="RelayState" value="flowScope.RelayState" /> </end-state> <!-- abnormal exit point : Http 400 Bad Request -->
