This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 1.4.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 0865db0fb836d588b080cd7729a1ae5062477436 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Fri Jul 13 16:09:14 2018 +0100 FEDIZ-221 - Add destination to LogoutResponse --- .../cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java | 8 ++++---- .../fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java | 4 +++- .../idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml | 3 ++- .../src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java | 4 ++-- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java index 9ca6b4b..426bbf7 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java @@ -97,10 +97,10 @@ public class SamlResponseCreator { } } - public String createSAMLLogoutResponse(RequestContext context, Idp idp, String requestId) + public String createSAMLLogoutResponse(RequestContext context, Idp idp, String destination, String requestId) throws ProcessingException { try { - Element response = createLogoutResponse(idp, requestId); + Element response = createLogoutResponse(idp, destination, requestId); return encodeResponse(response); } catch (Exception ex) { LOG.warn("Error marshalling SAML Token: {}", ex.getMessage()); @@ -179,7 +179,7 @@ public class SamlResponseCreator { return policyElement; } - protected Element createLogoutResponse(Idp idp, String requestID) throws Exception { + protected Element createLogoutResponse(Idp idp, String destination, String requestID) throws Exception { Document doc = DOMUtils.newDocument(); Status status = @@ -188,7 +188,7 @@ public class SamlResponseCreator { ); String issuer = useRealmForIssuer ? idp.getRealm() : idp.getIdpUrl().toString(); LogoutResponse response = - SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, issuer, status); + SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, issuer, status, destination); Element policyElement = OpenSAMLUtil.toDom(response, doc); doc.appendChild(policyElement); diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java index 7e48340..bba31a8 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java @@ -82,7 +82,8 @@ public final class SAML2PResponseComponentBuilder { public static LogoutResponse createSAMLLogoutResponse( String inResponseTo, String issuer, - Status status + Status status, + String destination ) { if (logoutResponseBuilder == null) { logoutResponseBuilder = (SAMLObjectBuilder<LogoutResponse>) @@ -96,6 +97,7 @@ public final class SAML2PResponseComponentBuilder { response.setIssuer(createIssuer(issuer)); response.setStatus(status); response.setVersion(SAMLVersion.VERSION_20); + response.setDestination(destination); return response; } diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml index 4e62885..61cdadc 100644 --- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml @@ -233,7 +233,8 @@ <evaluate expression="authnRequestParser.retrieveRequestIssuer(flowRequestContext)" result="flowScope.requestIssuer"/> </on-entry> - <evaluate expression="samlResponseCreator.createSAMLLogoutResponse(flowRequestContext, flowScope.idpConfig, flowScope.requestId)" + <evaluate expression="samlResponseCreator.createSAMLLogoutResponse(flowRequestContext, flowScope.idpConfig, + flowScope.consumerURL, flowScope.requestId)" result="flowScope.logoutResponse"/> <transition to="invalidateSessionAction" /> </action-state> diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java index eaf25dd..9ab9f85 100644 --- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java +++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java @@ -1736,7 +1736,7 @@ public class IdpTest { LogoutResponse logoutResponse = (LogoutResponse)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement()); Assert.assertNotNull(logoutResponse); - // TODO further checks + Assert.assertEquals("https://localhost:8080/logout";, logoutResponse.getDestination()); webClient.close(); @@ -1852,7 +1852,7 @@ public class IdpTest { webClient.close(); // 3. now we try to access the idp without authentication but with the existing cookies - // to see if we are really logged out - it should work OK as our LogoutRequest was expired + // to see if we are really logged out - we should still be logged in as our LogoutRequest was expired webClient = new WebClient(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true);
