This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new ebef823 NIFI-8241 This closes #4833. Set the SAML context provider to
use the EmptyStorageFactory
ebef823 is described below
commit ebef823cb93539fede8c1fc10347253d33fdb9af
Author: Bryan Bende <[email protected]>
AuthorDate: Fri Feb 19 14:18:46 2021 -0500
NIFI-8241 This closes #4833. Set the SAML context provider to use the
EmptyStorageFactory
Signed-off-by: Joe Witt <[email protected]>
---
.../web/security/saml/impl/StandardSAMLConfigurationFactory.java | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
index e143524..c1ffd17 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLConfigurationFactory.java
@@ -66,6 +66,7 @@ import
org.springframework.security.saml.processor.HTTPSOAP11Binding;
import org.springframework.security.saml.processor.SAMLBinding;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.processor.SAMLProcessorImpl;
+import org.springframework.security.saml.storage.EmptyStorageFactory;
import org.springframework.security.saml.util.VelocityFactory;
import org.springframework.security.saml.websso.ArtifactResolutionProfileImpl;
import org.springframework.security.saml.websso.SingleLogoutProfile;
@@ -291,6 +292,13 @@ public class StandardSAMLConfigurationFactory implements
SAMLConfigurationFactor
final NiFiSAMLContextProviderImpl contextProvider = new
NiFiSAMLContextProviderImpl();
contextProvider.setMetadata(metadataManager);
contextProvider.setKeyManager(keyManager);
+
+ // Note - the default is HttpSessionStorageFactory, but since we don't
use HttpSessions we can't rely on that,
+ // setting this to the EmptyStorageFactory simply disables checking of
the InResponseTo field, if we ever want
+ // to bring that back we could possibly implement our own in-memory
storage factory
+ //
https://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-troubleshooting.html#d5e1935
+ contextProvider.setStorageFactory(new EmptyStorageFactory());
+
contextProvider.afterPropertiesSet();
return contextProvider;
}
