coheigea closed pull request #28: [FEDIZ-218] Support SAML Token without
Audience Restriction
URL: https://github.com/apache/cxf-fediz/pull/28
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
index c92da54f..7fd308c2 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
@@ -269,7 +269,7 @@ private void validateAudienceRestrictionCondition(
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
List<AudienceRestriction> audienceRestrs =
conditions.getAudienceRestrictions();
- if (!matchSaml2AudienceRestriction(spIdentifier, audienceRestrs)) {
+ if (!audienceRestrs.isEmpty() &&
!matchSaml2AudienceRestriction(spIdentifier, audienceRestrs)) {
LOG.debug("Assertion does not contain unique subject provider
identifier "
+ spIdentifier + " in the audience restriction
conditions");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
