[picketlink-commits] Picketlink SVN: r766 - in federation/trunk: picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow and 8 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Tue Feb 22 21:09:24 EST 2011
Author: anil.saldhana at jboss.com
Date: 2011-02-22 21:09:23 -0500 (Tue, 22 Feb 2011)
New Revision: 766
Added:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java
federation/trunk/picketlink-bindings/src/test/resources/responseIDP/
federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
Log:
PLFED-140: PLFED-141:
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.security.Principal;
+import java.util.Arrays;
import java.util.List;
import java.util.Set;
@@ -241,7 +242,9 @@
String username = principal.getName();
String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
-
+ if( trace )
+ log.trace( "Roles determined for username=" + username + "=" + Arrays.toString( roles.toArray() ) );
+
//Map to JBoss specific principal
if((new ServerDetector()).isJboss() || jbossEnv)
{
@@ -251,9 +254,9 @@
ServiceProviderSAMLContext.clear();
}
else
- {
+ {
//tomcat env
- principal = spUtil.createGenericPrincipal(request, principal.getName(), roles);
+ principal = spUtil.createGenericPrincipal(request, username, roles);
}
session.setNote(Constants.SESS_USERNAME_NOTE, username);
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -117,6 +117,8 @@
boolean willSendRequest)
throws ProcessingException, ConfigurationException, IOException
{
+ if( keyManager == null )
+ throw new IllegalStateException( "Key Manager is null" );
//Sign the document
SAML2Signature samlSignature = new SAML2Signature();
KeyPair keypair = keyManager.getSigningKeyPair();
Added: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,126 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.bindings.workflow;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.net.URL;
+
+import org.apache.catalina.deploy.LoginConfig;
+import org.junit.Test;
+import org.picketlink.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator;
+import org.picketlink.identity.federation.web.constants.GeneralConstants;
+import org.picketlink.identity.federation.web.util.PostBindingUtil;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaContext;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaContextClassLoader;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaRequest;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaResponse;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaSession;
+
+/**
+ * Validating PicketLink SP Handling of
+ * a response from Ping Federate IDP.
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 22, 2011
+ */
+public class PingFederateResponseTestCase
+{
+ private String profile = "saml2/post";
+ private ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+
+ @Test
+ public void testSP() throws Exception
+ {
+ MockCatalinaSession session = new MockCatalinaSession();
+ //First we go to the employee application
+ MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/ping");
+ Thread.currentThread().setContextClassLoader(mclSPEmp);
+ SPPostFormAuthenticator spEmpl = new SPPostFormAuthenticator();
+
+ MockCatalinaContext context = new MockCatalinaContext();
+ spEmpl.setContainer(context);
+ spEmpl.testStart();
+
+
+ MockCatalinaRequest catalinaRequest = new MockCatalinaRequest();
+ catalinaRequest.setSession(session);
+ catalinaRequest.setContext(context);
+
+ String idpResponse = PostBindingUtil.base64Encode( new String( readIDPResponse()) );
+
+ catalinaRequest.setParameter( GeneralConstants.SAML_RESPONSE_KEY, idpResponse );
+
+ MockCatalinaResponse catalinaResponse = new MockCatalinaResponse();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ catalinaResponse.setWriter(new PrintWriter(baos));
+
+ LoginConfig loginConfig = new LoginConfig();
+ assertTrue( spEmpl.authenticate(catalinaRequest, catalinaResponse, loginConfig) );
+ }
+
+ private byte[] readIDPResponse() throws IOException
+ {
+ File file = new File( tcl.getResource("responseIDP/pingidp.xml").getPath() );
+ InputStream is = new FileInputStream( file );
+ assertNotNull( is );
+
+ long length = file.length();
+
+ // Create the byte array to hold the data
+ byte[] bytes = new byte[(int)length];
+
+ // Read in the bytes
+ int offset = 0;
+ int numRead = 0;
+ while (offset < bytes.length
+ && (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) {
+ offset += numRead;
+ }
+
+ // Ensure all the bytes have been read in
+ if (offset < bytes.length) {
+ throw new IOException("Could not completely read file "+file.getName());
+ }
+
+ // Close the input stream and return bytes
+ is.close();
+ return bytes;
+ }
+
+ private MockCatalinaContextClassLoader setupTCL(String resource)
+ {
+ URL[] urls = new URL[] {tcl.getResource(resource)};
+
+ MockCatalinaContextClassLoader mcl = new MockCatalinaContextClassLoader(urls);
+ mcl.setDelegate(tcl);
+ mcl.setProfile(resource);
+ return mcl;
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml
===================================================================
--- federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,229 @@
+<samlp:Response Destination="https://201.000.000.00/gctxyz" InResponseTo="ID_76b05a86-993e-4ba4-83b6-e0fe7d292e78"
+
+ IssueInstant="2011-02-21T17:35:08.182Z" ID="o5x7YnbyTo.XL_47-oLmZwgUgpP" Version="2.0"
+
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+
+ <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.xyz.com</saml:Issuer>
+
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+
+ <ds:SignedInfo>
+
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+
+ <ds:Reference URI="#o5x7YnbyTo.XL_47-oLmZwgUgpP">
+
+ <ds:Transforms>
+
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+
+ </ds:Transforms>
+
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+
+ <ds:DigestValue>joOnzlFL1squOg8uAb5fLcA9x0s=</ds:DigestValue>
+
+ </ds:Reference>
+
+ </ds:SignedInfo>
+
+ <ds:SignatureValue>
+
+ ...
+
+ </ds:SignatureValue>
+
+ <ds:KeyInfo>
+
+ <ds:X509Data>
+
+ <ds:X509Certificate>
+
+ ...
+
+ </ds:X509Certificate>
+
+ </ds:X509Data>
+
+ <ds:KeyValue>
+
+ <ds:RSAKeyValue>
+
+ <ds:Modulus>
+
+ ...
+
+ </ds:Modulus>
+
+ <ds:Exponent>AQAB</ds:Exponent>
+
+ </ds:RSAKeyValue>
+
+ </ds:KeyValue>
+
+ </ds:KeyInfo>
+
+ </ds:Signature>
+
+ <samlp:Status>
+
+ <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+
+ </samlp:Status>
+
+ <saml:Assertion Version="2.0" IssueInstant="2011-02-21T17:35:08.196Z" ID="RM9ViMLu.M-ejey1FVNCeeIBws."
+
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+
+ <saml:Issuer>https://test.xyz.com</saml:Issuer>
+
+ <saml:Subject>
+
+ <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">asptest</saml:NameID>
+
+ <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+
+ <saml:SubjectConfirmationData InResponseTo="ID_76b05a86-993e-4ba4-83b6-e0fe7d292e78"
+
+ NotOnOrAfter="2023-02-21T17:40:08.196Z"
+
+ Recipient="https://201.000.000.00/gctxyz"/>
+
+ </saml:SubjectConfirmation>
+
+ </saml:Subject>
+
+ <saml:Conditions NotOnOrAfter="2023-02-21T17:40:08.196Z" NotBefore="2011-02-21T17:30:08.196Z">
+
+ <saml:AudienceRestriction>
+
+ <saml:Audience>https://201.000.000.00/gctxyz</saml:Audience>
+
+ </saml:AudienceRestriction>
+
+ </saml:Conditions>
+
+ <saml:AuthnStatement AuthnInstant="2011-02-21T17:35:08.195Z" SessionIndex="RM9ViMLu.M-ejey1FVNCeeIBws.">
+
+ <saml:AuthnContext>
+
+ <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
+
+ </saml:AuthnContextClassRef>
+
+ </saml:AuthnContext>
+
+ </saml:AuthnStatement>
+
+ <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="street">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_street
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="zipcode">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_zipcode
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="state">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_state
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="lastname">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_lastname
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="firstname">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_firstname
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="billtoid">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_billtoid
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="telephonenumber">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_telephonenumber
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="city">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_city
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="email">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_email
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="contractnumber">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_contractnumber
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ </saml:AttributeStatement>
+
+ </saml:Assertion>
+
+</samlp:Response>
\ No newline at end of file
Added: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml
===================================================================
--- federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,5 @@
+<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0">
+ <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>
+ <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Property changes on: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml
___________________________________________________________________
Added: svn:executable
+ *
Added: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml
===================================================================
--- federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,37 @@
+<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0" ServerEnvironment="tomcat">
+
+ <IdentityURL>https://fedtst.company.com/idp/SSO.saml2</IdentityURL>
+
+ <ServiceURL>https://201.000.000.00/gctxyz</ServiceURL>
+ <Trust>
+
+ <Domains>localhost,jboss.com,jboss.org,fedtst.company.com,201.000.000.00</Domains>
+
+ </Trust>
+ <KeyProvider
+
+ ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
+
+
+
+ <Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" />
+
+ <Auth Key="KeyStorePass" Value="store123" />
+
+ <Auth Key="SigningKeyPass" Value="test123" />
+
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+
+
+
+ <ValidatingAlias Key="localhost" Value="picketlink"/>
+
+ <ValidatingAlias Key="127.0.0.1" Value="picketlink"/>
+
+ <ValidatingAlias Key="fedtst.company.com" Value="test"/>
+
+ </KeyProvider>
+
+
+
+</PicketLinkSP>
\ No newline at end of file
Property changes on: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml
___________________________________________________________________
Added: svn:executable
+ *
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -40,9 +40,10 @@
String CONFIGURATION = "CONFIGURATION";
String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml";
+ String DISABLE_ROLE_PICKING = "DisableRolePicking";
+
String GLOBAL_LOGOUT = "GLO";
-
String HANDLER_CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-handlers.xml";
String IDENTITY_SERVER = "IDENTITY_SERVER";
@@ -58,6 +59,12 @@
String ROLES = "ROLES";
String ROLES_ID = "jboss_identity.roles";
+ /**
+ * {@link SAML2AuthenticationHandler} can be configured with a key that picks
+ * the attributes from the IDP attribute statements
+ */
+ String ROLE_KEY = "ROLE_KEY";
+
String ROLE_GENERATOR = "ROLE_GENERATOR";
String ROLE_VALIDATOR = "ROLE_VALIDATOR";
String ROLE_VALIDATOR_IGNORE = "ROLE_VALIDATOR_IGNORE";
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -55,6 +55,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
@@ -510,10 +511,32 @@
{
List<String> roles = new ArrayList<String>();
+ //PLFED-141: Disable role picking from IDP response
+ if( handlerConfig.containsKey( GeneralConstants.DISABLE_ROLE_PICKING ))
+ {
+ String val = (String) handlerConfig.getParameter( GeneralConstants.DISABLE_ROLE_PICKING );
+ if( StringUtil.isNotNull(val) && "true".equalsIgnoreCase(val) )
+ return roles;
+ }
+
+ //PLFED-140: which of the attribute statements represent roles?
+ List<String> roleKeys = new ArrayList<String>();
+
+ if( handlerConfig.containsKey( GeneralConstants.ROLE_KEY ) )
+ {
+ String roleKey = (String) handlerConfig.getParameter( GeneralConstants.ROLE_KEY );
+ roleKeys.addAll( StringUtil.tokenize( roleKey ) );
+ }
+
List<ASTChoiceType> attList = attributeStatement.getAttributes();
for(ASTChoiceType obj:attList)
{
AttributeType attr = obj.getAttribute();
+ if( roleKeys.size() > 0 )
+ {
+ if( !roleKeys.contains( attr.getNameFormat() ) )
+ continue;
+ }
List<Object> attributeValues = attr.getAttributeValue();
if( attributeValues != null)
{
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -175,7 +175,9 @@
* @throws IssuerNotTrustedException
*/
private boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
- {
+ {
+ if( keyManager == null )
+ throw new IllegalStateException( "Key Manager is null" );
Document samlResponse = samlDocumentHolder.getSamlDocument();
ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
More information about the picketlink-commits
mailing list