Author: anil.saldhana(a)jboss.com
Date: 2009-06-03 18:23:56 -0400 (Wed, 03 Jun 2009)
New Revision: 573
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
Log:
logging and trust checking
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java 2009-06-03
22:23:26 UTC (rev 572)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java 2009-06-03
22:23:56 UTC (rev 573)
@@ -51,7 +51,7 @@
builder.append("SAMLRequest=" + param).append("\n");
builder.append("Parameter exists?="+ param !=
null).append("\n");
String debugInfo = builder.toString();
- log.debug("SP Sent POST::"+ debugInfo);
+ log.debug("SP Sent::"+ debugInfo);
getNext().invoke(request, response);
}
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-06-03
22:23:26 UTC (rev 572)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-06-03
22:23:56 UTC (rev 573)
@@ -81,6 +81,7 @@
if(containsSAMLRequestMessage)
{
+ log.trace("Storing the SAMLRequest and RelayState in session");
session.setNote("SAMLRequest", samlMessage);
if(relayState != null)
session.setNote("RelayState", relayState);
@@ -134,6 +135,8 @@
*/
samlMessage = (String) session.getNote("SAMLRequest");
relayState = (String) session.getNote("RelayState");
+ log.trace("Retrieved saml message and relay state from session");
+ log.trace("saml message=" + samlMessage + "::relay state="+
relayState);
session.removeNote("SAMLRequest");
session.removeNote("RelayState");
@@ -160,6 +163,7 @@
}
catch (IssuerNotTrustedException e)
{
+ log.trace(e);
responseType =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
@@ -167,6 +171,7 @@
}
catch (ParsingException e)
{
+ log.trace(e);
responseType =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
@@ -174,6 +179,7 @@
}
catch (ConfigurationException e)
{
+ log.trace(e);
responseType =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
@@ -181,6 +187,7 @@
}
catch (IssueInstantMissingException e)
{
+ log.trace(e);
responseType =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-06-03
22:23:26 UTC (rev 572)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-06-03
22:23:56 UTC (rev 573)
@@ -28,6 +28,7 @@
import java.io.StringWriter;
import java.security.Principal;
import java.util.List;
+import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.xml.bind.JAXBException;
@@ -138,6 +139,8 @@
long assertionValidity)
throws ConfigurationException, IssueInstantMissingException
{
+ log.trace("AssertionConsumerURL=" + assertionConsumerURL +
+ "::assertion validity=" + assertionValidity);
ResponseType responseType = null;
SAML2Response saml2Response = new SAML2Response();
@@ -204,8 +207,23 @@
if(idpTrust != null)
{
String domainsTrusted = idpTrust.getDomains();
+ log.trace("Domains that IDP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
if(domainsTrusted.indexOf(issuerDomain) < 0)
- throw new IssuerNotTrustedException(issuer);
+ {
+ //Let us do string parts checking
+ StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
+ while(st != null && st.hasMoreTokens())
+ {
+ String uriBit = st.nextToken();
+ log.trace("Matching uri bit="+ uriBit);
+ if(issuerDomain.indexOf(uriBit) > 0)
+ {
+ log.trace("Matched " + uriBit + " trust for " +
issuerDomain );
+ return;
+ }
+ }
+ throw new IssuerNotTrustedException(issuer);
+ }
}
}
catch (Exception e)
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-06-03
22:23:26 UTC (rev 572)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-06-03
22:23:56 UTC (rev 573)
@@ -28,6 +28,7 @@
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
+import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.xml.bind.JAXBException;
@@ -210,13 +211,28 @@
try
{
String issuerDomain = ValveUtil.getDomain(issuer);
- TrustType idpTrust = spConfiguration.getTrust();
- if(idpTrust != null)
+ TrustType spTrust = spConfiguration.getTrust();
+ if(spTrust != null)
{
- String domainsTrusted = idpTrust.getDomains();
+ String domainsTrusted = spTrust.getDomains();
+ log.trace("Domains that SP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
if(domainsTrusted.indexOf(issuerDomain) < 0)
- throw new IssuerNotTrustedException(issuer);
- }
+ {
+ //Let us do string parts checking
+ StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
+ while(st != null && st.hasMoreTokens())
+ {
+ String uriBit = st.nextToken();
+ log.trace("Matching uri bit="+ uriBit);
+ if(issuerDomain.indexOf(uriBit) > 0)
+ {
+ log.trace("Matched " + uriBit + " trust for " +
issuerDomain );
+ return;
+ }
+ }
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
}
catch (Exception e)
{