jboss-identity-commits
July 2009
jboss-identity-commits@lists.jboss.org
- 1 participants
- 41 discussions
JBoss Identity SVN: r665 - identity-federation/trunk/jboss-identity-fed-api/src/test/resources.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-29 18:43:53 -0400 (Wed, 29 Jul 2009)
New Revision: 665
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties
Log:
update jdk logging props
Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties 2009-07-29 19:37:02 UTC (rev 664)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties 2009-07-29 22:43:53 UTC (rev 665)
@@ -17,5 +17,9 @@
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
# Set the default logging level for the logger named org.jboss
-org.jcp.xml.dsig.internal.level = FINER
-com.sun.org.apache.xml.internal.security.level = FINER
+org.jcp.xml.dsig.internal.level = FINEST
+javax.xml.bind.ContextFinder.level = SEVERE
+com.sun.org.apache.xml.internal.security.level = FINEST
+com.sun.xml.bind.v2.runtime.reflect.opt.Injector.level=SEVERE
+com.sun.xml.bind.v2.ContextFactory.level=SEVERE
+com.sun.xml.bind.v2.runtime.reflect.level=SEVERE
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r664 - identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-29 15:37:02 -0400 (Wed, 29 Jul 2009)
New Revision: 664
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
Log:
JBID-147: change the canonicalization method
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-07-29 19:33:43 UTC (rev 663)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-07-29 19:37:02 UTC (rev 664)
@@ -201,7 +201,7 @@
Reference ref = fac.newReference
( referenceURI, digestMethodObj,transformList,null, null);
- String canonicalizationMethodType = CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS;
+ String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
CanonicalizationMethod canonicalizationMethod
= fac.newCanonicalizationMethod
(canonicalizationMethodType, (C14NMethodParameterSpec) null);
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r663 - identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-29 15:33:43 -0400 (Wed, 29 Jul 2009)
New Revision: 663
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
Log:
JBID-146: marshaller should not format output
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-07-29 19:04:59 UTC (rev 662)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-07-29 19:33:43 UTC (rev 663)
@@ -58,8 +58,8 @@
public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation)
throws JAXBException, SAXException
{
- Marshaller marshaller = JAXBUtil.getMarshaller(pkgName);
- marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ Marshaller marshaller = getMarshaller(pkgName);
+
//Validate against schema
Schema schema = getJAXPSchemaInstance(schemaLocation);
marshaller.setSchema(schema);
@@ -81,6 +81,7 @@
JAXBContext jc = JAXBContext.newInstance(pkgName);
Marshaller marshaller = jc.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.FALSE); //Breaks signatures
return marshaller;
}
@@ -124,7 +125,7 @@
throw new IllegalStateException("Schema URL is null:" + schemaLocation);
SchemaFactory scFact = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
- //Always install the resolver unless the system propery is set
+ //Always install the resolver unless the system property is set
if(SecurityActions.getSystemProperty("org.jboss.identity.federation.jaxb.ls", null) == null)
scFact.setResourceResolver( new IDFedLSInputResolver());
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r662 - identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-29 15:04:59 -0400 (Wed, 29 Jul 2009)
New Revision: 662
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
Log:
JBID-145:IDFedLSInputResolver is made default
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-07-27 18:01:58 UTC (rev 661)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-07-29 19:04:59 UTC (rev 662)
@@ -123,7 +123,9 @@
if(schemaURL == null)
throw new IllegalStateException("Schema URL is null:" + schemaLocation);
SchemaFactory scFact = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
- if(SecurityActions.getSystemProperty("org.jboss.identity.federation.jaxb.ls", null) != null)
+
+ //Always install the resolver unless the system propery is set
+ if(SecurityActions.getSystemProperty("org.jboss.identity.federation.jaxb.ls", null) == null)
scFact.setResourceResolver( new IDFedLSInputResolver());
scFact.setErrorHandler(new ErrorHandler()
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r661 - identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust.
by jboss-identity-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2009-07-27 14:01:58 -0400 (Mon, 27 Jul 2009)
New Revision: 661
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
Log:
Fixed small error in test case
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-07-27 05:19:13 UTC (rev 660)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-07-27 18:01:58 UTC (rev 661)
@@ -443,10 +443,12 @@
}
catch (WebServiceException we)
{
- assertEquals("Unexpected exception message", "Unable to find a token provider for the token request", we
+ assertEquals("Unexpected exception message", "Exception in handling token request:", we
.getMessage());
assertNotNull("Unexpected null cause", we.getCause());
assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("Unexpected exception message", "Unable to find a token provider for the token request", we
+ .getCause().getMessage());
}
}
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r660 - identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-27 01:19:13 -0400 (Mon, 27 Jul 2009)
New Revision: 660
Added:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
Log:
JBID-142: HTTP/Post based SAML browser profile supports sig on both SP and IDP
Added: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java (rev 0)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-07-27 05:19:13 UTC (rev 660)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+
+import javax.xml.bind.JAXBException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.bindings.config.KeyProviderType;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.bindings.util.PostBindingUtil;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SignatureInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.xml.sax.SAXException;
+
+/**
+ * JBID-142: POST form authenticator that can
+ * handle signatures at the SP side
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 24, 2009
+ */
+public class SPPostSignatureFormAuthenticator extends SPPostFormAuthenticator
+{
+ private static Logger log = Logger.getLogger(SPPostSignatureFormAuthenticator.class);
+
+ private TrustKeyManager keyManager;
+
+ @Override
+ public void start() throws LifecycleException
+ {
+ super.start();
+ KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new LifecycleException("KeyProvider is null");
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+
+ protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState, Response response)
+ throws IOException, SAXException, JAXBException, GeneralSecurityException
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Request.marshall(authnRequest, baos);
+
+ String samlMessage = PostBindingUtil.base64Encode(baos.toString());
+ String destination = authnRequest.getDestination();
+
+ //Get the signing key
+ PrivateKey signingKey = keyManager.getSigningKey();
+
+ //SigAlg
+ String algo = signingKey.getAlgorithm();
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ byte[] signedValue = SignatureUtil.sign(samlMessage, signingKey);
+
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
+ new SignatureInfoHolder(signedValue,sigAlg),response, true);
+ }
+
+ @Override
+ protected boolean validate(Request request) throws IOException, GeneralSecurityException
+ {
+ boolean result = super.validate(request);
+ if( result == false)
+ return result;
+
+ String samlMessage = request.getParameter("SAMLResponse");
+
+ //Check if there is a signature
+ String sig = request.getParameter("Signature");
+ if(sig == null || sig.length() == 0)
+ {
+ log.error("Signature Value missing in response from IDP");
+ return false;
+ }
+ String sigAlg = request.getParameter("sigAlg");
+ if(sigAlg == null || sigAlg.length() == 0)
+ {
+ log.error("Signature Algorithm missing in the response from IDP");
+ return false;
+ }
+
+ return PostBindingUtil.validateSignature(samlMessage.getBytes("UTF-8"), sig,
+ keyManager.getValidatingKey(request.getRemoteAddr()));
+ }
+}
\ No newline at end of file
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r659 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat and 18 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-27 01:18:11 -0400 (Mon, 27 Jul 2009)
New Revision: 659
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java
identity-federation/trunk/jboss-identity-webapps/idp-sig/
identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath
identity-federation/trunk/jboss-identity-webapps/idp-sig/.project
identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/
identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs
identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/piechart.gif
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java
identity-federation/trunk/jboss-identity-webapps/pom.xml
Log:
JBID-142: HTTP/Post based SAML browser profile supports sig on both SP and IDP
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -40,6 +40,7 @@
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
import org.jboss.identity.federation.bindings.config.STSType;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
@@ -87,11 +88,19 @@
*
* @param request a {@code RequestSecurityToken} instance that contains the request information.
* @return a {@code Source} instance representing the marshalled response.
+ * @throws WebServiceException Any exception encountered in handling token
*/
protected Source handleTokenRequest(RequestSecurityToken request)
{
if(this.config == null)
- this.config = this.getConfiguration();
+ try
+ {
+ this.config = this.getConfiguration();
+ }
+ catch (ConfigurationException e)
+ {
+ throw new WebServiceException("Encountered configuration exception:", e);
+ }
WSTrustRequestHandler handler = this.config.getRequestHandler();
String requestType = request.getRequestType().toString();
@@ -111,7 +120,7 @@
}
catch (WSTrustException we)
{
- throw new WebServiceException(we.getMessage(), we);
+ throw new WebServiceException("Exception in handling token request:", we);
}
}
@@ -125,8 +134,7 @@
*/
protected Source handleTokenRequestCollection(RequestSecurityTokenCollection requestCollection)
{
- // TODO: implement multiple token request handling code.
- return null;
+ throw new UnsupportedOperationException();
}
/**
@@ -153,7 +161,7 @@
* @return an instance of {@code STSConfiguration} containing the STS configuration properties.
*/
@SuppressWarnings("unchecked")
- protected STSConfiguration getConfiguration()
+ protected STSConfiguration getConfiguration() throws ConfigurationException
{
// get the configuration file and parse it.
URL configurationFile = SecurityActions.getContextClassLoader().getResource("jboss-sts.xml");
@@ -170,7 +178,7 @@
}
catch (Exception e)
{
- throw new RuntimeException("Error parsing the configuration file", e);
+ throw new RuntimeException("Error parsing the configuration file:", e);
}
}
}
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -121,7 +121,7 @@
}
catch (Exception e)
{
- throw new RuntimeException("Unable to construct the key manager", e);
+ throw new RuntimeException("Unable to construct the key manager:", e);
}
}
}
@@ -265,7 +265,7 @@
}
catch (Exception e)
{
- throw new RuntimeException("Error obtaining signing key pair", e);
+ throw new RuntimeException("Error obtaining signing key pair:", e);
}
}
return keyPair;
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -56,7 +56,7 @@
{
/**
* An map of secret keys alive only for the duration of the program.
- * The keys are generated on the fly. If you sophisticated key
+ * The keys are generated on the fly. If you need sophisticated key
* storage, then a custom version of the {@code TrustKeyManager}
* needs to be written that either uses a secure thumb drive or
* a TPM module or a HSM module.
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -41,8 +41,11 @@
import org.apache.catalina.valves.ValveBase;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.bindings.config.IDPType;
+import org.jboss.identity.federation.bindings.config.KeyProviderType;
import org.jboss.identity.federation.bindings.interfaces.RoleGenerator;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyManager;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
+import org.jboss.identity.federation.bindings.util.PostBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
@@ -68,14 +71,31 @@
private long assertionValidity = 5000; // 5 seconds in miliseconds
- private String identityURL = null;
+ private String identityURL = null;
+ private TrustKeyManager keyManager;
+
+ private Boolean supportSignature = false;
+
+ public Boolean getSupportSignature()
+ {
+ return supportSignature;
+ }
+
+ public void setSupportSignature(Boolean supportSignature)
+ {
+ this.supportSignature = supportSignature;
+ }
+
@Override
public void invoke(Request request, Response response) throws IOException, ServletException
{
String referer = request.getHeader("Referer");
String relayState = request.getParameter("RelayState");
String samlMessage = request.getParameter("SAMLRequest");
+ String signature = request.getParameter("Signature");
+ String sigAlg = request.getParameter("SigAlg");
+
boolean containsSAMLRequestMessage = samlMessage != null;
Session session = request.getSessionInternal();
@@ -84,8 +104,12 @@
{
log.trace("Storing the SAMLRequest and RelayState in session");
session.setNote("SAMLRequest", samlMessage);
- if(relayState != null)
- session.setNote("RelayState", relayState);
+ if(relayState != null && relayState.length() > 0)
+ session.setNote("RelayState", relayState.trim());
+ if(signature != null && signature.length() > 0)
+ session.setNote("Signature", signature.trim());
+ if(sigAlg != null && sigAlg.length() > 0)
+ session.setNote("sigAlg", sigAlg.trim());
}
//Lets check if the user has been authenticated
@@ -101,7 +125,7 @@
{
userPrincipal = request.getPrincipal();
referer = request.getHeader("Referer");
- log.debug("Referer in finally block="+ referer);
+ log.debug("Referer in finally block="+ referer + ":user principal=" + userPrincipal);
}
}
@@ -118,9 +142,14 @@
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL);
- webRequestUtil.send(errorResponseType, relayState, response);
+ if(this.supportSignature)
+ webRequestUtil.send(errorResponseType, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(errorResponseType, relayState, response, false,null);
+
}
- catch (ParsingException e)
+ catch (GeneralSecurityException e)
{
throw new ServletException(e);
}
@@ -136,11 +165,24 @@
*/
samlMessage = (String) session.getNote("SAMLRequest");
relayState = (String) session.getNote("RelayState");
+ signature = (String) session.getNote("Signature");
+ sigAlg = (String) session.getNote("sigAlg");
+
log.trace("Retrieved saml message and relay state from session");
log.trace("saml message=" + samlMessage + "::relay state="+ relayState);
+ log.trace("Signature=" + signature + "::sigAlg="+ sigAlg);
+
+
session.removeNote("SAMLRequest");
- session.removeNote("RelayState");
+ if(relayState != null && relayState.length() > 0)
+ session.removeNote("RelayState");
+
+ if(signature != null && signature.length() > 0)
+ session.removeNote("Signature");
+ if(sigAlg != null && sigAlg.length() > 0)
+ session.removeNote("sigAlg");
+
//Send valid saml response after processing the request
if(samlMessage != null)
{
@@ -151,13 +193,16 @@
try
{
requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
- boolean isValid = this.validate(request);
+ boolean isValid = validate(request.getRemoteAddr(),
+ new SessionHolder(samlMessage, signature, sigAlg));
if(!isValid)
throw new GeneralSecurityException("Validation check failed");
webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
List<String> roles = rg.generateRoles(userPrincipal);
+
+ log.trace("Roles have been determined:Creating response");
AuthnRequestType art = (AuthnRequestType) requestAbstractType;
responseType =
@@ -209,11 +254,19 @@
{
try
{
- webRequestUtil.send(responseType, relayState, response);
+ if(this.supportSignature)
+ webRequestUtil.send(responseType, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(responseType, relayState, response, false,null);
}
catch (ParsingException e)
{
log.trace(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ log.trace(e);
}
}
return;
@@ -238,21 +291,51 @@
protected void sendErrorResponseToSP(String referrer, Response response, String relayState,
IDPWebRequestUtil webRequestUtil) throws ServletException, IOException, ConfigurationException
{
+ log.trace("About to send error response to SP:" + referrer);
+
ResponseType errorResponseType =
webRequestUtil.getErrorResponse(referrer, JBossSAMLURIConstants.STATUS_RESPONDER.get(),
this.identityURL);
try
{
- webRequestUtil.send(errorResponseType, relayState, response);
+ if(this.supportSignature)
+ webRequestUtil.send(errorResponseType, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(errorResponseType, relayState, response, false,null);
}
catch (ParsingException e1)
{
throw new ServletException(e1);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new ServletException(e);
}
}
+ protected boolean validate(String remoteAddress,
+ SessionHolder holder) throws IOException, GeneralSecurityException
+ {
+ if(!supportSignature)
+ {
+ return holder.samlRequest != null && holder.samlRequest.length() > 0;
+ }
+
+ String sig = holder.signature;
+ if(sig == null || sig.length() == 0)
+ {
+ log.error("Signature received from SP is null:" + remoteAddress);
+ return false;
+ }
+
+ return PostBindingUtil.validateSignature(holder.samlRequest.getBytes("UTF-8"),
+ sig, keyManager.getValidatingKey(remoteAddress));
+ }
+
+
//***************Lifecycle
/**
* The lifecycle event support for this component.
@@ -329,6 +412,29 @@
{
throw new RuntimeException(e);
}
+
+ if(this.supportSignature)
+ {
+ KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ log.trace("Key Provider=" + keyProvider.getClassName());
+ }
}
@@ -349,11 +455,19 @@
lifecycle.fireLifecycleEvent(STOP_EVENT, null);
started = false;
}
+ //Private Methods
- protected boolean validate(Request request) throws GeneralSecurityException
+ protected class SessionHolder
{
- return request.getParameter("SAMLRequest") != null;
+ String samlRequest;
+ String signature;
+ String sigAlg;
+
+ public SessionHolder(String req, String sig, String alg)
+ {
+ this.samlRequest = req;
+ this.signature = sig;
+ this.sigAlg = alg;
+ }
}
-
- //Private Methods
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -26,7 +26,10 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
import java.security.Principal;
+import java.security.PrivateKey;
import java.util.List;
import java.util.StringTokenizer;
@@ -49,9 +52,12 @@
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SignatureInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
@@ -238,11 +244,15 @@
* @param relayState
* @param response
* @throws IOException
- * @throws ParsingException
+ * @throws GeneralSecurityException
*/
public void send(ResponseType responseType, String relayState,
- Response response) throws IOException, ParsingException
+ Response response,
+ boolean supportSignature,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
{
+ if(responseType == null)
+ throw new IllegalArgumentException("reponseType is null");
SAML2Response saml2Response = new SAML2Response();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -252,11 +262,13 @@
}
catch (SAXException e1)
{
- throw new ParsingException(e1);
+ log.trace("Parsing Exception in sending response:",e1);
+ throw new ParsingException("Parsing Exception in sending response:" , e1);
}
catch (JAXBException e1)
{
- throw new ParsingException(e1);
+ log.trace("Parsing Exception in sending response:",e1);
+ throw new ParsingException("Parsing Exception in sending response:" ,e1);
}
if(redirectProfile)
@@ -282,8 +294,21 @@
*/
response.recycle();
String samlResponse = PostBindingUtil.base64Encode(baos.toString());
- PostBindingUtil.sendPost(responseType.getDestination(),
- samlResponse, relayState, response, false);
+
+ SignatureInfoHolder signatureHolder = null;
+ if(supportSignature)
+ {
+ //SigAlg
+ String algo = signingKey.getAlgorithm();
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ byte[] signedValue = SignatureUtil.sign(samlResponse, signingKey);
+ signatureHolder = new SignatureInfoHolder(signedValue,sigAlg);
+ }
+ PostBindingUtil.sendPost(new DestinationInfoHolder(responseType.getDestination(),
+ samlResponse, relayState), signatureHolder, response, false);
}
}
@@ -318,58 +343,53 @@
*/
public ResponseType getErrorResponse(String responseURL, String status,
String identityURL)
- {
- if(redirectProfile)
- {
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
+ {
+ ResponseType responseType = null;
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
- issuerHolder.setStatusCode(status);
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(null);
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+ SAML2Response saml2Response = new SAML2Response();
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(responseURL);
- try
- {
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
- }
- catch (ConfigurationException e1)
- {
- log.trace(e1);
- responseType = saml2Response.createResponseType();
- }
+ //Create a response type
+ String id = IDGenerator.create("ID_");
- log.debug("ResponseType = ");
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("Response="+sw.toString());
- }
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(status);
- return responseType;
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(null);
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(responseURL);
+ try
+ {
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
}
-
- return null;
- }
+ catch (ConfigurationException e1)
+ {
+ log.trace(e1);
+ responseType = saml2Response.createResponseType();
+ }
+
+ log.debug("ResponseType = ");
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("Response="+sw.toString());
+ }
+
+ return responseType;
+ }
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,10 +21,13 @@
*/
package org.jboss.identity.federation.bindings.tomcat.sp;
+import java.io.IOException;
import java.io.InputStream;
+import java.security.GeneralSecurityException;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.authenticator.FormAuthenticator;
+import org.apache.catalina.connector.Request;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.bindings.config.SPType;
import org.jboss.identity.federation.bindings.util.ValveUtil;
@@ -60,6 +63,18 @@
this.configFile = configFile;
}
+ /**
+ * Perform validation os the request object
+ * @param request
+ * @return
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ protected boolean validate(Request request) throws IOException, GeneralSecurityException
+ {
+ return request.getParameter("SAMLResponse") != null;
+ }
+
@Override
public void start() throws LifecycleException
{
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -31,6 +31,7 @@
import java.util.List;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBException;
import org.apache.catalina.Session;
@@ -49,6 +50,7 @@
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
@@ -135,6 +137,7 @@
catch(Exception e)
{
log.debug("Exception :",e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
//fallback
@@ -142,7 +145,7 @@
}
protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState, Response response)
- throws IOException, SAXException, JAXBException
+ throws IOException, SAXException, JAXBException,GeneralSecurityException
{
SAML2Request saml2Request = new SAML2Request();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -150,7 +153,8 @@
String samlMessage = PostBindingUtil.base64Encode(baos.toString());
String destination = authnRequest.getDestination();
- PostBindingUtil.sendPost(destination, samlMessage, relayState, response, true);
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
+ null,response, true);
}
protected AuthnRequestType createSAMLRequestMessage(String relayState, Response response)
@@ -192,11 +196,6 @@
}
}
- protected boolean validate(Request request)
- {
- return request.getParameter("SAMLResponse") != null;
- }
-
/**
* Subclasses should provide the implementation
* @param responseType ResponseType that contains the encrypted assertion
@@ -216,7 +215,15 @@
String samlResponse = request.getParameter("SAMLResponse");
if(samlResponse != null && samlResponse.length() > 0 )
{
- boolean isValid = this.validate(request);
+ boolean isValid = false;
+ try
+ {
+ isValid = this.validate(request);
+ }
+ catch (IOException e)
+ {
+ throw new GeneralSecurityException(e);
+ }
if(!isValid)
throw new GeneralSecurityException("Validity check failed");
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -209,11 +209,6 @@
}
}
- protected boolean validate(Request request) throws IOException, GeneralSecurityException
- {
- return request.getParameter("SAMLResponse") != null;
- }
-
/**
* Subclasses should provide the implementation
* @param responseType ResponseType that contains the encrypted assertion
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -71,6 +71,8 @@
{
super.start();
KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new LifecycleException("KeyProvider is null");
try
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -23,11 +23,16 @@
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SignatureInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
/**
* Utility for the HTTP/Post binding
@@ -38,7 +43,6 @@
{
private static Logger log = Logger.getLogger(PostBindingUtil.class);
-
public static String base64Encode(String stringToEncode) throws IOException
{
return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
@@ -57,17 +61,21 @@
* @param response HttpServletResponse
* @throws IOException
*/
- public static void sendPost(String destination,
- String samlMessage, String relayState,
+ public static void sendPost(DestinationInfoHolder holder,
+ SignatureInfoHolder sigHolder,
HttpServletResponse response,
boolean sendToIDP)
throws IOException
{
String key = sendToIDP ? "SAMLRequest" : "SAMLResponse";
+ String relayState = holder.getRelayState();
+ String destination = holder.getDestination();
+ String samlMessage = holder.getSamlMessage();
+
response.setContentType("text/html");
PrintWriter out = response.getWriter();
- common(destination, response);
+ common(holder.getDestination(), response);
StringBuilder builder = new StringBuilder();
builder.append("<HTML>");
@@ -87,8 +95,16 @@
{
builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"RelayState\" " +
"VALUE=\"" + relayState + "\"/>");
+ }
+ if(sigHolder != null)
+ {
+ byte[] sigValue = sigHolder.getSignatureValue();
+
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"Signature\" " +
+ "VALUE=\"" + Base64.encodeBytes(sigValue, Base64.DONT_BREAK_LINES) + "\"/>");
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"sigAlg\" " +
+ "VALUE=\"" + sigHolder.getSigAlg() + "\"/>");
}
- //builder.append("<INPUT TYPE=\"submit\" VALUE=\"Continue\"/>");
builder.append("</FORM></BODY></HTML>");
String str = builder.toString();
@@ -97,6 +113,23 @@
out.close();
}
+ public static boolean validateSignature(byte[] message, String base64encodedSigValue, PublicKey validatingKey)
+ throws GeneralSecurityException
+ {
+ byte[] sigValue = null;
+ if(base64encodedSigValue != null && base64encodedSigValue.length() > 0)
+ {
+ sigValue = Base64.decode(base64encodedSigValue);
+ }
+
+ if(sigValue == null)
+ {
+ log.error("Signature missing");
+ return false;
+ }
+ return SignatureUtil.validate(message, sigValue, validatingKey);
+ }
+
private static void common(String destination, HttpServletResponse response)
{
response.setCharacterEncoding("UTF-8");
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -91,7 +91,7 @@
}
}
if(is == null)
- throw new RuntimeException("Keystore not located");
+ throw new RuntimeException("Keystore not located:" + keyStore);
return is;
}
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -48,6 +48,7 @@
import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal;
import org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
import org.jboss.identity.federation.core.wstrust.Lifetime;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
@@ -622,7 +623,7 @@
{
@Override
- public STSConfiguration getConfiguration()
+ public STSConfiguration getConfiguration() throws ConfigurationException
{
return super.getConfiguration();
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,12 +21,14 @@
*/
package org.jboss.identity.federation.core.exceptions;
+import java.security.GeneralSecurityException;
+
/**
* Exception indicating an issue with the configuration
* @author Anil.Saldhana(a)redhat.com
* @since May 22, 2009
*/
-public class ConfigurationException extends Exception
+public class ConfigurationException extends GeneralSecurityException
{
private static final long serialVersionUID = 1L;
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,12 +21,14 @@
*/
package org.jboss.identity.federation.core.exceptions;
+import java.security.GeneralSecurityException;
+
/**
* General Exception indicating parsing exception
* @author Anil.Saldhana(a)redhat.com
* @since May 22, 2009
*/
-public class ParsingException extends Exception
+public class ParsingException extends GeneralSecurityException
{
private static final long serialVersionUID = 1L;
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,12 +21,14 @@
*/
package org.jboss.identity.federation.core.exceptions;
+import java.security.GeneralSecurityException;
+
/**
* Exception to indicate a server processing error
* @author Anil.Saldhana(a)redhat.com
* @since May 22, 2009
*/
-public class ProcessingException extends Exception
+public class ProcessingException extends GeneralSecurityException
{
private static final long serialVersionUID = 1L;
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,62 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.holders;
+
+/**
+ * Holder containing the information about a destination
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 24, 2009
+ */
+public class DestinationInfoHolder
+{
+ private String destination;
+ private String samlMessage;
+ private String relayState;
+
+ /**
+ * Create an holder
+ * @param destination The destination where the post will be sent
+ * @param samlMessage SAML Message
+ * @param relayState
+ */
+ public DestinationInfoHolder(String destination, String samlMessage, String relayState)
+ {
+ this.destination = destination;
+ this.samlMessage = samlMessage;
+ this.relayState = relayState;
+ }
+
+ public String getDestination()
+ {
+ return destination;
+ }
+
+ public String getSamlMessage()
+ {
+ return samlMessage;
+ }
+
+ public String getRelayState()
+ {
+ return relayState;
+ }
+}
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.holders;
+
+/**
+ * Holds information about signature
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 24, 2009
+ */
+public class SignatureInfoHolder
+{
+ private byte[] signatureValue;
+
+ private String sigAlg;
+
+ public SignatureInfoHolder(byte[] signatureValue, String sigAlg)
+ {
+ super();
+ this.signatureValue = signatureValue;
+ this.sigAlg = sigAlg;
+ }
+
+ public byte[] getSignatureValue()
+ {
+ return signatureValue;
+ }
+
+ public String getSigAlg()
+ {
+ return sigAlg;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<classpath>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+</classpath>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/.project
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/.project (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/.project 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<projectDescription>
+ <name>idp</name>
+ <comment>JBoss Identity Samples contains the samples for Federated Identity Needs.</comment>
+ <projects/>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+#Mon Jul 06 14:51:19 CDT 2009
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.alpha4-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>idp-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Identity Provider that supports signature</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>idp-sig</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve" />
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve"
+ supportSignature="true"/>
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve" />
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve"
+ supportSignature="true"/>
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,14 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0" >
+<IdentityURL>http://localhost:8080/idp-sig/</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org,redhat.com</Domains>
+</Trust>
+<KeyProvider ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="/WEB-INF/jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+</KeyProvider>
+</JBossIDP>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <display-name>Fedbridge Test IDP</display-name>
+ <description>
+ Just a Test IDP for Fedbridge Project
+ </description>
+
+ <!-- Define a security constraint that gives unlimted access to images -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Images</web-resource-name>
+ <url-pattern>/images/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>HTMLManger and Manager command</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Tomcat Manager Application</realm-name>
+ <form-login-config>
+ <form-login-page>/jsp/login.jsp</form-login-page>
+ <form-error-page>/jsp/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the Manager Application
+ </description>
+ <role-name>manager</role-name>
+ </security-role>
+</web-app>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp") %>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,6 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Login Error</font><hr>
+
+</body>
+ </html>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text' name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password' size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Modified: identity-federation/trunk/jboss-identity-webapps/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -26,6 +26,8 @@
<module>employee</module>
<module>circleoftrust</module>
<module>idp</module>
+ <module>idp-sig</module>
+ <module>sales-post-sig</module>
<module>metadata</module>
<module>openid-provider</module>
<module>openid-consumer</module>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<classpath>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+</classpath>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<projectDescription>
+ <name>sales</name>
+ <comment>JBoss Identity Samples contains the samples for Federated Identity Needs.</comment>
+ <projects/>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+#Mon Jul 06 14:51:18 CDT 2009
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.alpha4-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sales-post-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Sales App with http post signature</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>sales-post-sig</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator"
+ />
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator"
+ />
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0" ServerEnvironment="tomcat">
+ <IdentityURL>http://localhost:8080/idp-sig/</IdentityURL>
+ <ServiceURL>http://localhost:8080/sales-post-sig/</ServiceURL>
+ <KeyProvider ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+ </KeyProvider>
+
+</JBossSP>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app version="2.4"
+ xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+
+ <description>Sales Application</description>
+
+ <security-constraint>
+ <display-name>Restricted</display-name>
+ <web-resource-collection>
+ <web-resource-name>Restricted Access</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Sales</role-name>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>Sales</role-name>
+ <role-name>manager</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/login.jsp</form-login-page>
+ <form-error-page>/error.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+</web-app>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp") %>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<div align="center">
+<h1>SalesTool</h1>
+<br/>
+Welcome to the Sales Tool, <%=request.getUserPrincipal().getName()%>
+
+<br/>
+Here is your sales chart:
+<br/>
+<img src="piechart.gif"/>
+
+<br/>
+<a href="logout.jsp">Click to LogOut</a>
+</div>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text' name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password' size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<%
+ session.invalidate();
+%>
+You are logged out.
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/piechart.gif
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/piechart.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r658 - in identity-federation/trunk: jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust and 9 other directories.
by jboss-identity-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2009-07-24 18:49:12 -0400 (Fri, 24 Jul 2009)
New Revision: 658
Added:
identity-federation/trunk/jboss-identity-webapps/jboss-sts/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/jboss-sts.xml
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/sts_keystore.jks
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-web.xml
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-wsse-server.xml
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/lib/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/wsdl/
identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/wsdl/JBossSTS.wsdl
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
identity-federation/trunk/jboss-identity-webapps/pom.xml
Log:
JBID-85: added a webapp to identity-federation that creates a jboss-sts war file containig sample configuration files
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-07-23 21:24:05 UTC (rev 657)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-07-24 22:49:12 UTC (rev 658)
@@ -191,7 +191,7 @@
PublicKey publicKey = keyPair.getPublic();
DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
- dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
+// dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
Transform transform = fac.newTransform(Transform.ENVELOPED,
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-07-23 21:24:05 UTC (rev 657)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-07-24 22:49:12 UTC (rev 658)
@@ -39,9 +39,9 @@
public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "Validate";
// WS-Trust validation constants.
- public static final String STATUS_TYPE = BASE_NAMESPACE + "/RSTR/Status";
- public static final String STATUS_CODE_VALID = BASE_NAMESPACE + "/status/valid";
- public static final String STATUS_CODE_INVALID = BASE_NAMESPACE + "/status/invalid";
+ public static final String STATUS_TYPE = BASE_NAMESPACE + "RSTR/Status";
+ public static final String STATUS_CODE_VALID = BASE_NAMESPACE + "status/valid";
+ public static final String STATUS_CODE_INVALID = BASE_NAMESPACE + "status/invalid";
// WSS namespaces values.
public static final String WSA_NS = "http://www.w3.org/2005/08/addressing";
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-07-23 21:24:05 UTC (rev 657)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-07-24 22:49:12 UTC (rev 658)
@@ -116,7 +116,8 @@
public BaseRequestSecurityToken parseRequestSecurityToken(Source request)
{
// if the request contains a validate, cancel, or renew target, we must preserve it from JAXB unmarshalling.
- Document document = (Document) ((DOMSource) request).getNode();
+ Node documentNode = ((DOMSource) request).getNode();
+ Document document = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument();
Element targetElement = this.getValidateOrRenewOrCancelTarget(document);
try
@@ -124,7 +125,7 @@
Object object = this.unmarshaller.unmarshal(request);
if (object instanceof JAXBElement)
{
- JAXBElement<?> element = (JAXBElement<?>) unmarshaller.unmarshal(request);
+ JAXBElement<?> element = (JAXBElement<?>) object;
if (element.getDeclaredType().equals(RequestSecurityTokenType.class))
{
RequestSecurityToken parsedRequest = new RequestSecurityToken((RequestSecurityTokenType) element
@@ -167,7 +168,8 @@
{
// if the response contains an issued token, we must preserve it from the JAXB unmarshalling.
Element tokenElement = null;
- Document document = (Document) ((DOMSource) response).getNode();
+ Node documentNode = ((DOMSource) response).getNode();
+ Document document = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument();
Node requestedTokenNode = this.findNodeByNameNS(document, "RequestedSecurityToken",
WSTrustConstants.BASE_NAMESPACE);
if (requestedTokenNode != null)
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-07-23 21:24:05 UTC (rev 657)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-07-24 22:49:12 UTC (rev 658)
@@ -31,6 +31,7 @@
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
+import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -68,6 +69,12 @@
Marshaller marshaller = JAXBUtil.getMarshaller("org.jboss.identity.federation.saml.v2.assertion");
marshaller.marshal(new ObjectFactory().createAssertion(assertion), result);
+ // normalize the document to remove unused namespaces.
+ DOMConfiguration docConfig = document.getDomConfig();
+ docConfig.setParameter("namespaces", Boolean.TRUE);
+ docConfig.setParameter("namespace-declarations", Boolean.FALSE);
+ document.normalizeDocument();
+
return document.getDocumentElement();
}
Property changes on: identity-federation/trunk/jboss-identity-webapps/jboss-sts
___________________________________________________________________
Name: svn:ignore
+ target
Added: identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml 2009-07-24 22:49:12 UTC (rev 658)
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.alpha4-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-sts</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Security Token Service</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>jboss-sts</warName>
+ <!--webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes-->
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added: identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/jboss-sts.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/jboss-sts.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/jboss-sts.xml 2009-07-24 22:49:12 UTC (rev 658)
@@ -0,0 +1,18 @@
+<JBossSTS xmlns="urn:jboss:identity-federation:config:1.0"
+ STSName="JBossSTS" TokenTimeout="7200" EncryptToken="true">
+ <KeyProvider ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="sts_keystore.jks"/>
+ <Auth Key="KeyStorePass" Value="testpass"/>
+ <Auth Key="SigningKeyAlias" Value="sts"/>
+ <Auth Key="SigningKeyPass" Value="keypass"/>
+ <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/>
+ </KeyProvider>
+ <TokenProviders>
+ <TokenProvider ProviderClass="org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider"
+ TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+ </TokenProviders>
+ <ServiceProviders>
+ <ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
+ TruststoreAlias="service1"/>
+ </ServiceProviders>
+</JBossSTS>
Added: identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/sts_keystore.jks
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/resources/sts_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-web.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-web.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-web.xml 2009-07-24 22:49:12 UTC (rev 658)
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-web>
+ <security-domain>java:/jaas/jmx-console</security-domain>
+</jboss-web>
Added: identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-wsse-server.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-wsse-server.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/jboss-wsse-server.xml 2009-07-24 22:49:12 UTC (rev 658)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+ <config>
+ <requires/>
+ </config>
+</jboss-ws-security>
Added: identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/web.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/web.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/web.xml 2009-07-24 22:49:12 UTC (rev 658)
@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+ <servlet>
+ <servlet-name>JBossSTS</servlet-name>
+ <servlet-class>org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>JBossSTS</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>UsernameService</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>JBossAdmin</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>JBossSTSRealm</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>JBossAdmin</role-name>
+ </security-role>
+
+</web-app>
Added: identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/wsdl/JBossSTS.wsdl
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/wsdl/JBossSTS.wsdl (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/jboss-sts/src/main/webapp/WEB-INF/wsdl/JBossSTS.wsdl 2009-07-24 22:49:12 UTC (rev 658)
@@ -0,0 +1,46 @@
+<?xml version="1.0"?>
+<wsdl:definitions name="JBossSTS" targetNamespace="http://org.jboss.identity.trust/sts"
+ xmlns:tns="http://org.jboss.identity.trust/sts"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/">
+ <wsdl:types>
+ <xs:schema targetNamespace="http://org.jboss.identity.trust/sts" xmlns:tns="http://org.jboss.identity.trust/sts" version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <xs:complexType name="MessageBody">
+ <xs:sequence>
+ <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:schema>
+ </wsdl:types>
+ <wsdl:message name="RequestSecurityToken">
+ <wsdl:part name="rstMessage" element="tns:MessageBody"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponse">
+ <wsdl:part name="rstrMessage" element="tns:MessageBody"/>
+ </wsdl:message>
+ <wsdl:portType name="SecureTokenService">
+ <wsdl:operation name="IssueToken">
+ <wsdl:input wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" message="tns:RequestSecurityToken"/>
+ <wsdl:output wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue" message="tns:RequestSecurityTokenResponse"/>
+ </wsdl:operation>
+ </wsdl:portType>
+ <wsdl:binding name="STSBinding" type="tns:SecureTokenService">
+ <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="IssueToken">
+ <soap12:operation soapAction="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" style="document"/>
+ <wsdl:input>
+ <soap12:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap12:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:service name="JBossSTS">
+ <wsdl:port name="JBossSTSPort" binding="tns:STSBinding">
+ <soap12:address location="http://localhost:8080/jboss-sts"/>
+ </wsdl:port>
+ </wsdl:service>
+</wsdl:definitions>
Modified: identity-federation/trunk/jboss-identity-webapps/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-07-23 21:24:05 UTC (rev 657)
+++ identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-07-24 22:49:12 UTC (rev 658)
@@ -29,5 +29,6 @@
<module>metadata</module>
<module>openid-provider</module>
<module>openid-consumer</module>
+ <module>jboss-sts</module>
</modules>
</project>
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r657 - identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-23 17:24:05 -0400 (Thu, 23 Jul 2009)
New Revision: 657
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
Log:
JBID-144: use the return value of validate method
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-07-23 21:20:03 UTC (rev 656)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-07-23 21:24:05 UTC (rev 657)
@@ -25,6 +25,7 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
@@ -208,14 +209,16 @@
private Principal process(Request request, Response response)
throws JAXBException, SAXException, IssuerNotTrustedException,
- AssertionExpiredException, ConfigurationException
+ AssertionExpiredException, ConfigurationException, GeneralSecurityException
{
Principal userPrincipal = null;
String samlResponse = request.getParameter("SAMLResponse");
if(samlResponse != null && samlResponse.length() > 0 )
{
- this.validate(request);
+ boolean isValid = this.validate(request);
+ if(!isValid)
+ throw new GeneralSecurityException("Validity check failed");
//deal with SAML response from IDP
byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
14 years, 9 months
- 1
- 0
JBoss Identity SVN: r656 - identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-23 17:20:03 -0400 (Thu, 23 Jul 2009)
New Revision: 656
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
Log:
JBID-143: use the validate method value
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-23 20:00:07 UTC (rev 655)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-23 21:20:03 UTC (rev 656)
@@ -23,6 +23,7 @@
import java.io.IOException;
import java.io.InputStream;
+import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.List;
@@ -150,7 +151,10 @@
try
{
requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
- this.validate(request);
+ boolean isValid = this.validate(request);
+ if(!isValid)
+ throw new GeneralSecurityException("Validation check failed");
+
webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
List<String> roles = rg.generateRoles(userPrincipal);
@@ -193,6 +197,14 @@
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL);
}
+ catch(GeneralSecurityException e)
+ {
+ log.trace(e);
+ responseType =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL);
+ }
finally
{
try
@@ -338,7 +350,7 @@
started = false;
}
- protected boolean validate(Request request)
+ protected boolean validate(Request request) throws GeneralSecurityException
{
return request.getParameter("SAMLRequest") != null;
}
14 years, 9 months
- 1
- 0