JBoss Identity SVN: r659 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat and 18 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-07-27 01:18:11 -0400 (Mon, 27 Jul 2009)
New Revision: 659
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java
identity-federation/trunk/jboss-identity-webapps/idp-sig/
identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath
identity-federation/trunk/jboss-identity-webapps/idp-sig/.project
identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/
identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs
identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp
identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/piechart.gif
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java
identity-federation/trunk/jboss-identity-webapps/pom.xml
Log:
JBID-142: HTTP/Post based SAML browser profile supports sig on both SP and IDP
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -40,6 +40,7 @@
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
import org.jboss.identity.federation.bindings.config.STSType;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
@@ -87,11 +88,19 @@
*
* @param request a {@code RequestSecurityToken} instance that contains the request information.
* @return a {@code Source} instance representing the marshalled response.
+ * @throws WebServiceException Any exception encountered in handling token
*/
protected Source handleTokenRequest(RequestSecurityToken request)
{
if(this.config == null)
- this.config = this.getConfiguration();
+ try
+ {
+ this.config = this.getConfiguration();
+ }
+ catch (ConfigurationException e)
+ {
+ throw new WebServiceException("Encountered configuration exception:", e);
+ }
WSTrustRequestHandler handler = this.config.getRequestHandler();
String requestType = request.getRequestType().toString();
@@ -111,7 +120,7 @@
}
catch (WSTrustException we)
{
- throw new WebServiceException(we.getMessage(), we);
+ throw new WebServiceException("Exception in handling token request:", we);
}
}
@@ -125,8 +134,7 @@
*/
protected Source handleTokenRequestCollection(RequestSecurityTokenCollection requestCollection)
{
- // TODO: implement multiple token request handling code.
- return null;
+ throw new UnsupportedOperationException();
}
/**
@@ -153,7 +161,7 @@
* @return an instance of {@code STSConfiguration} containing the STS configuration properties.
*/
@SuppressWarnings("unchecked")
- protected STSConfiguration getConfiguration()
+ protected STSConfiguration getConfiguration() throws ConfigurationException
{
// get the configuration file and parse it.
URL configurationFile = SecurityActions.getContextClassLoader().getResource("jboss-sts.xml");
@@ -170,7 +178,7 @@
}
catch (Exception e)
{
- throw new RuntimeException("Error parsing the configuration file", e);
+ throw new RuntimeException("Error parsing the configuration file:", e);
}
}
}
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -121,7 +121,7 @@
}
catch (Exception e)
{
- throw new RuntimeException("Unable to construct the key manager", e);
+ throw new RuntimeException("Unable to construct the key manager:", e);
}
}
}
@@ -265,7 +265,7 @@
}
catch (Exception e)
{
- throw new RuntimeException("Error obtaining signing key pair", e);
+ throw new RuntimeException("Error obtaining signing key pair:", e);
}
}
return keyPair;
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -56,7 +56,7 @@
{
/**
* An map of secret keys alive only for the duration of the program.
- * The keys are generated on the fly. If you sophisticated key
+ * The keys are generated on the fly. If you need sophisticated key
* storage, then a custom version of the {@code TrustKeyManager}
* needs to be written that either uses a secure thumb drive or
* a TPM module or a HSM module.
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -41,8 +41,11 @@
import org.apache.catalina.valves.ValveBase;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.bindings.config.IDPType;
+import org.jboss.identity.federation.bindings.config.KeyProviderType;
import org.jboss.identity.federation.bindings.interfaces.RoleGenerator;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyManager;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
+import org.jboss.identity.federation.bindings.util.PostBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
@@ -68,14 +71,31 @@
private long assertionValidity = 5000; // 5 seconds in miliseconds
- private String identityURL = null;
+ private String identityURL = null;
+ private TrustKeyManager keyManager;
+
+ private Boolean supportSignature = false;
+
+ public Boolean getSupportSignature()
+ {
+ return supportSignature;
+ }
+
+ public void setSupportSignature(Boolean supportSignature)
+ {
+ this.supportSignature = supportSignature;
+ }
+
@Override
public void invoke(Request request, Response response) throws IOException, ServletException
{
String referer = request.getHeader("Referer");
String relayState = request.getParameter("RelayState");
String samlMessage = request.getParameter("SAMLRequest");
+ String signature = request.getParameter("Signature");
+ String sigAlg = request.getParameter("SigAlg");
+
boolean containsSAMLRequestMessage = samlMessage != null;
Session session = request.getSessionInternal();
@@ -84,8 +104,12 @@
{
log.trace("Storing the SAMLRequest and RelayState in session");
session.setNote("SAMLRequest", samlMessage);
- if(relayState != null)
- session.setNote("RelayState", relayState);
+ if(relayState != null && relayState.length() > 0)
+ session.setNote("RelayState", relayState.trim());
+ if(signature != null && signature.length() > 0)
+ session.setNote("Signature", signature.trim());
+ if(sigAlg != null && sigAlg.length() > 0)
+ session.setNote("sigAlg", sigAlg.trim());
}
//Lets check if the user has been authenticated
@@ -101,7 +125,7 @@
{
userPrincipal = request.getPrincipal();
referer = request.getHeader("Referer");
- log.debug("Referer in finally block="+ referer);
+ log.debug("Referer in finally block="+ referer + ":user principal=" + userPrincipal);
}
}
@@ -118,9 +142,14 @@
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL);
- webRequestUtil.send(errorResponseType, relayState, response);
+ if(this.supportSignature)
+ webRequestUtil.send(errorResponseType, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(errorResponseType, relayState, response, false,null);
+
}
- catch (ParsingException e)
+ catch (GeneralSecurityException e)
{
throw new ServletException(e);
}
@@ -136,11 +165,24 @@
*/
samlMessage = (String) session.getNote("SAMLRequest");
relayState = (String) session.getNote("RelayState");
+ signature = (String) session.getNote("Signature");
+ sigAlg = (String) session.getNote("sigAlg");
+
log.trace("Retrieved saml message and relay state from session");
log.trace("saml message=" + samlMessage + "::relay state="+ relayState);
+ log.trace("Signature=" + signature + "::sigAlg="+ sigAlg);
+
+
session.removeNote("SAMLRequest");
- session.removeNote("RelayState");
+ if(relayState != null && relayState.length() > 0)
+ session.removeNote("RelayState");
+
+ if(signature != null && signature.length() > 0)
+ session.removeNote("Signature");
+ if(sigAlg != null && sigAlg.length() > 0)
+ session.removeNote("sigAlg");
+
//Send valid saml response after processing the request
if(samlMessage != null)
{
@@ -151,13 +193,16 @@
try
{
requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
- boolean isValid = this.validate(request);
+ boolean isValid = validate(request.getRemoteAddr(),
+ new SessionHolder(samlMessage, signature, sigAlg));
if(!isValid)
throw new GeneralSecurityException("Validation check failed");
webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
List<String> roles = rg.generateRoles(userPrincipal);
+
+ log.trace("Roles have been determined:Creating response");
AuthnRequestType art = (AuthnRequestType) requestAbstractType;
responseType =
@@ -209,11 +254,19 @@
{
try
{
- webRequestUtil.send(responseType, relayState, response);
+ if(this.supportSignature)
+ webRequestUtil.send(responseType, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(responseType, relayState, response, false,null);
}
catch (ParsingException e)
{
log.trace(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ log.trace(e);
}
}
return;
@@ -238,21 +291,51 @@
protected void sendErrorResponseToSP(String referrer, Response response, String relayState,
IDPWebRequestUtil webRequestUtil) throws ServletException, IOException, ConfigurationException
{
+ log.trace("About to send error response to SP:" + referrer);
+
ResponseType errorResponseType =
webRequestUtil.getErrorResponse(referrer, JBossSAMLURIConstants.STATUS_RESPONDER.get(),
this.identityURL);
try
{
- webRequestUtil.send(errorResponseType, relayState, response);
+ if(this.supportSignature)
+ webRequestUtil.send(errorResponseType, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(errorResponseType, relayState, response, false,null);
}
catch (ParsingException e1)
{
throw new ServletException(e1);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new ServletException(e);
}
}
+ protected boolean validate(String remoteAddress,
+ SessionHolder holder) throws IOException, GeneralSecurityException
+ {
+ if(!supportSignature)
+ {
+ return holder.samlRequest != null && holder.samlRequest.length() > 0;
+ }
+
+ String sig = holder.signature;
+ if(sig == null || sig.length() == 0)
+ {
+ log.error("Signature received from SP is null:" + remoteAddress);
+ return false;
+ }
+
+ return PostBindingUtil.validateSignature(holder.samlRequest.getBytes("UTF-8"),
+ sig, keyManager.getValidatingKey(remoteAddress));
+ }
+
+
//***************Lifecycle
/**
* The lifecycle event support for this component.
@@ -329,6 +412,29 @@
{
throw new RuntimeException(e);
}
+
+ if(this.supportSignature)
+ {
+ KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ log.trace("Key Provider=" + keyProvider.getClassName());
+ }
}
@@ -349,11 +455,19 @@
lifecycle.fireLifecycleEvent(STOP_EVENT, null);
started = false;
}
+ //Private Methods
- protected boolean validate(Request request) throws GeneralSecurityException
+ protected class SessionHolder
{
- return request.getParameter("SAMLRequest") != null;
+ String samlRequest;
+ String signature;
+ String sigAlg;
+
+ public SessionHolder(String req, String sig, String alg)
+ {
+ this.samlRequest = req;
+ this.signature = sig;
+ this.sigAlg = alg;
+ }
}
-
- //Private Methods
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -26,7 +26,10 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
import java.security.Principal;
+import java.security.PrivateKey;
import java.util.List;
import java.util.StringTokenizer;
@@ -49,9 +52,12 @@
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SignatureInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
@@ -238,11 +244,15 @@
* @param relayState
* @param response
* @throws IOException
- * @throws ParsingException
+ * @throws GeneralSecurityException
*/
public void send(ResponseType responseType, String relayState,
- Response response) throws IOException, ParsingException
+ Response response,
+ boolean supportSignature,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
{
+ if(responseType == null)
+ throw new IllegalArgumentException("reponseType is null");
SAML2Response saml2Response = new SAML2Response();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -252,11 +262,13 @@
}
catch (SAXException e1)
{
- throw new ParsingException(e1);
+ log.trace("Parsing Exception in sending response:",e1);
+ throw new ParsingException("Parsing Exception in sending response:" , e1);
}
catch (JAXBException e1)
{
- throw new ParsingException(e1);
+ log.trace("Parsing Exception in sending response:",e1);
+ throw new ParsingException("Parsing Exception in sending response:" ,e1);
}
if(redirectProfile)
@@ -282,8 +294,21 @@
*/
response.recycle();
String samlResponse = PostBindingUtil.base64Encode(baos.toString());
- PostBindingUtil.sendPost(responseType.getDestination(),
- samlResponse, relayState, response, false);
+
+ SignatureInfoHolder signatureHolder = null;
+ if(supportSignature)
+ {
+ //SigAlg
+ String algo = signingKey.getAlgorithm();
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ byte[] signedValue = SignatureUtil.sign(samlResponse, signingKey);
+ signatureHolder = new SignatureInfoHolder(signedValue,sigAlg);
+ }
+ PostBindingUtil.sendPost(new DestinationInfoHolder(responseType.getDestination(),
+ samlResponse, relayState), signatureHolder, response, false);
}
}
@@ -318,58 +343,53 @@
*/
public ResponseType getErrorResponse(String responseURL, String status,
String identityURL)
- {
- if(redirectProfile)
- {
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
+ {
+ ResponseType responseType = null;
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
- issuerHolder.setStatusCode(status);
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(null);
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+ SAML2Response saml2Response = new SAML2Response();
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(responseURL);
- try
- {
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
- }
- catch (ConfigurationException e1)
- {
- log.trace(e1);
- responseType = saml2Response.createResponseType();
- }
+ //Create a response type
+ String id = IDGenerator.create("ID_");
- log.debug("ResponseType = ");
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("Response="+sw.toString());
- }
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(status);
- return responseType;
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(null);
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(responseURL);
+ try
+ {
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
}
-
- return null;
- }
+ catch (ConfigurationException e1)
+ {
+ log.trace(e1);
+ responseType = saml2Response.createResponseType();
+ }
+
+ log.debug("ResponseType = ");
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("Response="+sw.toString());
+ }
+
+ return responseType;
+ }
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,10 +21,13 @@
*/
package org.jboss.identity.federation.bindings.tomcat.sp;
+import java.io.IOException;
import java.io.InputStream;
+import java.security.GeneralSecurityException;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.authenticator.FormAuthenticator;
+import org.apache.catalina.connector.Request;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.bindings.config.SPType;
import org.jboss.identity.federation.bindings.util.ValveUtil;
@@ -60,6 +63,18 @@
this.configFile = configFile;
}
+ /**
+ * Perform validation os the request object
+ * @param request
+ * @return
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ protected boolean validate(Request request) throws IOException, GeneralSecurityException
+ {
+ return request.getParameter("SAMLResponse") != null;
+ }
+
@Override
public void start() throws LifecycleException
{
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -31,6 +31,7 @@
import java.util.List;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBException;
import org.apache.catalina.Session;
@@ -49,6 +50,7 @@
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
@@ -135,6 +137,7 @@
catch(Exception e)
{
log.debug("Exception :",e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
//fallback
@@ -142,7 +145,7 @@
}
protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState, Response response)
- throws IOException, SAXException, JAXBException
+ throws IOException, SAXException, JAXBException,GeneralSecurityException
{
SAML2Request saml2Request = new SAML2Request();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -150,7 +153,8 @@
String samlMessage = PostBindingUtil.base64Encode(baos.toString());
String destination = authnRequest.getDestination();
- PostBindingUtil.sendPost(destination, samlMessage, relayState, response, true);
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
+ null,response, true);
}
protected AuthnRequestType createSAMLRequestMessage(String relayState, Response response)
@@ -192,11 +196,6 @@
}
}
- protected boolean validate(Request request)
- {
- return request.getParameter("SAMLResponse") != null;
- }
-
/**
* Subclasses should provide the implementation
* @param responseType ResponseType that contains the encrypted assertion
@@ -216,7 +215,15 @@
String samlResponse = request.getParameter("SAMLResponse");
if(samlResponse != null && samlResponse.length() > 0 )
{
- boolean isValid = this.validate(request);
+ boolean isValid = false;
+ try
+ {
+ isValid = this.validate(request);
+ }
+ catch (IOException e)
+ {
+ throw new GeneralSecurityException(e);
+ }
if(!isValid)
throw new GeneralSecurityException("Validity check failed");
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -209,11 +209,6 @@
}
}
- protected boolean validate(Request request) throws IOException, GeneralSecurityException
- {
- return request.getParameter("SAMLResponse") != null;
- }
-
/**
* Subclasses should provide the implementation
* @param responseType ResponseType that contains the encrypted assertion
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -71,6 +71,8 @@
{
super.start();
KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new LifecycleException("KeyProvider is null");
try
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -23,11 +23,16 @@
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SignatureInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
/**
* Utility for the HTTP/Post binding
@@ -38,7 +43,6 @@
{
private static Logger log = Logger.getLogger(PostBindingUtil.class);
-
public static String base64Encode(String stringToEncode) throws IOException
{
return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
@@ -57,17 +61,21 @@
* @param response HttpServletResponse
* @throws IOException
*/
- public static void sendPost(String destination,
- String samlMessage, String relayState,
+ public static void sendPost(DestinationInfoHolder holder,
+ SignatureInfoHolder sigHolder,
HttpServletResponse response,
boolean sendToIDP)
throws IOException
{
String key = sendToIDP ? "SAMLRequest" : "SAMLResponse";
+ String relayState = holder.getRelayState();
+ String destination = holder.getDestination();
+ String samlMessage = holder.getSamlMessage();
+
response.setContentType("text/html");
PrintWriter out = response.getWriter();
- common(destination, response);
+ common(holder.getDestination(), response);
StringBuilder builder = new StringBuilder();
builder.append("<HTML>");
@@ -87,8 +95,16 @@
{
builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"RelayState\" " +
"VALUE=\"" + relayState + "\"/>");
+ }
+ if(sigHolder != null)
+ {
+ byte[] sigValue = sigHolder.getSignatureValue();
+
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"Signature\" " +
+ "VALUE=\"" + Base64.encodeBytes(sigValue, Base64.DONT_BREAK_LINES) + "\"/>");
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"sigAlg\" " +
+ "VALUE=\"" + sigHolder.getSigAlg() + "\"/>");
}
- //builder.append("<INPUT TYPE=\"submit\" VALUE=\"Continue\"/>");
builder.append("</FORM></BODY></HTML>");
String str = builder.toString();
@@ -97,6 +113,23 @@
out.close();
}
+ public static boolean validateSignature(byte[] message, String base64encodedSigValue, PublicKey validatingKey)
+ throws GeneralSecurityException
+ {
+ byte[] sigValue = null;
+ if(base64encodedSigValue != null && base64encodedSigValue.length() > 0)
+ {
+ sigValue = Base64.decode(base64encodedSigValue);
+ }
+
+ if(sigValue == null)
+ {
+ log.error("Signature missing");
+ return false;
+ }
+ return SignatureUtil.validate(message, sigValue, validatingKey);
+ }
+
private static void common(String destination, HttpServletResponse response)
{
response.setCharacterEncoding("UTF-8");
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -91,7 +91,7 @@
}
}
if(is == null)
- throw new RuntimeException("Keystore not located");
+ throw new RuntimeException("Keystore not located:" + keyStore);
return is;
}
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -48,6 +48,7 @@
import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal;
import org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
import org.jboss.identity.federation.core.wstrust.Lifetime;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
@@ -622,7 +623,7 @@
{
@Override
- public STSConfiguration getConfiguration()
+ public STSConfiguration getConfiguration() throws ConfigurationException
{
return super.getConfiguration();
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ConfigurationException.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,12 +21,14 @@
*/
package org.jboss.identity.federation.core.exceptions;
+import java.security.GeneralSecurityException;
+
/**
* Exception indicating an issue with the configuration
* @author Anil.Saldhana(a)redhat.com
* @since May 22, 2009
*/
-public class ConfigurationException extends Exception
+public class ConfigurationException extends GeneralSecurityException
{
private static final long serialVersionUID = 1L;
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ParsingException.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,12 +21,14 @@
*/
package org.jboss.identity.federation.core.exceptions;
+import java.security.GeneralSecurityException;
+
/**
* General Exception indicating parsing exception
* @author Anil.Saldhana(a)redhat.com
* @since May 22, 2009
*/
-public class ParsingException extends Exception
+public class ParsingException extends GeneralSecurityException
{
private static final long serialVersionUID = 1L;
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/exceptions/ProcessingException.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -21,12 +21,14 @@
*/
package org.jboss.identity.federation.core.exceptions;
+import java.security.GeneralSecurityException;
+
/**
* Exception to indicate a server processing error
* @author Anil.Saldhana(a)redhat.com
* @since May 22, 2009
*/
-public class ProcessingException extends Exception
+public class ProcessingException extends GeneralSecurityException
{
private static final long serialVersionUID = 1L;
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/DestinationInfoHolder.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,62 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.holders;
+
+/**
+ * Holder containing the information about a destination
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 24, 2009
+ */
+public class DestinationInfoHolder
+{
+ private String destination;
+ private String samlMessage;
+ private String relayState;
+
+ /**
+ * Create an holder
+ * @param destination The destination where the post will be sent
+ * @param samlMessage SAML Message
+ * @param relayState
+ */
+ public DestinationInfoHolder(String destination, String samlMessage, String relayState)
+ {
+ this.destination = destination;
+ this.samlMessage = samlMessage;
+ this.relayState = relayState;
+ }
+
+ public String getDestination()
+ {
+ return destination;
+ }
+
+ public String getSamlMessage()
+ {
+ return samlMessage;
+ }
+
+ public String getRelayState()
+ {
+ return relayState;
+ }
+}
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/SignatureInfoHolder.java 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.holders;
+
+/**
+ * Holds information about signature
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 24, 2009
+ */
+public class SignatureInfoHolder
+{
+ private byte[] signatureValue;
+
+ private String sigAlg;
+
+ public SignatureInfoHolder(byte[] signatureValue, String sigAlg)
+ {
+ super();
+ this.signatureValue = signatureValue;
+ this.sigAlg = sigAlg;
+ }
+
+ public byte[] getSignatureValue()
+ {
+ return signatureValue;
+ }
+
+ public String getSigAlg()
+ {
+ return sigAlg;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/.classpath 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<classpath>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+</classpath>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/.project
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/.project (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/.project 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<projectDescription>
+ <name>idp</name>
+ <comment>JBoss Identity Samples contains the samples for Federated Identity Needs.</comment>
+ <projects/>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/.settings/org.eclipse.jdt.core.prefs 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+#Mon Jul 06 14:51:19 CDT 2009
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.alpha4-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>idp-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Identity Provider that supports signature</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>idp-sig</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/META-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve" />
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve"
+ supportSignature="true"/>
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve" />
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve"
+ supportSignature="true"/>
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/jboss-idfed.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,14 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0" >
+<IdentityURL>http://localhost:8080/idp-sig/</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org,redhat.com</Domains>
+</Trust>
+<KeyProvider ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="/WEB-INF/jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+</KeyProvider>
+</JBossIDP>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/WEB-INF/web.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <display-name>Fedbridge Test IDP</display-name>
+ <description>
+ Just a Test IDP for Fedbridge Project
+ </description>
+
+ <!-- Define a security constraint that gives unlimted access to images -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Images</web-resource-name>
+ <url-pattern>/images/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>HTMLManger and Manager command</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Tomcat Manager Application</realm-name>
+ <form-login-config>
+ <form-login-page>/jsp/login.jsp</form-login-page>
+ <form-error-page>/jsp/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the Manager Application
+ </description>
+ <role-name>manager</role-name>
+ </security-role>
+</web-app>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/error.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp") %>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login-error.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,6 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Login Error</font><hr>
+
+</body>
+ </html>
Added: identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-sig/resources/jsp/login.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text' name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password' size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Modified: identity-federation/trunk/jboss-identity-webapps/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-07-24 22:49:12 UTC (rev 658)
+++ identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -26,6 +26,8 @@
<module>employee</module>
<module>circleoftrust</module>
<module>idp</module>
+ <module>idp-sig</module>
+ <module>sales-post-sig</module>
<module>metadata</module>
<module>openid-provider</module>
<module>openid-consumer</module>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.classpath 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<classpath>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+</classpath>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.project 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<projectDescription>
+ <name>sales</name>
+ <comment>JBoss Identity Samples contains the samples for Federated Identity Needs.</comment>
+ <projects/>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/.settings/org.eclipse.jdt.core.prefs 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,5 @@
+#Mon Jul 06 14:51:18 CDT 2009
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.alpha4-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sales-post-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Sales App with http post signature</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>sales-post-sig</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/META-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator"
+ />
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/context.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve className="org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator"
+ />
+</Context>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/jboss-idfed.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0" ServerEnvironment="tomcat">
+ <IdentityURL>http://localhost:8080/idp-sig/</IdentityURL>
+ <ServiceURL>http://localhost:8080/sales-post-sig/</ServiceURL>
+ <KeyProvider ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+ </KeyProvider>
+
+</JBossSP>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/WEB-INF/web.xml 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app version="2.4"
+ xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+
+ <description>Sales Application</description>
+
+ <security-constraint>
+ <display-name>Restricted</display-name>
+ <web-resource-collection>
+ <web-resource-name>Restricted Access</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Sales</role-name>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>Sales</role-name>
+ <role-name>manager</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/login.jsp</form-login-page>
+ <form-error-page>/error.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+</web-app>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/error.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp") %>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/index.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,13 @@
+<div align="center">
+<h1>SalesTool</h1>
+<br/>
+Welcome to the Sales Tool, <%=request.getUserPrincipal().getName()%>
+
+<br/>
+Here is your sales chart:
+<br/>
+<img src="piechart.gif"/>
+
+<br/>
+<a href="logout.jsp">Click to LogOut</a>
+</div>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/login.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text' name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password' size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp (rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/logout.jsp 2009-07-27 05:18:11 UTC (rev 659)
@@ -0,0 +1,4 @@
+<%
+ session.invalidate();
+%>
+You are logged out.
Added: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/piechart.gif
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/resources/piechart.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream