JBoss Identity SVN: r1052 - in migration/picketlink/federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp and 7 other directories.
1:39 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2009-11-19 14:39:37 -0500 (Thu, 19 Nov 2009)
New Revision: 1052
Modified:
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
migration/picketlink/federation/trunk/picketlink-webapps/sales-sig/src/main/webapp/WEB-INF/picketlink-handlers.xml
Log:
signatures in redirect
Modified:
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -353,13 +353,20 @@
//Set the options on the handler request
Map<String, Object> requestOptions = new HashMap<String,
Object>();
+ if(this.ignoreIncomingSignatures)
+ requestOptions.put(GeneralConstants.IGNORE_SIGNATURES,
Boolean.TRUE);
requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
requestOptions.put(GeneralConstants.ASSERTIONS_VALIDITY,
this.assertionValidity);
requestOptions.put(GeneralConstants.CONFIGURATION,
this.idpConfiguration);
if(this.keyManager != null)
{
- PublicKey validatingKey =
CoreConfigUtil.getValidatingKey(keyManager, request.getRemoteAddr());
+ String remoteHost = request.getRemoteAddr();
+ if(trace)
+ {
+ log.trace("Remote Host=" + remoteHost);
+ }
+ PublicKey validatingKey =
CoreConfigUtil.getValidatingKey(keyManager, remoteHost );
requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY,
validatingKey);
}
@@ -375,6 +382,11 @@
Set<SAML2Handler> handlers = chain.handlers();
+ if(trace)
+ {
+ log.trace("Handlers are=" + handlers);
+ }
+
if(samlObject instanceof RequestAbstractType)
{
requestAbstractType = (RequestAbstractType) samlObject;
Modified:
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -295,10 +295,10 @@
boolean willSendRequest)
throws ProcessingException, ConfigurationException, IOException
{
- String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
- samlMessage = PostBindingUtil.base64Encode(samlMessage);
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
- response, willSendRequest);
+ String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
+ samlMessage = PostBindingUtil.base64Encode(samlMessage);
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
+ response, willSendRequest);
}
/**
Modified:
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -122,6 +122,7 @@
try
{
ServiceProviderBaseProcessor baseProcessor = new
ServiceProviderBaseProcessor(false, serviceURL);
+ initializeSAMLProcessor(baseProcessor);
saml2HandlerResponse = baseProcessor.process(httpContext, handlers,
chainLock);
saml2HandlerResponse.setDestination(identityURL);
@@ -159,6 +160,11 @@
String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
String destinationURL = destination +
getDestination(base64Request, relayState,
saml2HandlerResponse.getSendRequest());
+
+ if(trace)
+ {
+ log.trace("URL used for sending:" + destinationURL);
+ }
HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, response);
return false;
@@ -192,6 +198,8 @@
{
ServiceProviderSAMLResponseProcessor responseProcessor =
new ServiceProviderSAMLResponseProcessor(false, serviceURL);
+ initializeSAMLProcessor(responseProcessor);
+
SAML2HandlerResponse saml2HandlerResponse =
responseProcessor.process(samlResponse, httpContext, handlers,
chainLock);
@@ -364,6 +372,15 @@
}
/**
+ * Initialize the {@code ServiceProviderBaseProcessor}
+ * @param processor
+ */
+ protected void initializeSAMLProcessor(ServiceProviderBaseProcessor processor)
+ {
+ processor.setConfiguration(spConfiguration);
+ }
+
+ /**
* Subclasses should provide the implementation
* @param responseType ResponseType that contains the encrypted assertion
* @return response type with the decrypted assertion
Modified:
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -48,6 +48,7 @@
import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
+import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -170,9 +171,16 @@
{
throw new RuntimeException(e);
}
- }
+ }
@Override
+ protected void initializeSAMLProcessor(ServiceProviderBaseProcessor processor)
+ {
+ super.initializeSAMLProcessor(processor);
+ processor.setTrustKeyManager(keyManager);
+ }
+
+ @Override
protected ResponseType decryptAssertion(ResponseType responseType)
throws IOException, GeneralSecurityException, ConfigurationException,
ParsingException
{
Modified:
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -393,6 +393,25 @@
}
/**
+ * Get the document as a string while
+ * ignoring any exceptions
+ * @param doc
+ * @return
+ */
+ public static String asString(Document doc)
+ {
+ String str = null;
+
+ try
+ {
+ str = getDocumentAsString(doc);
+ }
+ catch(Exception ignore)
+ {}
+ return str;
+ }
+
+ /**
* Log the nodes in the document
* @param doc
*/
Modified:
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -22,7 +22,7 @@
package org.picketlink.identity.federation.core.saml.v2.util;
import java.util.HashMap;
-import java.util.HashSet;
+import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -48,7 +48,7 @@
throw new IllegalArgumentException("handlers is null");
List<Handler> handlerList = handlers.getHandler();
- Set<SAML2Handler> handlerSet = new HashSet<SAML2Handler>();
+ Set<SAML2Handler> handlerSet = new LinkedHashSet<SAML2Handler>();
for(Handler handler : handlerList)
{
@@ -91,6 +91,5 @@
}
return handlerSet;
- }
-
+ }
}
\ No newline at end of file
Modified:
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -184,10 +184,7 @@
throw new IllegalArgumentException("Node to be signed is null");
if(trace)
{
- try
- {
- log.trace("Document to be signed=" +
DocumentUtil.getDocumentAsString(doc));
- }catch (Exception e) {}
+ log.trace("Document to be signed=" + DocumentUtil.asString(doc));
}
Node parentNode = nodeToBeSigned.getParentNode();
@@ -231,13 +228,10 @@
{
if(trace)
{
- try
- {
- log.trace("Document to be signed=" +
DocumentUtil.getDocumentAsString(doc));
- }catch (Exception e) {}
+ log.trace("Document to be signed=" + DocumentUtil.asString(doc));
}
- PrivateKey signingKey = keyPair.getPrivate();
- PublicKey publicKey = keyPair.getPublic();
+ PrivateKey signingKey = keyPair.getPrivate();
+ PublicKey publicKey = keyPair.getPublic();
DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
dsc.setDefaultNamespacePrefix("dsig");
Modified:
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -306,11 +306,7 @@
}
if(trace)
{
- try
- {
- log.trace("Final RSTR doc:" +
DocumentUtil.getDocumentAsString(result));
-
- }catch(Exception ignore){}
+ log.trace("Final RSTR doc:" + DocumentUtil.asString(result));
}
}
Modified:
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -63,10 +63,55 @@
throw new ProcessingException("KeyPair not found");
}
+ sign(samlDocument, keypair);
+ }
+
+ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
+ {
+ Document responseDocument = response.getResultingDocument();
+ if(responseDocument == null)
+ {
+ if(trace)
+ {
+ log.trace("handleRequestType:No response document found");
+ }
+ return;
+ }
+
+ //Get the Key Pair
+ KeyPair keypair = (KeyPair)
this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
+
+ this.sign(responseDocument, keypair);
+ }
+
+ @Override
+ public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ Document responseDocument = response.getResultingDocument();
+ if(responseDocument == null)
+ {
+ if(trace)
+ {
+ log.trace("handleStatusResponseType:No response document found");
+ }
+ return;
+ }
+
+ //Get the Key Pair
+ KeyPair keypair = (KeyPair)
this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
+
+ this.sign(responseDocument, keypair);
+ }
+
+
+
+ private void sign(Document samlDocument, KeyPair keypair) throws ProcessingException
+ {
SAML2Signature samlSignature = new SAML2Signature();
//Get the ID from the root
String id = samlDocument.getDocumentElement().getAttribute("ID");
-
+
try
{
samlSignature.sign(samlDocument, id, keypair);
@@ -77,9 +122,6 @@
throw new ProcessingException("Unable to sign");
}
}
-
- public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
- {
- //Nothing to do
- }
+
+
}
\ No newline at end of file
Modified:
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -22,6 +22,7 @@
package org.picketlink.identity.federation.web.handlers.saml2;
import java.security.PublicKey;
+import java.util.Map;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
@@ -35,6 +36,7 @@
import org.w3c.dom.Document;
/**
+ * Validates Signatures inside the SAML payload
* @author Anil.Saldhana(a)redhat.com
* @since Nov 13, 2009
*/
@@ -48,16 +50,16 @@
*/
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
{
+ Map<String,Object> requestOptions = request.getOptions();
+ Boolean ignoreSignatures = (Boolean)
requestOptions.get(GeneralConstants.IGNORE_SIGNATURES);
+ if(ignoreSignatures == Boolean.TRUE)
+ return;
+
Document signedDocument = request.getRequestDocument();
+
if(trace)
{
- try
- {
- log.trace("Will validate :" +
DocumentUtil.getDocumentAsString(signedDocument));
- }
- catch (ConfigurationException e)
- {
- }
+ log.trace("Will validate :" + DocumentUtil.asString(signedDocument));
}
PublicKey publicKey = (PublicKey)
request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
try
@@ -76,7 +78,17 @@
public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse
response)
throws ProcessingException
{
+ Map<String,Object> requestOptions = request.getOptions();
+ Boolean ignoreSignatures = (Boolean)
requestOptions.get(GeneralConstants.IGNORE_SIGNATURES);
+ if(ignoreSignatures == Boolean.TRUE)
+ return;
+
Document signedDocument = request.getRequestDocument();
+ if(trace)
+ {
+ log.trace("Document for validation=" +
DocumentUtil.asString(signedDocument));
+ }
+
PublicKey publicKey = (PublicKey)
request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
this.validateSender(signedDocument, publicKey);
}
Modified:
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -30,9 +30,11 @@
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.config.SPType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
@@ -53,10 +55,13 @@
public class ServiceProviderBaseProcessor
{
protected static Logger log = Logger.getLogger(ServiceProviderBaseProcessor.class);
- private boolean trace = log.isTraceEnabled();
+ protected boolean trace = log.isTraceEnabled();
protected boolean postBinding;
protected String serviceURL;
+
+ protected SPType spConfiguration;
+ protected TrustKeyManager keyManager;
/**
* Construct
@@ -69,11 +74,32 @@
this.serviceURL = serviceURL;
}
+ /**
+ * Set the SP configuration
+ * @param sp
+ */
+ public void setConfiguration(SPType sp)
+ {
+ this.spConfiguration = sp;
+ }
+
+ /**
+ * Set the {@code TrustKeyManager}
+ * @param tkm
+ */
+ public void setTrustKeyManager(TrustKeyManager tkm)
+ {
+ this.keyManager = tkm;
+ }
+
public SAML2HandlerResponse process(HTTPContext httpContext,
Set<SAML2Handler> handlers,
Lock chainLock)
throws ProcessingException, IOException, ParsingException, ConfigurationException
{
+ if(trace)
+ log.trace("Handlers are:" + handlers);
+
//Neither saml request nor response from IDP
//So this is a user request
@@ -105,6 +131,8 @@
else
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
+ if(trace)
+ log.trace("Finished Processing handler:" +
handler.getClass().getCanonicalName());
}
}
catch(ProcessingException pe)
Modified:
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -158,10 +158,10 @@
boolean willSendRequest)
throws ProcessingException, ConfigurationException, IOException
{
- String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
- samlMessage = PostBindingUtil.base64Encode(samlMessage);
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
- response, willSendRequest);
+ String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
+ samlMessage = PostBindingUtil.base64Encode(samlMessage);
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
+ response, willSendRequest);
}
private String getDestination(String urlEncodedRequest, String urlEncodedRelayState,
Modified:
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -23,6 +23,9 @@
import java.io.IOException;
import java.io.InputStream;
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Lock;
@@ -35,7 +38,9 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
+import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
@@ -47,7 +52,7 @@
* @since Oct 27, 2009
*/
public class ServiceProviderSAMLResponseProcessor extends ServiceProviderBaseProcessor
-{
+{
/**
* Construct
* @param postBinding Whether it is the Post Binding
@@ -102,7 +107,26 @@
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
SAMLHandlerChainProcessor chainProcessor = new
SAMLHandlerChainProcessor(handlers);
+
+ //Set some request options
+ if(spConfiguration != null)
+ {
+ Map<String,Object> requestOptions = new HashMap<String,Object>();
+ requestOptions.put(GeneralConstants.CONFIGURATION, spConfiguration);
+ if(keyManager != null)
+ {
+ String remoteHost = httpContext.getRequest().getRemoteAddr();
+ if(trace)
+ {
+ log.trace("ServiceProviderSAMLResponseProcessor::Remote Host=" +
remoteHost);
+ }
+ PublicKey validatingKey = CoreConfigUtil.getValidatingKey(keyManager,
remoteHost );
+ requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY, validatingKey);
+ }
+ saml2HandlerRequest.setOptions(requestOptions);
+ }
+
chainProcessor.callHandlerChain(samlObject, saml2HandlerRequest,
saml2HandlerResponse, httpContext, chainLock);
Modified:
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
===================================================================
---
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2009-11-19
19:39:37 UTC (rev 1052)
@@ -154,7 +154,7 @@
{
Document inputDoc = DocumentUtil.getDocument(req.getInputStream());
if(debug && trace)
- log.trace("Received
SOAP:"+DocumentUtil.getDocumentAsString(inputDoc));
+ log.trace("Received SOAP:"+DocumentUtil.asString(inputDoc));
Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
if(debug)
Modified:
migration/picketlink/federation/trunk/picketlink-webapps/sales-sig/src/main/webapp/WEB-INF/picketlink-handlers.xml
===================================================================
---
migration/picketlink/federation/trunk/picketlink-webapps/sales-sig/src/main/webapp/WEB-INF/picketlink-handlers.xml 2009-11-19
18:30:28 UTC (rev 1051)
+++
migration/picketlink/federation/trunk/picketlink-webapps/sales-sig/src/main/webapp/WEB-INF/picketlink-handlers.xml 2009-11-19
19:39:37 UTC (rev 1052)
@@ -1,4 +1,5 @@
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0">
+ <Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler"/>
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler"/>
6028
days inactive
6028
days old
jboss-identity-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jboss-identity-commits@lists.jboss.org