Author: marcelkolsteren
Date: 2009-08-08 07:15:22 -0400 (Sat, 08 Aug 2009)
New Revision: 684
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
Log:
IDPWebBrowserSSOValve: by default sign outgoing messages and ignore incoming signatures
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-07
23:52:12 UTC (rev 683)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-08
11:15:22 UTC (rev 684)
@@ -75,17 +75,29 @@
private TrustKeyManager keyManager;
- private Boolean supportSignature = false;
-
- public Boolean getSupportSignature()
+ private Boolean ignoreIncomingSignatures = true;
+
+ private Boolean signOutgoingMessages = true;
+
+ public Boolean getIgnoreIncomingSignatures()
{
- return supportSignature;
+ return ignoreIncomingSignatures;
}
- public void setSupportSignature(Boolean supportSignature)
+ public void setIgnoreIncomingSignatures(Boolean ignoreIncomingSignature)
{
- this.supportSignature = supportSignature;
- }
+ this.ignoreIncomingSignatures = ignoreIncomingSignature;
+ }
+
+ public Boolean getSignOutgoingMessages()
+ {
+ return signOutgoingMessages;
+ }
+
+ public void setSignOutgoingMessages(Boolean signOutgoingMessages)
+ {
+ this.signOutgoingMessages = signOutgoingMessages;
+ }
@Override
public void invoke(Request request, Response response) throws IOException,
ServletException
@@ -142,7 +154,7 @@
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL);
- if(this.supportSignature)
+ if(this.signOutgoingMessages)
webRequestUtil.send(errorResponseType, relayState, response, true,
this.keyManager.getSigningKey());
else
@@ -254,7 +266,7 @@
{
try
{
- if(this.supportSignature)
+ if(this.signOutgoingMessages)
webRequestUtil.send(responseType, relayState, response, true,
this.keyManager.getSigningKey());
else
@@ -298,7 +310,7 @@
this.identityURL);
try
{
- if(this.supportSignature)
+ if(this.signOutgoingMessages)
webRequestUtil.send(errorResponseType, relayState, response, true,
this.keyManager.getSigningKey());
else
@@ -317,25 +329,29 @@
protected boolean validate(String remoteAddress,
SessionHolder holder) throws IOException, GeneralSecurityException
{
- if(!supportSignature)
+ if (holder.samlRequest == null || holder.samlRequest.length() == 0)
{
- return holder.samlRequest != null && holder.samlRequest.length() >
0;
+ return false;
}
-
- String sig = holder.signature;
- if(sig == null || sig.length() == 0)
+
+ if (!this.ignoreIncomingSignatures)
{
- log.error("Signature received from SP is null:" + remoteAddress);
- return false;
+ String sig = holder.signature;
+ if (sig == null || sig.length() == 0)
+ {
+ log.error("Signature received from SP is null:" + remoteAddress);
+ return false;
+ }
+
+ return
PostBindingUtil.validateSignature(holder.samlRequest.getBytes("UTF-8"), sig,
keyManager
+ .getValidatingKey(remoteAddress));
}
-
- return
PostBindingUtil.validateSignature(holder.samlRequest.getBytes("UTF-8"),
- sig, keyManager.getValidatingKey(remoteAddress));
+ else
+ {
+ return true;
+ }
}
-
-
-
//***************Lifecycle
/**
* The lifecycle event support for this component.
@@ -413,7 +429,7 @@
throw new RuntimeException(e);
}
- if(this.supportSignature)
+ if(this.signOutgoingMessages)
{
KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
try
Show replies by date