Author: anil.saldhana(a)jboss.com
Date: 2011-08-10 12:43:53 -0400 (Wed, 10 Aug 2011)
New Revision: 1170
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
Log:
PLFED-220:
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-10
16:42:40 UTC (rev 1169)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-10
16:43:53 UTC (rev 1170)
@@ -37,6 +37,8 @@
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.w3c.dom.Document;
/**
@@ -51,26 +53,17 @@
private final boolean trace = log.isTraceEnabled();
+ protected String idpAddress = null;
+
/**
- * Flag to indicate whether we want to sign the assertions
+ * If the request.getRemoteAddr is not exactly the IDP address that you have keyed
+ * in your deployment descriptor for keystore alias, you can set it here explicitly
*/
- protected boolean signAssertions = false;
-
- public SPPostSignatureFormAuthenticator()
+ public void setIdpAddress(String idpAddress)
{
- this.validateSignature = true;
+ this.idpAddress = idpAddress;
}
- public boolean isSignAssertions()
- {
- return signAssertions;
- }
-
- public void setSignAssertions(boolean signAssertions)
- {
- this.signAssertions = signAssertions;
- }
-
@Override
public void start() throws LifecycleException
{
@@ -95,6 +88,16 @@
List<AuthPropertyType> authProperties =
CoreConfigUtil.getKeyProviderProperties(keyProvider);
keyManager.setAuthProperties(authProperties);
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+
+ /**
+ * Since the user has explicitly configured the idp address, we need
+ * to add an option on the keymanager such that users of keymanager
+ * can choose the proper idp key for validation
+ */
+ if (StringUtil.isNotNull(idpAddress))
+ {
+ keyManager.addAdditionalOption(ServiceProviderBaseProcessor.IDP_KEY,
this.idpAddress);
+ }
}
catch (Exception e)
{
Show replies by thread