Author: anil.saldhana(a)jboss.com
Date: 2011-02-10 12:03:12 -0500 (Thu, 10 Feb 2011)
New Revision: 748
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
Log:
fixes
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-02-08
23:08:31 UTC (rev 747)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-02-10
17:03:12 UTC (rev 748)
@@ -30,6 +30,7 @@
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
+import org.picketlink.identity.federation.api.util.KeyUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
@@ -82,8 +83,6 @@
spSsoDescriptor.addSingleLogoutService( sloRedirectEndpoint );
spSsoDescriptor.addSingleLogoutService( sloPostEndpoint );
-
spSsoDescriptor.getProtocolSupportEnumeration().add(JBossSAMLURIConstants.PROTOCOL_NSURI.get());
-
spSsoDescriptor.addNameIDFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
spSsoDescriptor.addNameIDFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
spSsoDescriptor.addNameIDFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
@@ -146,11 +145,11 @@
}
private Element getKeyInfoDOM( X509Certificate certificate )
- {
+ {
try
{
StringBuilder builder = new StringBuilder(
"<ds:KeyInfo><ds:X509Data><ds:X509Certificate>");
- builder.append( new String( certificate.getEncoded() )).append(
"</ds:X509Certificate></ds:X509Data></ds:KeyInfo>");
+ builder.append( KeyUtil.encodeAsString( certificate )).append(
"</ds:X509Certificate></ds:X509Data></ds:KeyInfo>");
return DocumentUtil.getDocument(builder.toString()).getDocumentElement();
}
catch ( Exception e)
@@ -159,4 +158,4 @@
}
}
-}
+}
\ No newline at end of file
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
===================================================================
---
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2011-02-08
23:08:31 UTC (rev 747)
+++
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2011-02-10
17:03:12 UTC (rev 748)
@@ -48,6 +48,7 @@
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
@@ -147,10 +148,19 @@
{
SeamSamlPrincipal principal = null;
- for (Object assertion : responseType.getAssertions() )
+ List<RTChoiceType> assertions = responseType.getAssertions();
+
+ for (RTChoiceType rtChoice : assertions )
{
- if (assertion instanceof AssertionType)
+ EncryptedAssertionType encAssertionType = rtChoice.getEncryptedAssertion();
+ if( encAssertionType != null )
{
+ /* assertion instanceof EncryptedElementType */
+ log.warn("Encountered encrypted assertion. Skipping it because
decryption is not yet supported.");
+ }
+ else
+ {
+ AssertionType assertion = rtChoice.getAssertion();
SeamSamlPrincipal assertionSubject = handleAssertion((AssertionType)
assertion, requestContext);
if (principal == null)
{
@@ -159,13 +169,8 @@
else
{
log.warn("Multiple authenticated users found in assertions. Using the
first one.");
- }
- }
- else
- {
- /* assertion instanceof EncryptedElementType */
- log.warn("Encountered encrypted assertion. Skipping it because
decryption is not yet supported.");
- }
+ }
+ }
}
return principal;
}
@@ -256,6 +261,12 @@
List<SubjectConfirmationType> subjectConfirmations =
subjectSubType.getConfirmation();
+ //Sometime the subjectconfirmation be at the top level in subject
+ if( subjectConfirmations.size() == 0 )
+ {
+ subjectConfirmations = subject.getConfirmation();
+ }
+
for( SubjectConfirmationType confirmation: subjectConfirmations )
{
if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
@@ -276,6 +287,7 @@
}
}
}
+
/*for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
{
if (contentElement.getValue() instanceof NameIDType)
Show replies by date