SAML2LoginAPIAuthenticatorCmd: store nameid and session index in user's session
Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/fa4eb6e9 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/fa4eb6e9 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/fa4eb6e9 Branch: refs/heads/saml2 Commit: fa4eb6e961604f51f88a4f3d23e3e7d252429041 Parents: fc89423 Author: Rohit Yadav <rohit.ya...@shapeblue.com> Authored: Mon Aug 25 01:51:16 2014 +0200 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Mon Aug 25 17:33:29 2014 +0200 ---------------------------------------------------------------------- .../cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fa4eb6e9/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java index e1d95ef..8456872 100644 --- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java @@ -124,7 +124,6 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent } public String buildAuthnRequestUrl(String idpUrl) { - String randomSecureId = new BigInteger(130, new SecureRandom()).toString(32); String spId = _samlAuthManager.getServiceProviderId(); String consumerUrl = _samlAuthManager.getSpSingleSignOnUrl(); String identityProviderUrl = _samlAuthManager.getIdpSingleSignOnUrl(); @@ -136,7 +135,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent String redirectUrl = ""; try { DefaultBootstrap.bootstrap(); - AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(randomSecureId, spId, identityProviderUrl, consumerUrl); + AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(spId, identityProviderUrl, consumerUrl); redirectUrl = identityProviderUrl + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest); } catch (ConfigurationException | FactoryConfigurationError | MarshallingException | IOException e) { s_logger.error("SAML AuthnRequest message building error: " + e.getMessage()); @@ -220,6 +219,9 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent Assertion assertion = processedSAMLResponse.getAssertions().get(0); NameID nameId = assertion.getSubject().getNameID(); + String sessionIndex = assertion.getAuthnStatements().get(0).getSessionIndex(); + session.setAttribute(SAMLUtils.SAML_NAMEID, nameId); + session.setAttribute(SAMLUtils.SAML_SESSION, sessionIndex); if (nameId.getFormat().equals(NameIDType.PERSISTENT) || nameId.getFormat().equals(NameIDType.EMAIL)) { username = nameId.getValue();
