CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
# Conflicts: # rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/144271ed Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/144271ed Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/144271ed Branch: refs/heads/3.0.x-fixes Commit: 144271ed753b223c216e9848c3e748ff62d320e9 Parents: 67cef8f Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Sep 6 11:03:55 2016 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Sep 6 11:12:39 2016 +0100 ---------------------------------------------------------------------- ...AbstractRequestAssertionConsumerHandler.java | 49 +++++++++++++++++++- 1 file changed, 47 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/144271ed/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java index 16afc2a..f5c8aae 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java @@ -70,6 +70,12 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS private TokenReplayCache<String> replayCache; private MessageContext messageContext; +<<<<<<< HEAD +======= + private String applicationURL; + private boolean parseApplicationURLFromRelayState; + private String assertionConsumerServiceAddress; +>>>>>>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy @Context public void setMessageContext(MessageContext mc) { @@ -310,8 +316,11 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS ) { try { SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator(); - ssoResponseValidator.setAssertionConsumerURL( - messageContext.getUriInfo().getAbsolutePath().toString()); + String racsAddress = assertionConsumerServiceAddress; + if (racsAddress == null) { + racsAddress = messageContext.getUriInfo().getAbsolutePath().toString(); + } + ssoResponseValidator.setAssertionConsumerURL(racsAddress); ssoResponseValidator.setClientAddress( messageContext.getHttpServletRequest().getRemoteAddr()); @@ -353,4 +362,40 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS public void setEnforceResponseSigned(boolean enforceResponseSigned) { this.enforceResponseSigned = enforceResponseSigned; } +<<<<<<< HEAD +======= + + public String getApplicationURL() { + return applicationURL; + } + + /** + * Set the Application URL to forward to, for the unsolicited IdP case. + * @param applicationURL + */ + public void setApplicationURL(String applicationURL) { + this.applicationURL = applicationURL; + } + + public boolean isParseApplicationURLFromRelayState() { + return parseApplicationURLFromRelayState; + } + + /** + * Whether to parse the application URL to forward to from the RelayState, for the unsolicted IdP case. + * @param parseApplicationURLFromRelayState + */ + public void setParseApplicationURLFromRelayState(boolean parseApplicationURLFromRelayState) { + this.parseApplicationURLFromRelayState = parseApplicationURLFromRelayState; + } + + public String getAssertionConsumerServiceAddress() { + return assertionConsumerServiceAddress; + } + + public void setAssertionConsumerServiceAddress(String assertionConsumerServiceAddress) { + this.assertionConsumerServiceAddress = assertionConsumerServiceAddress; + } + +>>>>>>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy }