This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push:
new 15613cb FEDIZ-225 - Add support to specify the
AssertionConsumerService URL via the "reply" configuration parameter for SAML
SSO
15613cb is described below
commit 15613cbbbe3cbe20826cafadf9924519dbb195d4
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri Aug 24 17:31:49 2018 +0100
FEDIZ-225 - Add support to specify the AssertionConsumerService URL via the
"reply" configuration parameter for SAML SSO
---
.../cxf/fediz/core/config/FederationProtocol.java | 22 ---------------------
.../org/apache/cxf/fediz/core/config/Protocol.java | 23 ++++++++++++++++++++++
.../core/processor/AbstractFedizProcessor.java | 20 +++++++++++++++++++
.../core/processor/FederationProcessorImpl.java | 20 -------------------
.../fediz/core/processor/SAMLProcessorImpl.java | 21 +++++++++++++++++---
.../src/main/resources/schemas/FedizConfig.xsd | 2 +-
6 files changed, 62 insertions(+), 46 deletions(-)
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
index 41d56f8..2d53bcd 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
@@ -38,7 +38,6 @@ public class FederationProtocol extends Protocol {
private Object freshness;
private Object signInQuery;
private Object signOutQuery;
- private Object reply;
public FederationProtocol(ProtocolType protocolType) {
super(protocolType);
@@ -184,27 +183,6 @@ public class FederationProtocol extends Protocol {
}
}
- public Object getReply() {
- if (this.reply != null) {
- return this.reply;
- }
- CallbackType cbt = getFederationProtocol().getReply();
- this.reply = ConfigUtils.loadCallbackType(cbt, "Reply",
getClassloader());
- return this.reply;
- }
-
- public void setReply(Object value) {
- final boolean isString = value instanceof String;
- final boolean isCallbackHandler = value instanceof CallbackHandler;
- if (isString || isCallbackHandler) {
- this.reply = value;
- } else {
- LOG.error("Unsupported 'Reply' object");
- throw new IllegalArgumentException("Unsupported 'Reply' object.
Type must be "
- + "java.lang.String or
javax.security.auth.callback.CallbackHandler.");
- }
- }
-
public String getVersion() {
return getFederationProtocol().getVersion();
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
index ed52873..e89aa86 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
@@ -41,6 +41,7 @@ public abstract class Protocol {
private Object issuer;
private Object realm;
private List<TokenValidator> validators = new ArrayList<>();
+ private Object reply;
public Protocol(ProtocolType protocolType) {
super();
@@ -195,4 +196,26 @@ public abstract class Protocol {
public void setApplicationServiceURL(String value) {
getProtocolType().setApplicationServiceURL(value);
}
+
+ public Object getReply() {
+ if (this.reply != null) {
+ return this.reply;
+ }
+ CallbackType cbt = getProtocolType().getReply();
+ this.reply = ConfigUtils.loadCallbackType(cbt, "Reply",
getClassloader());
+ return this.reply;
+ }
+
+ public void setReply(Object value) {
+ final boolean isString = value instanceof String;
+ final boolean isCallbackHandler = value instanceof CallbackHandler;
+ if (isString || isCallbackHandler) {
+ this.reply = value;
+ } else {
+ LOG.error("Unsupported 'Reply' object");
+ throw new IllegalArgumentException("Unsupported 'Reply' object.
Type must be "
+ + "java.lang.String or
javax.security.auth.callback.CallbackHandler.");
+ }
+ }
+
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
index c9821ca..36e3eb0 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
@@ -33,6 +33,7 @@ import
org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
import org.apache.cxf.fediz.core.spi.IDPCallback;
import org.apache.cxf.fediz.core.spi.RealmCallback;
+import org.apache.cxf.fediz.core.spi.ReplyCallback;
import org.apache.cxf.fediz.core.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -102,4 +103,23 @@ public abstract class AbstractFedizProcessor implements
FedizProcessor {
return StringUtils.extractFullContextPath(request);
}
+ protected String resolveReply(HttpServletRequest request, FedizContext
config) throws IOException,
+ UnsupportedCallbackException {
+ Object replyObj = config.getProtocol().getReply();
+ String reply = null;
+ if (replyObj != null) {
+ if (replyObj instanceof String) {
+ reply = (String)replyObj;
+ } else if (replyObj instanceof CallbackHandler) {
+ CallbackHandler replyCB = (CallbackHandler)replyObj;
+ ReplyCallback callback = new ReplyCallback(request);
+ replyCB.handle(new Callback[] {
+ callback
+ });
+ reply = callback.getReply();
+ }
+ }
+ return reply;
+ }
+
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 7067db9..41da510 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -60,7 +60,6 @@ import
org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
import org.apache.cxf.fediz.core.metadata.MetadataWriter;
import org.apache.cxf.fediz.core.spi.FreshnessCallback;
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
-import org.apache.cxf.fediz.core.spi.ReplyCallback;
import org.apache.cxf.fediz.core.spi.ReplyConstraintCallback;
import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
@@ -722,25 +721,6 @@ public class FederationProcessorImpl extends
AbstractFedizProcessor {
return wReq;
}
- private String resolveReply(HttpServletRequest request, FedizContext
config) throws IOException,
- UnsupportedCallbackException {
- Object replyObj =
((FederationProtocol)config.getProtocol()).getReply();
- String reply = null;
- if (replyObj != null) {
- if (replyObj instanceof String) {
- reply = (String)replyObj;
- } else if (replyObj instanceof CallbackHandler) {
- CallbackHandler replyCB = (CallbackHandler)replyObj;
- ReplyCallback callback = new ReplyCallback(request);
- replyCB.handle(new Callback[] {
- callback
- });
- reply = callback.getReply();
- }
- }
- return reply;
- }
-
private void testForMandatoryClaims(String roleURI,
List<org.apache.cxf.fediz.core.config.Claim> requestedClaims,
List<org.apache.cxf.fediz.core.Claim>
receivedClaims,
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 7727d9d..4b88c92 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -22,6 +22,8 @@ package org.apache.cxf.fediz.core.processor;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
@@ -375,10 +377,23 @@ public class SAMLProcessorImpl extends
AbstractFedizProcessor {
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String requestURL = request.getRequestURL().toString();
+ String reply = resolveReply(request, config);
+ if (reply == null || reply.length() == 0) {
+ reply = request.getRequestURL().toString();
+ } else {
+ try {
+ new URL(reply);
+ } catch (MalformedURLException ex) {
+ if (reply.startsWith("/")) {
+ reply =
extractFullContextPath(request).concat(reply.substring(1));
+ } else {
+ reply = extractFullContextPath(request).concat(reply);
+ }
+ }
+ }
String realm = resolveWTRealm(request, config);
AuthnRequest authnRequest =
- samlpRequestBuilder.createAuthnRequest(realm, requestURL);
+ samlpRequestBuilder.createAuthnRequest(realm, reply);
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
authnRequest.setDestination(redirectURL);
@@ -389,7 +404,7 @@ public class SAMLProcessorImpl extends
AbstractFedizProcessor {
String relayState =
URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState();
- requestState.setTargetAddress(requestURL);
+ requestState.setTargetAddress(reply);
requestState.setIdpServiceAddress(redirectURL);
requestState.setRequestId(authnRequest.getID());
requestState.setIssuerId(realm);
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index fe02f5f..3b039a8 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -152,7 +152,6 @@
<xs:element ref="authenticationType" />
<xs:element ref="homeRealm" />
<xs:element ref="freshness" />
- <xs:element ref="reply" />
<xs:element ref="request" />
<xs:element ref="signInQuery" />
<xs:element ref="signOutQuery" />
@@ -201,6 +200,7 @@
<xs:element ref="realm" />
<xs:element ref="tokenValidators" />
<xs:element ref="metadataURI" />
+ <xs:element ref="reply" />
</xs:sequence>
</xs:complexType>
