diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-06 13:47:48 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-06 13:47:48 +0200 |
commit | c1f3b45adb46f2a7a2c93df278d2b8189eb2fc91 (patch) | |
tree | bb2ead1fb89a5c73b963125d37fb3a51e216309f /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets | |
parent | 5677982c24ada5c0a56e11588b5839bc2a75b83e (diff) | |
download | moa-id-spss-c1f3b45adb46f2a7a2c93df278d2b8189eb2fc91.tar.gz moa-id-spss-c1f3b45adb46f2a7a2c93df278d2b8189eb2fc91.tar.bz2 moa-id-spss-c1f3b45adb46f2a7a2c93df278d2b8189eb2fc91.zip |
solve some SLO bugs
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets')
3 files changed, 10 insertions, 7 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java index 5265aed86..f121babc6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java @@ -242,10 +242,10 @@ public class BuildMetadata extends HttpServlet { redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); - SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); - spSSODescriptor.getSingleLogoutServices().add(soapBindingService); +// SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); +// soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); +// soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); +// spSSODescriptor.getSingleLogoutServices().add(soapBindingService); spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index 69adcc661..38c858918 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -78,7 +78,6 @@ public class SLOBasicServlet extends HttpServlet { LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); sloReq.setID(gen.generateIdentifier()); - request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); sloReq.setIssueInstant(new DateTime()); NameID name = SAML2Utils.createSAMLObject(NameID.class); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java index eb5752982..67921c689 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java @@ -120,6 +120,8 @@ public class SLOFrontChannelServlet extends SLOBasicServlet { //build SLO request to IDP LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request); + request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); + //send message sendMessage(request, response, sloReq, null); @@ -132,7 +134,7 @@ public class SLOFrontChannelServlet extends SLOBasicServlet { messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + PVP2Utils.getTrustEngine(getConfig())); SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add(signatureRule); @@ -141,9 +143,11 @@ public class SLOFrontChannelServlet extends SLOBasicServlet { policy); messageContext.setSecurityPolicyResolver(resolver); messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + decode.decode(messageContext); signatureRule.evaluate(messageContext); - decode.decode(messageContext); + processMessage(request, response, messageContext.getInboundMessage(), messageContext.getRelayState()); |