From dd4a77caa66368ca257fcf5a1f87d0dab90477f5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 21 Jan 2014 18:00:41 +0100 Subject: BUGFIX: RedirectBinding validate signatures which exists, but signature is not required changes for WKO: Allow Metadata with no AttributeConsumerService Allow AuthnRequest with no RequestedAuthnContext Allow AuthnRequest with no AssertionConsumerServiceIndex Use Metadata->AssertionConsumerService->isDefaut flag --- .../at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java | 3 ++- .../gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java index 7e00b8084..e298bcdb3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java @@ -146,7 +146,8 @@ public class Authenticate extends HttpServlet { for (SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { //Get the service address for the binding you wish to use + //Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { redirectEndpoint = sss; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java index cdb28922c..9c6f39b30 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java @@ -204,6 +204,7 @@ public class BuildMetadata extends HttpServlet { spSSODescriptor.setWantAssertionsSigned(true); spSSODescriptor.setAuthnRequestsSigned(true); + AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); -- cgit v1.2.3