Commit 66a02bf2 authored by michael.simon's avatar michael.simon
Browse files

add virtual hosting caps for login methods

parent 569c36a8
......@@ -128,7 +128,18 @@ public class OidcClientCallbackServiceImpl implements OidcClientCallbackService
AuthorizationCode code = successResponse.getAuthorizationCode();
flowState.setCode(code.getValue());
URI callback = new URI(rpConfig.getCallbackUrl());
String callbackUrl;
if (! rpConfig.getCallbackUrl().startsWith("https://")) {
/*
* we are dealing with a relative acs endpoint. We have to build it with the called hostname;
*/
callbackUrl = "https://" + httpServletRequest.getServerName() + rpConfig.getCallbackUrl();
}
else {
callbackUrl = rpConfig.getCallbackUrl();
}
URI callback = new URI(callbackUrl);
AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callback);
ClientID clientID = new ClientID(rpConfig.getClientId());
......
......@@ -2,12 +2,13 @@ package edu.kit.scc.webreg.service.oidc.client;
import java.io.Serializable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
public interface OidcClientRedirectService extends Serializable {
void redirectClient(Long oidcRelyingPartyId, HttpServletResponse response) throws OidcAuthenticationException;
void redirectClient(Long oidcRelyingPartyId, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException;
}
......@@ -6,6 +6,7 @@ import java.net.URISyntaxException;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
......@@ -43,7 +44,7 @@ public class OidcClientRedirectServiceImpl implements OidcClientRedirectService
private OidcOpMetadataSingletonBean opMetadataBean;
@Override
public void redirectClient(Long oidcRelyingPartyId, HttpServletResponse response) throws OidcAuthenticationException {
public void redirectClient(Long oidcRelyingPartyId, HttpServletRequest servletRequest, HttpServletResponse response) throws OidcAuthenticationException {
OidcRpConfigurationEntity rpConfig = rpConfigDao.findById(oidcRelyingPartyId);
......@@ -51,12 +52,23 @@ public class OidcClientRedirectServiceImpl implements OidcClientRedirectService
throw new OidcAuthenticationException("relying party not configured");
}
String callbackUrl;
if (! rpConfig.getCallbackUrl().startsWith("https://")) {
/*
* we are dealing with a relative acs endpoint. We have to build it with the called hostname;
*/
callbackUrl = "https://" + servletRequest.getServerName() + rpConfig.getCallbackUrl();
}
else {
callbackUrl = rpConfig.getCallbackUrl();
}
try {
URI authzEndpoint = opMetadataBean.getAuthorizationEndpointURI(rpConfig);
ClientID clientID = new ClientID(rpConfig.getClientId());
Scope scope = new Scope(OIDCScopeValue.OPENID, OIDCScopeValue.PROFILE, OIDCScopeValue.EMAIL);
URI callback = new URI(rpConfig.getCallbackUrl());
URI callback = new URI(callbackUrl);
State state = new State();
Nonce nonce = new Nonce();
AuthenticationRequest request = new AuthenticationRequest.Builder(
......@@ -74,7 +86,7 @@ public class OidcClientRedirectServiceImpl implements OidcClientRedirectService
flowState.setNonce(nonce.getValue());
rpFlowStateDao.persist(flowState);
logger.info("Sending OIDC Client to uri: {}", requestURI);
logger.info("Sending OIDC Client to uri: {} with callback {}", requestURI, callbackUrl);
response.sendRedirect(requestURI.toString());
} catch (URISyntaxException | IOException | ParseException e) {
......
......@@ -12,6 +12,7 @@ package edu.kit.scc.webreg.service.saml;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
......@@ -47,17 +48,28 @@ public class Saml2RedirectService {
private SsoHelper ssoHelper;
public void redirectClient(SamlIdpMetadataEntity idpEntity,
SamlSpConfigurationEntity spEntity, HttpServletResponse response)
SamlSpConfigurationEntity spEntity, HttpServletRequest request, HttpServletResponse response)
throws MessageEncodingException, ComponentInitializationException {
String acs;
if (! spEntity.getAcs().startsWith("https://")) {
/*
* we are dealing with a relative acs endpoint. We have to build it with the called hostname;
*/
acs = "https://" + request.getServerName() + spEntity.getAcs();
}
else {
acs = spEntity.getAcs();
}
EntityDescriptor entityDesc = samlHelper.unmarshal(
idpEntity.getEntityDescriptor(), EntityDescriptor.class);
SingleSignOnService sso = metadataHelper.getSSO(entityDesc, SAMLConstants.SAML2_REDIRECT_BINDING_URI);
AuthnRequest authnRequest = ssoHelper.buildAuthnRequest(
spEntity.getEntityId(), spEntity.getAcs(), SAMLConstants.SAML2_POST_BINDING_URI);
spEntity.getEntityId(), acs, SAMLConstants.SAML2_POST_BINDING_URI);
logger.debug("Sending client to idp {} endpoint {}", idpEntity.getEntityId(), sso.getLocation());
logger.debug("Sending client to idp {} endpoint {} and ACS {}", idpEntity.getEntityId(), sso.getLocation(), acs);
MessageContext<SAMLObject> messageContext = new MessageContext<SAMLObject>();
messageContext.setMessage(authnRequest);
......
......@@ -62,7 +62,7 @@ public class OidcClientRedirectHandlerServlet implements Servlet {
}
try {
redirectService.redirectClient(session.getOidcRelyingPartyId(), response);
redirectService.redirectClient(session.getOidcRelyingPartyId(), request, response);
} catch (OidcAuthenticationException e) {
throw new ServletException("Problems encountered: " + e.getMessage());
}
......
......@@ -77,7 +77,7 @@ public class Saml2RedirectLoginHandlerServlet implements Servlet {
SamlIdpMetadataEntity idpEntity = idpService.findById(session.getIdpId());
SamlSpConfigurationEntity spEntity = spService.findById(session.getSpId());
saml2RedirectService.redirectClient(idpEntity, spEntity, response);
saml2RedirectService.redirectClient(idpEntity, spEntity, request, response);
} catch (MessageEncodingException e) {
throw new ServletException("Error encoding outgoing message", e);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment