Commit a058a204 authored by michael.simon's avatar michael.simon
Browse files

Fix AttributeQuery servlet

parent d19b55a9
......@@ -22,6 +22,7 @@ import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlIdpConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlSpMetadataEntity;
......@@ -109,7 +110,28 @@ public class SsoHelper implements Serializable {
SubjectConfirmationData scd = samlHelper.create(SubjectConfirmationData.class, SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
scd.setNotOnOrAfter(new DateTime(System.currentTimeMillis() + (5L * 60L * 1000L)));
//scd.setRecipient("https://bwidm-dev.scc.kit.edu/nextcloud/index.php/apps/user_saml/saml/metadata");
scd.setInResponseTo(inResponseTo);
SubjectConfirmation sc = samlHelper.create(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME);
sc.setMethod(SubjectConfirmation.METHOD_BEARER);
sc.setSubjectConfirmationData(scd);
Subject subject = samlHelper.create(Subject.class, Subject.DEFAULT_ELEMENT_NAME);
subject.setNameID(nameId);
subject.getSubjectConfirmations().add(sc);
return subject;
}
public Subject buildAQSubject(SamlAAConfigurationEntity idpConfig, SamlSpMetadataEntity spMetadata,
String nameIdValue, String nameIdType, String inResponseTo) {
NameID nameId = samlHelper.create(NameID.class, NameID.DEFAULT_ELEMENT_NAME);
nameId.setFormat(nameIdType);
nameId.setValue(nameIdValue);
nameId.setNameQualifier(idpConfig.getEntityId());
nameId.setSPNameQualifier(spMetadata.getEntityId());
SubjectConfirmationData scd = samlHelper.create(SubjectConfirmationData.class, SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
scd.setNotOnOrAfter(new DateTime(System.currentTimeMillis() + (5L * 60L * 1000L)));
scd.setInResponseTo(inResponseTo);
SubjectConfirmation sc = samlHelper.create(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME);
......
......@@ -34,7 +34,6 @@ import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.soap.soap11.Body;
import org.opensaml.soap.soap11.Envelope;
......@@ -118,7 +117,7 @@ public class Saml2AttributeQueryHandler {
Assertion assertion = samlHelper.create(Assertion.class, Assertion.DEFAULT_ELEMENT_NAME);
assertion.setIssueInstant(new DateTime());
assertion.setIssuer(ssoHelper.buildIssuser(aaConfig.getEntityId()));
assertion.setSubject(ssoHelper.buildSubject(nameIdValue, NameID.UNSPECIFIED, query.getID()));
assertion.setSubject(ssoHelper.buildAQSubject(aaConfig, spEntity, nameIdValue, NameID.UNSPECIFIED, query.getID()));
assertion.getAttributeStatements().add(buildAttributeStatement(user));
samlResponse.getAssertions().add(assertion);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment