Commit a058a204 authored by michael.simon's avatar michael.simon
Browse files

Fix AttributeQuery servlet

parent d19b55a9
...@@ -22,6 +22,7 @@ import org.opensaml.saml.common.SAMLVersion; ...@@ -22,6 +22,7 @@ import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.SubjectConfirmation; import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData; import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlIdpConfigurationEntity; import edu.kit.scc.webreg.entity.SamlIdpConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlSpMetadataEntity; import edu.kit.scc.webreg.entity.SamlSpMetadataEntity;
...@@ -109,7 +110,28 @@ public class SsoHelper implements Serializable { ...@@ -109,7 +110,28 @@ public class SsoHelper implements Serializable {
SubjectConfirmationData scd = samlHelper.create(SubjectConfirmationData.class, SubjectConfirmationData.DEFAULT_ELEMENT_NAME); SubjectConfirmationData scd = samlHelper.create(SubjectConfirmationData.class, SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
scd.setNotOnOrAfter(new DateTime(System.currentTimeMillis() + (5L * 60L * 1000L))); scd.setNotOnOrAfter(new DateTime(System.currentTimeMillis() + (5L * 60L * 1000L)));
//scd.setRecipient("https://bwidm-dev.scc.kit.edu/nextcloud/index.php/apps/user_saml/saml/metadata"); scd.setInResponseTo(inResponseTo);
SubjectConfirmation sc = samlHelper.create(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME);
sc.setMethod(SubjectConfirmation.METHOD_BEARER);
sc.setSubjectConfirmationData(scd);
Subject subject = samlHelper.create(Subject.class, Subject.DEFAULT_ELEMENT_NAME);
subject.setNameID(nameId);
subject.getSubjectConfirmations().add(sc);
return subject;
}
public Subject buildAQSubject(SamlAAConfigurationEntity idpConfig, SamlSpMetadataEntity spMetadata,
String nameIdValue, String nameIdType, String inResponseTo) {
NameID nameId = samlHelper.create(NameID.class, NameID.DEFAULT_ELEMENT_NAME);
nameId.setFormat(nameIdType);
nameId.setValue(nameIdValue);
nameId.setNameQualifier(idpConfig.getEntityId());
nameId.setSPNameQualifier(spMetadata.getEntityId());
SubjectConfirmationData scd = samlHelper.create(SubjectConfirmationData.class, SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
scd.setNotOnOrAfter(new DateTime(System.currentTimeMillis() + (5L * 60L * 1000L)));
scd.setInResponseTo(inResponseTo); scd.setInResponseTo(inResponseTo);
SubjectConfirmation sc = samlHelper.create(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME); SubjectConfirmation sc = samlHelper.create(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME);
......
...@@ -34,7 +34,6 @@ import org.opensaml.saml.saml2.core.Response; ...@@ -34,7 +34,6 @@ import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status; import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage; import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.soap.soap11.Body; import org.opensaml.soap.soap11.Body;
import org.opensaml.soap.soap11.Envelope; import org.opensaml.soap.soap11.Envelope;
...@@ -118,7 +117,7 @@ public class Saml2AttributeQueryHandler { ...@@ -118,7 +117,7 @@ public class Saml2AttributeQueryHandler {
Assertion assertion = samlHelper.create(Assertion.class, Assertion.DEFAULT_ELEMENT_NAME); Assertion assertion = samlHelper.create(Assertion.class, Assertion.DEFAULT_ELEMENT_NAME);
assertion.setIssueInstant(new DateTime()); assertion.setIssueInstant(new DateTime());
assertion.setIssuer(ssoHelper.buildIssuser(aaConfig.getEntityId())); assertion.setIssuer(ssoHelper.buildIssuser(aaConfig.getEntityId()));
assertion.setSubject(ssoHelper.buildSubject(nameIdValue, NameID.UNSPECIFIED, query.getID())); assertion.setSubject(ssoHelper.buildAQSubject(aaConfig, spEntity, nameIdValue, NameID.UNSPECIFIED, query.getID()));
assertion.getAttributeStatements().add(buildAttributeStatement(user)); assertion.getAttributeStatements().add(buildAttributeStatement(user));
samlResponse.getAssertions().add(assertion); samlResponse.getAssertions().add(assertion);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment