Commit c39318f3 authored by michael.simon's avatar michael.simon
Browse files

Use IDP config, keys and certs in redirect process

parent 288ecc13
......@@ -23,7 +23,9 @@ import org.opensaml.saml.saml2.core.AuthnRequest;
import org.slf4j.Logger;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
import edu.kit.scc.webreg.entity.SamlIdpConfigurationEntity;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
import edu.kit.scc.webreg.service.SamlIdpConfigurationService;
import edu.kit.scc.webreg.service.saml.Saml2DecoderService;
import edu.kit.scc.webreg.service.saml.SamlHelper;
import edu.kit.scc.webreg.service.saml.SamlIdpService;
......@@ -42,6 +44,9 @@ public class Saml2IdpRedirectHandler {
@Inject
private SamlIdpService samlIdpService;
@Inject
private SamlIdpConfigurationService idpConfigService;
@Inject
private SamlHelper samlHelper;
......@@ -54,6 +59,11 @@ public class Saml2IdpRedirectHandler {
public void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
SamlIdpConfigurationEntity idpConfig = idpConfigService.findByHostname(request.getServerName());
if (! request.getRequestURI().equals(idpConfig.getRedirect())) {
throw new ServletException("Unknown redirect uri");
}
AuthnRequest authnRequest;
try {
......@@ -70,13 +80,15 @@ public class Saml2IdpRedirectHandler {
request.getRemoteAddr());
long id = samlIdpService.registerAuthnRequest(authnRequest);
session.setAuthnRequestId(id);
session.setOriginalRequestPath(request.getRequestURI() + "/response");
session.setAuthnRequestIdpConfigId(idpConfig.getId());
session.setOriginalRequestPath(idpConfig.getRedirect() + "/response");
response.sendRedirect("/welcome/index.xhtml");
return;
}
long id = samlIdpService.registerAuthnRequest(authnRequest);
session.setAuthnRequestId(id);
session.setAuthnRequestIdpConfigId(idpConfig.getId());
response.sendRedirect(request.getRequestURI() + "/response");
}
}
......@@ -144,7 +144,8 @@ public class Saml2IdpRedirectResponseHandler {
return;
}
SamlIdpConfigurationEntity idpConfig = idpConfigService.findByEntityId("https://bwidm.scc.kit.edu/saml/idp/metadata");
SamlIdpConfigurationEntity idpConfig = idpConfigService.findById(session.getAuthnRequestIdpConfigId());
logger.debug("IDP Config loaded: {}", idpConfig.getEntityId());
UserEntity user = userService.findById(session.getUserId());
......
......@@ -46,12 +46,12 @@ public class SamlIdpDispatcherServlet implements Servlet {
logger.debug("Dispatching request context '{}' path '{}'", context, path);
if ("/saml/idp/redirect".equals(path)) {
if (path != null && path.endsWith("/redirect")) {
logger.debug("Executing Redirect Handler");
redirectHandler.service(request, response);
return;
}
else if ("/saml/idp/redirect/response".equals(path)) {
else if (path != null && path.endsWith("/redirect/response")) {
logger.debug("Executing Redirect Response Handler");
redirectResponseHandler.service(request, response);
return;
......
......@@ -32,6 +32,7 @@ public class SessionManager implements Serializable {
private static final long serialVersionUID = 1L;
private Long authnRequestId;
private Long authnRequestIdpConfigId;
private Long userId;
......@@ -249,4 +250,12 @@ public class SessionManager implements Serializable {
public void setAuthnRequestId(Long authnRequestId) {
this.authnRequestId = authnRequestId;
}
public Long getAuthnRequestIdpConfigId() {
return authnRequestIdpConfigId;
}
public void setAuthnRequestIdpConfigId(Long authnRequestIdpConfigId) {
this.authnRequestIdpConfigId = authnRequestIdpConfigId;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment