Re: [PR] 4.19 fix saml account selector [cloudstack]

Thu, 27 Feb 2025 00:25:55 -0800 


DaanHoogland commented on code in PR #10311:
URL: https://github.com/apache/cloudstack/pull/10311#discussion_r1973093624


##########
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java:
##########
@@ -168,28 +168,33 @@ public static String buildAuthnRequestUrl(final String 
authnId, final SAMLProvid
         return redirectUrl;
     }
 
-    public static AuthnRequest buildAuthnRequestObject(final String authnId, 
final String spId, final String idpUrl, final String consumerUrl) {
+    public static AuthnRequest buildAuthnRequestObject(final String authnId, 
final String spId, final String idpUrl, final String consumerUrl, boolean 
requirePasswordAuthentication) {
         // Issuer object
         IssuerBuilder issuerBuilder = new IssuerBuilder();
         Issuer issuer = issuerBuilder.buildObject();
         issuer.setValue(spId);
 
-        // AuthnContextClass
-        AuthnContextClassRefBuilder authnContextClassRefBuilder = new 
AuthnContextClassRefBuilder();
-        AuthnContextClassRef authnContextClassRef = 
authnContextClassRefBuilder.buildObject(
-                SAMLConstants.SAML20_NS,
-                "AuthnContextClassRef", "saml");
-        
authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
-
-        // AuthnContext
-        RequestedAuthnContextBuilder requestedAuthnContextBuilder = new 
RequestedAuthnContextBuilder();
-        RequestedAuthnContext requestedAuthnContext = 
requestedAuthnContextBuilder.buildObject();
-        
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
-        
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
-
         // Creation of AuthRequestObject
         AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
         AuthnRequest authnRequest = authRequestBuilder.buildObject();
+
+        // AuthnContextClass.  When this is false, the authentication 
requirements are defered to the SAML IDP and its default or configured workflow
+        if (requirePasswordAuthentication) {
+            AuthnContextClassRefBuilder authnContextClassRefBuilder = new 
AuthnContextClassRefBuilder();
+            AuthnContextClassRef authnContextClassRef = 
authnContextClassRefBuilder.buildObject(
+                    SAMLConstants.SAML20_NS,
+                    "AuthnContextClassRef", "saml");
+            
authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
+
+            // AuthnContext
+            RequestedAuthnContextBuilder requestedAuthnContextBuilder = new 
RequestedAuthnContextBuilder();
+            RequestedAuthnContext requestedAuthnContext = 
requestedAuthnContextBuilder.buildObject();
+            
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
+            
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
+            authnRequest.setRequestedAuthnContext(requestedAuthnContext);
+        }
+

Review Comment:
   no critisism of your PR , but some modularisation is possible. For instance 
this bit.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to