SAML2LoginAPIAuthenticatorCmd: add signature on redirect url Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/394e6130 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/394e6130 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/394e6130 Branch: refs/heads/master Commit: 394e6130e0657ad4323d9c26dc2f2a2605e8d0fa Parents: 67f97df Author: Rohit Yadav <rohit.ya...@shapeblue.com> Authored: Fri Sep 12 16:31:16 2014 +0200 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Fri Sep 12 16:31:16 2014 +0200 ---------------------------------------------------------------------- .../api/command/SAML2LoginAPIAuthenticatorCmd.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/394e6130/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java index b204e72..0257ecf 100644 --- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java @@ -55,8 +55,6 @@ import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.io.UnmarshallingException; import org.opensaml.xml.security.x509.BasicX509Credential; -import org.opensaml.xml.signature.SignatureConstants; -import org.opensaml.xml.signature.SignatureException; import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; import org.xml.sax.SAXException; @@ -72,7 +70,6 @@ import java.net.URLEncoder; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.Signature; import java.util.List; import java.util.Map; @@ -139,9 +136,12 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent try { DefaultBootstrap.bootstrap(); AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(spId, identityProviderUrl, consumerUrl); - redirectUrl = "SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest); - redirectUrl = identityProviderUrl + "?" + SAMLUtils.generateSAMLRequestSignature(redirectUrl, privateKey); - } catch (ConfigurationException | FactoryConfigurationError | MarshallingException | IOException | SignatureException | NoSuchAlgorithmException | InvalidKeyException | java.security.SignatureException e) { + PrivateKey privateKey = null; + if (_samlAuthManager.getSpKeyPair() != null) { + privateKey = _samlAuthManager.getSpKeyPair().getPrivate(); + } + redirectUrl = identityProviderUrl + "?" + SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest), privateKey); + } catch (ConfigurationException | FactoryConfigurationError | MarshallingException | IOException | NoSuchAlgorithmException | InvalidKeyException | java.security.SignatureException e) { s_logger.error("SAML AuthnRequest message building error: " + e.getMessage()); } return redirectUrl;
