Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Skipping Decryption Error Message 

Closes gh-10220
This commit is contained in:
Josh Cummings 2022-02-16 15:12:17 -07:00
parent c6e5781679
commit b451ede189
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
View File

@ -491,6 +491,10 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
if (responseSigned) { if (responseSigned) {
this.responseElementsDecrypter.accept(responseToken); this.responseElementsDecrypter.accept(responseToken);
} }
else if (!response.getEncryptedAssertions().isEmpty()) {
result = result.concat(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE,
"Did not decrypt response [" + response.getID() + "] since it is not signed"));
}
result = result.concat(this.responseValidator.convert(responseToken)); result = result.concat(this.responseValidator.convert(responseToken));
boolean allAssertionsSigned = true; boolean allAssertionsSigned = true;
for (Assertion assertion : response.getAssertions()) { for (Assertion assertion : response.getAssertions()) {

2
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
View File

@ -280,7 +280,7 @@ public class OpenSaml4AuthenticationProviderTests {
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration()))); Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> this.provider.authenticate(token)) .isThrownBy(() -> this.provider.authenticate(token))
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA)); .satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE, "Did not decrypt response"));
} }
@Test @Test