Commit Graph

274 Commits

Author SHA1 Message Date
Marcus Da Coregio 3d0be9beba Merge branch '5.7.x' into 5.8.x 2022-11-16 14:51:23 -03:00
Marcus Da Coregio 2d19d972f4 Merge branch '5.6.x' into 5.7.x 2022-11-16 14:51:07 -03:00
Marcus Da Coregio d5aabd721a Specify UTF8 for response content
This is needed because in some other platforms, like Windows, the default charset might be different

Issue gh-12026
2022-11-16 14:50:31 -03:00
Marcus Da Coregio 9b6be3a556 Merge branch '5.7.x' into 5.8.x
Closes gh-12222
2022-11-16 13:44:48 -03:00
Marcus Da Coregio 8441e755d3 Merge branch '5.6.x' into 5.7.x
Closes gh-12221
2022-11-16 13:44:16 -03:00
Marcus Da Coregio 53148dc7b5 Use UTF-8 in Saml2MetadataFilter response writer
Closes gh-12026
2022-11-16 13:43:46 -03:00
Josh Cummings b81fbf024b
Merge branch '5.7.x' into 5.8.x
Closes gh-12209
2022-11-14 18:17:02 -07:00
Josh Cummings 79483b2bc9
Merge branch '5.6.x' into 5.7.x
Closes gh-12208
2022-11-14 18:16:22 -07:00
Sabina Palakova ed3af6482d Fix SAML logout log messages
Fixes SAML logout log messages incorrectly referring to logout
response instead of logout request and vice versa.

Closes gh-12129
2022-11-14 18:11:49 -07:00
Josh Cummings 9a1fae3e8e
Add createDefaultAssertionValidatorWithParameters
Closes gh-11675
2022-11-07 16:06:42 -07:00
Josh Cummings 506e50bfd0
Move Saml2 Authentication Filters
Issue gh-8819
2022-09-26 10:44:27 -06:00
Marcus Da Coregio 0c96989cbe Move script tag into body element
Closes gh-11879
2022-09-19 15:46:23 -03:00
Marcus Da Coregio 7359bd5949 Move SAML Post inline javascript to script tag
To avoid relying on HTML event handlers and adding unsafe-* rules to CSP, the javascript is moved to a <script> tag. This also allows a better browser compatibility

Closes gh-11676
2022-08-16 15:06:10 -06:00
Ulrich Grave 409998a3fe Add hash-based Content-Security-Policy for SAML pages
Closes gh-11631
2022-07-27 17:59:42 -06:00
Josh Cummings 56a6133b20
Merge Same-named Attribute Elements
Closes gh-11042
2022-07-20 18:43:25 -06:00
Josh Cummings bced37f6a7
Merge Same-named Attribute Elements
Closes gh-11042
2022-07-20 18:41:55 -06:00
Josh Cummings 561f65b34d
Merge Same-named Attribute Elements
Closes gh-11042
2022-07-20 18:40:20 -06:00
Josh Cummings 3c8a80c364
Add SecurityContextHolderStrategy to Saml2
Issue gh-11060
2022-06-27 13:05:11 -06:00
Joe Grandja 2a3845a7ed Update org.opensaml:opensaml-core4 to 4.1.1
Closes gh-11420
2022-06-20 14:50:24 -04:00
Joe Grandja bca43af9bb Update org.opensaml:opensaml-core4 to 4.1.1
Closes gh-11410
2022-06-20 12:08:07 -04:00
Josh Cummings d22277ce36
Add missing KeyInfo
Closes gh-11354
2022-06-09 13:16:50 -06:00
Josh Cummings bd60a0f8c9
Add OpenSamlSigningUtilsTests
Issue gh-11354
2022-06-09 13:16:49 -06:00
Josh Cummings 812bb0ead0
Add missing KeyInfo
Closes gh-11354
2022-06-09 13:12:52 -06:00
Josh Cummings bb9c7d1b6e
Add OpenSamlSigningUtilsTests
Issue gh-11354
2022-06-09 13:12:33 -06:00
Jared Rufer 3ca4b06612
Support multiple SingleLogoutService bindings.
Closes gh-11286
2022-06-09 12:56:16 -06:00
j3graham 29ba67b6d7 Remove dependency on commons-codec by using java.util.Base64
Closes gh-11318
2022-06-09 06:50:01 -06:00
Houssem BELHADJ AHMED fc653bb81a
make SAML authentication request uri configurable
Closes gh-10840
2022-06-06 12:49:29 -06:00
Marcus Da Coregio e20323e0a8 Use Java 11 Toolchain for OpenSaml4 compile
Issue gh-10816
2022-06-02 19:24:42 +02:00
Claudio Consolmagno 07f9afe057
Use 'md:' prefix in EntityDescriptor XML
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
2022-05-31 17:11:02 -06:00
Claudio Consolmagno c39d39b35f
Use 'md:' prefix in EntityDescriptor XML
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
2022-05-31 17:08:51 -06:00
Claudio Consolmagno b1004aff4e
Use 'md:' prefix in EntityDescriptor XML
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
2022-05-31 17:07:18 -06:00
Juny Tse 649428b49a
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
Closes gh-11262
2022-05-25 12:06:27 -06:00
Juny Tse d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
Closes gh-11262
2022-05-25 12:02:13 -06:00
Juny Tse 16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
Closes gh-11262
2022-05-25 11:43:50 -06:00
Josh Cummings 53e509f0c6
Remove duplicate check
Closes gh-11192
2022-05-23 16:00:15 -06:00
Josh Cummings b51c71c3b3
Use original query string to verify signature
Closes gh-11235
2022-05-23 13:56:28 -06:00
Ulrich Grave 9b874bcde2 Add relyingPartyRegistrationId to AbstractSaml2AuthenticationRequest
Closes gh-11195
2022-05-17 16:21:54 -06:00
Josh Cummings 13795cdec1
Polish Relay State Resolver
Issue gh-11065
2022-05-05 17:28:30 -06:00
sebastiano 4dfc349914
Allow custom relay state
Closes gh-11065
2022-05-05 17:26:39 -06:00
Ulrich Grave 3cbb60750d Add Jackson Support for Saml2AuthenticationException
Closes gh-11169
2022-05-02 17:41:52 -05:00
Marcus Da Coregio bb0c336ae8 Deprecate Saml2AuthenticationRequestFactory
Closes gh-11080
2022-04-08 09:32:03 -03:00
Josh Cummings cf29bf996c
Polish InResponseTo support
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once

Issue gh-9174
2022-03-15 14:06:58 -06:00
Elias Lousseief 3c878549b5
Add support for validation of InResponseTo
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).

Closes gh-9174
2022-03-15 14:06:57 -06:00
Elias Lousseief 836f203d44
Refactored OpenSaml4AuthenticationProviderTests
Factored out repeatedly used code for signing a request.
2022-03-15 14:06:57 -06:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support
Closes gh-9012
2022-03-09 09:18:01 -03:00
Josh Cummings ff87cfce3a Polish EntityDescriptor Customizer
Issue gh-10839
2022-03-04 10:42:04 -07:00
Ulrich Grave d225205bf2 Add method to customize EntityDescriptor
Closes gh-10839
2022-03-04 10:42:04 -07:00
Josh Cummings 304e89041c Polish Formatting
Issue gh-10799
2022-03-02 16:40:13 -07:00
Sander van Schouwenburg f1a76efc2d Preserve order of RelyingPartRegistration credentials
Issue gh-10799
2022-03-02 16:40:13 -07:00
Josh Cummings 963251314b Replace Apache Commons Base64 Decoding
Issue gh-10923
2022-03-02 16:40:11 -07:00