Commit c545bad2 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

723: Implement signing support for attribute queries

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=723
parent ac49110f
......@@ -477,7 +477,7 @@ public class SAMLAttributeQueryImpl extends WebSSOProfileConsumerImpl implements
context.setOutboundMessageTransport(clientOutTransport);
// Send artifact retrieve message
boolean signMessage = context.getPeerExtendedMetadata().isRequireArtifactResolveSigned();
boolean signMessage = context.getPeerExtendedMetadata().isRequireAttributeQuerySigned();
processor.sendMessage(context, signMessage, SAMLConstants.SAML2_SOAP11_BINDING_URI);
int responseCode = httpClient.executeMethod(hc, postMethod);
......
......@@ -403,7 +403,8 @@ public class MetadataController {
sb.append(" <property name=\"signingAlgorithm\" value=\"").append(metadata.getSigningAlgorithm()).append("\"/>\n");
}
sb.append(" <property name=\"requireArtifactResolveSigned\" value=\"").append(metadata.isRequireArtifactResolveSigned()).append("\"/>\n" +
" <property name=\"requireLogoutRequestSigned\" value=\"").append(metadata.isRequireLogoutRequestSigned()).append("\"/>\n" +
" <property name=\"requireAttributeQuerySigned\" value=\"").append(metadata.isRequireAttributeQuerySigned()).append("\"/>\n" +
" <property name=\"requireLogoutRequestSigned\" value=\"").append(metadata.isRequireLogoutRequestSigned()).append("\"/>\n" +
" <property name=\"requireLogoutResponseSigned\" value=\"").append(metadata.isRequireLogoutResponseSigned()).append("\"/>\n");
sb.append(" <property name=\"idpDiscoveryEnabled\" value=\"").append(metadata.isIdpDiscoveryEnabled()).append("\"/>\n");
if (metadata.isIdpDiscoveryEnabled()) {
......
......@@ -28,6 +28,7 @@ auth:
#requireArtifactResolveSigned: false
#requireLogoutRequestSigned: false
#requireLogoutResponseSigned: false
#requireAttributeQuerySigned: true
signMetadata : true
#signingAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
discovery:
......
......@@ -41,8 +41,8 @@
</logger> -->
<!-- SAML messages -->
<!-- <logger name="PROTOCOL_MESSAGE">
<logger name="PROTOCOL_MESSAGE">
<level value="debug" />
</logger> -->
</logger>
</configuration>
\ No newline at end of file
......@@ -118,6 +118,7 @@
<property name="requireArtifactResolveSigned" value="${auth.saml.sp.requireArtifactResolveSigned:true}"/>
<property name="requireLogoutRequestSigned" value="${auth.saml.sp.requireLogoutRequestSigned:true}"/>
<property name="requireLogoutResponseSigned" value="${auth.saml.sp.requireLogoutResponseSigned:false}"/>
<property name="requireAttributeQuerySigned" value="${auth.saml.sp.requireAttributeQuerySigned:true}"/>
<property name="signingAlgorithm" value="${auth.saml.sp.signingAlgorithm:http://www.w3.org/2001/04/xmldsig-more#rsa-sha256}" />
......
......@@ -112,6 +112,7 @@ saml.sp.signingKey = ${metadata.signingKey}
saml.sp.encryptionKey = ${metadata.encryptionKey}
saml.sp.tlsKey = ${metadata.tlsKey}
saml.sp.requireArtifactResolveSigned = ${metadata.requireArtifactResolveSigned}
saml.sp.requireAttributeQuerySigned = ${metadata.requireAttributeQuerySigned}
saml.sp.requireLogoutRequestSigned = ${metadata.requireLogoutRequestSigned}
saml.sp.requireLogoutResponseSigned = ${metadata.requireLogoutResponseSigned}
saml.sp.discovery.enabled = ${metadata.includeDiscovery}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment