[cxf] branch master updated: Make sure we're getting the Session NotOnOrAfter from the right assertion

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[cxf] branch master updated: Make sure we're getting the Session NotOnOrAfter from the right assertion

coheigea
Administrator
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 67d670b  Make sure we're getting the Session NotOnOrAfter from the right assertion
67d670b is described below

commit 67d670b34919dd2f64255505fcf9b3d222b56e7e
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Thu Nov 7 17:10:38 2019 +0000

    Make sure we're getting the Session NotOnOrAfter from the right assertion
---
 .../apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java | 2 ++
 .../cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java    | 8 +++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index b9204dd..6772436 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -124,6 +124,8 @@ public class SAMLSSOResponseValidator {
                 if (subjectConf != null) {
                     validateAudienceRestrictionCondition(assertion.getConditions());
                     validAssertion = assertion;
+                    sessionNotOnOrAfter = null;
+
                     // Store Session NotOnOrAfter
                     for (AuthnStatement authnStatment : assertion.getAuthnStatements()) {
                         if (authnStatment.getSessionNotOnOrAfter() != null) {
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
index 180ecec..b5dc509 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
@@ -55,6 +55,7 @@ import org.opensaml.xmlsec.signature.KeyInfo;
 import org.opensaml.xmlsec.signature.Signature;
 import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.fail;
 
@@ -85,7 +86,12 @@ public class SAMLSSOResponseValidatorTest {
         validator.setClientAddress("http://apache.org");
         validator.setRequestId("12345");
         validator.setSpIdentifier("http://service.apache.org");
-        validator.validateSamlResponse(response, false);
+
+        SSOValidatorResponse validateSamlResponse = validator.validateSamlResponse(response, false);
+        assertEquals(response.getID(), validateSamlResponse.getResponseId());
+        assertNotNull(validateSamlResponse.getAssertionElement());
+        assertNotNull(validateSamlResponse.getCreated());
+        assertNotNull(validateSamlResponse.getSessionNotOnOrAfter());
     }
 
     @org.junit.Test