[cxf-fediz] branch 1.4.x-fixes updated (4f6e691 -> 27e3f24)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[cxf-fediz] branch 1.4.x-fixes updated (4f6e691 -> 27e3f24)

coheigea
Administrator
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git.


    from 4f6e691  Provide a way of disabling the client address check for SAML SSO
     new 1e2c249  Fixing mistake in previous commit
     new 27e3f24  Fixing mistake in previous commit

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java    | 4 ++--
 .../java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java | 6 ++----
 plugins/core/src/main/resources/schemas/FedizConfig.xsd             | 4 ++--
 3 files changed, 6 insertions(+), 8 deletions(-)

Reply | Threaded
Open this post in threaded view
|

[cxf-fediz] 01/02: Fixing mistake in previous commit

coheigea
Administrator
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git

commit 1e2c249dcdd12190adb244bf7ca9f54f9bf2b83a
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Mon Aug 20 12:38:44 2018 +0100

    Fixing mistake in previous commit
---
 .../java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java     | 2 --
 1 file changed, 2 deletions(-)

diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 901e659..d92cb1a 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -338,8 +338,6 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                 ssoResponseValidator.setClientAddress(request.getRemoteAddr());
             }
 
-            ssoResponseValidator.setClientAddress(request.getRemoteAddr());
-
             boolean doNotEnforceKnownIssuer =
                 ((SAMLProtocol)config.getProtocol()).isDoNotEnforceKnownIssuer();
             ssoResponseValidator.setEnforceKnownIssuer(!doNotEnforceKnownIssuer);

Reply | Threaded
Open this post in threaded view
|

[cxf-fediz] 02/02: Fixing mistake in previous commit

coheigea
Administrator
In reply to this post by coheigea
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git

commit 27e3f24a8f839059edd5e9321117480f03828d68
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Mon Aug 20 12:38:44 2018 +0100

    Fixing mistake in previous commit
---
 .../src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java  | 4 ++--
 .../java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java   | 4 ++--
 plugins/core/src/main/resources/schemas/FedizConfig.xsd               | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
index de4997e..ba90548 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
@@ -110,7 +110,7 @@ public class SAMLProtocol extends Protocol {
         return getSAMLProtocol().getIssuerLogoutURL();
     }
 
-    public boolean isCheckClientAddress() {
-        return getSAMLProtocol().isCheckClientAddress();
+    public boolean isDisableClientAddressCheck() {
+        return getSAMLProtocol().isDisableClientAddressCheck();
     }
 }
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index d92cb1a..1150127 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -333,8 +333,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator();
             String requestURL = request.getRequestURL().toString();
             ssoResponseValidator.setAssertionConsumerURL(requestURL);
-            boolean checkClientAddress = ((SAMLProtocol)config.getProtocol()).isCheckClientAddress();
-            if (checkClientAddress) {
+            boolean disableClientAddressCheck = ((SAMLProtocol)config.getProtocol()).isDisableClientAddressCheck();
+            if (!disableClientAddressCheck) {
                 ssoResponseValidator.setClientAddress(request.getRemoteAddr());
             }
 
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 7ffc4d0..fe02f5f 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -169,7 +169,7 @@
                     <xs:element ref="signRequest" />
                     <xs:element ref="authnRequestBuilder" />
                     <xs:element ref="disableDeflateEncoding" />
-                    <xs:element ref="checkClientAddress" />
+                    <xs:element ref="disableClientAddressCheck" />
                     <xs:element ref="doNotEnforceKnownIssuer" />
                     <xs:element ref="issuerLogoutURL" />
                 </xs:sequence>
@@ -189,7 +189,7 @@
     <xs:element name="disableDeflateEncoding" type="xs:boolean" />
     <xs:element name="doNotEnforceKnownIssuer" type="xs:boolean" />
     <xs:element name="issuerLogoutURL" type="xs:string" />
-    <xs:element name="checkClientAddress" type="xs:boolean" default="true"/>
+    <xs:element name="disableClientAddressCheck" type="xs:boolean"/>
 
     <xs:complexType name="protocolType" abstract="true">
         <xs:sequence>