Merge pull request #1410 from dbarentine/master

Spec compliance, bug fixes
2015-07-01 15:27:47 -04:00 · 2015-07-01 15:27:47 -04:00 · 212f5b4082
commit 212f5b4082
parent 9591f48077 b9f5946cf0
6 changed files with 17 additions and 3 deletions
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@ -286,7 +286,8 @@ public class SAMLEndpoint {

                identity.setUsername(subjectNameID.getValue());

-                if (subjectNameID.getFormat().toString().equals(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get())) {
+                //SAML Spec 2.2.2 Format is optional
+                if (subjectNameID.getFormat() != null && subjectNameID.getFormat().toString().equals(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get())) {
                    identity.setEmail(subjectNameID.getValue());
                }

--- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-services/main/module.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-services/main/module.xml
@ -49,6 +49,7 @@
        <module name="org.keycloak.keycloak-model-sessions-jpa" services="import"/>
        <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
        <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-saml-core" services="import"/>
        <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
        <module name="org.keycloak.keycloak-services" export="true" services="import"/>
        <module name="org.keycloak.keycloak-social-core" services="import"/>
--- a/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
@ -50,6 +50,7 @@
        <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
        <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>

+        <module name="org.keycloak.keycloak-saml-core" services="import"/>
        <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
        <module name="org.keycloak.keycloak-services" export="true" services="import"/>
        <module name="org.keycloak.keycloak-social-core" services="import"/>
--- a/saml/saml-core/src/main/java/org/keycloak/saml/common/constants/WSTrustConstants.java
+++ b/saml/saml-core/src/main/java/org/keycloak/saml/common/constants/WSTrustConstants.java
@ -224,6 +224,8 @@ public interface WSTrustConstants {

        String REFERENCE = "Reference";

+        String PREFIX = "wsse";
+
        String PREFIX_11 = "wsse11";

        // http://www.ws-i.org/Profiles/KerberosTokenProfile-1.0.html#Kerberos_Security_Token_URI
@ -238,5 +240,7 @@ public interface WSTrustConstants {
        String URI = "URI";

        String VALUE_TYPE = "ValueType";
+
+        String ENCODING_TYPE = "EncodingType";
    }
 }
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
@ -391,10 +391,15 @@ public class SamlProtocol implements LoginProtocol {
                                            UserSessionModel userSession, ClientSessionModel clientSession) {
        AssertionType assertion = response.getAssertions().get(0).getAssertion();
        AttributeStatementType attributeStatement = new AttributeStatementType();
-        assertion.addStatement(attributeStatement);
+
        for (ProtocolMapperProcessor<SAMLAttributeStatementMapper> processor : attributeStatementMappers) {
            processor.mapper.transformAttributeStatement(attributeStatement, processor.model, session, userSession, clientSession);
        }
+
+        //SAML Spec 2.7.3 AttributeStatement must contain one or more Attribute or EncryptedAttribute
+        if(attributeStatement.getAttributes().size() > 0) {
+            assertion.addStatement(attributeStatement);
+        }
    }

    public ResponseType transformLoginResponse(List<ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers,
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java
@ -87,11 +87,13 @@ public class OIDCAttributeMapperHelper {
                jsonObject.put(split[i], attributeValue);
            } else {
                Map<String, Object> nested = (Map<String, Object>)jsonObject.get(split[i]);
+
                if (nested == null) {
                    nested = new HashMap<String, Object>();
                    jsonObject.put(split[i], nested);
-                    jsonObject = nested;
                }
+
+                jsonObject = nested;
            }
        }
    }