Removing BOM character from SAML entity descriptor
Closes #30604 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
This commit is contained in:
parent
5210b7e546
commit
c2c74faec0
3 changed files with 63 additions and 1 deletions
|
@ -45,6 +45,8 @@ import org.w3c.dom.NodeList;
|
|||
*/
|
||||
public class SAMLMetadataUtil {
|
||||
|
||||
public static final String UTF8_BOM = "\uFEFF";
|
||||
|
||||
/**
|
||||
* Get the {@link X509Certificate} from the KeyInfo
|
||||
*
|
||||
|
@ -107,6 +109,7 @@ public class SAMLMetadataUtil {
|
|||
}
|
||||
|
||||
public static EntityDescriptorType parseEntityDescriptorType(String descriptor) throws ParsingException {
|
||||
descriptor = removeUTF8BOM(descriptor);
|
||||
Object parsedObject = SAMLParser.getInstance().parse(StaxParserUtil.getXMLEventReader(descriptor));
|
||||
EntityDescriptorType entityType;
|
||||
|
||||
|
@ -153,4 +156,11 @@ public class SAMLMetadataUtil {
|
|||
}
|
||||
return descriptor;
|
||||
}
|
||||
|
||||
public static String removeUTF8BOM(String s) {
|
||||
if (s.startsWith(UTF8_BOM)) {
|
||||
s = s.substring(1);
|
||||
}
|
||||
return s;
|
||||
}
|
||||
}
|
|
@ -743,6 +743,19 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
assertSamlExport(body, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSamlImportWithBom() throws URISyntaxException, IOException, ParsingException {
|
||||
testSamlImport("saml-idp-metadata_utf8_bom.xml", true);
|
||||
|
||||
// Perform export, and make sure some of the values are like they're supposed to be
|
||||
Response response = realm.identityProviders().get("saml").export("xml");
|
||||
Assert.assertEquals(200, response.getStatus());
|
||||
String body = response.readEntity(String.class);
|
||||
response.close();
|
||||
|
||||
assertSamlExport(body, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSamlImportAndExportDifferentBindings() throws URISyntaxException, IOException, ParsingException {
|
||||
testSamlImport("saml-idp-metadata-different-bindings.xml", false);
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<EntityDescriptor entityID="http://localhost:8080/auth/realms/master"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
|
||||
>
|
||||
<Extensions>
|
||||
<mdattr:EntityAttributes>
|
||||
<saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
||||
<saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue>
|
||||
</saml:Attribute>
|
||||
</mdattr:EntityAttributes>
|
||||
</Extensions>
|
||||
<IDPSSODescriptor WantAuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
|
||||
<dsig:X509Data>
|
||||
<dsig:X509Certificate>
|
||||
MIICmzCCAYMCBgFUYnC0OjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYwNDI5MTQzMjEzWhcNMjYwNDI5MTQzMzUzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN25AW1poMEZRbuMAHG58AThZmCwMV6/Gcui4mjGacRFyudgqzLjQ2rxpoW41JAtLjbjeAhuWvirUcFVcOeS3gM/ZC27qCpYighAcylZz6MYocnEe1+e8rPPk4JlID6Wv62dgu+pL/vYsQpRhvD3Y2c/ytgr5D32xF+KnzDehUy5BSyzypvu12Wq9mS5vK5tzkN37EjkhpY2ZxaXPubjDIITCAL4Q8M/m5IlacBaUZbzI4AQrHnMP1O1IH2dHSWuMiBe+xSDTco72PmuYPJKTV4wQdeBUIkYbfLc4RxVmXEvgkQgyW86EoMPxlWJpj7+mTIR+l+2thZPr/VgwTs82rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA/Ip/Hi8RoVu5ouaFFlc5whT7ltuK8slfLGW4tM4vJXhInYwsqIRQKBNDYW/64xle3eII4u1yAH1OYRRwEs7Em1pr4QuFuTY1at+aE0sE46XDlyESI0txJjWxYoT133vM0We2pj1b2nxgU30rwjKA3whnKEfTEYT/n3JBSqNggy6l8ZGw/oPSgvPaR4+xeB1tfQFC4VrLoYKoqH6hAL530nKxL+qV8AIfL64NDEE8ankIAEDAAFe8x3CPUfXR/p4KOANKkpz8ieQaHDb1eITkAwUwjESj6UF9D1aePlhWls/HX0gujFXtWfWfrJ8CU/ogwlH8y1jgRuLjFQYZk6llc=
|
||||
</dsig:X509Certificate>
|
||||
</dsig:X509Data>
|
||||
</dsig:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="http://localhost:8080/auth/realms/master/protocol/saml" />
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="http://localhost:8080/auth/realms/master/protocol/saml" />
|
||||
<ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://localhost:8080/auth/realms/master/protocol/saml/resolve"
|
||||
index="0"/>
|
||||
</IDPSSODescriptor>
|
||||
</EntityDescriptor>
|
Loading…
Reference in a new issue