[KEYCLOAK-987] - IdP should respect the protocol binding when processing AuthnRequest.
This commit is contained in:
parent
da240b2b36
commit
d1f38a4236
1 changed files with 15 additions and 1 deletions
|
@ -220,7 +220,7 @@ public class SamlService {
|
||||||
clientSession.setRedirectUri(redirect);
|
clientSession.setRedirectUri(redirect);
|
||||||
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
||||||
clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
|
clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
|
||||||
clientSession.setNote(SamlProtocol.SAML_BINDING, getBindingType());
|
clientSession.setNote(SamlProtocol.SAML_BINDING, getBindingType(requestAbstractType));
|
||||||
clientSession.setNote(GeneralConstants.RELAY_STATE, relayState);
|
clientSession.setNote(GeneralConstants.RELAY_STATE, relayState);
|
||||||
clientSession.setNote(SamlProtocol.SAML_REQUEST_ID, requestAbstractType.getID());
|
clientSession.setNote(SamlProtocol.SAML_REQUEST_ID, requestAbstractType.getID());
|
||||||
|
|
||||||
|
@ -258,6 +258,20 @@ public class SamlService {
|
||||||
return forms.createLogin();
|
return forms.createLogin();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private String getBindingType(AuthnRequestType requestAbstractType) {
|
||||||
|
URI requestedProtocolBinding = requestAbstractType.getProtocolBinding();
|
||||||
|
|
||||||
|
if (requestedProtocolBinding != null) {
|
||||||
|
if (JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get().equals(requestedProtocolBinding.toString())) {
|
||||||
|
return SamlProtocol.SAML_POST_BINDING;
|
||||||
|
} else {
|
||||||
|
return SamlProtocol.SAML_GET_BINDING;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return getBindingType();
|
||||||
|
}
|
||||||
|
|
||||||
private boolean isSupportedNameIdFormat(String nameIdFormat) {
|
private boolean isSupportedNameIdFormat(String nameIdFormat) {
|
||||||
if (nameIdFormat.equals(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get()) ||
|
if (nameIdFormat.equals(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get()) ||
|
||||||
nameIdFormat.equals(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get()) ||
|
nameIdFormat.equals(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get()) ||
|
||||||
|
|
Loading…
Reference in a new issue