libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-1846 Per SAML spec 6.2 Encrypting assertions must happen after the assertions are signed

Browse source
This commit is contained in:
Dane Barentine 2015-09-14 14:00:05 -07:00
parent fe79c9b01e
commit f55ab0d689
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java
View file

@ -120,11 +120,12 @@ public class SAML2BindingBuilder2<T extends SAML2BindingBuilder2> {
protected Document document; protected Document document;
public PostBindingBuilder(Document document) throws ProcessingException { public PostBindingBuilder(Document document) throws ProcessingException {
if (encrypt) encryptDocument(document);
this.document = document; this.document = document;
if (signAssertions) { if (signAssertions) {
signAssertion(document); signAssertion(document);
} }
//Per SAML spec 6.2 Encrypting assertions must happen after the assertions are signed
if (encrypt) encryptDocument(document);
if (sign) { if (sign) {
signDocument(document); signDocument(document);
} }
@ -151,11 +152,12 @@ public class SAML2BindingBuilder2<T extends SAML2BindingBuilder2> {
protected Document document; protected Document document;
public RedirectBindingBuilder(Document document) throws ProcessingException { public RedirectBindingBuilder(Document document) throws ProcessingException {
if (encrypt) encryptDocument(document);
this.document = document; this.document = document;
if (signAssertions) { if (signAssertions) {
signAssertion(document); signAssertion(document);
} }
//Per SAML spec 6.2 Encrypting assertions must happen after the assertions are signed
if (encrypt) encryptDocument(document);
} }
public Document getDocument() { public Document getDocument() {