libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

[KEYCLOAK-1491] SAML Spec compliance. NameIDFormat is optional, AttributeStatement must contain one or more attribute or encryptedattribute statements

Browse source
This commit is contained in:
Dane Barentine 2015-06-22 10:45:03 -07:00
parent aaa83dc19a
commit facf701897
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
View file

@ -286,7 +286,8 @@ public class SAMLEndpoint {
identity.setUsername(subjectNameID.getValue());
if (subjectNameID.getFormat().toString().equals(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get())) {
//SAML Spec 2.2.2 Format is optional
if (subjectNameID.getFormat() != null && subjectNameID.getFormat().toString().equals(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get())) {
identity.setEmail(subjectNameID.getValue());
}

7
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
View file

@ -391,10 +391,15 @@ public class SamlProtocol implements LoginProtocol {
UserSessionModel userSession, ClientSessionModel clientSession) {
AssertionType assertion = response.getAssertions().get(0).getAssertion();
AttributeStatementType attributeStatement = new AttributeStatementType();
assertion.addStatement(attributeStatement);
for (ProtocolMapperProcessor<SAMLAttributeStatementMapper> processor : attributeStatementMappers) {
processor.mapper.transformAttributeStatement(attributeStatement, processor.model, session, userSession, clientSession);
}
//SAML Spec 2.7.3 AttributeStatement must contain one or more Attribute or EncryptedAttribute
if(attributeStatement.getAttributes().size() > 0) {
assertion.addStatement(attributeStatement);
}
}
public ResponseType transformLoginResponse(List<ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers,