From 008911d4b13e6d90902c4579eafd2425a55b03e2 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Tue, 3 Feb 2015 16:59:09 +0530
Subject: [PATCH] CLOUDSTACK-8195: Don't break IdP, return metadata XML

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 1172867df022358e8b5a2cd435dc1d8331fca8c9)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../GetServiceProviderMetaDataCmd.java        | 17 +++++++++++++----
 .../SAML2LoginAPIAuthenticatorCmd.java        |  2 +-
 ui/index.jsp                                  |  2 +-
 ui/scripts/ui-custom/login.js                 | 19 +++++++++++++++++++
 .../cloudstack/utils/auth/SAMLUtils.java      |  2 +-
 5 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
index 6ab80a114f3..4697438a10c 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
@@ -19,6 +19,7 @@ package org.apache.cloudstack.api.command;
 
 import com.cloud.api.response.ApiResponseSerializer;
 import com.cloud.user.Account;
+import com.cloud.utils.HttpUtils;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.ApiServerService;
@@ -171,6 +172,7 @@ public class GetServiceProviderMetaDataCmd extends BaseCmd implements APIAuthent
         spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
         spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
 
+        StringWriter stringWriter = new StringWriter();
         try {
             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
             DocumentBuilder builder = factory.newDocumentBuilder();
@@ -179,17 +181,24 @@ public class GetServiceProviderMetaDataCmd extends BaseCmd implements APIAuthent
             out.marshall(spEntityDescriptor, document);
 
             Transformer transformer = TransformerFactory.newInstance().newTransformer();
-            StringWriter stringWriter = new StringWriter();
             StreamResult streamResult = new StreamResult(stringWriter);
             DOMSource source = new DOMSource(document);
             transformer.transform(source, streamResult);
             stringWriter.close();
             response.setMetadata(stringWriter.toString());
         } catch (ParserConfigurationException | IOException | MarshallingException | TransformerException e) {
-            response.setMetadata("Error creating Service Provider MetaData XML: " + e.getMessage());
+            if (responseType.equals(HttpUtils.JSON_CONTENT_TYPE)) {
+                response.setMetadata("Error creating Service Provider MetaData XML: " + e.getMessage());
+            } else {
+                return "Error creating Service Provider MetaData XML: " + e.getMessage();
+            }
         }
-
-        return ApiResponseSerializer.toSerializedString(response, responseType);
+        // For JSON type return serialized response object
+        if (responseType.equals(HttpUtils.RESPONSE_TYPE_JSON)) {
+            return ApiResponseSerializer.toSerializedString(response, responseType);
+        }
+        // For other response types return XML
+        return stringWriter.toString();
     }
 
     @Override
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 1b4cd6aaeed..3b6b7d37899 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -273,7 +273,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
                 UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
                 if (userAccount == null && uniqueUserId != null && username != null) {
                     CallContext.current().setEventDetails("SAML Account/User with UserName: " + username + ", FirstName :" + password + ", LastName: " + lastName);
-                    _accountService.createUserAccount(username, password, firstName, lastName, email, timeZone,
+                    userAccount = _accountService.createUserAccount(username, password, firstName, lastName, email, timeZone,
                             username, (short) accountType, domainId, null, null, UUID.randomUUID().toString(), uniqueUserId);
                 }
 
diff --git a/ui/index.jsp b/ui/index.jsp
index 98dbb272bca..655c20acd29 100644
--- a/ui/index.jsp
+++ b/ui/index.jsp
@@ -67,7 +67,7 @@
                         </div>
                         <!-- Submit (login) -->
                         <input type="submit" value="<fmt:message key="label.login"/>" />
-                        <input type="samlsubmit" value="<fmt:message key="label.saml.login"/>" />
+                        <div id="saml-login"><input type="samlsubmit" value="<fmt:message key="label.saml.login"/>"/></div>
                         <!-- Select language -->
                         <div class="select-language">
                             <select name="language">
diff --git a/ui/scripts/ui-custom/login.js b/ui/scripts/ui-custom/login.js
index 269ab927d38..1f82c829982 100644
--- a/ui/scripts/ui-custom/login.js
+++ b/ui/scripts/ui-custom/login.js
@@ -126,6 +126,25 @@
             });
         });
 
+        // Show SAML button if only SP is configured
+        $login.find("#saml-login").hide();
+        $.ajax({
+            type: "GET",
+            url: createURL("getSPMetadata"),
+            dataType: "json",
+            async: false,
+            success: function(data, textStatus, xhr) {
+                if (xhr.status === 200) {
+                    $login.find('#saml-login').show();
+                } else {
+                    $login.find('#saml-login').hide();
+                }
+            },
+            error: function(xhr) {
+                $login.find('#saml-login').hide();
+            },
+        });
+
         // Select language
         var $languageSelect = $login.find('select[name=language]');
         $languageSelect.change(function() {
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index c75422f8774..01388071341 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -309,7 +309,7 @@ public class SAMLUtils {
     public static KeyPair generateRandomKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException {
         Security.addProvider(new BouncyCastleProvider());
         KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
-        keyPairGenerator.initialize(2048, new SecureRandom());
+        keyPairGenerator.initialize(4096, new SecureRandom());
         return keyPairGenerator.generateKeyPair();
     }