From b1946e8c13a04dbf262f0ee7cf94b55453b711cc Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Mon, 25 Aug 2014 01:51:16 +0200 Subject: [PATCH] SAML2LoginAPIAuthenticatorCmd: store nameid and session index in user's session Signed-off-by: Rohit Yadav --- .../api/command/SAML2LoginAPIAuthenticatorCmd.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java index e1d95ef2a7f..8456872556e 100644 --- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java @@ -124,7 +124,6 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent } public String buildAuthnRequestUrl(String idpUrl) { - String randomSecureId = new BigInteger(130, new SecureRandom()).toString(32); String spId = _samlAuthManager.getServiceProviderId(); String consumerUrl = _samlAuthManager.getSpSingleSignOnUrl(); String identityProviderUrl = _samlAuthManager.getIdpSingleSignOnUrl(); @@ -136,7 +135,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent String redirectUrl = ""; try { DefaultBootstrap.bootstrap(); - AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(randomSecureId, spId, identityProviderUrl, consumerUrl); + AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(spId, identityProviderUrl, consumerUrl); redirectUrl = identityProviderUrl + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest); } catch (ConfigurationException | FactoryConfigurationError | MarshallingException | IOException e) { s_logger.error("SAML AuthnRequest message building error: " + e.getMessage()); @@ -220,6 +219,9 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent Assertion assertion = processedSAMLResponse.getAssertions().get(0); NameID nameId = assertion.getSubject().getNameID(); + String sessionIndex = assertion.getAuthnStatements().get(0).getSessionIndex(); + session.setAttribute(SAMLUtils.SAML_NAMEID, nameId); + session.setAttribute(SAMLUtils.SAML_SESSION, sessionIndex); if (nameId.getFormat().equals(NameIDType.PERSISTENT) || nameId.getFormat().equals(NameIDType.EMAIL)) { username = nameId.getValue();