Skip to content

Commit

Permalink
Merge pull request #350 from mauromol/improve-input-params-api
Browse files Browse the repository at this point in the history 
Improve authentication and logout request input params API
  • Loading branch information
@pitbulk
pitbulk committed Jul 26, 2021
2 parents ca9d5f2 + 8560b19 commit 820f581
Show file tree
Hide file tree
Showing 10 changed files with 1,072 additions and 501 deletions.
99 changes: 51 additions & 48 deletions core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,26 +42,6 @@ public class AuthnRequest {
*/
private final Saml2Settings settings;

/**
* When true the AuthNRequest will set the ForceAuthn='true'
*/
private final boolean forceAuthn;

/**
* When true the AuthNRequest will set the IsPassive='true'
*/
private final boolean isPassive;

/**
* When true the AuthNReuqest will set a nameIdPolicy
*/
private final boolean setNameIdPolicy;

/**
* Indicates to the IdP the subject that should be authenticated
*/
private final String nameIdValueReq;

/**
* Time stamp that indicates when the AuthNRequest was created
*/
Expand All @@ -72,55 +52,73 @@ public class AuthnRequest {
*
* @param settings
* OneLogin_Saml2_Settings
* @see #AuthnRequest(Saml2Settings, AuthnRequestParams)
*/
public AuthnRequest(Saml2Settings settings) {
this(settings, false, false, true);
this(settings, new AuthnRequestParams(false, false, true));
}

/**
* Constructs the AuthnRequest object.
*
* @param settings
* OneLogin_Saml2_Settings
* OneLogin_Saml2_Settings
* @param forceAuthn
* When true the AuthNReuqest will set the ForceAuthn='true'
* When true the AuthNReuqest will set the ForceAuthn='true'
* @param isPassive
* When true the AuthNReuqest will set the IsPassive='true'
* When true the AuthNReuqest will set the IsPassive='true'
* @param setNameIdPolicy
* When true the AuthNReuqest will set a nameIdPolicy
* When true the AuthNReuqest will set a nameIdPolicy
* @param nameIdValueReq
* Indicates to the IdP the subject that should be authenticated
* Indicates to the IdP the subject that should be authenticated
* @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with
* {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean, String)}
* instead
*/
@Deprecated
public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) {
this.id = Util.generateUniqueID(settings.getUniqueIDPrefix());
issueInstant = Calendar.getInstance();
this.isPassive = isPassive;
this.settings = settings;
this.forceAuthn = forceAuthn;
this.setNameIdPolicy = setNameIdPolicy;
this.nameIdValueReq = nameIdValueReq;

StrSubstitutor substitutor = generateSubstitutor(settings);
authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), settings);
LOGGER.debug("AuthNRequest --> " + authnRequestString);
this(settings, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq));
}

/**
* Constructs the AuthnRequest object.
*
* @param settings
* OneLogin_Saml2_Settings
* OneLogin_Saml2_Settings
* @param forceAuthn
* When true the AuthNReuqest will set the ForceAuthn='true'
* When true the AuthNReuqest will set the ForceAuthn='true'
* @param isPassive
* When true the AuthNReuqest will set the IsPassive='true'
* When true the AuthNReuqest will set the IsPassive='true'
* @param setNameIdPolicy
* When true the AuthNReuqest will set a nameIdPolicy
* When true the AuthNReuqest will set a nameIdPolicy
* @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with
* {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean)}
* instead
*/
@Deprecated
public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) {
this(settings, forceAuthn, isPassive, setNameIdPolicy, null);
}

/**
* Constructs the AuthnRequest object.
*
* @param settings
* OneLogin_Saml2_Settings
* @param params
* a set of authentication request input parameters that shape the
* request to create
*/
public AuthnRequest(Saml2Settings settings, AuthnRequestParams params) {
this.id = Util.generateUniqueID(settings.getUniqueIDPrefix());
issueInstant = Calendar.getInstance();
this.settings = settings;

StrSubstitutor substitutor = generateSubstitutor(params, settings);
authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), params, settings);
LOGGER.debug("AuthNRequest --> " + authnRequestString);
}

/**
* Allows for an extension class to post-process the AuthnRequest XML generated
* for this request, in order to customize the result.
Expand All @@ -132,15 +130,17 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv
* @param authnRequestXml
* the XML produced for this AuthnRequest by the standard
* implementation provided by {@link AuthnRequest}
* @param params
* the authentication request input parameters
* @param settings
* the settings
* @return the post-processed XML for this AuthnRequest, which will then be
* returned by any call to {@link #getAuthnRequestXml()}
*/
protected String postProcessXml(final String authnRequestXml, final Saml2Settings settings) {
protected String postProcessXml(final String authnRequestXml, final AuthnRequestParams params, final Saml2Settings settings) {
return authnRequestXml;
}

/**
* @return the base64 encoded unsigned AuthnRequest (deflated or not)
*
Expand Down Expand Up @@ -181,22 +181,24 @@ public String getAuthnRequestXml() {
/**
* Substitutes AuthnRequest variables within a string by values.
*
* @param params
* the authentication request input parameters
* @param settings
* Saml2Settings object. Setting data
*
* @return the StrSubstitutor object of the AuthnRequest
*/
private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
private StrSubstitutor generateSubstitutor(AuthnRequestParams params, Saml2Settings settings) {

Map<String, String> valueMap = new HashMap<String, String>();

String forceAuthnStr = "";
if (forceAuthn) {
if (params.isForceAuthn()) {
forceAuthnStr = " ForceAuthn=\"true\"";
}

String isPassiveStr = "";
if (isPassive) {
if (params.isPassive()) {
isPassiveStr = " IsPassive=\"true\"";
}

Expand All @@ -211,6 +213,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
valueMap.put("destinationStr", destinationStr);

String subjectStr = "";
String nameIdValueReq = params.getNameIdValueReq();
if (nameIdValueReq != null && !nameIdValueReq.isEmpty()) {
String nameIDFormat = settings.getSpNameIDFormat();
subjectStr = "<saml:Subject>";
Expand All @@ -221,7 +224,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
valueMap.put("subjectStr", subjectStr);

String nameIDPolicyStr = "";
if (setNameIdPolicy) {
if (params.isSetNameIdPolicy()) {
String nameIDPolicyFormat = settings.getSpNameIDFormat();
if (settings.getWantNameIdEncrypted()) {
nameIDPolicyFormat = Constants.NAMEID_ENCRYPTED;
Expand Down
105 changes: 105 additions & 0 deletions core/src/main/java/com/onelogin/saml2/authn/AuthnRequestParams.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
package com.onelogin.saml2.authn;

/**
* Input parameters for a SAML 2 authentication request.
*/
public class AuthnRequestParams {

/**
* When true the AuthNRequest will set the ForceAuthn='true'
*/
private final boolean forceAuthn;
/**
* When true the AuthNRequest will set the IsPassive='true'
*/
private final boolean isPassive;
/**
* When true the AuthNReuqest will set a nameIdPolicy
*/
private final boolean setNameIdPolicy;
/**
* Indicates to the IdP the subject that should be authenticated
*/
private final String nameIdValueReq;

/**
* Create a set of authentication request input parameters.
*
* @param forceAuthn
* whether the <code>ForceAuthn</code> attribute should be set to
* <code>true</code>
* @param isPassive
* whether the <code>isPassive</code> attribute should be set to
* <code>true</code>
* @param setNameIdPolicy
* whether a <code>NameIDPolicy</code> should be set
*/
public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) {
this(forceAuthn, isPassive, setNameIdPolicy, null);
}

/**
* Create a set of authentication request input parameters.
*
* @param forceAuthn
* whether the <code>ForceAuthn</code> attribute should be set to
* <code>true</code>
* @param isPassive
* whether the <code>isPassive</code> attribute should be set to
* <code>true</code>
* @param setNameIdPolicy
* whether a <code>NameIDPolicy</code> should be set
* @param nameIdValueReq
* the subject that should be authenticated
*/
public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) {
this.forceAuthn = forceAuthn;
this.isPassive = isPassive;
this.setNameIdPolicy = setNameIdPolicy;
this.nameIdValueReq = nameIdValueReq;
}

/**
* Create a set of authentication request input parameters, by copying them from
* another set.
*
* @param source
* the source set of authentication request input parameters
*/
protected AuthnRequestParams(AuthnRequestParams source) {
this.forceAuthn = source.isForceAuthn();
this.isPassive = source.isPassive();
this.setNameIdPolicy = source.isSetNameIdPolicy();
this.nameIdValueReq = source.getNameIdValueReq();
}

/**
* @return whether the <code>ForceAuthn</code> attribute should be set to
* <code>true</code>
*/
protected boolean isForceAuthn() {
return forceAuthn;
}

/**
* @return whether the <code>isPassive</code> attribute should be set to
* <code>true</code>
*/
protected boolean isPassive() {
return isPassive;
}

/**
* @return whether a <code>NameIDPolicy</code> should be set
*/
protected boolean isSetNameIdPolicy() {
return setNameIdPolicy;
}

/**
* @return the subject that should be authenticated
*/
protected String getNameIdValueReq() {
return nameIdValueReq;
}
}

0 comments on commit 820f581

Please sign in to comment.