diff --git a/README.md b/README.md index 4dc9f0c9..009fac58 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,8 @@ -# OneLogin's SAML Java Toolkit +# SAML Java Toolkit [![Build Status](https://travis-ci.org/onelogin/java-saml.svg?branch=master)](https://travis-ci.org/onelogin/java-saml) [![Coverage Status](https://coveralls.io/repos/github/onelogin/java-saml/badge.svg?branch=master)](https://coveralls.io/github/onelogin/java-saml?branch=master) -## **Notice:** This project is currently not under active development, please see [#388](https://github.com/onelogin/java-saml/issues/388) for more information. - Add SAML support to your Java applications using this library. -Forget those complicated libraries and use that open source library provided and supported by OneLogin Inc. 2.8.0 uses xmlsec 2.2.3 which fixes [CVE-2021-40690](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-1655558) @@ -87,7 +84,7 @@ since 2002, but lately it has become popular due to its advantages as follows: ## General description -OneLogin's SAML Java toolkit lets you turn a Java application into a SP +SAML Java toolkit lets you turn a Java application into a SP (Service Provider) that can be connected to an IdP (Identity Provider). Supports: @@ -108,7 +105,6 @@ Key features: * **Easy to use** - Programmer will be allowed to code high-level and low-level programming; 2 easy-to-use APIs are available. * **Tested** - Thoroughly tested. - * **Popular** - OneLogin's customers use it. Add easy support to your java web projects. ## Security warning @@ -198,7 +194,7 @@ Select a [Tomcat Server](http://crunchify.com/step-by-step-guide-to-setup-and-in ## Getting started ### Learning the toolkit -OneLogin's new SAML Java SAML Toolkit contains different folders (core, toolkit, samples) and some files. +Java SAML Toolkit contains different folders (core, toolkit, samples) and some files. Let's start describing them: @@ -261,7 +257,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-tookit-jspsample/me onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-tookit-jspsample/acs.jsp # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -270,7 +266,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-tookit-jspsample/sls.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -326,7 +322,7 @@ onelogin.saml2.idp.entityid = onelogin.saml2.idp.single_sign_on_service.url = # SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -340,7 +336,7 @@ onelogin.saml2.idp.single_logout_service.url = onelogin.saml2.idp.single_logout_service.response.url = # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -755,7 +751,7 @@ In order to avoid replay attacks, you can store the ID of the SAML messages alre Get the ID of the last processed message with the getLastMessageId method of the Auth object. ## Demo included in the toolkit -The Onelogin's Java Toolkit allows you to provide the settings in a unique file as described at the [Settings section](https://github.com/onelogin/java-saml/#Settings). +The Java Toolkit allows you to provide the settings in a unique file as described at the [Settings section](https://github.com/onelogin/java-saml/#Settings). #### SP setup Configure the SP part and review the metadata of the IdP and complete the IdP info. Later configure how the toolkit will work enabling/disabling the security settings. diff --git a/core/pom.xml b/core/pom.xml index 123ec966..9d7ccebd 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -7,7 +7,7 @@ jar - OneLogin java-saml Toolkit Core + java-saml Toolkit Core java-saml-core @@ -68,6 +68,12 @@ 4.3.4 true + + com.fasterxml.jackson.core + jackson-databind + 2.13.4.2 + true + com.azure azure-identity diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java index b5f3811f..8bb89b2b 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java @@ -17,7 +17,7 @@ import com.onelogin.saml2.util.Util; /** - * AuthNRequest class of OneLogin's Java Toolkit. + * AuthNRequest class of Java Toolkit. * * A class that implements SAML 2 Authentication Request */ @@ -79,7 +79,7 @@ public AuthnRequest(Saml2Settings settings) { public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) { this(settings, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq)); } - + /** * Constructs the AuthnRequest object. * @@ -126,7 +126,7 @@ public AuthnRequest(Saml2Settings settings, AuthnRequestParams params) { * This method is invoked at construction time, after all the other fields of * this class have already been initialised. Its default implementation simply * returns the input XML as-is, with no change. - * + * * @param authnRequestXml * the XML produced for this AuthnRequest by the standard * implementation provided by {@link AuthnRequest} @@ -144,10 +144,10 @@ protected String postProcessXml(final String authnRequestXml, final AuthnRequest /** * @return the base64 encoded unsigned AuthnRequest (deflated or not) * - * @param deflated + * @param deflated * If deflated or not the encoded AuthnRequest * - * @throws IOException + * @throws IOException */ public String getEncodedAuthnRequest(Boolean deflated) throws IOException { String encodedAuthnRequest; @@ -161,18 +161,18 @@ public String getEncodedAuthnRequest(Boolean deflated) throws IOException { } return encodedAuthnRequest; } - + /** * @return base64 encoded, unsigned AuthnRequest (deflated or not) - * - * @throws IOException + * + * @throws IOException */ public String getEncodedAuthnRequest() throws IOException { return getEncodedAuthnRequest(null); } /** - * @return unsigned plain-text AuthnRequest. + * @return unsigned plain-text AuthnRequest. */ public String getAuthnRequestXml() { return authnRequestString; @@ -185,9 +185,9 @@ public String getAuthnRequestXml() { * the authentication request input parameters * @param settings * Saml2Settings object. Setting data - * - * @return the StrSubstitutor object of the AuthnRequest - */ + * + * @return the StrSubstitutor object of the AuthnRequest + */ private StrSubstitutor generateSubstitutor(AuthnRequestParams params, Saml2Settings settings) { Map valueMap = new HashMap(); @@ -242,7 +242,7 @@ private StrSubstitutor generateSubstitutor(AuthnRequestParams params, Saml2Setti if (organization != null) { String displayName = organization.getOrgDisplayName(); if (!displayName.isEmpty()) { - providerStr = " ProviderName=\""+ Util.toXml(displayName) + "\""; + providerStr = " ProviderName=\""+ Util.toXml(displayName) + "\""; } } valueMap.put("providerStr", providerStr); @@ -288,10 +288,10 @@ public String getId() { return id; } - + /** * Returns the issue instant of this message. - * + * * @return a new {@link Calendar} instance carrying the issue instant of this message */ public Calendar getIssueInstant() { diff --git a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java index a7996096..ec3b0abf 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java +++ b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java @@ -37,7 +37,7 @@ import com.onelogin.saml2.util.Util; /** - * SamlResponse class of OneLogin's Java Toolkit. + * SamlResponse class of Java Toolkit. * * A class that implements SAML 2 Authentication Response parser/validator */ @@ -752,7 +752,7 @@ public String getResponseIssuer() throws XPathExpressionException, ValidationErr } return null; } - + /** * Gets the Assertion Issuer. * @@ -777,7 +777,7 @@ public String getAssertionIssuer() throws XPathExpressionException, ValidationEr throw new ValidationError("Issuer of the Assertion not found or multiple.", ValidationError.ISSUER_NOT_FOUND_IN_ASSERTION); } } - + /** * Gets the Issuers (from Response and Assertion). If the same issuer appears * both in the Response and in the Assertion (as it should), the returned list @@ -1102,11 +1102,11 @@ public String getError() { public Exception getValidationException() { return validationException; } - + /** * Sets the validation exception that this {@link SamlResponse} should return * when a validation error occurs. - * + * * @param validationException * the validation exception to set */ diff --git a/core/src/main/java/com/onelogin/saml2/exception/SAMLException.java b/core/src/main/java/com/onelogin/saml2/exception/SAMLException.java index a1e1547f..cc05147c 100644 --- a/core/src/main/java/com/onelogin/saml2/exception/SAMLException.java +++ b/core/src/main/java/com/onelogin/saml2/exception/SAMLException.java @@ -1,7 +1,7 @@ package com.onelogin.saml2.exception; /** - * Top-level exception class for the OneLogin SAML client. + * Top-level exception class for the SAML client. */ public class SAMLException extends Exception { @@ -10,7 +10,7 @@ public class SAMLException extends Exception { /** * Construct a SAMLException with the provided error message. * - * @param message + * @param message * The human-readable error message associated with this exception. */ public SAMLException(String message) { @@ -33,12 +33,12 @@ public SAMLException(Throwable cause) { * * @param message * The human-readable error message associated with this exception. - * - * @param cause + * + * @param cause * The upstream cause associated with this exception. */ public SAMLException(String message, Throwable cause) { super(message, cause); } -} \ No newline at end of file +} diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java index 903cd2db..83d51767 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java @@ -29,7 +29,7 @@ import com.onelogin.saml2.util.SchemaFactory; /** - * LogoutRequest class of OneLogin's Java Toolkit. + * LogoutRequest class of Java Toolkit. * * A class that implements SAML 2 Logout Request builder/parser/validator */ @@ -71,7 +71,7 @@ public class LogoutRequest { /** * After validation, if it fails this property has the cause of the problem - */ + */ private Exception validationException; /** @@ -104,19 +104,19 @@ public class LogoutRequest { public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, String sessionIndex, String nameIdFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) { this.settings = settings; this.request = request; - + String samlLogoutRequest = null; - + if (request != null) { samlLogoutRequest = request.getParameter("SAMLRequest"); currentUrl = request.getRequestURL(); } - + if (samlLogoutRequest == null) { LogoutRequestParams params = new LogoutRequestParams(sessionIndex, nameId, nameIdFormat, nameIdNameQualifier, nameIdSPNameQualifier); id = Util.generateUniqueID(settings.getUniqueIDPrefix()); issueInstant = Calendar.getInstance(); - + StrSubstitutor substitutor = generateSubstitutor(params, settings); logoutRequestString = postProcessXml(substitutor.replace(getLogoutRequestTemplate()), params, settings); } else { @@ -264,7 +264,7 @@ public LogoutRequest(Saml2Settings settings, LogoutRequestParams params) { * scenario only), after all the other fields of this class have already been * initialised. Its default implementation simply returns the input XML as-is, * with no change. - * + * * @param logoutRequestXml * the XML produced for this LogoutRequest by the standard * implementation provided by {@link LogoutRequest} @@ -282,10 +282,10 @@ protected String postProcessXml(final String logoutRequestXml, final LogoutReque /** * @return the base64 encoded unsigned Logout Request (deflated or not) * - * @param deflated + * @param deflated * If deflated or not the encoded Logout Request * - * @throws IOException + * @throws IOException */ public String getEncodedLogoutRequest(Boolean deflated) throws IOException { String encodedLogoutRequest; @@ -299,11 +299,11 @@ public String getEncodedLogoutRequest(Boolean deflated) throws IOException { } return encodedLogoutRequest; } - + /** * @return the base64 encoded unsigned Logout Request (deflated or not) * - * @throws IOException + * @throws IOException */ public String getEncodedLogoutRequest() throws IOException { return getEncodedLogoutRequest(null); @@ -323,13 +323,13 @@ public String getLogoutRequestXml() { * the logout request input parameters * @param settings * Saml2Settings object. Setting data - * + * * @return the StrSubstitutor object of the LogoutRequest */ private StrSubstitutor generateSubstitutor(LogoutRequestParams params, Saml2Settings settings) { Map valueMap = new HashMap(); - valueMap.put("id", Util.toXml(id)); + valueMap.put("id", Util.toXml(id)); String issueInstantString = Util.formatDateTime(issueInstant.getTimeInMillis()); valueMap.put("issueInstant", issueInstantString); @@ -356,11 +356,11 @@ private StrSubstitutor generateSubstitutor(LogoutRequestParams params, Saml2Sett } } else { nameId = settings.getIdpEntityId(); - nameIdFormat = Constants.NAMEID_ENTITY; + nameIdFormat = Constants.NAMEID_ENTITY; } // From saml-core-2.0-os 8.3.6, when the entity Format is used: "The NameQualifier, SPNameQualifier, and - // SPProvidedID attributes MUST be omitted. + // SPProvidedID attributes MUST be omitted. if (nameIdFormat != null && nameIdFormat.equals(Constants.NAMEID_ENTITY)) { nameQualifier = null; spNameQualifier = null; @@ -424,7 +424,7 @@ public Boolean isValid() { if (this.request == null) { throw new Exception("The HttpRequest of the current host was not established"); } - + if (this.currentUrl == null || this.currentUrl.isEmpty()) { throw new Exception("The URL of the current host was not established"); } @@ -435,7 +435,7 @@ public Boolean isValid() { if (settings.isStrict()) { Element rootElement = logoutRequestDocument.getDocumentElement(); - rootElement.normalize(); + rootElement.normalize(); if (settings.getWantXMLValidation()) { if (!Util.validateXML(logoutRequestDocument, SchemaFactory.SAML_SCHEMA_PROTOCOL_2_0)) { @@ -479,10 +479,10 @@ public Boolean isValid() { throw new ValidationError("The Message of the Logout Request is not signed and the SP requires it", ValidationError.NO_SIGNED_MESSAGE); } } - + if (signature != null && !signature.isEmpty()) { X509Certificate cert = settings.getIdpx509cert(); - + List certList = new ArrayList(); List multipleCertList = settings.getIdpx509certMulti(); @@ -524,9 +524,9 @@ public Boolean isValid() { throw new ValidationError("Signature validation failed. Logout Request rejected", ValidationError.INVALID_SIGNATURE); } } - + LOGGER.debug("LogoutRequest validated --> " + logoutRequestString); - return true; + return true; } catch (Exception e) { validationException = e; LOGGER.debug("LogoutRequest invalid --> " + logoutRequestString); @@ -589,7 +589,7 @@ public static String getId(String samlLogoutRequestString) { Document doc = Util.loadXML(samlLogoutRequestString); return getId(doc); } - + /** * Returns the issue instant of the Logout Request Document. * @@ -618,7 +618,7 @@ public static Calendar getIssueInstant(String samlLogoutRequestString) { public static Map getNameIdData(Document samlLogoutRequestDocument, PrivateKey key) throws Exception { return getNameIdData(samlLogoutRequestDocument, key, false); } - + /** * Gets the NameID Data from the the Logout Request Document. * @@ -637,7 +637,7 @@ public static Map getNameIdData(Document samlLogoutRequestDocume NodeList encryptedIDNodes = Util.query(samlLogoutRequestDocument, "/samlp:LogoutRequest/saml:EncryptedID"); NodeList nameIdNodes; Element nameIdElem; - + if (encryptedIDNodes.getLength() == 1) { if (key == null) { throw new SettingsException("Key is required in order to decrypt the NameID", SettingsException.PRIVATE_KEY_NOT_FOUND); @@ -650,7 +650,7 @@ public static Map getNameIdData(Document samlLogoutRequestDocume if (nameIdNodes == null || nameIdNodes.getLength() != 1) { throw new Exception("Not able to decrypt the EncryptedID and get a NameID"); } - } + } else { nameIdNodes = Util.query(samlLogoutRequestDocument, "/samlp:LogoutRequest/saml:NameID"); } @@ -660,9 +660,9 @@ public static Map getNameIdData(Document samlLogoutRequestDocume } else { throw new ValidationError("No name id found in Logout Request.", ValidationError.NO_NAMEID); } - + Map nameIdData = new HashMap(); - + if (nameIdElem != null) { String value = nameIdElem.getTextContent(); if(value != null && trimValue) { @@ -723,10 +723,10 @@ public static Map getNameIdData(String samlLogoutRequestString, * * @param samlLogoutRequestDocument * A DOMDocument object loaded from the SAML Logout Request. - * + * * @param key * The SP key to decrypt the NameID if encrypted - * + * * @return the Name ID value * * @throws Exception @@ -740,10 +740,10 @@ public static String getNameId(Document samlLogoutRequestDocument, PrivateKey ke * * @param samlLogoutRequestDocument * A DOMDocument object loaded from the SAML Logout Request. - * + * * @param key * The SP key to decrypt the NameID if encrypted - * + * * @param trimValue * whether the extracted Name ID value should be trimmed * @@ -771,7 +771,7 @@ public static String getNameId(Document samlLogoutRequestDocument, PrivateKey ke public static String getNameId(Document samlLogoutRequestDocument) throws Exception { return getNameId(samlLogoutRequestDocument, null); } - + /** * Gets the NameID value provided from the SAML Logout Request String. * @@ -821,10 +821,10 @@ public static String getNameId(String samlLogoutRequestString, PrivateKey key, b public static String getNameId(String samlLogoutRequestString) throws Exception { return getNameId(samlLogoutRequestString, null); } - + /** * Gets the Issuer from Logout Request Document. - * + * * @param samlLogoutRequestDocument * A DOMDocument object loaded from the SAML Logout Request. * @@ -838,7 +838,7 @@ public static String getIssuer(Document samlLogoutRequestDocument) throws XPathE /** * Gets the Issuer from Logout Request Document. - * + * * @param samlLogoutRequestDocument * A DOMDocument object loaded from the SAML Logout Request. * @param trim @@ -864,12 +864,12 @@ public static String getIssuer(Document samlLogoutRequestDocument, boolean trim) /** * Gets the Issuer from Logout Request String. - * + * * @param samlLogoutRequestString * A Logout Request string. * * @return the issuer of the logout request - * + * * @throws XPathExpressionException */ public static String getIssuer(String samlLogoutRequestString) throws XPathExpressionException { @@ -878,14 +878,14 @@ public static String getIssuer(String samlLogoutRequestString) throws XPathExpre /** * Gets the Issuer from Logout Request String. - * + * * @param samlLogoutRequestString * A Logout Request string. * @param trim * whether the extracted issuer value should be trimmed * * @return the issuer of the logout request - * + * * @throws XPathExpressionException */ public static String getIssuer(String samlLogoutRequestString, boolean trim) throws XPathExpressionException { @@ -896,7 +896,7 @@ public static String getIssuer(String samlLogoutRequestString, boolean trim) thr /** * Gets the SessionIndexes from the LogoutRequest. - * + * * @param samlLogoutRequestDocument * A DOMDocument object loaded from the SAML Logout Request. * @return the SessionIndexes @@ -909,7 +909,7 @@ public static List getSessionIndexes(Document samlLogoutRequestDocument) /** * Gets the SessionIndexes from the LogoutRequest. - * + * * @param samlLogoutRequestDocument * A DOMDocument object loaded from the SAML Logout Request. * @param trim @@ -939,7 +939,7 @@ public static List getSessionIndexes(Document samlLogoutRequestDocument, /** * Gets the SessionIndexes from the LogoutRequest. - * + * * @param samlLogoutRequestString * A Logout Request string. * @return the SessionIndexes @@ -952,7 +952,7 @@ public static List getSessionIndexes(String samlLogoutRequestString) thr /** * Gets the SessionIndexes from the LogoutRequest. - * + * * @param samlLogoutRequestString * A Logout Request string. * @param trim @@ -970,7 +970,7 @@ public static List getSessionIndexes(String samlLogoutRequestString, boo /** * After execute a validation process, if fails this method returns the cause * - * @return the cause of the validation error + * @return the cause of the validation error */ public String getError() { if (validationException != null) { @@ -991,7 +991,7 @@ public Exception getValidationException() { /** * Sets the validation exception that this {@link LogoutRequest} should return * when a validation error occurs. - * + * * @param validationException * the validation exception to set */ @@ -1009,7 +1009,7 @@ public String getId() /** * Returns the issue instant of this message. - * + * * @return a new {@link Calendar} instance carrying the issue instant of this message */ public Calendar getIssueInstant() { diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java index 4eebfd74..c8427caf 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java @@ -29,7 +29,7 @@ import com.onelogin.saml2.util.Util; /** - * LogoutResponse class of OneLogin's Java Toolkit. + * LogoutResponse class of Java Toolkit. * * A class that implements SAML 2 Logout Response builder/parser/validator */ @@ -101,12 +101,12 @@ public LogoutResponse(Saml2Settings settings, HttpRequest request) { samlLogoutResponse = request.getParameter("SAMLResponse"); } - if (samlLogoutResponse != null && !samlLogoutResponse.isEmpty()) { + if (samlLogoutResponse != null && !samlLogoutResponse.isEmpty()) { logoutResponseString = Util.base64decodedInflated(samlLogoutResponse); logoutResponseDocument = Util.loadXML(logoutResponseString); } } - + /** * Constructs the LogoutResponse object when a new response should be generated * and sent. @@ -146,7 +146,7 @@ public String getEncodedLogoutResponse(Boolean deflated) throws IOException { } return encodedLogoutResponse; } - + /** * @return the base64 encoded, unsigned Logout Response (deflated or not) * @@ -200,7 +200,7 @@ public Boolean isValid(String requestId) { if (settings.isStrict()) { Element rootElement = logoutResponseDocument.getDocumentElement(); - rootElement.normalize(); + rootElement.normalize(); if (settings.getWantXMLValidation()) { if (!Util.validateXML(this.logoutResponseDocument, SchemaFactory.SAML_SCHEMA_PROTOCOL_2_0)) { @@ -359,7 +359,7 @@ public SamlResponseStatus getSamlResponseStatus() throws ValidationError * Xpath Expression * * @return DOMNodeList The queried nodes - * @throws XPathExpressionException + * @throws XPathExpressionException */ protected NodeList query (String query) throws XPathExpressionException { return Util.query(this.logoutResponseDocument, query, null); @@ -398,7 +398,7 @@ public void build(String inResponseTo, SamlResponseStatus responseStatus) { * Generates a Logout Response XML string. * * @param inResponseTo - * InResponseTo attribute value to bet set at the Logout Response. + * InResponseTo attribute value to bet set at the Logout Response. * @param statusCode * String StatusCode to be set on the LogoutResponse * @deprecated use {@link #LogoutResponse(Saml2Settings, LogoutResponseParams)} @@ -439,10 +439,10 @@ public void build(String inResponseTo, String statusCode) { public void build(String inResponseTo) { build(inResponseTo, Constants.STATUS_SUCCESS); } - + /** * Generates a Logout Response XML string. - * + * * @deprecated use {@link #LogoutResponse(Saml2Settings, LogoutResponseParams)} * instead, in which case this method becomes completely useless; * indeed, invoking this method in an outgoing logout response @@ -458,7 +458,7 @@ public void build(String inResponseTo) { @Deprecated public void build() { build(null); - } + } /** * Allows for an extension class to post-process the LogoutResponse XML @@ -467,7 +467,7 @@ public void build() { * This method is invoked by {@link #build(String, String)} (and all of its * overloadings) and hence only in the logout response sending scenario. Its * default implementation simply returns the input XML as-is, with no change. - * + * * @param logoutResponseXml * the XML produced for this LogoutResponse by the standard * implementation provided by {@link LogoutResponse} @@ -482,7 +482,7 @@ protected String postProcessXml(final String logoutResponseXml, final LogoutResp final Saml2Settings settings) { return logoutResponseXml; } - + /** * Substitutes LogoutResponse variables within a string by values. * @@ -513,7 +513,7 @@ private StrSubstitutor generateSubstitutor(LogoutResponseParams params, Saml2Set if (inResponseTo != null) { inResponseStr = " InResponseTo=\"" + Util.toXml(inResponseTo) + "\""; } - valueMap.put("inResponseStr", inResponseStr); + valueMap.put("inResponseStr", inResponseStr); StringBuilder statusStr = new StringBuilder("(); + this.requestedAttributes = new ArrayList(); } /** @@ -46,7 +46,7 @@ public AttributeConsumingService(String serviceName, String serviceDescription) public final void addRequestedAttribute(RequestedAttribute attr) { this.requestedAttributes.add(attr); } - + /** * @return string the service name */ @@ -68,4 +68,4 @@ public final List getRequestedAttributes() { return requestedAttributes; } -} \ No newline at end of file +} diff --git a/core/src/main/java/com/onelogin/saml2/model/Contact.java b/core/src/main/java/com/onelogin/saml2/model/Contact.java index eb9a52ee..8c03ac4a 100644 --- a/core/src/main/java/com/onelogin/saml2/model/Contact.java +++ b/core/src/main/java/com/onelogin/saml2/model/Contact.java @@ -5,9 +5,9 @@ import java.util.List; /** - * Contact class of OneLogin's Java Toolkit. + * Contact class of Java Toolkit. * - * A class that stores contact info + * A class that stores contact info */ public class Contact { /** @@ -19,12 +19,12 @@ public class Contact { * Contact company */ private final String company; - + /** * Contact given name */ private final String givenName; - + /** * Contact surname */ @@ -39,7 +39,7 @@ public class Contact { * Contact phone number */ private final List telephoneNumbers; - + /** * Constructor to specify minimal contact data. *

@@ -114,14 +114,14 @@ public final List getEmailAddresses() { public final String getGivenName() { return givenName; } - + /** * @return the contact surname */ public final String getSurName() { return surName; } - + /** * @return the contact company */ @@ -135,4 +135,4 @@ public final String getCompany() { public final List getTelephoneNumbers() { return telephoneNumbers; } -} \ No newline at end of file +} diff --git a/core/src/main/java/com/onelogin/saml2/model/KeyStoreSettings.java b/core/src/main/java/com/onelogin/saml2/model/KeyStoreSettings.java index 0f89fa88..7659f44f 100644 --- a/core/src/main/java/com/onelogin/saml2/model/KeyStoreSettings.java +++ b/core/src/main/java/com/onelogin/saml2/model/KeyStoreSettings.java @@ -3,7 +3,7 @@ import java.security.KeyStore; /** - * KeyStore class of OneLogin's Java Toolkit. + * KeyStore class of Java Toolkit. * * A class that stores KeyStore details for Certificates and Private Key */ @@ -28,7 +28,7 @@ public class KeyStoreSettings { * * @param keyStore * stores certificates and key - * + * * @param spAlias * Alias for SP key entry * @@ -62,4 +62,4 @@ public final String getSpKeyPass() { return spKeyPass; } -} \ No newline at end of file +} diff --git a/core/src/main/java/com/onelogin/saml2/model/Organization.java b/core/src/main/java/com/onelogin/saml2/model/Organization.java index c60599b4..b935391a 100644 --- a/core/src/main/java/com/onelogin/saml2/model/Organization.java +++ b/core/src/main/java/com/onelogin/saml2/model/Organization.java @@ -6,9 +6,9 @@ /** - * Organization class of OneLogin's Java Toolkit. + * Organization class of Java Toolkit. * - * A class that stores organization info + * A class that stores organization info */ public class Organization { /** @@ -25,7 +25,7 @@ public class Organization { * Organization URL */ private final String orgUrl; - + /** * Organization lang attribute */ @@ -46,7 +46,7 @@ public class Organization { public Organization(String orgName, String orgDisplayName, URL orgUrl, String orgLangAttribute) { this(orgName, orgDisplayName, orgUrl != null ? orgUrl.toString() : "", orgLangAttribute); } - + /** * Constructor
* Default the lang attribute to "en" @@ -80,7 +80,7 @@ public Organization(String orgName, String orgDisplayName, String orgUrl, String this.orgUrl = orgUrl != null ? orgUrl : ""; this.orgLangAttribute = StringUtils.defaultIfBlank(orgLangAttribute, "en"); } - + /** * Constructor
* Default the lang attribute to "en" @@ -116,13 +116,13 @@ public final String getOrgDisplayName() { public final String getOrgUrl() { return orgUrl; } - + /** * @return string the lang attribute */ public final String getOrgLangAttribute() { return orgLangAttribute; - } + } /** * Compare with another organization @@ -133,5 +133,5 @@ public final String getOrgLangAttribute() { */ public final Boolean equalsTo(Organization org) { return orgName.equals(org.getOrgName()) && orgDisplayName.equals(org.getOrgDisplayName()) && orgUrl.equals(org.getOrgUrl()) && orgLangAttribute.equals(org.getOrgLangAttribute()); - } + } } diff --git a/core/src/main/java/com/onelogin/saml2/model/RequestedAttribute.java b/core/src/main/java/com/onelogin/saml2/model/RequestedAttribute.java index 2079b57e..e0d37de7 100644 --- a/core/src/main/java/com/onelogin/saml2/model/RequestedAttribute.java +++ b/core/src/main/java/com/onelogin/saml2/model/RequestedAttribute.java @@ -4,9 +4,9 @@ /** - * RequestedAttribute class of OneLogin's Java Toolkit. + * RequestedAttribute class of Java Toolkit. * - * A class that stores RequestedAttribute of the AttributeConsumingService + * A class that stores RequestedAttribute of the AttributeConsumingService */ public class RequestedAttribute { /** @@ -23,7 +23,7 @@ public class RequestedAttribute { * If the attribute is or not required */ private final Boolean isRequired; - + /** * NameFormat of the attribute */ @@ -33,7 +33,7 @@ public class RequestedAttribute { * Values of the attribute */ private final List attributeValues; - + /** * Constructor * @@ -55,7 +55,7 @@ public RequestedAttribute(String name, String friendlyName, Boolean isRequired, this.nameFormat = nameFormat; this.attributeValues = attributeValues; } - + /** * @return string the RequestedAttribute name */ @@ -76,18 +76,18 @@ public final String getFriendlyName() { public final Boolean isRequired() { return isRequired; } - + /** * @return string the RequestedAttribute nameformat */ public final String getNameFormat() { return nameFormat; } - + /** * @return string the RequestedAttribute nameformat */ public final List getAttributeValues() { return attributeValues; } -} \ No newline at end of file +} diff --git a/core/src/main/java/com/onelogin/saml2/model/SamlResponseStatus.java b/core/src/main/java/com/onelogin/saml2/model/SamlResponseStatus.java index 7552380a..1a4e6e78 100644 --- a/core/src/main/java/com/onelogin/saml2/model/SamlResponseStatus.java +++ b/core/src/main/java/com/onelogin/saml2/model/SamlResponseStatus.java @@ -2,7 +2,7 @@ /** - * SamlResponseStatus class of OneLogin's Java Toolkit. + * SamlResponseStatus class of Java Toolkit. * * A class that stores the SAML response status info */ @@ -54,7 +54,7 @@ public String getStatusCode() { /** * Set the status code - * + * * @param statusCode * String. Status code */ @@ -88,8 +88,8 @@ public String getStatusMessage() { /** * Set the status message - * - * @param statusMessage + * + * @param statusMessage * String. Status message */ public void setStatusMessage(String statusMessage) { @@ -98,11 +98,11 @@ public void setStatusMessage(String statusMessage) { /** * Compare the status code - * - * @param status + * + * @param status * String. Status code * - * @return boolean checks the status code + * @return boolean checks the status code */ public boolean is(String status) { return statusCode != null && !statusCode.isEmpty() && statusCode.equals(status); diff --git a/core/src/main/java/com/onelogin/saml2/settings/IdPMetadataParser.java b/core/src/main/java/com/onelogin/saml2/settings/IdPMetadataParser.java index d2d46426..42ee439c 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/IdPMetadataParser.java +++ b/core/src/main/java/com/onelogin/saml2/settings/IdPMetadataParser.java @@ -20,7 +20,7 @@ import com.onelogin.saml2.util.Util; /** - * IdPMetadataParser class of OneLogin's Java Toolkit. + * IdPMetadataParser class of Java Toolkit. * * A class that implements the settings parser from IdP Metadata * @@ -36,7 +36,7 @@ public class IdPMetadataParser { /** * Get IdP Metadata Info from XML Document - * + * * @param xmlDocument * XML document hat contains IdP metadata * @param entityId @@ -47,7 +47,7 @@ public class IdPMetadataParser { * Parse specific binding SSO endpoint. * @param desiredSLOBinding * Parse specific binding SLO endpoint. - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws XPathExpressionException */ @@ -149,12 +149,12 @@ public static Map parseXML(Document xmlDocument, String entityId /** * Get IdP Metadata Info from XML Document - * + * * @param xmlDocument * XML document that contains IdP metadata * @param entityId * Entity Id of the desired IdP, if no entity Id is provided and the XML metadata contains more than one IDPSSODescriptor, the first is returned - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws XPathException */ @@ -164,10 +164,10 @@ public static Map parseXML(Document xmlDocument, String entityId /** * Get IdP Metadata Info from XML Document - * + * * @param xmlDocument * XML document that contains IdP metadata - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws XPathException */ @@ -177,7 +177,7 @@ public static Map parseXML(Document xmlDocument) throws XPathExc /** * Get IdP Metadata Info from XML file - * + * * @param xmlFileName * Filename of the XML filename that contains IdP metadata * @param entityId @@ -188,7 +188,7 @@ public static Map parseXML(Document xmlDocument) throws XPathExc * Parse specific binding SSO endpoint. * @param desiredSLOBinding * Parse specific binding SLO endpoint. - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws Exception */ @@ -210,12 +210,12 @@ public static Map parseFileXML(String xmlFileName, String entity /** * Get IdP Metadata Info from XML file - * + * * @param xmlFileName * Filename of the XML filename that contains IdP metadata * @param entityId * Entity Id of the desired IdP, if no entity Id is provided and the XML metadata contains more than one IDPSSODescriptor, the first is returned - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws Exception */ @@ -225,10 +225,10 @@ public static Map parseFileXML(String xmlFileName, String entity /** * Get IdP Metadata Info from XML file - * + * * @param xmlFileName * Filename of the XML filename that contains IdP metadata - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws Exception */ @@ -238,7 +238,7 @@ public static Map parseFileXML(String xmlFileName) throws Except /** * Get IdP Metadata Info from XML file - * + * * @param xmlURL * URL to the XML document that contains IdP metadata * @param entityId @@ -249,7 +249,7 @@ public static Map parseFileXML(String xmlFileName) throws Except * Parse specific binding SSO endpoint. * @param desiredSLOBinding * Parse specific binding SLO endpoint. - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws Exception */ @@ -260,12 +260,12 @@ public static Map parseRemoteXML(URL xmlURL, String entityId, St /** * Get IdP Metadata Info from XML file - * + * * @param xmlURL * URL to the XML document that contains IdP metadata * @param entityId * Entity Id of the desired IdP, if no entity Id is provided and the XML metadata contains more than one IDPSSODescriptor, the first is returned - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws Exception */ @@ -275,10 +275,10 @@ public static Map parseRemoteXML(URL xmlURL, String entityId) th /** * Get IdP Metadata Info from XML file - * + * * @param xmlURL * URL to the XML document that contains IdP metadata - * + * * @return Mapped values with metadata info in Saml2Settings format * @throws Exception */ @@ -293,7 +293,7 @@ public static Map parseRemoteXML(URL xmlURL) throws Exception { * the Saml2Settings object * @param metadataInfo * mapped values with metadata info in Saml2Settings format - * + * * @return the Saml2Settings object with metadata info settings loaded */ public static Saml2Settings injectIntoSettings(Saml2Settings settings, Map metadataInfo) { diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java index 30a83184..5a11b5b8 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java @@ -28,7 +28,7 @@ import com.onelogin.saml2.util.Util; /** - * Metadata class of OneLogin's Java Toolkit. + * Metadata class of Java Toolkit. * * A class that contains methods related to the metadata of the SP */ @@ -114,7 +114,7 @@ public Metadata(Saml2Settings settings) throws CertificateEncodingException { LOGGER.debug("metadata --> " + unsignedMetadataString); metadataString = unsignedMetadataString; } - + /** * Allows for an extension class to post-process the SAML metadata XML generated * for this metadata instance, in order to customize the result. @@ -122,7 +122,7 @@ public Metadata(Saml2Settings settings) throws CertificateEncodingException { * This method is invoked at construction time, after all the other fields of * this class have already been initialised. Its default implementation simply * returns the input XML as-is, with no change. - * + * * @param metadataXml * the XML produced for this metadata instance by the standard * implementation provided by {@link Metadata} diff --git a/core/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java b/core/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java index 9ee29465..4a2fa5eb 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java @@ -24,10 +24,10 @@ import com.onelogin.saml2.util.Util; /** - * Saml2Settings class of OneLogin's Java Toolkit. + * Saml2Settings class of Java Toolkit. * * A class that implements the settings handler - */ + */ public class Saml2Settings { /** * Private property to construct a logger for this class. @@ -37,7 +37,7 @@ public class Saml2Settings { // Toolkit settings private boolean strict = true; private boolean debug = false; - + // SP private String spEntityId = ""; private URL spAssertionConsumerServiceUrl = null; @@ -86,7 +86,7 @@ public class Saml2Settings { // Compress private boolean compressRequest = true; private boolean compressResponse = true; - + // Parsing private boolean trimNameIds = false; private boolean trimAttributeValues = false; @@ -96,7 +96,7 @@ public class Saml2Settings { private Organization organization = null; private boolean spValidationOnly = false; - + /** * @return the strict setting value */ @@ -310,7 +310,7 @@ public boolean getWantAssertionsEncrypted() { public boolean getWantNameId() { return wantNameId; } - + /** * @return the wantNameIdEncrypted setting value */ @@ -394,10 +394,10 @@ public HSM getHsm() { public boolean isDebugActive() { return this.debug; } - + /** * Set the strict setting value - * + * * @param strict * the strict to be set */ @@ -770,7 +770,7 @@ public void setRequestedAuthnContextComparison(String requestedAuthnContextCompa * Set the wantXMLValidation setting value * * @param wantXMLValidation - * the wantXMLValidation value to be set. Based on it the SP will validate SAML messages against the XML scheme + * the wantXMLValidation value to be set. Based on it the SP will validate SAML messages against the XML scheme */ public void setWantXMLValidation(boolean wantXMLValidation) { this.wantXMLValidation = wantXMLValidation; @@ -857,7 +857,7 @@ public boolean isCompressResponseEnabled() { *

* Default is false, that is Name IDs are kept intact, as the SAML * specification prescribes. - * + * * @param trimNameIds * set to true to trim parsed Name IDs, set to * false to keep them intact @@ -865,26 +865,26 @@ public boolean isCompressResponseEnabled() { public void setTrimNameIds(boolean trimNameIds) { this.trimNameIds = trimNameIds; } - + /** * Determines whether Name IDs should trimmed when extracting them from parsed * SAML messages. *

* Default is false, that is Name IDs are kept intact, as the SAML * specification prescribes. - * + * * @return true if Name IDs should be trimmed, false * otherwise */ public boolean isTrimNameIds() { return trimNameIds; } - + /** * Sets whether attribute values in parsed SAML messages should be trimmed. *

* Default is false. - * + * * @param trimAttributeValues * set to true to trim parsed attribute values, set to * false to keep them intact @@ -892,23 +892,23 @@ public boolean isTrimNameIds() { public void setTrimAttributeValues(boolean trimAttributeValues) { this.trimAttributeValues = trimAttributeValues; } - + /** * Determines whether attribute values should be trimmed when extracting them * from parsed SAML messages. *

* Default is false. - * + * * @return true if attribute values should be trimmed, * false otherwise */ public boolean isTrimAttributeValues() { return trimAttributeValues; } - + /** * Set contacts info that will be listed on the Service Provider metadata - * + * * @param contacts * the contacts to set */ @@ -928,21 +928,21 @@ protected final void setOrganization(Organization organization) { /** * Checks the settings . - * + * * @return errors found on the settings data */ public List checkSettings() { List errors = new ArrayList<>(this.checkSPSettings()); - if (!spValidationOnly) { + if (!spValidationOnly) { errors.addAll(this.checkIdPSettings()); } return errors; } - + /** * Checks the IdP settings . - * + * * @return errors found on the IdP settings data */ public List checkIdPSettings() { @@ -964,7 +964,7 @@ public List checkIdPSettings() { if (!checkIdpx509certRequired() && !checkRequired(this.getIdpCertFingerprint())) { errorMsg = "idp_cert_or_fingerprint_not_found_and_required"; errors.add(errorMsg); - LOGGER.error(errorMsg); + LOGGER.error(errorMsg); } if (!checkIdpx509certRequired() && this.getNameIdEncrypted()) { @@ -978,7 +978,7 @@ public List checkIdPSettings() { /** * Auxiliary method to check Idp certificate is configured. - * + * * @return true if the Idp Certificate settings are valid */ private boolean checkIdpx509certRequired () { @@ -1072,7 +1072,7 @@ public boolean checkSPCerts() { return (cert != null && key != null); } - + /** * Auxiliary method to check required properties. * @@ -1115,7 +1115,7 @@ public boolean getSPValidationOnly() { return this.spValidationOnly; } - + /** * Gets the SP metadata. The XML representation. * @@ -1139,22 +1139,22 @@ public String getSPMetadata() throws CertificateEncodingException { this.getSignatureAlgorithm(), this.getDigestAlgorithm() ); - } catch (Exception e) { + } catch (Exception e) { LOGGER.debug("Error executing signMetadata: " + e.getMessage(), e); } } return metadataString; } - + /** * Validates an XML SP Metadata. * * @param metadataString Metadata's XML that will be validate - * + * * @return Array The list of found errors * - * @throws Exception + * @throws Exception */ public static List validateMetadata(String metadataString) throws Exception { @@ -1194,7 +1194,7 @@ public static List validateMetadata(String metadataString) throws Except } } // TODO Validate Sign if required with Util.validateMetadataSign - + return errors; } } diff --git a/core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java b/core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java index 6232044e..aec3d6ea 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java +++ b/core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java @@ -39,7 +39,7 @@ import com.onelogin.saml2.util.Util; /** - * SettingsBuilder class of OneLogin's Java Toolkit. + * SettingsBuilder class of Java Toolkit. * * A class that implements the settings builder */ @@ -81,7 +81,7 @@ public class SettingsBuilder { public final static String SP_CONTACT_SUR_NAME_PROPERTY_KEY_SUFFIX = "sur_name"; public final static String SP_CONTACT_EMAIL_ADDRESS_PROPERTY_KEY_PREFIX = "email_address"; public final static String SP_CONTACT_TELEPHONE_NUMBER_PROPERTY_KEY_PREFIX = "telephone_number"; - + // KeyStore public final static String KEYSTORE_KEY = "onelogin.saml2.keystore.store"; public final static String KEYSTORE_ALIAS = "onelogin.saml2.keystore.alias"; @@ -127,7 +127,7 @@ public class SettingsBuilder { // Parsing public final static String PARSING_TRIM_NAME_IDS = "onelogin.saml2.parsing.trim_name_ids"; public final static String PARSING_TRIM_ATTRIBUTE_VALUES = "onelogin.saml2.parsing.trim_attribute_values"; - + // Misc @Deprecated public final static String CONTACT_TECHNICAL_GIVEN_NAME = "onelogin.saml2.contacts.technical.given_name"; @@ -163,7 +163,7 @@ public SettingsBuilder fromFile(String propFileName) throws Error, IOException { * * @param propFileName OneLogin_Saml2_Settings * @param keyStoreSetting KeyStore which have the Private/Public keys - * + * * @return the SettingsBuilder object with the settings loaded from the file * * @throws IOException @@ -254,9 +254,9 @@ public Saml2Settings build() { /** * Builds the Saml2Settings object. Read the Properties object and set all the * SAML settings - * + * * @param saml2Setting an existing Saml2Settings - * + * * @return the Saml2Settings object with all the SAML settings loaded * */ @@ -485,14 +485,14 @@ private Organization loadOrganization() { /** * Loads the contacts settings from the properties file - * + * * @return a list containing all the loaded contacts */ @SuppressWarnings("deprecation") private List loadContacts() { // first split properties into a map of properties // key = contact index; value = contact properties - final SortedMap> contactProps = + final SortedMap> contactProps = extractIndexedProperties(SP_CONTACT_PROPERTY_KEY_PREFIX, samlData); // then build each contact // multiple indexed services specified @@ -521,7 +521,7 @@ private List loadContacts() { /** * Loads a single contact from settings. - * + * * @param contactProps * a map containing the contact settings * @param index @@ -552,39 +552,39 @@ private Contact loadContact(Map contactProps, int index) { *

* For instance, if the prefix is foo, all the following properties * will be extracted: - * + * * 

 	 * foo[0].prop1=<value1>
 	 * foo[0].prop2=<value2>
 	 * foo[1].prop1=<value3>
 	 *
- * + * * and the returned map will be: - * + * * 
 	 * 0 => prop1=<value1>
 	 *      prop2=<value2>
 	 * 1 => prop1=<value3>
 	 *
- * + * * The index is optional: if missing, "-1" is returned. In other words, in the * above example: - * + * * 
 	 * foo.prop1=<value1>
 	 * foo.prop2=<value2>
 	 *
- * + * * will be mapped to: - * + * * 
 	 * -1 => prop1=<value1>
 	 *       prop2=<value2>
 	 *
- * + * * Indices can be made of maximum 9 digits, to prevent overflows. Leading zeroes * are discarded. - * + * * @param prefix * the prefix that identifies the indexed property to extract * @param data @@ -592,7 +592,7 @@ private Contact loadContact(Map contactProps, int index) { * @return a map with extracted data for each identified index */ private SortedMap> extractIndexedProperties(String prefix, Map data) { - final Pattern p = Pattern.compile(Pattern.quote(prefix) + + final Pattern p = Pattern.compile(Pattern.quote(prefix) + "(?:\\[(\\d{1,9})\\])?\\.(.+)"); final SortedMap> indexedProps = new TreeMap<>(); for(final Entry prop: data.entrySet()) { @@ -611,46 +611,46 @@ private SortedMap> extractIndexedProperties(String } return indexedProps; } - + /** * Given a map containing settings data, extracts all the indexed values * identified by a given prefix. The returned map has indexes as keys and the - * corresponding values as values. Keys are sorted by their natural order + * corresponding values as values. Keys are sorted by their natural order * (i.e. iterating over the map will return entries in index order). *

* For instance, if the prefix is foo, all the following values * will be extracted: - * + * * 

 	 * foo[0]=<value1>
 	 * foo[1]=<value2>
 	 * foo[2]=<value3>
 	 *
- * + * * and the returned map will be: - * + * * 
 	 * 0 => <value1>
 	 * 1 => <value2>
 	 * 3 => <value3>
 	 *
- * + * * The index is optional: if missing, "-1" is returned. In other words, in the * above example: - * + * * 
 	 * foo=<value1>
 	 *
- * + * * will be mapped to: - * + * * 
 	 * -1 => <value1>
 	 *
- * + * * Indices can be made of maximum 9 digits, to prevent overflows. Leading zeroes * are discarded. - * + * * @param prefix * the prefix that identifies the indexed property to extract * @param data @@ -658,7 +658,7 @@ private SortedMap> extractIndexedProperties(String * @return a map with extracted values for each identified index */ private SortedMap extractIndexedValues(String prefix, Map data) { - final Pattern p = Pattern.compile(Pattern.quote(prefix) + + final Pattern p = Pattern.compile(Pattern.quote(prefix) + "(?:\\[(\\d{1,9})\\])?"); final SortedMap indexedValues = new TreeMap<>(); for(final Entry prop: data.entrySet()) { @@ -671,13 +671,13 @@ private SortedMap extractIndexedValues(String prefix, Map data) } return null; } - + /** * Loads a property of the type Boolean from the Properties object * @@ -976,7 +976,7 @@ protected X509Certificate loadCertificateFromFile(String filename) { LOGGER.error("Error loading certificate from file.", e); return null; } - + try { return Util.loadCert(certString); } catch (CertificateException e) { diff --git a/core/src/main/java/com/onelogin/saml2/util/Constants.java b/core/src/main/java/com/onelogin/saml2/util/Constants.java index d3aae65b..1de7c455 100644 --- a/core/src/main/java/com/onelogin/saml2/util/Constants.java +++ b/core/src/main/java/com/onelogin/saml2/util/Constants.java @@ -1,17 +1,17 @@ package com.onelogin.saml2.util; /** - * Constants class of OneLogin's Java Toolkit. + * Constants class of Java Toolkit. * * A class that contains several constants related to the SAML protocol - */ + */ public final class Constants { /** * Value added to the current time in time condition validations. */ public static final Integer ALOWED_CLOCK_DRIFT = 180; // 3 min in seconds - // NameID Formats + // NameID Formats public static final String NAMEID_EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"; public static final String NAMEID_X509_SUBJECT_NAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; public static final String NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName"; @@ -21,7 +21,7 @@ public final class Constants { public static final String NAMEID_TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"; public static final String NAMEID_PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; public static final String NAMEID_ENCRYPTED = "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"; - + // Attribute Name Formats public static final String ATTRNAME_FORMAT_UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"; public static final String ATTRNAME_FORMAT_URI = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"; @@ -97,8 +97,8 @@ public final class Constants { public static final String C14N11_WC = "http://www.w3.org/2006/12/xml-c14n11#WithComments"; public static final String C14NEXC = "http://www.w3.org/2001/10/xml-exc-c14n#"; public static final String C14NEXC_WC = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"; - - // Sign & Crypt + + // Sign & Crypt // https://www.w3.org/TR/xmlenc-core/#sec-Alg-MessageDigest // https://www.w3.org/TR/xmlsec-algorithms/#signature-method-uris // https://tools.ietf.org/html/rfc6931 @@ -112,7 +112,7 @@ public final class Constants { public static final String RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; public static final String RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"; public static final String RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; - + public static final String TRIPLEDES_CBC = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; public static final String AES128_CBC = "http://www.w3.org/2001/04/xmlenc#aes128-cbc"; public static final String AES192_CBC = "http://www.w3.org/2001/04/xmlenc#aes192-cbc"; @@ -122,11 +122,11 @@ public final class Constants { public static final String A256KW = "http://www.w3.org/2001/04/xmlenc#kw-aes256"; public static final String RSA_1_5 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"; public static final String RSA_OAEP_MGF1P = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; - + public static final String ENVSIG = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"; - + private Constants() { //not called } - + } diff --git a/core/src/main/java/com/onelogin/saml2/util/SchemaFactory.java b/core/src/main/java/com/onelogin/saml2/util/SchemaFactory.java index 647a0702..3cd4f46a 100644 --- a/core/src/main/java/com/onelogin/saml2/util/SchemaFactory.java +++ b/core/src/main/java/com/onelogin/saml2/util/SchemaFactory.java @@ -16,12 +16,12 @@ import org.xml.sax.SAXException; /** - * SchemaFactory class of OneLogin's Java Toolkit. + * SchemaFactory class of Java Toolkit. * - * A class that read SAML schemas that will be used to validate XMLs of the OneLogin's Java Toolkit - */ + * A class that read SAML schemas that will be used to validate XMLs of the Java Toolkit + */ public abstract class SchemaFactory { - + /** * Private property to construct a logger for this class. */ @@ -30,7 +30,7 @@ public abstract class SchemaFactory { private SchemaFactory() { //not called } - + public static final URL SAML_SCHEMA_METADATA_2_0 = SchemaFactory.class .getResource("/schemas/saml-schema-metadata-2.0.xsd"); public static final URL SAML_SCHEMA_PROTOCOL_2_0 = SchemaFactory.class diff --git a/core/src/main/java/com/onelogin/saml2/util/Util.java b/core/src/main/java/com/onelogin/saml2/util/Util.java index 0502e10f..28034c34 100644 --- a/core/src/main/java/com/onelogin/saml2/util/Util.java +++ b/core/src/main/java/com/onelogin/saml2/util/Util.java @@ -101,7 +101,7 @@ /** - * Util class of OneLogin's Java Toolkit. + * Util class of Java Toolkit. * * A class that contains several auxiliary methods related to the SAML protocol */ @@ -1128,7 +1128,7 @@ public static Boolean mustRejectDeprecatedSignatureAlgo(String signAlg, Boolean } return false; } - + /** * Validate signature of the Node. * @@ -1960,11 +1960,11 @@ public static Instant parseDateTime(String dateTime) { TemporalAccessor parsedData = DATE_TIME_FORMAT.parse(dateTime); return Instant.from(parsedData); } - + /** * Escape a text so that it can be safely used within an XML element contents or attribute value. - * - * @param text + * + * @param text * the text to escape * @return the escaped text (null if the input is null) */ diff --git a/core/src/test/resources/config/config.adfs.properties b/core/src/test/resources/config/config.adfs.properties index 8bd0072c..3548959e 100644 --- a/core/src/test/resources/config/config.adfs.properties +++ b/core/src/test/resources/config/config.adfs.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -48,8 +48,8 @@ onelogin.saml2.idp.entityid = http://adfs.vc.example.com/adfs/services/trust # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://adfs.vc.example.com/adfs/ls -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -58,7 +58,7 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://adfs.vc.example.com/adfs/ls # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -92,7 +92,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -132,7 +132,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -140,4 +140,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.all.properties b/core/src/test/resources/config/config.all.properties index fcdbf242..b2004150 100644 --- a/core/src/test/resources/config/config.all.properties +++ b/core/src/test/resources/config/config.all.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -38,7 +38,7 @@ onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADAN # To be used during SP Key roll over onelogin.saml2.sp.x509certNew = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY----- @@ -50,8 +50,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -65,7 +65,7 @@ onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml onelogin.saml2.idp.single_logout_service.response.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutServiceResponse.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -101,7 +101,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -141,13 +141,13 @@ onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha5 # SAML specification states that no trimming for string elements should be performed, so no trimming will be # performed by default on extracted Name IDs and attribute values. However, some SAML implementations may add # undesirable surrounding whitespace when outputting XML (possibly due to formatting/pretty-printing). -# These two options allow to optionally enable value trimming on extracted Name IDs (including issuers) and +# These two options allow to optionally enable value trimming on extracted Name IDs (including issuers) and # attribute values. onelogin.saml2.parsing.trim_name_ids = false onelogin.saml2.parsing.trim_attribute_values = false # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.organization.lang = en diff --git a/core/src/test/resources/config/config.all_specialchars.properties b/core/src/test/resources/config/config.all_specialchars.properties index 923297e0..13ede911 100644 --- a/core/src/test/resources/config/config.all_specialchars.properties +++ b/core/src/test/resources/config/config.all_specialchars.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp?a=1&b=2 # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp?a=1&b=2 # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -38,7 +38,7 @@ onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADAN # To be used during SP Key roll over onelogin.saml2.sp.x509certNew = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY----- @@ -50,8 +50,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -65,7 +65,7 @@ onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml onelogin.saml2.idp.single_logout_service.response.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutServiceResponse.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -101,7 +101,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -138,7 +138,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = S&P Java +onelogin.saml2.organization.name = S&P Java onelogin.saml2.organization.displayname = S&P Java "Example" onelogin.saml2.organization.url = http://sp.example.com?a=1&b=2 onelogin.saml2.organization.lang = en diff --git a/core/src/test/resources/config/config.allowduplicatednames.properties b/core/src/test/resources/config/config.allowduplicatednames.properties index fb5af81c..e21a60e9 100644 --- a/core/src/test/resources/config/config.allowduplicatednames.properties +++ b/core/src/test/resources/config/config.allowduplicatednames.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -37,7 +37,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOK9uFHs/nXrH9LcGorG6lB7Qs42iWK6mIE56wI7dIdsOuXf6r0ht+d+YTTis24xw+wjEHXrVN0Okh6wsKftzxo8chIo60+UB5NlKdvxAC7tpGNmrf49us/m5bdNx8IY+0pPK0c6B786UlujTvx1WFdDXh3UQPBclbWtFe5S3gLxAgMBAAECgYAPj9ngtZVZXoPWowinUbOvRmZ1ZMTVI91nsSPyCUacLM92C4I+7NuEZeYiDRUnkP7TbCyrCzXN3jwlIxdczzORhlXBBgg9Sw2fkV61CnDEMgw+aEeD5A0GDA6eTwkrawiOMs8vupjsi2/stPsa+bmpI6RnfdEKBdyDP6iQQhAxiQJBAPNtM7IMvRzlZBXoDaTTpP9rN2FR0ZcX0LT5aRZJ81qi+ZOBFeHUb6MyWvzZKfPinj9JO3s/9e3JbMXemRWBmvcCQQDuc+NfAeW200QyjoC3Ed3jueLMrY1Q3zTcSUhRPw/0pIKgRGZJerro8N6QY2JziV2mxK855gKTwwBigMHL2S9XAkEAwuBfjGDqXOG/uFHn6laNNvWshjqsIdus99Tbrj5RlfP2/YFP9VTOcsXzVYy9K0P3EA8ekVLpHQ4uCFJmF3OEjQJBAMvwO69/HOufhv1CWZ25XzAsRGhPqsRXEouw9XPfXpMavEm8FkuT9xXRJFkTVxl/i6RdJYx8Rwn/Rm34t0bUKqMCQQCrAtKCUn0PLcemAzPi8ADJlbMDG/IDXNbSej0Y4tw9Cdho1Q38XLZJi0RNdNvQJD1fWu3x9+QU/vJr7lMLzdoy-----END PRIVATE KEY----- @@ -49,8 +49,8 @@ onelogin.saml2.idp.entityid = https://pitbulk.no-ip.org/simplesaml/saml2/idp/met # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -59,7 +59,7 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -93,7 +93,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -135,7 +135,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -143,4 +143,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.certfile.properties b/core/src/test/resources/config/config.certfile.properties index 97b63c38..1f0feaa9 100644 --- a/core/src/test/resources/config/config.certfile.properties +++ b/core/src/test/resources/config/config.certfile.properties @@ -12,7 +12,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -21,7 +21,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -31,8 +31,8 @@ onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bi # Usually x509cert and privateKey of the SP are provided by files placed at # the certs folder. But we can also provide them with the following parameters -onelogin.saml2.sp.x509cert = -onelogin.saml2.sp.privatekey = +onelogin.saml2.sp.x509cert = +onelogin.saml2.sp.privatekey = # Identity Provider Data that we want connect with our SP # Identifier of the IdP entity (must be a URI) @@ -42,8 +42,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -52,17 +52,17 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Public x509 certificate of the IdP onelogin.saml2.idp.x509cert = certs/certificate1 -# onelogin.saml2.idp.certfingerprint = +# onelogin.saml2.idp.certfingerprint = # onelogin.saml2.idp.certfingerprint_algorithm = sha1 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example -onelogin.saml2.organization.url = http://sp.example.com \ No newline at end of file +onelogin.saml2.organization.url = http://sp.example.com diff --git a/core/src/test/resources/config/config.certstring.properties b/core/src/test/resources/config/config.certstring.properties index 7bb65492..51a8d80e 100644 --- a/core/src/test/resources/config/config.certstring.properties +++ b/core/src/test/resources/config/config.certstring.properties @@ -13,7 +13,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -22,7 +22,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -35,7 +35,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY----- @@ -47,8 +47,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -57,16 +57,16 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Public x509 certificate of the IdP onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----\nMIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMTAxMTIxMTUxMloXDTE1MTAxMTIxMTUxMlowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAXBgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPmjfjy7L35oDpeBXBoRVCgktPkLno9DOEWB7MgYMMVKs2B6ymWQLEWrDugMK1hkzWFhIb5fqWLGbWy0J0veGR9/gHOQG+rD/I36xAXnkdiXXhzoiAG/zQxM0edMOUf40n314FC8moErcUg6QabttzesO59HFz6shPuxcWaVAgxAgMBAAEwAwYBAAMBAA==\n-----END CERTIFICATE----- -# onelogin.saml2.idp.certfingerprint = +# onelogin.saml2.idp.certfingerprint = # onelogin.saml2.idp.certfingerprint_algorithm = sha1 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example -onelogin.saml2.organization.url = http://sp.example.com \ No newline at end of file +onelogin.saml2.organization.url = http://sp.example.com diff --git a/core/src/test/resources/config/config.different.properties b/core/src/test/resources/config/config.different.properties index 75f2cda2..23292c67 100644 --- a/core/src/test/resources/config/config.different.properties +++ b/core/src/test/resources/config/config.different.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -36,7 +36,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY----- @@ -48,8 +48,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -63,7 +63,7 @@ onelogin.saml2.idp.single_logout_service.url = invalid_slo_url onelogin.saml2.idp.single_logout_service.response.url = invalid_slo_response_url # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -98,7 +98,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -138,7 +138,7 @@ onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha5 # SAML specification states that no trimming for string elements should be performed, so no trimming will be # performed by default on extracted Name IDs and attribute values. However, some SAML implementations may add # undesirable surrounding whitespace when outputting XML (possibly due to formatting/pretty-printing). -# These two options allow to optionally enable value trimming on extracted Name IDs (including issuers) and +# These two options allow to optionally enable value trimming on extracted Name IDs (including issuers) and # attribute values. onelogin.saml2.parsing.trim_name_ids = true onelogin.saml2.parsing.trim_attribute_values = true @@ -149,4 +149,4 @@ onelogin.saml2.organization.name = SP Java # Contacts onelogin.saml2.contacts.technical.given_name = Technical Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.invalidcontacts.properties b/core/src/test/resources/config/config.invalidcontacts.properties index 66aec8ce..064d9c33 100644 --- a/core/src/test/resources/config/config.invalidcontacts.properties +++ b/core/src/test/resources/config/config.invalidcontacts.properties @@ -13,7 +13,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -22,7 +22,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -44,8 +44,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -54,22 +54,22 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Public x509 certificate of the IdP onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMTAxMTIxMTUxMloXDTE1MTAxMTIxMTUxMlowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAXBgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPmjfjy7L35oDpeBXBoRVCgktPkLno9DOEWB7MgYMMVKs2B6ymWQLEWrDugMK1hkzWFhIb5fqWLGbWy0J0veGR9/gHOQG+rD/I36xAXnkdiXXhzoiAG/zQxM0edMOUf40n314FC8moErcUg6QabttzesO59HFz6shPuxcWaVAgxAgMBAAEwAwYBAAMBAA==-----END CERTIFICATE----- -# onelogin.saml2.idp.certfingerprint = +# onelogin.saml2.idp.certfingerprint = # onelogin.saml2.idp.certfingerprint_algorithm = sha1 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com # Contacts onelogin.saml2.contacts.technical.email_address = technical@example.com -onelogin.saml2.contacts.support.given_name = Support Guy \ No newline at end of file +onelogin.saml2.contacts.support.given_name = Support Guy diff --git a/core/src/test/resources/config/config.invalidspcertstring.properties b/core/src/test/resources/config/config.invalidspcertstring.properties index 1974e800..2216ce10 100644 --- a/core/src/test/resources/config/config.invalidspcertstring.properties +++ b/core/src/test/resources/config/config.invalidspcertstring.properties @@ -13,7 +13,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -22,7 +22,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -44,8 +44,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -54,16 +54,16 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Public x509 certificate of the IdP onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMTAxMTIxMTUxMloXDTE1MTAxMTIxMTUxMlowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAXBgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPmjfjy7L35oDpeBXBoRVCgktPkLno9DOEWB7MgYMMVKs2B6ymWQLEWrDugMK1hkzWFhIb5fqWLGbWy0J0veGR9/gHOQG+rD/I36xAXnkdiXXhzoiAG/zQxM0edMOUf40n314FC8moErcUg6QabttzesO59HFz6shPuxcWaVAgxAgMBAAEwAwYBAAMBAA==-----END CERTIFICATE----- -# onelogin.saml2.idp.certfingerprint = +# onelogin.saml2.idp.certfingerprint = # onelogin.saml2.idp.certfingerprint_algorithm = sha1 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example -onelogin.saml2.organization.url = http://sp.example.com \ No newline at end of file +onelogin.saml2.organization.url = http://sp.example.com diff --git a/core/src/test/resources/config/config.knownIdpPrivateKey.properties b/core/src/test/resources/config/config.knownIdpPrivateKey.properties index f17fdce9..a22463ea 100644 --- a/core/src/test/resources/config/config.knownIdpPrivateKey.properties +++ b/core/src/test/resources/config/config.knownIdpPrivateKey.properties @@ -21,7 +21,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -30,7 +30,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -55,8 +55,8 @@ onelogin.saml2.idp.entityid = https://pitbulk.no-ip.org/simplesaml/saml2/idp/met # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -65,7 +65,7 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -147,4 +147,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.my.properties b/core/src/test/resources/config/config.my.properties index b4a43464..9a83772b 100644 --- a/core/src/test/resources/config/config.my.properties +++ b/core/src/test/resources/config/config.my.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -36,7 +36,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOK9uFHs/nXrH9LcGorG6lB7Qs42iWK6mIE56wI7dIdsOuXf6r0ht+d+YTTis24xw+wjEHXrVN0Okh6wsKftzxo8chIo60+UB5NlKdvxAC7tpGNmrf49us/m5bdNx8IY+0pPK0c6B786UlujTvx1WFdDXh3UQPBclbWtFe5S3gLxAgMBAAECgYAPj9ngtZVZXoPWowinUbOvRmZ1ZMTVI91nsSPyCUacLM92C4I+7NuEZeYiDRUnkP7TbCyrCzXN3jwlIxdczzORhlXBBgg9Sw2fkV61CnDEMgw+aEeD5A0GDA6eTwkrawiOMs8vupjsi2/stPsa+bmpI6RnfdEKBdyDP6iQQhAxiQJBAPNtM7IMvRzlZBXoDaTTpP9rN2FR0ZcX0LT5aRZJ81qi+ZOBFeHUb6MyWvzZKfPinj9JO3s/9e3JbMXemRWBmvcCQQDuc+NfAeW200QyjoC3Ed3jueLMrY1Q3zTcSUhRPw/0pIKgRGZJerro8N6QY2JziV2mxK855gKTwwBigMHL2S9XAkEAwuBfjGDqXOG/uFHn6laNNvWshjqsIdus99Tbrj5RlfP2/YFP9VTOcsXzVYy9K0P3EA8ekVLpHQ4uCFJmF3OEjQJBAMvwO69/HOufhv1CWZ25XzAsRGhPqsRXEouw9XPfXpMavEm8FkuT9xXRJFkTVxl/i6RdJYx8Rwn/Rm34t0bUKqMCQQCrAtKCUn0PLcemAzPi8ADJlbMDG/IDXNbSej0Y4tw9Cdho1Q38XLZJi0RNdNvQJD1fWu3x9+QU/vJr7lMLzdoy-----END PRIVATE KEY----- @@ -48,8 +48,8 @@ onelogin.saml2.idp.entityid = https://pitbulk.no-ip.org/simplesaml/saml2/idp/met # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -58,7 +58,7 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -92,7 +92,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -132,7 +132,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -140,4 +140,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.mywithmulticert.properties b/core/src/test/resources/config/config.mywithmulticert.properties index 8218a617..e51b8074 100644 --- a/core/src/test/resources/config/config.mywithmulticert.properties +++ b/core/src/test/resources/config/config.mywithmulticert.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -36,7 +36,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOK9uFHs/nXrH9LcGorG6lB7Qs42iWK6mIE56wI7dIdsOuXf6r0ht+d+YTTis24xw+wjEHXrVN0Okh6wsKftzxo8chIo60+UB5NlKdvxAC7tpGNmrf49us/m5bdNx8IY+0pPK0c6B786UlujTvx1WFdDXh3UQPBclbWtFe5S3gLxAgMBAAECgYAPj9ngtZVZXoPWowinUbOvRmZ1ZMTVI91nsSPyCUacLM92C4I+7NuEZeYiDRUnkP7TbCyrCzXN3jwlIxdczzORhlXBBgg9Sw2fkV61CnDEMgw+aEeD5A0GDA6eTwkrawiOMs8vupjsi2/stPsa+bmpI6RnfdEKBdyDP6iQQhAxiQJBAPNtM7IMvRzlZBXoDaTTpP9rN2FR0ZcX0LT5aRZJ81qi+ZOBFeHUb6MyWvzZKfPinj9JO3s/9e3JbMXemRWBmvcCQQDuc+NfAeW200QyjoC3Ed3jueLMrY1Q3zTcSUhRPw/0pIKgRGZJerro8N6QY2JziV2mxK855gKTwwBigMHL2S9XAkEAwuBfjGDqXOG/uFHn6laNNvWshjqsIdus99Tbrj5RlfP2/YFP9VTOcsXzVYy9K0P3EA8ekVLpHQ4uCFJmF3OEjQJBAMvwO69/HOufhv1CWZ25XzAsRGhPqsRXEouw9XPfXpMavEm8FkuT9xXRJFkTVxl/i6RdJYx8Rwn/Rm34t0bUKqMCQQCrAtKCUn0PLcemAzPi8ADJlbMDG/IDXNbSej0Y4tw9Cdho1Q38XLZJi0RNdNvQJD1fWu3x9+QU/vJr7lMLzdoy-----END PRIVATE KEY----- @@ -48,8 +48,8 @@ onelogin.saml2.idp.entityid = https://pitbulk.no-ip.org/simplesaml/saml2/idp/met # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -58,7 +58,7 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -94,7 +94,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -134,7 +134,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -142,4 +142,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.mywithnocert.properties b/core/src/test/resources/config/config.mywithnocert.properties index d737de60..ef1d5df6 100644 --- a/core/src/test/resources/config/config.mywithnocert.properties +++ b/core/src/test/resources/config/config.mywithnocert.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -35,7 +35,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe # the certs folder. But we can also provide them with the following parameters onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY----- @@ -47,8 +47,8 @@ onelogin.saml2.idp.entityid = https://pitbulk.no-ip.org/simplesaml/saml2/idp/met # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -57,7 +57,7 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -92,7 +92,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -129,7 +129,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -137,4 +137,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.newattack.properties b/core/src/test/resources/config/config.newattack.properties index 3255de68..a7d8b83a 100644 --- a/core/src/test/resources/config/config.newattack.properties +++ b/core/src/test/resources/config/config.newattack.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -35,7 +35,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe # the certs folder. But we can also provide them with the following parameters onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICGzCCAYQCCQCNNcQXom32VDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSU4xFTATBgNVBAcTDEluZGlhbmFwb2xpczERMA8GA1UEChMIT25lTG9naW4xDDAKBgNVBAsTA0VuZzAeFw0xNDA0MjMxODQxMDFaFw0xNTA0MjMxODQxMDFaMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTjEVMBMGA1UEBxMMSW5kaWFuYXBvbGlzMREwDwYDVQQKEwhPbmVMb2dpbjEMMAoGA1UECxMDRW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo6m+QZvYQ/xL0ElLgupK1QDcYL4f5PckwsNgS9pUvV7fzTqCHk8ThLxTk42MQ2McJsOeUJVP728KhymjFCqxgP4VuwRk9rpAl0+mhy6MPdyjyA6G14jrDWS65ysLchK4t/vwpEDz0SQlEoG1kMzllSm7zZS3XregA7DjNaUYQqwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBALM2vGCiQ/vm+a6v40+VX2zdqHA2Q/1vF1ibQzJ54MJCOVWvs+vQXfZFhdm0OPM2IrDU7oqvKPqP6xOAeJK6H0yP7M4YL3fatSvIYmmfyXC9kt3Svz/NyrHzPhUnJ0ye/sUSXxnzQxwcm/9PwAqrQaA3QpQkH57ybF/OoryPe+2h-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem #onelogin.saml2.sp.privatekey = -----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQDo6m+QZvYQ/xL0ElLgupK1QDcYL4f5PckwsNgS9pUvV7fzTqCHk8ThLxTk42MQ2McJsOeUJVP728KhymjFCqxgP4VuwRk9rpAl0+mhy6MPdyjyA6G14jrDWS65ysLchK4t/vwpEDz0SQlEoG1kMzllSm7zZS3XregA7DjNaUYQqwIDAQABAoGBALGR6bRBit+yV5TUU3MZSrf8WQSLWDLgs/33FQSAEYSib4+DJke2lKbI6jkGUoSJgFUXFbaQLtMY2+3VDsMKPBdAge9gIdvbkC4yoKjLGm/FBDOxxZcfLpR+9OPqU3qM9D0CNuliBWI7Je+p/zs09HIYucpDXy9E18KA1KNF6rfhAkEA9KoNam6wAKnmvMzz31ws3RuIOUeo2rx6aaVY95+P9tTxd6U+pNkwxy1aCGP+InVSwlYNA1aQ4Axi/GdMIWMkxwJBAPO1CP7cQNZQmu7yusY+GUObDII5YK9WLaY4RAicn5378crPBFxvUkqf9G6FHo7u88iTCIp+vwa3Hn9Tumg3iP0CQQDgUXWBasCVqzCxU5wY4tMDWjXYhpoLCpmVeRML3dDJt004rFm2HKe7Rhpw7PTZNQZOxUSjFeA4e0LaNf838UWLAkB8QfbHM3ffjhOg96PhhjINdVWoZCb230LBOHj/xxPfUmFTHcBEfQIBSJMxcrBFAnLL9qPpMXymqOFk3ETz9DTlAj8E0qGbp78aVbTOtuwEwNJII+RPw+Zkc+lKR+yaWkAzfIXw527NPHH3+rnBG72wyZr9ud4LAum9jh+5No1LQpk=-----END RSA PRIVATE KEY----- onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOjqb5Bm9hD/EvQSUuC6krVANxgvh/k9yTCw2BL2lS9Xt/NOoIeTxOEvFOTjYxDYxwmw55QlU/vbwqHKaMUKrGA/hW7BGT2ukCXT6aHLow93KPIDobXiOsNZLrnKwtyEri3+/CkQPPRJCUSgbWQzOWVKbvNlLdet6ADsOM1pRhCrAgMBAAECgYEAsZHptEGK37JXlNRTcxlKt/xZBItYMuCz/fcVBIARhKJvj4MmR7aUpsjqOQZShImAVRcVtpAu0xjb7dUOwwo8F0CB72Ah29uQLjKgqMsab8UEM7HFlx8ulH704+pTeoz0PQI26WIFYjsl76n/OzT0chi5ykNfL0TXwoDUo0Xqt+ECQQD0qg1qbrAAqea8zPPfXCzdG4g5R6javHpppVj3n4/21PF3pT6k2TDHLVoIY/4idVLCVg0DVpDgDGL8Z0whYyTHAkEA87UI/txA1lCa7vK6xj4ZQ5sMgjlgr1YtpjhECJyfnfvxys8EXG9SSp/0boUeju7zyJMIin6/Brcef1O6aDeI/QJBAOBRdYFqwJWrMLFTnBji0wNaNdiGmgsKmZV5Ewvd0Mm3TTisWbYcp7tGGnDs9Nk1Bk7FRKMV4Dh7Qto1/zfxRYsCQHxB9sczd9+OE6D3o+GGMg11VahkJvbfQsE4eP/HE99SYVMdwER9AgFIkzFysEUCcsv2o+kxfKao4WTcRPP0NOUCPwTSoZunvxpVtM627ATA0kgj5E/D5mRz6UpH7JpaQDN8hfDnbs08cff6ucEbvbDJmv253gsC6b2OH7k2jUtCmQ==-----END PRIVATE KEY----- @@ -48,8 +48,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -58,12 +58,12 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Public x509 certificate of the IdP -#onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQ0FADA8MQswCQYDVQQGEwJ1czEPMA0GA1UECAwGSGF3YWlpMQswCQYDVQQKDAJNZTEPMA0GA1UEAwwGbWUuY29tMB4XDTE2MDYxNDE0MDIxM1oXDTE3MDYxNDE0MDIxM1owPDELMAkGA1UEBhMCdXMxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UECgwCTWUxDzANBgNVBAMMBm1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5xWsnAmIgCwkwbQodP4eiLAUOPmuurlV29whcGt6Ac3hvOQtnMm9gdlNJrvjlv4ZaG3H6A0Akys811Amdm+oKveXymFoLG4KHLMjTMIfQvKOl8Id/+Uvx69Zdw/0ouemhIagpw1z/bOXzL/i/3KxGJg8nwaV3dxtbPNSFzcDvy0CAwEAAaNQME4wHQYDVR0OBBYEFE4gjnKB5yJGWZMcu5lHlRnSAae2MB8GA1UdIwQYMBaAFE4gjnKB5yJGWZMcu5lHlRnSAae2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAOsmRx6tknVDHC8E+Eas2eF6O4Hm15Yt5XAjzIX3OiE2zvqm3fOk3HNjcHOAIFB7Mdvr6+23ARXpZFKiS2+MkUs5wmEzCLqU/hROyjyj9PYG1jMPrAHPOpWjVtlWuJslN28I6ziM8uq+uitTjIdt8JZ6P2dWtoTmDgsVUmFM0naU=-----END CERTIFICATE----- +#onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQ0FADA8MQswCQYDVQQGEwJ1czEPMA0GA1UECAwGSGF3YWlpMQswCQYDVQQKDAJNZTEPMA0GA1UEAwwGbWUuY29tMB4XDTE2MDYxNDE0MDIxM1oXDTE3MDYxNDE0MDIxM1owPDELMAkGA1UEBhMCdXMxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UECgwCTWUxDzANBgNVBAMMBm1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5xWsnAmIgCwkwbQodP4eiLAUOPmuurlV29whcGt6Ac3hvOQtnMm9gdlNJrvjlv4ZaG3H6A0Akys811Amdm+oKveXymFoLG4KHLMjTMIfQvKOl8Id/+Uvx69Zdw/0ouemhIagpw1z/bOXzL/i/3KxGJg8nwaV3dxtbPNSFzcDvy0CAwEAAaNQME4wHQYDVR0OBBYEFE4gjnKB5yJGWZMcu5lHlRnSAae2MB8GA1UdIwQYMBaAFE4gjnKB5yJGWZMcu5lHlRnSAae2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAOsmRx6tknVDHC8E+Eas2eF6O4Hm15Yt5XAjzIX3OiE2zvqm3fOk3HNjcHOAIFB7Mdvr6+23ARXpZFKiS2+MkUs5wmEzCLqU/hROyjyj9PYG1jMPrAHPOpWjVtlWuJslN28I6ziM8uq+uitTjIdt8JZ6P2dWtoTmDgsVUmFM0naU=-----END CERTIFICATE----- onelogin.saml2.idp.certfingerprint = 385b1eec71143f00db6af936e2ea12a28771d72c onelogin.saml2.idp.certfingerprint_algorithm = sha1 @@ -94,7 +94,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -131,7 +131,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -139,4 +139,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.newattack2.properties b/core/src/test/resources/config/config.newattack2.properties index 80a5d8f6..5f08a1c9 100644 --- a/core/src/test/resources/config/config.newattack2.properties +++ b/core/src/test/resources/config/config.newattack2.properties @@ -14,13 +14,13 @@ onelogin.saml2.sp.entityid = example.com # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = https://example.com/endpoint # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -32,7 +32,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe # the certs folder. But we can also provide them with the following parameters onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICGzCCAYQCCQCNNcQXom32VDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSU4xFTATBgNVBAcTDEluZGlhbmFwb2xpczERMA8GA1UEChMIT25lTG9naW4xDDAKBgNVBAsTA0VuZzAeFw0xNDA0MjMxODQxMDFaFw0xNTA0MjMxODQxMDFaMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTjEVMBMGA1UEBxMMSW5kaWFuYXBvbGlzMREwDwYDVQQKEwhPbmVMb2dpbjEMMAoGA1UECxMDRW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo6m+QZvYQ/xL0ElLgupK1QDcYL4f5PckwsNgS9pUvV7fzTqCHk8ThLxTk42MQ2McJsOeUJVP728KhymjFCqxgP4VuwRk9rpAl0+mhy6MPdyjyA6G14jrDWS65ysLchK4t/vwpEDz0SQlEoG1kMzllSm7zZS3XregA7DjNaUYQqwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBALM2vGCiQ/vm+a6v40+VX2zdqHA2Q/1vF1ibQzJ54MJCOVWvs+vQXfZFhdm0OPM2IrDU7oqvKPqP6xOAeJK6H0yP7M4YL3fatSvIYmmfyXC9kt3Svz/NyrHzPhUnJ0ye/sUSXxnzQxwcm/9PwAqrQaA3QpQkH57ybF/OoryPe+2h-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem #onelogin.saml2.sp.privatekey = -----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQDo6m+QZvYQ/xL0ElLgupK1QDcYL4f5PckwsNgS9pUvV7fzTqCHk8ThLxTk42MQ2McJsOeUJVP728KhymjFCqxgP4VuwRk9rpAl0+mhy6MPdyjyA6G14jrDWS65ysLchK4t/vwpEDz0SQlEoG1kMzllSm7zZS3XregA7DjNaUYQqwIDAQABAoGBALGR6bRBit+yV5TUU3MZSrf8WQSLWDLgs/33FQSAEYSib4+DJke2lKbI6jkGUoSJgFUXFbaQLtMY2+3VDsMKPBdAge9gIdvbkC4yoKjLGm/FBDOxxZcfLpR+9OPqU3qM9D0CNuliBWI7Je+p/zs09HIYucpDXy9E18KA1KNF6rfhAkEA9KoNam6wAKnmvMzz31ws3RuIOUeo2rx6aaVY95+P9tTxd6U+pNkwxy1aCGP+InVSwlYNA1aQ4Axi/GdMIWMkxwJBAPO1CP7cQNZQmu7yusY+GUObDII5YK9WLaY4RAicn5378crPBFxvUkqf9G6FHo7u88iTCIp+vwa3Hn9Tumg3iP0CQQDgUXWBasCVqzCxU5wY4tMDWjXYhpoLCpmVeRML3dDJt004rFm2HKe7Rhpw7PTZNQZOxUSjFeA4e0LaNf838UWLAkB8QfbHM3ffjhOg96PhhjINdVWoZCb230LBOHj/xxPfUmFTHcBEfQIBSJMxcrBFAnLL9qPpMXymqOFk3ETz9DTlAj8E0qGbp78aVbTOtuwEwNJII+RPw+Zkc+lKR+yaWkAzfIXw527NPHH3+rnBG72wyZr9ud4LAum9jh+5No1LQpk=-----END RSA PRIVATE KEY----- onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOjqb5Bm9hD/EvQSUuC6krVANxgvh/k9yTCw2BL2lS9Xt/NOoIeTxOEvFOTjYxDYxwmw55QlU/vbwqHKaMUKrGA/hW7BGT2ukCXT6aHLow93KPIDobXiOsNZLrnKwtyEri3+/CkQPPRJCUSgbWQzOWVKbvNlLdet6ADsOM1pRhCrAgMBAAECgYEAsZHptEGK37JXlNRTcxlKt/xZBItYMuCz/fcVBIARhKJvj4MmR7aUpsjqOQZShImAVRcVtpAu0xjb7dUOwwo8F0CB72Ah29uQLjKgqMsab8UEM7HFlx8ulH704+pTeoz0PQI26WIFYjsl76n/OzT0chi5ykNfL0TXwoDUo0Xqt+ECQQD0qg1qbrAAqea8zPPfXCzdG4g5R6javHpppVj3n4/21PF3pT6k2TDHLVoIY/4idVLCVg0DVpDgDGL8Z0whYyTHAkEA87UI/txA1lCa7vK6xj4ZQ5sMgjlgr1YtpjhECJyfnfvxys8EXG9SSp/0boUeju7zyJMIin6/Brcef1O6aDeI/QJBAOBRdYFqwJWrMLFTnBji0wNaNdiGmgsKmZV5Ewvd0Mm3TTisWbYcp7tGGnDs9Nk1Bk7FRKMV4Dh7Qto1/zfxRYsCQHxB9sczd9+OE6D3o+GGMg11VahkJvbfQsE4eP/HE99SYVMdwER9AgFIkzFysEUCcsv2o+kxfKao4WTcRPP0NOUCPwTSoZunvxpVtM627ATA0kgj5E/D5mRz6UpH7JpaQDN8hfDnbs08cff6ucEbvbDJmv253gsC6b2OH7k2jUtCmQ==-----END PRIVATE KEY----- @@ -45,8 +45,8 @@ onelogin.saml2.idp.entityid = idp.example.com # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/saml/sso -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -55,12 +55,12 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/saml/slo # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Public x509 certificate of the IdP -#onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQ0FADA8MQswCQYDVQQGEwJ1czEPMA0GA1UECAwGSGF3YWlpMQswCQYDVQQKDAJNZTEPMA0GA1UEAwwGbWUuY29tMB4XDTE2MDYxNDE0MDIxM1oXDTE3MDYxNDE0MDIxM1owPDELMAkGA1UEBhMCdXMxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UECgwCTWUxDzANBgNVBAMMBm1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5xWsnAmIgCwkwbQodP4eiLAUOPmuurlV29whcGt6Ac3hvOQtnMm9gdlNJrvjlv4ZaG3H6A0Akys811Amdm+oKveXymFoLG4KHLMjTMIfQvKOl8Id/+Uvx69Zdw/0ouemhIagpw1z/bOXzL/i/3KxGJg8nwaV3dxtbPNSFzcDvy0CAwEAAaNQME4wHQYDVR0OBBYEFE4gjnKB5yJGWZMcu5lHlRnSAae2MB8GA1UdIwQYMBaAFE4gjnKB5yJGWZMcu5lHlRnSAae2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAOsmRx6tknVDHC8E+Eas2eF6O4Hm15Yt5XAjzIX3OiE2zvqm3fOk3HNjcHOAIFB7Mdvr6+23ARXpZFKiS2+MkUs5wmEzCLqU/hROyjyj9PYG1jMPrAHPOpWjVtlWuJslN28I6ziM8uq+uitTjIdt8JZ6P2dWtoTmDgsVUmFM0naU=-----END CERTIFICATE----- +#onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQ0FADA8MQswCQYDVQQGEwJ1czEPMA0GA1UECAwGSGF3YWlpMQswCQYDVQQKDAJNZTEPMA0GA1UEAwwGbWUuY29tMB4XDTE2MDYxNDE0MDIxM1oXDTE3MDYxNDE0MDIxM1owPDELMAkGA1UEBhMCdXMxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UECgwCTWUxDzANBgNVBAMMBm1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5xWsnAmIgCwkwbQodP4eiLAUOPmuurlV29whcGt6Ac3hvOQtnMm9gdlNJrvjlv4ZaG3H6A0Akys811Amdm+oKveXymFoLG4KHLMjTMIfQvKOl8Id/+Uvx69Zdw/0ouemhIagpw1z/bOXzL/i/3KxGJg8nwaV3dxtbPNSFzcDvy0CAwEAAaNQME4wHQYDVR0OBBYEFE4gjnKB5yJGWZMcu5lHlRnSAae2MB8GA1UdIwQYMBaAFE4gjnKB5yJGWZMcu5lHlRnSAae2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAOsmRx6tknVDHC8E+Eas2eF6O4Hm15Yt5XAjzIX3OiE2zvqm3fOk3HNjcHOAIFB7Mdvr6+23ARXpZFKiS2+MkUs5wmEzCLqU/hROyjyj9PYG1jMPrAHPOpWjVtlWuJslN28I6ziM8uq+uitTjIdt8JZ6P2dWtoTmDgsVUmFM0naU=-----END CERTIFICATE----- onelogin.saml2.idp.certfingerprint = 4b68c453c7d994aad9025c99d5efcf566287fe8d onelogin.saml2.idp.certfingerprint_algorithm = sha1 @@ -91,7 +91,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -128,7 +128,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -136,4 +136,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.samecerts.properties b/core/src/test/resources/config/config.samecerts.properties index 9d94a4d3..bae8d2f4 100644 --- a/core/src/test/resources/config/config.samecerts.properties +++ b/core/src/test/resources/config/config.samecerts.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -35,7 +35,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe # the certs folder. But we can also provide them with the following parameters onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE----- -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY----- @@ -47,8 +47,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -57,7 +57,7 @@ onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0: onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml/saml2/idp/SingleLogoutService.php # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -91,7 +91,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -128,7 +128,7 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512 # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com @@ -136,4 +136,4 @@ onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.contacts.technical.given_name = Technical Guy onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@example.com \ No newline at end of file +onelogin.saml2.contacts.support.email_address = support@example.com diff --git a/core/src/test/resources/config/config.somevaluesempty.properties b/core/src/test/resources/config/config.somevaluesempty.properties index 60d87e8f..7d32326a 100644 --- a/core/src/test/resources/config/config.somevaluesempty.properties +++ b/core/src/test/resources/config/config.somevaluesempty.properties @@ -14,7 +14,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-jspsample/metadata. # URL Location where the from the IdP will be returned onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-jspsample/acs.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -23,7 +23,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-jspsample/sls.jsp # SAML protocol binding for the Single Logout Service of the SP. -# Onelogin Toolkit supports for this endpoint the HTTP-Redirect binding only +# SAMLToolkit supports for this endpoint the HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect # Specifies constraints on the name identifier to be used to @@ -36,7 +36,7 @@ onelogin.saml2.sp.nameidformat = onelogin.saml2.sp.x509cert = -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = @@ -48,8 +48,8 @@ onelogin.saml2.idp.entityid = http://idp.example.com/ # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = http://idp.example.com/simplesaml/saml2/idp/SSOService.php -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -63,7 +63,7 @@ onelogin.saml2.idp.single_logout_service.url = http://idp.example.com/simplesaml onelogin.saml2.idp.single_logout_service.response.url = # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -98,7 +98,7 @@ onelogin.saml2.security.want_messages_signed = true onelogin.saml2.security.want_assertions_signed = true # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null/false (in order to not sign) or true (sign using SP private key) +# Right now supported null/false (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = true # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -135,7 +135,7 @@ onelogin.saml2.security.signature_algorithm = onelogin.saml2.security.digest_algorithm = # Organization -onelogin.saml2.organization.name = +onelogin.saml2.organization.name = onelogin.saml2.organization.displayname = onelogin.saml2.organization.url = @@ -143,4 +143,4 @@ onelogin.saml2.organization.url = onelogin.saml2.contacts.technical.given_name = onelogin.saml2.contacts.technical.email_address = onelogin.saml2.contacts.support.given_name = -onelogin.saml2.contacts.support.email_address = \ No newline at end of file +onelogin.saml2.contacts.support.email_address = diff --git a/pom.xml b/pom.xml index 1e4cabea..d6ebe7a8 100644 --- a/pom.xml +++ b/pom.xml @@ -5,9 +5,9 @@ 2.9.1-SNAPSHOT pom - OneLogin java-saml Toolkit Project - A Java SAML toolkit by OneLogin - https://github.com/onelogin/java-saml + java-saml Toolkit Project + A Java SAML toolkit + https://github.com/saml-toolkit/java-saml UTF-8 @@ -154,9 +154,9 @@ - scm:git:git@github.com:onelogin/java-saml.git - scm:git:git@github.com:onelogin/java-saml.git - https://github.com/onelogin/java-saml + scm:git:git@github.com:saml-toolkit/java-saml.git + scm:git:git@github.com:saml-toolkit/java-saml.git + https://github.com/saml-toolkit/java-saml HEAD @@ -172,7 +172,7 @@ Sixto Martín García https://github.com/pitbulk - OneLogin + SAML Toolkit diff --git a/samples/java-saml-tookit-jspsample/pom.xml b/samples/java-saml-tookit-jspsample/pom.xml index 13afeb5b..d960d4f7 100644 --- a/samples/java-saml-tookit-jspsample/pom.xml +++ b/samples/java-saml-tookit-jspsample/pom.xml @@ -8,7 +8,7 @@ java-saml-tookit-jspsample war - OneLogin java-saml Toolkit Sample Webapp + java-saml Toolkit Sample Webapp diff --git a/samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties b/samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties index ce813fd3..e7249704 100644 --- a/samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties +++ b/samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties @@ -19,7 +19,7 @@ onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-tookit-jspsample/me onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-tookit-jspsample/acs.jsp # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-POST binding only onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST @@ -28,7 +28,7 @@ onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2 onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-tookit-jspsample/sls.jsp # SAML protocol binding to be used when returning the or sending the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -42,7 +42,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe onelogin.saml2.sp.x509cert = -# Requires Format PKCS#8 BEGIN PRIVATE KEY +# Requires Format PKCS#8 BEGIN PRIVATE KEY # If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem onelogin.saml2.sp.privatekey = @@ -56,8 +56,8 @@ onelogin.saml2.idp.entityid = # URL Target of the IdP where the SP will send the Authentication Request Message onelogin.saml2.idp.single_sign_on_service.url = -# SAML protocol binding to be used to deliver the message -# to the IdP. Onelogin Toolkit supports for this endpoint the +# SAML protocol binding to be used to deliver the message +# to the IdP. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -71,7 +71,7 @@ onelogin.saml2.idp.single_logout_service.url = onelogin.saml2.idp.single_logout_service.response.url = # SAML protocol binding to be used when returning the -# message. Onelogin Toolkit supports for this endpoint the +# message. SAMLToolkit supports for this endpoint the # HTTP-Redirect binding only onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect @@ -85,7 +85,7 @@ onelogin.saml2.idp.x509cert = # If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to # let the toolkit know which Algorithm was used. Possible values: sha1, sha256, sha384 or sha512 # 'sha1' is the default value. -# onelogin.saml2.idp.certfingerprint = +# onelogin.saml2.idp.certfingerprint = # onelogin.saml2.idp.certfingerprint_algorithm = sha256 @@ -116,7 +116,7 @@ onelogin.saml2.security.want_messages_signed = false onelogin.saml2.security.want_assertions_signed = false # Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null (in order to not sign) or true (sign using SP private key) +# Right now supported null (in order to not sign) or true (sign using SP private key) onelogin.saml2.security.sign_metadata = # Indicates a requirement for the Assertions received by this SP to be encrypted @@ -153,16 +153,16 @@ onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig- # 'http://www.w3.org/2001/04/xmlenc#sha256' # 'http://www.w3.org/2001/04/xmldsig-more#sha384' # 'http://www.w3.org/2001/04/xmlenc#sha512' -onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha256 +onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha256 # Reject Signatures with deprecated algorithms (sha1) onelogin.saml2.security.reject_deprecated_alg = true # Organization -onelogin.saml2.organization.name = SP Java +onelogin.saml2.organization.name = SP Java onelogin.saml2.organization.displayname = SP Java Example onelogin.saml2.organization.url = http://sp.example.com -onelogin.saml2.organization.lang = +onelogin.saml2.organization.lang = # Contacts onelogin.saml2.contacts.technical.given_name = Technical Guy diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp index 99d640d8..9c8ff2e0 100644 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp +++ b/samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp @@ -2,7 +2,7 @@ <%@page import="com.onelogin.saml2.servlet.ServletUtils"%> <%@page import="java.util.Collection"%> <%@page import="java.util.List"%> -<%@page import="java.util.Map"%> +<%@page import="java.util.Map"%> <%@page import="org.apache.commons.lang3.StringUtils" %> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> @@ -12,7 +12,7 @@ - A Java SAML Toolkit by OneLogin demo + A Java SAML Toolkit @@ -24,9 +24,9 @@
-

A Java SAML Toolkit by OneLogin demo

+

A Java SAML Toolkit

- + <% Auth auth = new Auth(request, response); @@ -61,7 +61,7 @@ session.setAttribute("sessionIndex", sessionIndex); session.setAttribute("nameidNameQualifier", nameidNameQualifier); session.setAttribute("nameidSPNameQualifier", nameidSPNameQualifier); - + String relayState = request.getParameter("RelayState"); @@ -69,12 +69,12 @@ !relayState.contains("/dologin.jsp")) { // We don't want to be redirected to login.jsp neither response.sendRedirect(request.getParameter("RelayState")); } else { - + if (attributes.isEmpty()) { %> - <% + <% } else { %> @@ -86,7 +86,7 @@ - <% + <% Collection keys = attributes.keySet(); for(String name :keys){ out.println("" + name + ""); @@ -94,13 +94,13 @@ for(String value :values) { out.println("
  • " + value + "
    • "); } - + out.println(""); } %> - <% + <% } %> See user data stored at session diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp index f98e2cea..65c4aced 100644 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp +++ b/samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp @@ -13,7 +13,7 @@ - A Java SAML Toolkit by OneLogin demo + A Java SAML Toolkit @@ -25,19 +25,19 @@
    -

    A Java SAML Toolkit by OneLogin demo

    +

    A Java SAML Toolkit

    <% Boolean found = false; @SuppressWarnings("unchecked") - Enumeration elems = (Enumeration) session.getAttributeNames(); - + Enumeration elems = (Enumeration) session.getAttributeNames(); + while (elems.hasMoreElements() && !found) { String value = (String) elems.nextElement(); if (value.equals("attributes") || value.equals("nameId")) { found = true; } } - + if (found) { String nameId = (String) session.getAttribute("nameId"); @SuppressWarnings("unchecked") @@ -46,11 +46,11 @@ if (!nameId.isEmpty()) { out.println("
    NameId: " + nameId + "
    "); } - + if (attributes.isEmpty()) { %> - <% + <% } else { %> @@ -63,7 +63,7 @@ - <% + <% Collection keys = attributes.keySet(); for(String name :keys){ out.println("" + name + ""); @@ -71,7 +71,7 @@ for(String value :values) { out.println("
  • " + value + "
    • "); } - + out.println(""); } %> diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp index b783a4e8..9483fb2d 100644 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp +++ b/samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp @@ -6,7 +6,7 @@ - A Java SAML Toolkit by OneLogin demo + A Java SAML Toolkit @@ -18,7 +18,7 @@
    -

    A Java SAML Toolkit by OneLogin demo

    +

    A Java SAML Toolkit

    Login Login and access to attrs.jsp page
    diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp index bf80405c..83f2ad7d 100644 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp +++ b/samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp @@ -2,7 +2,7 @@ <%@page import="java.util.Collection"%> <%@page import="java.util.HashMap"%> <%@page import="java.util.List"%> -<%@page import="java.util.Map"%> +<%@page import="java.util.Map"%> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> @@ -11,7 +11,7 @@ - A Java SAML Toolkit by OneLogin demo + A Java SAML Toolkit @@ -23,14 +23,14 @@
    -

    A Java SAML Toolkit by OneLogin demo

    - Logout +

    A Java SAML Toolkit

    + Logout <% Auth auth = new Auth(request, response); auth.processSLO(); - + List errors = auth.getErrors(); - + if (errors.isEmpty()) { out.println("

    Sucessfully logged out

    "); out.println("Login"); diff --git a/samples/pom.xml b/samples/pom.xml index 799ec247..36ab644b 100644 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -7,7 +7,7 @@ java-saml-tookit-samples - OneLogin java-saml Toolkit Samples + java-saml Toolkit Samples pom diff --git a/toolkit/pom.xml b/toolkit/pom.xml index a57711bc..3cb2ab03 100644 --- a/toolkit/pom.xml +++ b/toolkit/pom.xml @@ -7,7 +7,7 @@ jar - OneLogin java-saml Toolkit + java-saml Toolkit java-saml diff --git a/toolkit/src/main/java/com/onelogin/saml2/Auth.java b/toolkit/src/main/java/com/onelogin/saml2/Auth.java index 0126ec35..9d8f29cb 100644 --- a/toolkit/src/main/java/com/onelogin/saml2/Auth.java +++ b/toolkit/src/main/java/com/onelogin/saml2/Auth.java @@ -41,7 +41,7 @@ import com.onelogin.saml2.util.Util; /** - * Main class of OneLogin's Java Toolkit. + * Main class of Java Toolkit. * * This class implements the SP SAML instance. * Defines the methods that you can invoke in your application in @@ -105,7 +105,7 @@ public class Auth { * The ID of the last message processed */ private String lastMessageId; - + /** * The issue instant of the last message processed */ @@ -168,9 +168,9 @@ public class Auth { * encrypted, by default tries to return the decrypted XML */ private String lastResponse; - + private static final SamlMessageFactory DEFAULT_SAML_MESSAGE_FACTORY = new SamlMessageFactory() {}; - + private SamlMessageFactory samlMessageFactory = DEFAULT_SAML_MESSAGE_FACTORY; /** @@ -196,7 +196,7 @@ public Auth() throws IOException, SettingsException, Error { public Auth(KeyStoreSettings keyStoreSetting) throws IOException, SettingsException, Error { this("onelogin.saml.properties", keyStoreSetting); } - + /** * Initializes the SP SAML instance. * @@ -241,7 +241,7 @@ public Auth(HttpServletRequest request, HttpServletResponse response) throws IOE /** * Initializes the SP SAML instance. - * + * * @param keyStoreSetting KeyStoreSettings is a KeyStore which have the Private/Public keys * @param request HttpServletRequest object to be processed * @param response HttpServletResponse object to be used @@ -615,11 +615,11 @@ public String login(String relayState, AuthnRequestParams authnRequestParams, Bo */ public String login(String relayState, AuthnRequestParams authnRequestParams, Boolean stay, Map parameters) throws IOException, SettingsException { AuthnRequest authnRequest = samlMessageFactory.createAuthnRequest(settings, authnRequestParams); - + if (parameters == null) { parameters = new HashMap(); } - + String samlRequest = authnRequest.getEncodedAuthnRequest(); parameters.put("SAMLRequest", samlRequest); @@ -627,7 +627,7 @@ public String login(String relayState, AuthnRequestParams authnRequestParams, Bo if (relayState == null) { relayState = ServletUtils.getSelfRoutedURLNoQuery(request); } - + if (!relayState.isEmpty()) { parameters.put("RelayState", relayState); } @@ -1136,7 +1136,7 @@ public void logout(String relayState, String nameId, String sessionIndex) /** * Initiates the SLO process. - * + * * @throws IOException * @throws SettingsException */ @@ -1322,7 +1322,7 @@ public String processSLO(Boolean keepLocalSession, String requestId, Boolean sta } String inResponseTo = logoutRequest.id; - LogoutResponse logoutResponseBuilder = samlMessageFactory.createOutgoingLogoutResponse(settings, + LogoutResponse logoutResponseBuilder = samlMessageFactory.createOutgoingLogoutResponse(settings, new LogoutResponseParams(inResponseTo, Constants.STATUS_SUCCESS)); lastResponse = logoutResponseBuilder.getLogoutResponseXml(); @@ -1462,10 +1462,10 @@ public final Instant getSessionExpiration() { public String getLastMessageId() { return lastMessageId; } - + /** * Returns the issue instant of the last message processed. - * + * * @return The issue instant of the last message processed */ public Calendar getLastMessageIssueInstant() { @@ -1515,10 +1515,10 @@ public Exception getLastValidationException() { public String getLastRequestId() { return lastRequestId; } - + /** * Returns the issue instant of the last request generated (AuthnRequest or LogoutRequest). - * + * * @return the issue instant of the last request generated (AuthnRequest or LogoutRequest), * null if none */ @@ -1592,7 +1592,7 @@ public String buildResponseSignature(String samlResponse, String relayState, Str private String buildSignature(String samlMessage, String relayState, String signAlgorithm, String type) throws SettingsException, IllegalArgumentException { String signature = ""; - + if (!settings.checkSPCerts()) { String errorMsg = "Trying to sign the " + type + " but can't load the SP private key"; LOGGER.error("buildSignature error. " + errorMsg); @@ -1600,16 +1600,16 @@ private String buildSignature(String samlMessage, String relayState, String sign } PrivateKey key = settings.getSPkey(); - + String msg = type + "=" + Util.urlEncoder(samlMessage); if (StringUtils.isNotEmpty(relayState)) { msg += "&RelayState=" + Util.urlEncoder(relayState); } - + if (StringUtils.isEmpty(signAlgorithm)) { signAlgorithm = Constants.RSA_SHA1; } - + msg += "&SigAlg=" + Util.urlEncoder(signAlgorithm); try { @@ -1655,7 +1655,7 @@ public String getLastResponseXML() { *

    * This allows consumers to provide their own extension classes for SAML message * XML generation and/or processing. - * + * * @param samlMessageFactory * the factory to use to create SAML message objects; if * null, a default provider will be used which creates diff --git a/toolkit/src/main/java/com/onelogin/saml2/servlet/ServletUtils.java b/toolkit/src/main/java/com/onelogin/saml2/servlet/ServletUtils.java index c62bdd71..1c2f7bb9 100644 --- a/toolkit/src/main/java/com/onelogin/saml2/servlet/ServletUtils.java +++ b/toolkit/src/main/java/com/onelogin/saml2/servlet/ServletUtils.java @@ -15,7 +15,7 @@ import com.onelogin.saml2.util.Util; /** - * ServletUtils class of OneLogin's Java Toolkit. + * ServletUtils class of Java Toolkit. * * A class that contains several auxiliary methods related to HttpServletRequest and HttpServletResponse */ @@ -24,7 +24,7 @@ public class ServletUtils { private ServletUtils() { //not called } - + /** * Creates an HttpRequest from an HttpServletRequest. * @@ -148,7 +148,7 @@ public static String getSelfRoutedURLNoQuery(HttpServletRequest request) { * GET parameters to be added * @param stay * True if we want to stay (returns the url string) False to execute redirection - * + * * @return string the target URL * @throws IOException * @@ -197,7 +197,7 @@ public static String sendRedirect(HttpServletResponse response, String location, public static void sendRedirect(HttpServletResponse response, String location, Map parameters) throws IOException { sendRedirect(response, location, parameters, false); } - + /** * Redirect to location url *