justinbleach#94 - Support for alternative NameId policy

xweskingx · Oct 27, 2021 · 5fc1d4e · 5fc1d4e
1 parent 7558147
commit 5fc1d4e
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/src/main/java/com/coveo/saml/SamlClient.java b/src/main/java/com/coveo/saml/SamlClient.java
@@ -104,6 +104,7 @@ public class SamlClient {
 
   private static final String HTTP_REQ_SAML_PARAM = "SAMLRequest";
   private static final String HTTP_RESP_SAML_PARAM = "SAMLResponse";
+  private static final String DEFAULT_NAMEID_POLICY_FORMAT = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
 
   private static boolean initializedOpenSaml = false;
   private BasicParserPool domParser;
@@ -117,6 +118,7 @@ public enum SamlIdpBinding {
   private String assertionConsumerServiceUrl;
   private String identityProviderUrl;
   private String responseIssuer;
+  private String nameIdPolicyFormat = DEFAULT_NAMEID_POLICY_FORMAT;
   private List<Credential> credentials;
   private DateTime now; // used for testing only
   private long notBeforeSkew = 0L;
@@ -157,6 +159,15 @@ public void setNotBeforeSkew(long notBeforeSkew) {
     this.notBeforeSkew = notBeforeSkew;
   }
 
+  /**
+   * Set a {@link NameIDPolicy} format for the NameIDPolicy used in the {@link AuthnRequest}.
+   *
+   * @param format the NameIDPolicy format to use
+   */
+  public void setNameIdPolicyFormat(String nameIdPolicyFormat) {
+    this.nameIdPolicyFormat = nameIdPolicyFormat;
+  }
+
   /**
    * Constructs an SAML client using explicit parameters.
    *
@@ -780,7 +791,7 @@ public String getSamlRequest() throws SamlException {
     request.setAssertionConsumerServiceURL(assertionConsumerServiceUrl);
 
     NameIDPolicy nameIDPolicy = (NameIDPolicy) buildSamlObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
-    nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
+    nameIDPolicy.setFormat(nameIdPolicyFormat);
     request.setNameIDPolicy(nameIDPolicy);
 
     signSAMLObject(request);

diff --git a/src/test/java/com/coveo/saml/SamlClientTest.java b/src/test/java/com/coveo/saml/SamlClientTest.java
@@ -114,6 +114,17 @@ public void getSamlRequestReturnsAnEncodedRequest() throws Throwable {
     assertTrue(decoded.contains(">myidentifier<"));
   }
 
+  @Test
+  public void getSamlRequestReturnsAnEncodedRequestWithNameIDPolicy() throws Throwable {
+    SamlClient client =
+            SamlClient.fromMetadata(
+                    "myidentifier", "http://some/url", getXml("adfs.xml"), SamlClient.SamlIdpBinding.POST);
+    client.setNameIdPolicyFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
+    String decoded =
+            new String(Base64.decodeBase64(client.getSamlRequest()), StandardCharsets.UTF_8);
+    assertTrue(decoded.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"));
+  }
+
   @Test
   public void decodeAndValidateSamlResponseCanDecodeAnSamlResponse() throws Throwable {
     SamlClient client =