From 738af0f08e4dd42490bb3f7fdc7899113d480a75 Mon Sep 17 00:00:00 2001 From: Wesley King Date: Wed, 27 Oct 2021 13:56:58 -0400 Subject: [PATCH] (#94) Support for alternative NameId policy --- src/main/java/com/coveo/saml/SamlClient.java | 13 ++++++++++++- src/test/java/com/coveo/saml/SamlClientTest.java | 11 +++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/coveo/saml/SamlClient.java b/src/main/java/com/coveo/saml/SamlClient.java index 5b03fa4..1f78d27 100644 --- a/src/main/java/com/coveo/saml/SamlClient.java +++ b/src/main/java/com/coveo/saml/SamlClient.java @@ -104,6 +104,7 @@ public class SamlClient { private static final String HTTP_REQ_SAML_PARAM = "SAMLRequest"; private static final String HTTP_RESP_SAML_PARAM = "SAMLResponse"; + private static final String DEFAULT_NAMEID_POLICY_FORMAT = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; private static boolean initializedOpenSaml = false; private BasicParserPool domParser; @@ -117,6 +118,7 @@ public enum SamlIdpBinding { private String assertionConsumerServiceUrl; private String identityProviderUrl; private String responseIssuer; + private String nameIdPolicyFormat = DEFAULT_NAMEID_POLICY_FORMAT; private List credentials; private DateTime now; // used for testing only private long notBeforeSkew = 0L; @@ -157,6 +159,15 @@ public void setNotBeforeSkew(long notBeforeSkew) { this.notBeforeSkew = notBeforeSkew; } + /** + * Set a {@link NameIDPolicy} format for the NameIDPolicy used in the {@link AuthnRequest}. + * + * @param nameIdPolicyFormat the NameIDPolicy format to use + */ + public void setNameIdPolicyFormat(String nameIdPolicyFormat) { + this.nameIdPolicyFormat = nameIdPolicyFormat; + } + /** * Constructs an SAML client using explicit parameters. * @@ -780,7 +791,7 @@ public String getSamlRequest() throws SamlException { request.setAssertionConsumerServiceURL(assertionConsumerServiceUrl); NameIDPolicy nameIDPolicy = (NameIDPolicy) buildSamlObject(NameIDPolicy.DEFAULT_ELEMENT_NAME); - nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"); + nameIDPolicy.setFormat(nameIdPolicyFormat); request.setNameIDPolicy(nameIDPolicy); signSAMLObject(request); diff --git a/src/test/java/com/coveo/saml/SamlClientTest.java b/src/test/java/com/coveo/saml/SamlClientTest.java index 103a2ad..f56fc65 100644 --- a/src/test/java/com/coveo/saml/SamlClientTest.java +++ b/src/test/java/com/coveo/saml/SamlClientTest.java @@ -114,6 +114,17 @@ public void getSamlRequestReturnsAnEncodedRequest() throws Throwable { assertTrue(decoded.contains(">myidentifier<")); } + @Test + public void getSamlRequestReturnsAnEncodedRequestWithNameIDPolicy() throws Throwable { + SamlClient client = + SamlClient.fromMetadata( + "myidentifier", "http://some/url", getXml("adfs.xml"), SamlClient.SamlIdpBinding.POST); + client.setNameIdPolicyFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"); + String decoded = + new String(Base64.decodeBase64(client.getSamlRequest()), StandardCharsets.UTF_8); + assertTrue(decoded.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")); + } + @Test public void decodeAndValidateSamlResponseCanDecodeAnSamlResponse() throws Throwable { SamlClient client =