SAML2UserAuthenticator: check that request params has SAMLResponse

yadvr · yadvr · commit ad13d3d7472b · 2014-08-28T19:45:26.000+02:00
Signed-off-by: Rohit Yadav &lt;rohit.yadav@shapeblue.com&gt;
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
@@ -48,8 +48,8 @@ public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username,
             return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
         } else {
             User user = _userDao.getUser(userAccount.getId());
-            // TODO: check SAMLRequest, signature etc. from requestParameters
-            if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid())) {
+            if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid()) &&
+                    requestParameters.containsKey(SAMLUtils.SAML_RESPONSE)) {
                 return new Pair<Boolean, ActionOnFailedAuthentication>(true, null);
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -48,8 +48,8 @@ public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username,`
`48`	`48`	`return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);`
`49`	`49`	`} else {`
`50`	`50`	`User user = _userDao.getUser(userAccount.getId());`
`51`		`- // TODO: check SAMLRequest, signature etc. from requestParameters`
`52`		`- if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid())) {`
	`51`	`+ if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid()) &&`
	`52`	`+ requestParameters.containsKey(SAMLUtils.SAML_RESPONSE)) {`
`53`	`53`	`return new Pair<Boolean, ActionOnFailedAuthentication>(true, null);`
`54`	`54`	`}`
`55`	`55`	`}`