Skip to content
This repository has been archived by the owner on Nov 29, 2022. It is now read-only.

wrong descriptor and extended metadata are loaded to context, when IDP and SP share the same entityID #506

Open
edisonleonardo opened this issue Nov 20, 2020 · 0 comments
Open

wrong descriptor and extended metadata are loaded to context, when IDP and SP share the same entityID #506

edisonleonardo opened this issue Nov 20, 2020 · 0 comments

Comments

@edisonleonardo
Copy link

With the scenario of IDP and SP share the same entityID, and the IDP provider is set first on metadata manager provider list, the populateLocalEntity method in SAMLContextProviderImpl.java, gets IDP descriptor and IDP extended metadata,
making the context be loaded whit the wrong entityDescriptor, extendedMetadata, and wrong LocalSigningCredential when the IDP has one set.

initializeProviderData in MetadataManager validates IDP and SP entityID by separate, so I think is valid scenario having same IDP and SP entityID.

 protected void populateLocalEntity(SAMLMessageContext samlContext) throws MetadataProviderException {

        String localEntityId = samlContext.getLocalEntityId();
        QName localEntityRole = samlContext.getLocalEntityRole();

        if (localEntityId == null) {
            throw new MetadataProviderException("No hosted service provider is configured and no alias was selected");
        }

        EntityDescriptor entityDescriptor = metadata.getEntityDescriptor(localEntityId);
        RoleDescriptor roleDescriptor = metadata.getRole(localEntityId, localEntityRole, SAMLConstants.SAML20P_NS);
        ExtendedMetadata extendedMetadata = metadata.getExtendedMetadata(localEntityId);

        if (entityDescriptor == null || roleDescriptor == null) {
            throw new MetadataProviderException("Metadata for entity " + localEntityId + " and role " + localEntityRole + " wasn't found");
        }

        samlContext.setLocalEntityMetadata(entityDescriptor);
        samlContext.setLocalEntityRoleMetadata(roleDescriptor);
        samlContext.setLocalExtendedMetadata(extendedMetadata);

        if (extendedMetadata.getSigningKey() != null) {
            samlContext.setLocalSigningCredential(keyManager.getCredential(extendedMetadata.getSigningKey()));
        } else {
            samlContext.setLocalSigningCredential(keyManager.getDefaultCredential());
        }

    }

Thanks for your Attention.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@edisonleonardo