Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11217

SAML2 Authentication module is not invoking custom SP Adapter class implementing a preSingleSignOnRequest() method.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 13.5.0, 14.0.0
    • Fix Version/s: 13.5.2, 14.1.1, 14.5.0
    • Component/s: authentication
    • Labels:
    • Environment:
      Linux/Tomcat 8.5.9
    • Sprint:
      AM Sustaining Sprint 39
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      SAML2 Authentication module is not invoking custom SP Adapter class implementing a preSingleSignOnRequest() method. The same works fine while using the spssoinit.jsp.

      SPSSOFederate#initiateAuthnRequest()

                  // create AuthnRequest 
                  AuthnRequest authnRequest = createAuthnRequest(realm, spEntityID, paramsMap, spConfigAttrsMap,
                          extensionsList, spsso, idpsso, ssoURL, false);
                  if (null != auditor && null != authnRequest) \{
                      auditor.setRequestId(authnRequest.getID());
                  }
      
                  // invoke SP Adapter class if registered
                  SAML2ServiceProviderAdapter spAdapter = SAML2Utils.getSPAdapterClass(spEntityID, realmName);
                  if (spAdapter != null) \{
                      spAdapter.preSingleSignOnRequest(spEntityID, idpEntityID, realmName, request, response, authnRequest);
                  }
      
                  String authReqXMLString = authnRequest.toXMLString(true, true);
      
      

      and the same pattern is followed at SPSSOFederate#initiateECPRequest()

                  // create AuthnRequest 
                  AuthnRequest authnRequest = createAuthnRequest(realm, spEntityID,
                      paramsMap, spConfigAttrsMap, extensionsList, spsso, null, null,
                      true);
      
                  // invoke SP Adapter class if registered
                  SAML2ServiceProviderAdapter spAdapter =
                      SAML2Utils.getSPAdapterClass(spEntityID, realm);
                  if (spAdapter != null) \{
                      spAdapter.preSingleSignOnRequest(spEntityID, realm, null,
                          request, response, authnRequest);
                  }
      
                  String alias = SAML2Utils.getSigningCertAlias(realm, spEntityID,
                      SAML2Constants.SP_ROLE);
      
      

      Whereas if we use SAML2 Authentication module SAML2#initiateSAMLLoginAtIDP() it is calling SPSSOFederate.createAuthnRequest and missing to invoke SP Adapter class registered.

      String ssoURL = endPoint.getLocation();
              SAML2Utils.debug.message("SAML2 :: initiateSAMLLoginAtIDP()  ssoURL : \{}", ssoURL);
      
              final List extensionsList = SPSSOFederate.getExtensionsList(spEntityID, realm);
              final Map<String, Collection<String>> spConfigAttrsMap
                      = SPSSOFederate.getAttrsMapForAuthnReq(realm, spEntityID);
              authnRequest = SPSSOFederate.createAuthnRequest(realm, spEntityID, params,
                      spConfigAttrsMap, extensionsList, spsso, idpsso, ssoURL, false);
              final AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response, realm, spEntityID, null,
                      authnRequest, null, params);
      
              synchronized (SPCache.requestHash) \{
                  SPCache.requestHash.put(authnRequest.getID(), reqInfo);
              }
      
              saveAuthnRequest(authnRequest, reqInfo);
      
      

      One possible solution could be to move the code block to SPSSOFederate#createAuthnRequest().

      Workaround: This will affect only if there is a custom SP Adapter and try using spssoinit.jsp.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
                Reporter:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: