[SIDP-379] - Usage of general AuthenticationException in UsernamePasswordLoginHandler
[SIDP-373] - The SLF4J MDC state is not being properly cleared when request processing is done.
[SIDP-368] - Provide more acurate login error to servlet when Username/Password login authentication has failed.
+[SIDP-369] - Allow to have cookie Domain set for login context cookie
[SIDP-365] - Expose uptime of IdP web application with status handler
[SIDP-362] - Only log exception message without stack trace for expired SAML messages
[SIDP-360] - Session isn't being set within the attribute request context during a SAML1 attribute query
import edu.internet2.middleware.shibboleth.common.session.SessionManager;
import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
-import edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler;
import edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager;
import edu.internet2.middleware.shibboleth.idp.session.AuthenticationMethodInformation;
import edu.internet2.middleware.shibboleth.idp.session.ServiceInformation;
cookieValue.append(Base64.encodeBytes(sessionId, Base64.DONT_BREAK_LINES)).append("|");
cookieValue.append(signature);
+ String cookieDomain = HttpServletHelper.getCookieDomain(context);
+
Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, HTTPTransportUtils.urlEncode(cookieValue.toString()));
sessionCookie.setVersion(1);
+ if(cookieDomain != null){
+ sessionCookie.setDomain(cookieDomain);
+ }
sessionCookie.setPath("".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
sessionCookie.setSecure(httpRequest.isSecure());
httpResponse.addCookie(sessionCookie);
/** A helper class that provides access to internal state from Servlets and hence also JSPs. */
public class HttpServletHelper {
+ /** Name of the context initialization parameter that stores the domain to use for all cookies. */
+ public static final String COOKIE_DOMAIN_PARAM = "cookieDomain";
+
/** Name of the cookie containing the IdP session ID: {@value} . */
public static final String IDP_SESSION_COOKIE = "_idp_session";
}
httpRequest.setAttribute(LOGIN_CTX_KEY_NAME, loginContext);
}
-
+
/**
* Binds a {@link LoginContext} to the issuer of the current request. The binding is done by creating a random UUID,
* placing that in a cookie in the request, and storing the context in to the storage service under that key.
LoginContextEntry entry = new LoginContextEntry(loginContext, 1800000);
storageService.put(parition, contextKey, entry);
+ String cookieDomain = getCookieDomain(context);
+
Cookie contextKeyCookie = new Cookie(LOGIN_CTX_KEY_NAME, contextKey);
contextKeyCookie.setVersion(1);
+ if(cookieDomain != null){
+ contextKeyCookie.setDomain(cookieDomain);
+ }
contextKeyCookie.setPath("".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
contextKeyCookie.setSecure(httpRequest.isSecure());
httpResponse.addCookie(contextKeyCookie);
}
+
+ /**
+ * Gets the domain to use for all cookies.
+ *
+ * @param context web application context
+ *
+ * @return domain to use for all cookies
+ */
+ public static String getCookieDomain(ServletContext context){
+ return context.getInitParameter(COOKIE_DOMAIN_PARAM);
+ }
/**
* Gets the {@link AttributeFilteringEngine} service bound to the Servlet context.
version="2.4">
<display-name>Shibboleth Identity Provider</display-name>
-
+
+ <!-- Parameter that allows the domain of all cookies to be explicitly set.
+ If not set the domain is let empty which means that the cookie will only ever be sent
+ to the IdP host.
+ -->
+ <!--
+ <context-param>
+ <param-name>cookieDomain</param-name>
+ <param-value>example.org</param-value>
+ </context-param>
+ -->
+
<!--
Spring 2.0 application context files. Files are loaded in the order they appear with subsequent files
overwriting same named beans in previous files.
projects / java-idp.git / commitdiff