diff --git a/.gitignore b/.gitignore
index bb0a38c4..f6427d94 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,4 +20,5 @@ local.application.yml
.classpath
log
NOTES.md
-dep.tree
\ No newline at end of file
+dep.tree
+application-test2.yml
\ No newline at end of file
diff --git a/myconext-server/pom.xml b/myconext-server/pom.xml
index b26f7481..5215b547 100644
--- a/myconext-server/pom.xml
+++ b/myconext-server/pom.xml
@@ -45,15 +45,10 @@
org.springframework.boot
spring-boot-starter-web
-
-
-
-
-
org.openconext
saml-idp
- 0.0.1-SNAPSHOT
+ 0.0.4-SNAPSHOT
org.springframework.boot
@@ -125,10 +120,15 @@
compiler
0.9.10
+
+ org.apache.commons
+ commons-lang3
+ 3.13.0
+
org.openconext
tiqr-java-connector
- 1.1.0
+ 1.1.2
com.fasterxml.jackson.datatype
diff --git a/myconext-server/src/main/java/myconext/security/GuestIdpAuthenticationRequestFilter.java b/myconext-server/src/main/java/myconext/security/GuestIdpAuthenticationRequestFilter.java
index 8b059132..047994da 100644
--- a/myconext-server/src/main/java/myconext/security/GuestIdpAuthenticationRequestFilter.java
+++ b/myconext-server/src/main/java/myconext/security/GuestIdpAuthenticationRequestFilter.java
@@ -664,7 +664,9 @@ private void sendAssertion(HttpServletRequest request,
String.join(", ", authenticationContextClassReferences));
samlStatus = SAMLStatus.NO_AUTHN_CONTEXT;
}
-
+ if (!samlStatus.equals(SAMLStatus.SUCCESS)) {
+ authnContextClassRefValue = DefaultSAMLIdPService.authnContextClassRefUnspecified;
+ }
Optional optionalCookie = cookieByName(request, BROWSER_SESSION_COOKIE_NAME);
optionalCookie.ifPresent(cookie -> {
cookie.setMaxAge(0);
@@ -673,7 +675,7 @@ private void sendAssertion(HttpServletRequest request,
//Tracking cookie for user new device discovery
this.addTrackingCookie(request, response, user);
this.samlIdpService.sendResponse(
- samlAuthenticationRequest.getRequesterEntityId(),
+ samlAuthenticationRequest.getIssuer(),
samlAuthenticationRequest.getRequestId(),
user.getUid(),
samlStatus,
diff --git a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
index 04b7744b..536d0baf 100644
--- a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
+++ b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
@@ -74,6 +74,7 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath,
@Value("${sso_mfa_duration_seconds}") long ssoMFADurationSeconds,
@Value("${mobile_app_rp_entity_id}") String mobileAppROEntityId,
@Value("${feature.default_remember_me}") boolean featureDefaultRememberMe,
+ @Value("${feature.requires_signed_authn_request}") boolean requiresSignedAuthnRequest,
AuthenticationRequestRepository authenticationRequestRepository,
UserRepository userRepository,
UserLoginRepository userLoginRepository,
diff --git a/myconext-server/src/main/resources/application.yml b/myconext-server/src/main/resources/application.yml
index 133841bd..cfa17e91 100644
--- a/myconext-server/src/main/resources/application.yml
+++ b/myconext-server/src/main/resources/application.yml
@@ -61,8 +61,8 @@ idp_redirect_url: http://localhost:3000
rp_id: localhost
rp_origin: http://localhost:3000
sp_redirect_url: http://localhost:3001
-sp_entity_id: https://engine.test2.surfconext.nl/authentication/sp/metadata, https://engine.test.surfconext.nl/authentication/sp/metadata
-sp_entity_metadata_url: https://engine.test2.surfconext.nl/authentication/sp/metadata, https://engine.test.surfconext.nl/authentication/sp/metadata
+sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata
+sp_entity_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata
guest_idp_entity_id: https://localhost.surf.id
my_conext_url: https://my.test2.surfconext.nl
domain: eduid.nl
@@ -90,6 +90,8 @@ feature:
create_eduid_institution_landing: True
# Do we default remember the user for a longer period
default_remember_me: False
+ # Does the SAMLIdpService expects authn requests to be signed
+ requires_signed_authn_request: True
secure_cookie: false
idp_entity_id: https://localhost.surf.id
diff --git a/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java b/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java
index ba9bce6a..b37fa692 100644
--- a/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java
+++ b/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java
@@ -80,7 +80,8 @@
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
"oidc.base-url=http://localhost:8098/",
- "sso_mfa_duration_seconds=-1000"
+ "sso_mfa_duration_seconds=-1000",
+ "feature.requires_signed_authn_request=false"
})
@ActiveProfiles({"test"})
@SuppressWarnings("unchecked")
diff --git a/myconext-server/src/test/java/myconext/geo/MaxMindGeoLocationTest.java b/myconext-server/src/test/java/myconext/geo/MaxMindGeoLocationTest.java
index 4b85044a..d709944d 100644
--- a/myconext-server/src/test/java/myconext/geo/MaxMindGeoLocationTest.java
+++ b/myconext-server/src/test/java/myconext/geo/MaxMindGeoLocationTest.java
@@ -37,7 +37,7 @@ void before() throws IOException {
@AfterEach
void after() throws IOException {
- File file = new File(System.getProperty("java.io.tmpdir"+ "/geo"));
+ File file = new File(System.getProperty("java.io.tmpdir") + "/geo");
FileUtils.forceDelete(file);
}
diff --git a/pom.xml b/pom.xml
index 5b7d92b0..1dc515e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
org.springframework.boot
spring-boot-starter-parent
- 2.7.13
+ 2.7.17
@@ -30,7 +30,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.9.0
+ 3.11.0
11
@@ -38,7 +38,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.0.0
+ 3.3.0
enforce-versions
@@ -78,7 +78,7 @@
org.apache.maven.wagon
wagon-webdav-jackrabbit
- 3.5.1
+ 3.5.3