Improvement of SAMLEntityParser and SAMLEntitiesParser to filter whitespace characters (I had ClassCastException without this change)
Implementation of FileBasedEntitiesMetadataProvider so it can use metadata config file with "EntitiesDescriptorType" as root element. There is also FileBasedEntityMetadataProvider, which can handle metadata config file with single "EntityDescriptorType". New unit tests added for parsing.
AbstractIDPValve will read metadata for all SP if MetadataProviderType is available in picketlink.xml configuration
If SPSSODescriptorType from metadata contains AuthnRequestsSigned with value "false", then signature won't be verified for this SP and SAML2SignatureValidationHandler will ignore SAMLRequest from this SP. This adds possibility that validation from some SP is available but validation of other SP is disabled (For example Google Apps don't support signed SAMLRequest). If metadata are not provided, signatures are verified (same behaviour like before)
SAML2AuthenticationHandler will now save participant into IdentityParticipantStack according to this:
--- If metadata are not provided, SAML2AuthenticationHandler will use same URL like original URL (Same behaviour like before)
--- If metadata are provided and they contain "SingleLogoutService", then it will use URL provided by SingleLogoutService. This adds possibility to use different URL for logout then was URL for authentication (this is the case with Salesforce)
--- If metadata are provided and they don't contain "SingleLogoutService", then participant is not registered into IdentityParticipantStack, which means that it will be ignored for Single Logout (This is needed for Google Apps for instance because Google Apps doesn't support SAML single logout profile)
pedroigor
commented
12 years ago
What I did is: