Skip to content

Commit

Permalink
fix: xml encode entityId in shibboleth saml templates
Browse files Browse the repository at this point in the history
Signed-off-by: Rolain Djeumen <[email protected]>
  • Loading branch information
uprightech committed Oct 16, 2024
1 parent 0acd2cc commit 1df74f4
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -26,25 +26,25 @@

<Rule xsi:type="OR">
#foreach( $entityId in $trustParams.trustEntityIds.get($trustRelationship.inum) )
<Rule xsi:type="Requester" value="$entityId" />
<Rule xsi:type="Requester" value="$esc.xml($entityId)" />
#end
</Rule>
#else

<Rule xsi:type="Requester" value="$trustParams.trustEntityIds.get($trustRelationship.inum).get(0)" />
<Rule xsi:type="Requester" value="$esc.xml($trustParams.trustEntityIds.get($trustRelationship.inum).get(0))" />
#end
</PolicyRequirementRule>
#else
#if ($isFederation)

<PolicyRequirementRule xsi:type="OR">
#foreach( $entityId in $trustParams.trustEntityIds.get($trustRelationship.inum) )
<Rule xsi:type="Requester" value="$entityId" />
<Rule xsi:type="Requester" value="$esc.xml($entityId)" />
#end
</PolicyRequirementRule>
#else

<PolicyRequirementRule xsi:type="Requester" value="$trustParams.trustEntityIds.get($trustRelationship.inum).get(0)" />
<PolicyRequirementRule xsi:type="Requester" value="$esc.xml($trustParams.trustEntityIds.get($trustRelationship.inum).get(0))" />
#end
#end

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@
#set($entityId = $trustRelationship.getEntityId())
#set($relyingPartyId = $StringHelper.removePunctuation($trustRelationship.inum))

<bean parent="RelyingPartyByName" id="$relyingPartyId" c:relyingPartyIds="$entityId">
<bean parent="RelyingPartyByName" id="$relyingPartyId" c:relyingPartyIds="$esc.xml($entityId)">
<property name="profileConfigurations">
<list>
#if($trustRelationship.specificRelyingPartyConfig and (not $trustRelationship.isFederation()))
Expand Down
7 changes: 7 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
<arquillian.drone.version>2.0.0.Final</arquillian.drone.version>
<arquillian.graphene.version>2.1.0.CR1</arquillian.graphene.version>
<shrinkwrap.version>2.1.0</shrinkwrap.version>
<velocity-tools.version>3.0</velocity-tools.version>

<sonar.projectKey>GluuFederation_oxTrust</sonar.projectKey>
<sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
Expand Down Expand Up @@ -418,6 +419,12 @@
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
</dependency>

<dependency>
<groupId>org.apache.velocity.tools</groupId>
<artifactId>velocity-tools-generic</artifactId>
<version>${velocity-tools.version}</version>
</dependency>

<!-- Deprecated modules -->
<dependency>
Expand Down
5 changes: 5 additions & 0 deletions service/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,11 @@
<artifactId>velocity-engine-core</artifactId>
</dependency>

<dependency>
<groupId>org.apache.velocity.tools</groupId>
<artifactId>velocity-tools-generic</artifactId>
</dependency>

<!-- RestEasy -->
<dependency>
<groupId>org.jboss.resteasy</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.LineIterator;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.tools.generic.EscapeTool;
import org.apache.velocity.VelocityContext;
import org.gluu.config.oxtrust.AppConfiguration;
import org.gluu.config.oxtrust.AttributeResolverConfiguration;
Expand Down Expand Up @@ -687,6 +688,7 @@ private VelocityContext prepareVelocityContext(HashMap<String, Object> trustPara
VelocityContext context = new VelocityContext();

context.put("StringHelper", StringHelper.class);
context.put("esc",new EscapeTool());
context.put("salt", configurationFactory.getCryptoConfigurationSalt());

context.put("trustParams", trustParams);
Expand Down

0 comments on commit 1df74f4

Please sign in to comment.