Skip to content

Commit 19c3b25

Browse files
pitbulkpitbulk
committed
Remove the use of wrong NameID Format urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
1 parent fb93269 commit 19c3b25

28 files changed

Lines changed: 72 additions & 41 deletions

core/src/main/java/com/onelogin/saml2/util/Constants.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,12 @@ public final class Constants {
1313
public static String NAMEID_EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
1414
public static String NAMEID_X509_SUBJECT_NAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
1515
public static String NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName";
16+
public static String NAMEID_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
1617
public static String NAMEID_KERBEROS = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos";
1718
public static String NAMEID_ENTITY = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
1819
public static String NAMEID_TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
1920
public static String NAMEID_PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
2021
public static String NAMEID_ENCRYPTED = "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted";
21-
public static String NAMEID_UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified";
2222

2323
// Attribute Name Formats
2424
public static String ATTRNAME_FORMAT_UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";

core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,7 @@ public void testNameIDPolicy() throws Exception {
179179
String authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);
180180
assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
181181
assertThat(authnRequestStr, containsString("<samlp:NameIDPolicy"));
182-
assertThat(authnRequestStr, containsString("Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified\""));
182+
assertThat(authnRequestStr, containsString("Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\""));
183183

184184
authnRequest = new AuthnRequest(settings, false, false, false);
185185
authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
@@ -192,7 +192,7 @@ public void testNameIDPolicy() throws Exception {
192192
authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);
193193
assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
194194
assertThat(authnRequestStr, containsString("<samlp:NameIDPolicy"));
195-
assertThat(authnRequestStr, containsString("Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified\""));
195+
assertThat(authnRequestStr, containsString("Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\""));
196196
}
197197

198198
/**

core/src/test/java/com/onelogin/saml2/test/authn/AuthnResponseTest.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -227,7 +227,7 @@ public void testGetNameIdData() throws Exception {
227227
samlResponseEncoded = Util.getFileAsString("data/responses/response_encrypted_nameid.xml.base64");
228228
samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
229229
String NameIdDataStr = samlResponse.getNameIdData().toString();
230-
assertThat(NameIdDataStr, containsString("Format=urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"));
230+
assertThat(NameIdDataStr, containsString("Format=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
231231
assertThat(NameIdDataStr, containsString("Value=2de11defd199f8d5bb63f9b7deb265ba5c675c10"));
232232
assertThat(NameIdDataStr, containsString("SPNameQualifier=http://localhost:8080/java-saml-jspsample/metadata.jsp"));
233233

core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -197,7 +197,7 @@ public void testGetNameIdData() throws Exception {
197197
String logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64);
198198
assertThat(logoutRequestStr, containsString("<samlp:LogoutRequest"));
199199
String nameIdDataStr = LogoutRequest.getNameIdData(logoutRequestStr, null).toString();
200-
assertThat(nameIdDataStr, containsString("Format=urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"));
200+
assertThat(nameIdDataStr, containsString("Format=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
201201
assertThat(nameIdDataStr, containsString("Value=ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c"));
202202
assertThat(nameIdDataStr, not(containsString("SPNameQualifier")));
203203

@@ -218,7 +218,7 @@ public void testGetNameIdData() throws Exception {
218218
logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64);
219219
PrivateKey key = settings.getSPkey();
220220
nameIdDataStr = LogoutRequest.getNameIdData(logoutRequestStr, key).toString();
221-
assertThat(nameIdDataStr, containsString("Format=urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"));
221+
assertThat(nameIdDataStr, containsString("Format=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
222222
assertThat(nameIdDataStr, containsString("Value=ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c"));
223223
assertThat(nameIdDataStr, not(containsString("SPNameQualifier")));
224224

core/src/test/java/com/onelogin/saml2/test/settings/MetadataTest.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ public void testMetadata() throws Exception {
5858
assertThat(metadataStr, not(containsString("<md:KeyDescriptor use=\"signing\">")));
5959
assertThat(metadataStr, containsString("<md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8080/java-saml-jspsample/acs.jsp\" index=\"1\"/>"));
6060
assertThat(metadataStr, containsString("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8080/java-saml-jspsample/sls.jsp\"/>"));
61-
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</md:NameIDFormat>"));
61+
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>"));
6262
}
6363

6464
/**
@@ -254,7 +254,6 @@ public void testGetAttributeConsumingServiceXmlWithMultipleAttributeValue() thro
254254
RequestedAttribute requestedAttribute = new RequestedAttribute("userType", null, false, "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", attrValues);
255255
RequestedAttribute requestedAttribute2 = new RequestedAttribute("urn:oid:0.9.2342.19200300.100.1.1", "uid", true, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", null);
256256

257-
258257
attributeConsumingService.addRequestedAttribute(requestedAttribute);
259258
attributeConsumingService.addRequestedAttribute(requestedAttribute2);
260259

core/src/test/java/com/onelogin/saml2/test/settings/Saml2SettingsTest.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -197,7 +197,7 @@ public void testGetSPMetadataUnsigned() throws Exception {
197197
assertThat(metadataStr, not(containsString("<md:KeyDescriptor use=\"signing\">")));
198198
assertThat(metadataStr, containsString("<md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8080/java-saml-jspsample/acs.jsp\" index=\"1\"/>"));
199199
assertThat(metadataStr, containsString("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8080/java-saml-jspsample/sls.jsp\"/>"));
200-
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</md:NameIDFormat>"));
200+
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>"));
201201
}
202202

203203
/**
@@ -229,7 +229,7 @@ public void testGetSPMetadataUnsignedNoSLS() throws Exception {
229229
assertThat(metadataStr, not(containsString("<md:KeyDescriptor use=\"signing\">")));
230230
assertThat(metadataStr, containsString("<md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8080/java-saml-jspsample/acs.jsp\" index=\"1\"/>"));
231231
assertThat(metadataStr, not(containsString("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8080/java-saml-jspsample/sls.jsp\"/>")));
232-
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</md:NameIDFormat>"));
232+
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>"));
233233
}
234234

235235
/**
@@ -262,7 +262,7 @@ public void testGetSPMetadataSigned() throws Exception {
262262
assertThat(metadataStr, containsString("<md:KeyDescriptor use=\"signing\">"));
263263
assertThat(metadataStr, containsString("<md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8080/java-saml-jspsample/acs.jsp\" index=\"1\">"));
264264
assertThat(metadataStr, containsString("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8080/java-saml-jspsample/sls.jsp\">"));
265-
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</md:NameIDFormat>"));
265+
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>"));
266266
}
267267

268268
/**

core/src/test/java/com/onelogin/saml2/test/settings/SettingBuilderTest.java

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ public void testLoadFromFileEmpty() throws IOException, CertificateException, UR
6666
assertEquals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", setting.getSpAssertionConsumerServiceBinding());
6767
assertNull(setting.getSpSingleLogoutServiceUrl());
6868
assertEquals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", setting.getSpSingleLogoutServiceBinding());
69-
assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", setting.getSpNameIDFormat());
69+
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", setting.getSpNameIDFormat());
7070

7171
assertTrue(setting.getIdpEntityId().isEmpty());
7272
assertNull(setting.getIdpSingleSignOnServiceUrl());
@@ -119,7 +119,7 @@ public void testLoadFromFileMinProp() throws IOException, CertificateException,
119119
assertEquals(setting.getSpAssertionConsumerServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
120120
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
121121
assertEquals(setting.getSpSingleLogoutServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
122-
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
122+
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
123123

124124
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
125125
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());
@@ -173,7 +173,7 @@ public void testLoadFromFileAllProp() throws IOException, CertificateException,
173173
assertEquals(setting.getSpAssertionConsumerServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
174174
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
175175
assertEquals(setting.getSpSingleLogoutServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
176-
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
176+
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
177177

178178
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
179179
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());
@@ -241,7 +241,7 @@ public void testLoadFromFileCertString() throws IOException, CertificateExceptio
241241
assertEquals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", setting.getSpAssertionConsumerServiceBinding());
242242
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
243243
assertEquals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", setting.getSpSingleLogoutServiceBinding());
244-
assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", setting.getSpNameIDFormat());
244+
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", setting.getSpNameIDFormat());
245245

246246
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
247247
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());
@@ -294,7 +294,7 @@ public void testLoadFromFileContactString() throws IOException, CertificateExcep
294294
assertEquals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", setting.getSpAssertionConsumerServiceBinding());
295295
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
296296
assertEquals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", setting.getSpSingleLogoutServiceBinding());
297-
assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", setting.getSpNameIDFormat());
297+
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", setting.getSpNameIDFormat());
298298

299299
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
300300
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());
@@ -401,7 +401,7 @@ public void testLoadFromFileSomeEmptyProp() throws IOException, CertificateExcep
401401
assertEquals(setting.getSpAssertionConsumerServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
402402
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
403403
assertEquals(setting.getSpSingleLogoutServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
404-
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
404+
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
405405

406406
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
407407
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());
@@ -453,7 +453,7 @@ public void testLoadFromFileDifferentProp() throws IOException, CertificateExcep
453453
assertEquals(setting.getSpAssertionConsumerServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
454454
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
455455
assertEquals(setting.getSpSingleLogoutServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
456-
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
456+
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
457457

458458
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
459459
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());

core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1685,11 +1685,11 @@ public void testGenerateNameIdException() throws URISyntaxException, IOException
16851685
public void testGenerateNameId() throws URISyntaxException, IOException, CertificateException {
16861686
String nameIdValue = "ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde";
16871687
String entityId = "http://stuff.com/endpoints/metadata.php";
1688-
String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified";
1688+
String nameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
16891689

16901690
String nameId = Util.generateNameId(nameIdValue, entityId, nameIDFormat);
16911691

1692-
String expectedNameId = "<saml:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified\" SPNameQualifier=\"http://stuff.com/endpoints/metadata.php\">ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde</saml:NameID>";
1692+
String expectedNameId = "<saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\" SPNameQualifier=\"http://stuff.com/endpoints/metadata.php\">ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde</saml:NameID>";
16931693
assertEquals(expectedNameId, nameId);
16941694

16951695
String certString = Util.getFileAsString("data/customPath/certs/sp.crt");

core/src/test/resources/config/config.adfs.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bi
2929
# Specifies constraints on the name identifier to be used to
3030
# represent the requested subject.
3131
# Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
32-
onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
32+
onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
3333

3434
# Usually x509cert and privateKey of the SP are provided by files placed at
3535
# the certs folder. But we can also provide them with the following parameters

core/src/test/resources/config/config.all.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bi
2929
# Specifies constraints on the name identifier to be used to
3030
# represent the requested subject.
3131
# Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
32-
onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
32+
onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
3333

3434
# Usually x509cert and privateKey of the SP are provided by files placed at
3535
# the certs folder. But we can also provide them with the following parameters

0 commit comments

Comments
 (0)