Move allow_duplicated_attribute_name from sp settings to security. Add documentation

Author: pitbulk

README.md

@@ -110,8 +110,8 @@ java-saml (com.onelogin:java-saml-toolkit) has the following dependencies:
 * For CI:
   * org.jacoco:jacoco-maven-plugin
 
-also the [Java Cryptography Extension (JCE)](https://en.wikipedia.org/wiki/Java_Cryptography_Extension) is required. If you don't have it, download the version of [jce-6](http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html), [jce-7](http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html) or [jce-8](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html), unzip it, and drop its content at
-*${java.home}/jre/lib/security/*
+also the [Java Cryptography Extension (JCE)](https://en.wikipedia.org/wiki/Java_Cryptography_Extension) is required. If you don't have it, download the version of [jce-8](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html), unzip it, and drop its content at
+*${java.home}/jre/lib/security/*. JDK 9 and later offer the stronger cryptographic algorithms by default.
 
 *toolkit:*
 * com.onelogin:java-saml-core
@@ -123,7 +123,7 @@ also the [Java Cryptography Extension (JCE)](https://en.wikipedia.org/wiki/Java_
 * org.apache.maven.plugins:maven-enforcer-plugin
 
 For more info, open and read the different pom.xml files:
-[core/pom.xml](https://github.com/onelogin/java-saml/blob/v2.2.0/core/pom.xml), [toolkit/pom.xml](https://github.com/onelogin/java-saml/blob/v2.2.0/toolkit/pom.xml)
+[core/pom.xml](https://github.com/onelogin/java-saml/blob/v2.5.0/core/pom.xml), [toolkit/pom.xml](https://github.com/onelogin/java-saml/blob/v2.5.0/toolkit/pom.xml)
 
 ## Working with the github repository code and Eclipse.
 ### Get the toolkit.
@@ -329,6 +329,9 @@ onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:
 # Allows the authn comparison parameter to be set, defaults to 'exact'
 onelogin.saml2.security.requested_authncontextcomparison = exact
 
+# Allows duplicated names in the attribute statement
+onelogin.saml2.security.allow_duplicated_attribute_name = false
+
 # Indicates if the SP will validate all received xmls.
 # (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
 onelogin.saml2.security.want_xml_validation = true

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -549,14 +549,14 @@ public HashMap<String, List<String>> getAttributes() throws XPathExpressionExcep
 			for (int i = 0; i < nodes.getLength(); i++) {
 				NamedNodeMap attrName = nodes.item(i).getAttributes();
 				String attName = attrName.getNamedItem("Name").getNodeValue();
-				if (attributes.containsKey(attName) && !settings.isSpAllowRepeatAttributeName()) {
+				if (attributes.containsKey(attName) && !settings.isAllowRepeatAttributeName()) {
 					throw new ValidationError("Found an Attribute element with duplicated Name", ValidationError.DUPLICATED_ATTRIBUTE_NAME_FOUND);
 				}
 
 				NodeList childrens = nodes.item(i).getChildNodes();
 
 				List<String> attrValues = null;
-				if (attributes.containsKey(attName) && settings.isSpAllowRepeatAttributeName()) {
+				if (attributes.containsKey(attName) && settings.isAllowRepeatAttributeName()) {
 					attrValues = attributes.get(attName);
 				} else {
 					attrValues = new ArrayList<String>();

core/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java

@@ -39,7 +39,6 @@ public class Saml2Settings {
 	private URL spSingleLogoutServiceUrl = null;
 	private String spSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT;
 	private String spNameIDFormat = Constants.NAMEID_UNSPECIFIED;
-	private boolean spAllowRepeatAttributeName = false;
 	private X509Certificate spX509cert = null;
 	private X509Certificate spX509certNew = null;
 	private PrivateKey spPrivateKey = null;
@@ -73,6 +72,7 @@ public class Saml2Settings {
 	private String signatureAlgorithm = Constants.RSA_SHA1;
 	private String digestAlgorithm = Constants.SHA1;
 	private boolean rejectUnsolicitedResponsesWithInResponseTo = false;
+	private boolean allowRepeatAttributeName = false;
 	private String uniqueIDPrefix = null;
 
 	// Compress
@@ -135,10 +135,10 @@ public final String getSpNameIDFormat() {
 	}
 
 	/**
-	 * @return the spAllowRepeatAttributeName setting value
+	 * @return the allowRepeatAttributeName setting value
 	 */
-	public boolean isSpAllowRepeatAttributeName () {
-		return spAllowRepeatAttributeName;
+	public boolean isAllowRepeatAttributeName () {
+		return allowRepeatAttributeName;
 	}
 
 	/**
@@ -450,13 +450,13 @@ protected final void setSpNameIDFormat(String spNameIDFormat) {
 	}
 
 	/**
-	 * Set the spAllowRepeatAttributeName setting value
+	 * Set the allowRepeatAttributeName setting value
 	 *
-	 * @param spAllowRepeatAttributeName
-	 *        the spAllowRepeatAttributeName value to be set
+	 * @param allowRepeatAttributeName
+	 *        the allowRepeatAttributeName value to be set
 	 */
-	public void setSpAllowRepeatAttributeName (boolean spAllowRepeatAttributeName) {
-		this.spAllowRepeatAttributeName = spAllowRepeatAttributeName;
+	public void setAllowRepeatAttributeName (boolean allowRepeatAttributeName) {
+		this.allowRepeatAttributeName = allowRepeatAttributeName;
 	}
 
 	/**

core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java

@@ -60,7 +60,6 @@ public class SettingsBuilder {
 	public final static String SP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.sp.single_logout_service.url";
 	public final static String SP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.sp.single_logout_service.binding";
 	public final static String SP_NAMEIDFORMAT_PROPERTY_KEY = "onelogin.saml2.sp.nameidformat";
-	public final static String SP_ALLOW_REPEAT_ATTRIBUTE_NAME_PROPERTY_KEY = "onelogin.saml2.sp.allow_duplicated_attribute_name";
 
 	public final static String SP_X509CERT_PROPERTY_KEY = "onelogin.saml2.sp.x509cert";
 	public final static String SP_PRIVATEKEY_PROPERTY_KEY = "onelogin.saml2.sp.privatekey";
@@ -100,6 +99,7 @@ public class SettingsBuilder {
 	public final static String SECURITY_WANT_XML_VALIDATION = "onelogin.saml2.security.want_xml_validation";
 	public final static String SECURITY_SIGNATURE_ALGORITHM = "onelogin.saml2.security.signature_algorithm";
 	public final static String SECURITY_REJECT_UNSOLICITED_RESPONSES_WITH_INRESPONSETO = "onelogin.saml2.security.reject_unsolicited_responses_with_inresponseto";
+	public final static String SECURITY_ALLOW_REPEAT_ATTRIBUTE_NAME_PROPERTY_KEY = "onelogin.saml2.security.allow_duplicated_attribute_name";
 
 	// Compress
 	public final static String COMPRESS_REQUEST = "onelogin.saml2.compress.request";
@@ -369,6 +369,10 @@ private void loadSecuritySetting() {
 		if (rejectUnsolicitedResponsesWithInResponseTo != null) {
 			saml2Setting.setRejectUnsolicitedResponsesWithInResponseTo(rejectUnsolicitedResponsesWithInResponseTo);
 		}
+
+		Boolean allowRepeatAttributeName = loadBooleanProperty(SECURITY_ALLOW_REPEAT_ATTRIBUTE_NAME_PROPERTY_KEY);
+		if (allowRepeatAttributeName != null)
+			saml2Setting.setAllowRepeatAttributeName(allowRepeatAttributeName);
 	}
 
 	/**
@@ -469,10 +473,6 @@ private void loadSpSetting() {
 		if (spNameIDFormat != null && !spNameIDFormat.isEmpty())
 			saml2Setting.setSpNameIDFormat(spNameIDFormat);
 
-		Boolean spAllowRepeatAttributeName = loadBooleanProperty(SP_ALLOW_REPEAT_ATTRIBUTE_NAME_PROPERTY_KEY);
-		if (spAllowRepeatAttributeName != null)
-			saml2Setting.setSpAllowRepeatAttributeName(spAllowRepeatAttributeName);
-
 		boolean keyStoreEnabled = this.samlData.get(KEYSTORE_KEY) != null && this.samlData.get(KEYSTORE_ALIAS) != null
 				&& this.samlData.get(KEYSTORE_KEY_PASSWORD) != null;
 

core/src/test/resources/config/config.allowduplicatednames.properties

@@ -31,8 +31,6 @@ onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bi
 # Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
 onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
 
-# Enable duplicated names in the attribute statement
-onelogin.saml2.sp.allow_duplicated_attribute_name = true
 
 # Usually x509cert and privateKey of the SP are provided by files placed at
 # the certs folder. But we can also provide them with the following parameters
@@ -115,6 +113,8 @@ onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:
 # Allows the authn comparison parameter to be set, defaults to 'exact'
 onelogin.saml2.security.requested_authncontextcomparison = exact
 
+# Enable duplicated names in the attribute statement
+onelogin.saml2.security.allow_duplicated_attribute_name = true
 
 # Indicates if the SP will validate all received xmls.
 # (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).

samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties

@@ -132,6 +132,8 @@ onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:
 # Allows the authn comparison parameter to be set, defaults to 'exact'
 onelogin.saml2.security.onelogin.saml2.security.requested_authncontextcomparison = exact
 
+# Allows duplicated names in the attribute statement
+onelogin.saml2.security.allow_duplicated_attribute_name = false
 
 # Indicates if the SP will validate all received xmls.
 # (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).