Merge pull request #33 from dBucik/saml_metadata_checks

Dominik František Bučík · web-flow · commit d5079cfe974b · 2021-11-09T11:27:01.000+01:00
Saml metadata checks
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml
@@ -561,8 +561,8 @@
 
 	<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
 		<property name="defaultIDP" value="${saml.idp.defaultIdpEntityId}"/>
-		<property name="refreshCheckInterval" value="60000"/>
-		<property name="refreshRequired" value="false"/>
+		<property name="refreshCheckInterval" value="3600000"/>
+		<property name="refreshRequired" value="true"/>
 		<constructor-arg name="providers">
 			<list>
 				<ref bean="idpMetadata"/>
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/IdpMetadataBeans.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/IdpMetadataBeans.java
@@ -38,7 +38,10 @@ public ExtendedMetadataDelegate idpMetadata(SamlProperties samlProperties,
             fsmp.setParserPool(parserPool);
             mp = fsmp;
         }
-        return new ExtendedMetadataDelegate(mp, extendedMetadata);
+        ExtendedMetadataDelegate emd = new ExtendedMetadataDelegate(mp, extendedMetadata);
+        emd.setMetadataRequireSignature(false);
+        emd.setMetadataTrustCheck(false);
+        return emd;
     }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,10 @@ public ExtendedMetadataDelegate idpMetadata(SamlProperties samlProperties,`
`38`	`38`	`fsmp.setParserPool(parserPool);`
`39`	`39`	`mp = fsmp;`
`40`	`40`	`}`
`41`		`- return new ExtendedMetadataDelegate(mp, extendedMetadata);`
	`41`	`+ ExtendedMetadataDelegate emd = new ExtendedMetadataDelegate(mp, extendedMetadata);`
	`42`	`+ emd.setMetadataRequireSignature(false);`
	`43`	`+ emd.setMetadataTrustCheck(false);`
	`44`	`+ return emd;`
`42`	`45`	`}`
`43`	`46`
`44`	`47`	`}`