We're updating the issue view to help you get more done. 

Remember me support through SAML validation

Description

I think remember me is a must-have feature so it would be great if SAML validation could notify the client application that the user is in remember mode (configured like this : https://wiki.jasig.org/display/CASUM/Remember+Me).

For service ticket validation through SAML (/samlValidate), I would change the Saml10SuccessResponseView class :

  • add a constant :

private static final String REMEMBERME_ATTRIBUTE_NAME = "isRemembered";

  • change the way of calculating SAML attributes :

// remember me
boolean isRemembered = (authentication.getAttributes()
.get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME) == Boolean.TRUE && !assertion
.isFromNewLogin());

if (!authentication.getPrincipal().getAttributes().isEmpty() || isRemembered) {
final SAMLAttributeStatement attributeStatement = new SAMLAttributeStatement();

attributeStatement.setSubject(getSamlSubject(authentication));
samlAssertion.addStatement(attributeStatement);

for (final Entry<String, Object> e : authentication.getPrincipal().getAttributes().entrySet()) {
final SAMLAttribute attribute = new SAMLAttribute();
attribute.setName(e.getKey());
attribute.setNamespace(NAMESPACE);

if (e.getValue() instanceof Collection<?>) {
final Collection<?> c = (Collection<?>) e.getValue();
if (c.isEmpty()) {
// 100323 bnoordhuis: don't add the attribute, it causes a org.opensaml.MalformedException
continue;
}
attribute.setValues(c);
} else {
attribute.addValue(e.getValue());
}

attributeStatement.addAttribute(attribute);
}

// remember me
if (isRemembered) {
final SAMLAttribute attribute = new SAMLAttribute();
attribute.setName(REMEMBERME_ATTRIBUTE_NAME);
attribute.setNamespace(NAMESPACE);
attribute.addValue(true);
attributeStatement.addAttribute(attribute);
}
}

Environment

None

Status

Assignee

ScottS

Reporter

Jérôme LELEU

Labels

None

Estimated End Date

None

Audience

None

Fix versions

Priority

Major