wso2-extensions · chamathns · Dec 1, 2023 · Nov 22, 2023 · Nov 22, 2023 · Nov 24, 2023
diff --git a/...n.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java b/...n.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * Copyright (c) 2010, WSO2 LLC. (http://www.wso2.org).
  *
- * WSO2 Inc. licenses this file to you under the Apache License,
+ * WSO2 LLC. licenses this file to you under the Apache License,
  *  Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License.
  * You may obtain a copy of the License at
@@ -126,7 +126,8 @@ public enum QueryParameter {
         SLO("slo"),
         RETURN_TO("returnTo"),
         SP_ENTITY_ID("spEntityID"),
-        SP_QUALIFIER("spQualifier");
+        SP_QUALIFIER("spQualifier"),
+        IS_PASSIVE("IsPassive");
 
         private final String parameterName;
 

diff --git a/...bon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOService.java b/...bon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOService.java
@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * Copyright (c) 2010, WSO2 LLC. (http://www.wso2.org).
  *
- * WSO2 Inc. licenses this file to you under the Apache License,
+ * WSO2 LLC. licenses this file to you under the Apache License,
  *  Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License.
  * You may obtain a copy of the License at
@@ -178,11 +178,11 @@ public SAMLSSOReqValidationResponseDTO validateIdPInitSSORequest(String relaySta
                                                                      QueryParamDTO[] queryParamDTOs,
                                                                      String serverURL, String sessionId,
                                                                      String rpSessionId, String authnMode,
-                                                                     boolean isLogout) throws IdentityException {
+                                                                     boolean isLogout, boolean isPassive) throws IdentityException {
 
         // For backward compatibility, SUPER_TENANT_DOMAIN was used as the cache maintaining tenant.
         return validateIdPInitSSORequest(relayState, queryString, queryParamDTOs, serverURL, sessionId, rpSessionId,
-                authnMode, isLogout, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
+                authnMode, isLogout, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, isPassive);
     }
 
     /**
@@ -206,7 +206,8 @@ public SAMLSSOReqValidationResponseDTO validateIdPInitSSORequest(String relaySta
                                                                      QueryParamDTO[] queryParamDTOs,
                                                                      String serverURL, String sessionId,
                                                                      String rpSessionId, String authnMode,
-                                                                     boolean isLogout, String loginTenantDomain)
+                                                                     boolean isLogout, String loginTenantDomain,
+                                                                     boolean isPassive)
             throws IdentityException {
 
         SAMLSSOReqValidationResponseDTO validationResponseDTO = null;
@@ -224,6 +225,7 @@ public SAMLSSOReqValidationResponseDTO validateIdPInitSSORequest(String relaySta
         }
         validationResponseDTO.setQueryString(queryString);
         validationResponseDTO.setRpSessionId(rpSessionId);
+        validationResponseDTO.setPassive(isPassive);
         return validationResponseDTO;
     }
 

diff --git a/....saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java b/....saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java
@@ -224,6 +224,8 @@ private void handleRequest(HttpServletRequest req, HttpServletResponse resp, boo
         String relayState = req.getParameter(SAMLSSOConstants.RELAY_STATE);
         String spEntityID = req.getParameter(SAMLSSOConstants.QueryParameter
                 .SP_ENTITY_ID.toString());
+        boolean isPassive = Boolean.valueOf(req.getParameter(SAMLSSOConstants.QueryParameter
+                .IS_PASSIVE.toString()));
         String samlRequest = req.getParameter(SAMLSSOConstants.SAML_REQUEST);
         String samlResponse = req.getParameter(SAMLSSOConstants.SAML_RESP);
         String sessionDataKey = getSessionDataKey(req);
@@ -308,7 +310,8 @@ private void handleRequest(HttpServletRequest req, HttpServletResponse resp, boo
                     return;
                 }
             } else if (spEntityID != null || slo != null) { // idp initiated SSO/SLO
-                handleIdPInitSSO(req, resp, relayState, queryString, authMode, sessionId, isPost, (slo != null));
+                handleIdPInitSSO(req, resp, relayState, queryString, authMode, sessionId, isPost,
+                        (slo != null), isPassive);
             } else if (samlRequest != null) {// SAMLRequest received. SP initiated SSO
                 handleSPInitSSO(req, resp, queryString, relayState, authMode, samlRequest, sessionId, isPost);
             } else if (samlResponse != null) {// SAMLResponse received.
@@ -649,7 +652,7 @@ private void sendNotification(String errorResp, String status, String message,
 
     private void handleIdPInitSSO(HttpServletRequest req, HttpServletResponse resp, String relayState,
                                   String queryString, String authMode, String sessionId,
-                                  boolean isPost, boolean isLogout) throws UserStoreException, IdentityException,
+                                  boolean isPost, boolean isLogout, boolean isPassive) throws UserStoreException, IdentityException,
                                                                       IOException, ServletException {
 
         DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = null;
@@ -671,7 +674,7 @@ private void handleIdPInitSSO(HttpServletRequest req, HttpServletResponse resp,
         String defaultLogoutLocation = FrameworkUtils.getRedirectURL(SAMLSSOUtil.getDefaultLogoutEndpoint(), req);
         SAMLSSOReqValidationResponseDTO signInRespDTO = samlSSOService.validateIdPInitSSORequest(
                 relayState, queryString, getQueryParams(req), defaultLogoutLocation, sessionId, rpSessionId,
-                authMode, isLogout, getLoggedInTenantDomain(req));
+                authMode, isLogout, getLoggedInTenantDomain(req), isPassive);
         setSPAttributeToRequest(req, signInRespDTO.getIssuer(), SAMLSSOUtil.getTenantDomainFromThreadLocal());
 
         if (!signInRespDTO.isLogOutReq()) {

diff --git a/...identity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/SAMLSSOServiceTest.java b/...identity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/SAMLSSOServiceTest.java
@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * Copyright (c) 2017, WSO2 LLC. (http://www.wso2.org).
  *
- * WSO2 Inc. licenses this file to you under the Apache License,
+ * WSO2 LLC. licenses this file to you under the Apache License,
  *  Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License.
  * You may obtain a copy of the License at
@@ -90,6 +90,16 @@ public static Object[][] authnRequests() {
         };
     }
 
+    @DataProvider(name = "testValidateIdPInitSSORequestAuthentication")
+    public static Object[][] idpInitAuthRequests() {
+        return new Object[][]{{true}, {false}};
+    }
+
+    @DataProvider(name = "testValidateIdPInitSSORequestLogout")
+    public static Object[][] idpInitLogoutRequests() {
+        return new Object[][]{{true}, {false}};
+    }
+
     @ObjectFactory
     public IObjectFactory getObjectFactory() {
         return new PowerMockObjectFactory();
@@ -185,8 +195,8 @@ private SAMLSSOReqValidationResponseDTO mockValidSPInitLogoutRequestProcessing(S
         return samlssoReqValidationResponseDTO;
     }
 
-    @Test
-    public void testValidateIdPInitSSORequestAuthentication() throws Exception {
+    @Test(dataProvider = "testValidateIdPInitSSORequestAuthentication")
+    public void testValidateIdPInitSSORequestAuthentication(boolean isPassive) throws Exception {
 
         // Inputs for SAMLSSOService's validateIdPInitSSORequest method.
         String relayState = null;
@@ -213,7 +223,7 @@ public void testValidateIdPInitSSORequestAuthentication() throws Exception {
         SAMLSSOService samlssoService = new SAMLSSOService();
         SAMLSSOReqValidationResponseDTO samlssoReqValidationResponseDTO = samlssoService.validateIdPInitSSORequest(
                 relayState, queryString, queryParamDTOs, serverURL, sessionId, rpSessionId, authnMode, isLogout,
-                MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
+                MultitenantConstants.SUPER_TENANT_DOMAIN_NAME,isPassive);
         assertTrue(samlssoReqValidationResponseDTO.isValid(), "Should be a valid SAML authentication request.");
         assertTrue(samlssoReqValidationResponseDTO.isIdPInitSSO(), "Should be an IDP initiated SAML SSO request.");
         assertEquals(samlssoReqValidationResponseDTO.getQueryString(), queryString, "Query String should be same as " +
@@ -222,8 +232,8 @@ public void testValidateIdPInitSSORequestAuthentication() throws Exception {
                 "the given input RpSessionId.");
     }
 
-    @Test
-    public void testValidateIdPInitSSORequestLogout() throws Exception {
+    @Test(dataProvider = "testValidateIdPInitSSORequestLogout")
+    public void testValidateIdPInitSSORequestLogout(boolean isPassive) throws Exception {
 
         // Inputs for SAMLSSOService's validateIdPInitSSORequest method.
         String relayState = null;
@@ -249,7 +259,7 @@ public void testValidateIdPInitSSORequestLogout() throws Exception {
         SAMLSSOService samlssoService = new SAMLSSOService();
         SAMLSSOReqValidationResponseDTO samlssoReqValidationResponseDTO = samlssoService.validateIdPInitSSORequest(
                 relayState, queryString, queryParamDTOs, serverURL, sessionId, rpSessionId, authnMode, isLogout,
-                MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
+                MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, isPassive);
         assertTrue(samlssoReqValidationResponseDTO.isValid(), "Should be a valid SAML SLO request.");
         assertTrue(samlssoReqValidationResponseDTO.isIdPInitSLO(), "Should be an IDP initiated SLO request");
         assertEquals(samlssoReqValidationResponseDTO.getQueryString(), queryString, "Query String should be same as " +