diff --git a/build.gradle b/build.gradle index d2b31e0e6627a..f698fa052afaa 100644 --- a/build.gradle +++ b/build.gradle @@ -179,8 +179,8 @@ task verifyVersions { * after the backport of the backcompat code is complete. */ -boolean bwc_tests_enabled = true -final String bwc_tests_disabled_issue = "" /* place a PR link here when committing bwc changes */ +boolean bwc_tests_enabled = false +final String bwc_tests_disabled_issue = "https://github.com/elastic/elasticsearch/pull/46534" /* place a PR link here when committing bwc changes */ if (bwc_tests_enabled == false) { if (bwc_tests_disabled_issue.isEmpty()) { throw new GradleException("bwc_tests_disabled_issue must be set when bwc_tests_enabled == false") diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/saml/SamlPrepareAuthenticationRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/saml/SamlPrepareAuthenticationRequest.java index 21ec96ca9a253..a41ac0f378641 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/saml/SamlPrepareAuthenticationRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/saml/SamlPrepareAuthenticationRequest.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.core.security.action.saml; +import org.elasticsearch.Version; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.common.Nullable; @@ -24,10 +25,16 @@ public final class SamlPrepareAuthenticationRequest extends ActionRequest { @Nullable private String assertionConsumerServiceURL; + @Nullable + private String relayState; + public SamlPrepareAuthenticationRequest(StreamInput in) throws IOException { super(in); realmName = in.readOptionalString(); assertionConsumerServiceURL = in.readOptionalString(); + if (in.getVersion().onOrAfter(Version.V_7_5_0)) { + relayState = in.readOptionalString(); + } } public SamlPrepareAuthenticationRequest() { @@ -54,11 +61,20 @@ public void setAssertionConsumerServiceURL(String assertionConsumerServiceURL) { this.assertionConsumerServiceURL = assertionConsumerServiceURL; } + public String getRelayState() { + return relayState; + } + + public void setRelayState(String relayState) { + this.relayState = relayState; + } + @Override public String toString() { return getClass().getSimpleName() + "{" + "realmName=" + realmName + ", assertionConsumerServiceURL=" + assertionConsumerServiceURL + + ", relayState=" + relayState + '}'; } @@ -67,5 +83,8 @@ public void writeTo(StreamOutput out) throws IOException { super.writeTo(out); out.writeOptionalString(realmName); out.writeOptionalString(assertionConsumerServiceURL); + if (out.getVersion().onOrAfter(Version.V_7_5_0)) { + out.writeOptionalString(relayState); + } } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/saml/TransportSamlPrepareAuthenticationAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/saml/TransportSamlPrepareAuthenticationAction.java index 5c8da3828559d..4b6cd89adea84 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/saml/TransportSamlPrepareAuthenticationAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/saml/TransportSamlPrepareAuthenticationAction.java @@ -49,14 +49,14 @@ protected void doExecute(Task task, SamlPrepareAuthenticationRequest request, } else if (realms.size() > 1) { listener.onFailure(SamlUtils.samlException("Found multiple matching realms [{}] for [{}]", realms, request)); } else { - prepareAuthentication(realms.get(0), listener); + prepareAuthentication(realms.get(0), request.getRelayState(), listener); } } - private void prepareAuthentication(SamlRealm realm, ActionListener listener) { + private void prepareAuthentication(SamlRealm realm, String relayState, ActionListener listener) { final AuthnRequest authnRequest = realm.buildAuthenticationRequest(); try { - String redirectUrl = new SamlRedirect(authnRequest, realm.getSigningConfiguration()).getRedirectUrl(); + String redirectUrl = new SamlRedirect(authnRequest, realm.getSigningConfiguration()).getRedirectUrl(relayState); listener.onResponse(new SamlPrepareAuthenticationResponse( realm.name(), authnRequest.getID(), diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRedirect.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRedirect.java index b728fb03bcdd1..1c46a89478f27 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRedirect.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRedirect.java @@ -25,7 +25,7 @@ public class SamlRedirect { private final SAMLObject samlObject; private final String destination; private final String parameterName; - private final SigningConfiguration signing; + private final SigningConfiguration signing; public SamlRedirect(RequestAbstractType request, SigningConfiguration signing) { this.samlObject = request; diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java index 84ff7ba1edf2b..b227f2c767f67 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java @@ -44,6 +44,7 @@ public class RestSamlPrepareAuthenticationAction extends SamlBaseRestHandler { static { PARSER.declareString(SamlPrepareAuthenticationRequest::setAssertionConsumerServiceURL, new ParseField("acs")); PARSER.declareString(SamlPrepareAuthenticationRequest::setRealmName, new ParseField("realm")); + PARSER.declareString(SamlPrepareAuthenticationRequest::setRelayState, new ParseField("relay_state")); } public RestSamlPrepareAuthenticationAction(Settings settings, RestController controller, XPackLicenseState licenseState) { diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/SamlPrepareAuthenticationRequestTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/SamlPrepareAuthenticationRequestTests.java index c610215152035..20138dc9a79b8 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/SamlPrepareAuthenticationRequestTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/SamlPrepareAuthenticationRequestTests.java @@ -18,6 +18,7 @@ public void testSerialiseNonNullCriteria() throws IOException { final SamlPrepareAuthenticationRequest req = new SamlPrepareAuthenticationRequest(); req.setRealmName("saml1"); req.setAssertionConsumerServiceURL("https://sp.example.com/sso/saml2/post"); + req.setRelayState("the_relay_state"); serialiseAndValidate(req); } @@ -25,6 +26,7 @@ public void testSerialiseNullCriteria() throws IOException { final SamlPrepareAuthenticationRequest req = new SamlPrepareAuthenticationRequest(); req.setRealmName(null); req.setAssertionConsumerServiceURL(null); + req.setRelayState(null); serialiseAndValidate(req); } @@ -36,7 +38,8 @@ private void serialiseAndValidate(SamlPrepareAuthenticationRequest req1) throws assertThat(req2.getRealmName(), Matchers.equalTo(req1.getRealmName())); assertThat(req2.getAssertionConsumerServiceURL(), Matchers.equalTo(req1.getAssertionConsumerServiceURL())); + assertThat(req2.getRelayState(), Matchers.equalTo(req1.getRelayState())); assertThat(req2.getParentTask(), Matchers.equalTo(req1.getParentTask())); } -} \ No newline at end of file +}