Skip to content

Commit

Permalink
SES-82 ECP profile is skipped when request supports ECP but profile i…
Browse files Browse the repository at this point in the history 
…sn't configured, before the entry point failed. Removed SP name qualifier as by default the identifiers are created in the namespace of the requester and value isn't needed.
  • Loading branch information
@vschafer
vschafer committed Mar 26, 2011
1 parent b0d9e6d commit 5528274
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 18 deletions.
20 changes: 8 additions & 12 deletions ...urity-saml/saml2-core/src/main/java/org/springframework/security/saml/SAMLEntryPoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,23 +144,19 @@ public void commence(HttpServletRequest request, HttpServletResponse response, A
SAMLMessageContext context = contextProvider.getLocalEntity(request, response);
SAMLMessageStorage storage = new HttpSessionStorage(request);
WebSSOProfileOptions options = getProfileOptions(request, response, context, e);
WebSSOProfile profile = webSSOprofile;

if (ecpRequest) {

if (webSSOprofileECP == null) {
throw new ServletException("ECP profile isn't available in the entry point, check your configuration");
if (webSSOprofileECP != null) {
logger.debug("Processing request using ECP profile");
profile = webSSOprofileECP;
} else {
logger.debug("Processing ECP request");
webSSOprofileECP.sendAuthenticationRequest(context, options, storage);
logger.debug("Request supports ECP but ECP profile isn't configured, using WebSSO");
}

} else {

logger.debug("Processing WebSSO request");
webSSOprofile.sendAuthenticationRequest(context, options, storage);

}

logger.debug("Processing SSO request");
profile.sendAuthenticationRequest(context, options, storage);
samlLogger.log(SAMLConstants.AUTH_N_REQUEST, SAMLConstants.SUCCESS, context, e);

}
Expand Down Expand Up @@ -200,7 +196,7 @@ protected boolean isECPRequest(HttpServletRequest request) {
*
* @param request request
* @param response response
* @param context containing local entity
* @param context containing local entity
* @param exception exception causing invocation of this entry point (can be null)
* @return populated webSSOprofile
* @throws MetadataProviderException in case metadata loading fails
Expand Down
15 changes: 9 additions & 6 deletions .../saml2-core/src/main/java/org/springframework/security/saml/websso/WebSSOProfileImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,16 +143,19 @@ protected void builNameIDPolicy(AuthnRequest request, WebSSOProfileOptions optio
NameIDPolicy nameIDPolicy = builder.buildObject();
nameIDPolicy.setFormat(options.getNameID());
nameIDPolicy.setAllowCreate(options.isAllowCreate());

// TODO The SPNameQualifier seems invalid when interacting with a Shibboleth IdP
nameIDPolicy.setSPNameQualifier(getSPNameQualifier());
request.setNameIDPolicy(nameIDPolicy);
}

}

/**
* SAML-Core 2218, Specifies that returned subject identifier should be returned in the namespace of the given SP.
*
* @return by default returns null
*/
protected String getSPNameQualifier() {
return metadata.getHostedSPName(); // TODO Fix
return null;
}

/**
Expand Down Expand Up @@ -202,9 +205,9 @@ private void buildReturnAddress(AuthnRequest request, AssertionConsumerService s
/**
* Fills the request with information about scoping, including IDP in the scope IDP List.
*
* @param request request to fill
* @param serviceURI destination to send the request to
* @param options options driving generation of the element, contains list of allowed IDPs
* @param request request to fill
* @param serviceURI destination to send the request to
* @param options options driving generation of the element, contains list of allowed IDPs
*/
protected void buildScoping(AuthnRequest request, SingleSignOnService serviceURI, WebSSOProfileOptions options) {

Expand Down

0 comments on commit 5528274

Please sign in to comment.