diff options
author | Thomas <thomas.lenz@egiz.gv.at> | 2019-10-16 15:06:58 +0200 |
---|---|---|
committer | Thomas <thomas.lenz@egiz.gv.at> | 2019-10-16 15:06:58 +0200 |
commit | 77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f (patch) | |
tree | ccccb895d3928081e1640040074644f2df8cfa90 /eaaf_core | |
parent | eb96b99fa4e72eeba245a2b0c81a9f6a32002866 (diff) | |
download | EAAF-Components-77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f.tar.gz EAAF-Components-77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f.tar.bz2 EAAF-Components-77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f.zip |
Check if Consent is required before protocol post-processing starts. The process stops if Consent is needed
Diffstat (limited to 'eaaf_core')
-rw-r--r-- | eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index b4b188b6..090ea501 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -157,17 +157,25 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer //do not remove the full active SSO-Session // in case of only one Service-Provider authentication request is aborted if ( !pendingReq.needSingleSignOnFunctionality()) { - transactionStorage.remove(pendingReq.getPendingRequestId()); - + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + } //check if pending-request are authenticated - } else if (pendingReq.isAuthenticated()) { + } else if (pendingReq.isAuthenticated() && !pendingReq.isNeedUserConsent()) { internalFinalizeAuthenticationProcess(req, resp, pendingReq); } else { - //suspect state: pending-request is not aborted but also are not authenticated - log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); + //suspect state: pending-request is not aborted but also are not authenticated + log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(), pendingReq.isNeedUserConsent()); + if (pendingReq.isNeedUserConsent()) { + log.error("PendingRequest NEEDS user-consent. Can NOT fininalize authentication --> Abort authentication process!"); + + } else { + log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); + + } + handleErrorNoRedirect( new EAAFException( "auth.20", @@ -179,9 +187,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer log.error("Finalize authentication protocol FAILED." , e); buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); - if (pendingReq != null) - transactionStorage.remove(pendingReq.getPendingRequestId()); - } //remove pending-request |