aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-29 08:13:34 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-29 08:13:34 +0100
commitbbeef4d494f2af3b60a8093258887e4223dbe5d7 (patch)
treec4395211b8608b4952393b21a849131a8bd6cef2 /id/server/idserverlib/src
parentb77f94b81123ddf50ea02fd893254579dc220880 (diff)
downloadmoa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.tar.gz
moa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.tar.bz2
moa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.zip
Fix problem in SAML2 AuthnRequestValidator
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java24
2 files changed, 16 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 45539da3f..196aa47af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -373,7 +373,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
//get NameIDFormat from request
AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
- if (authnReq.getNameIDPolicy() != null) {
+ if (authnReq.getNameIDPolicy() != null &&
+ MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
nameIDFormat = authnReq.getNameIDPolicy().getFormat();
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index ab8fab5d1..4ae89466d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -28,6 +28,7 @@ import org.opensaml.saml2.core.NameIDPolicy;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moaspss.logging.Logger;
/**
* @author tlenz
@@ -41,17 +42,20 @@ public class AuthnRequestValidator {
NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
if (nameIDPolicy != null) {
String nameIDFormat = nameIDPolicy.getFormat();
-
- if ( !(nameIDFormat != null &&
- (NameID.TRANSIENT.equals(nameIDFormat) ||
- NameID.PERSISTENT.equals(nameIDFormat) ||
- NameID.UNSPECIFIED.equals(nameIDFormat))) ) {
-
- throw new NameIDFormatNotSupportedException(nameIDFormat);
+ if (nameIDFormat != null) {
+ if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+ NameID.PERSISTENT.equals(nameIDFormat) ||
+ NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
- }
- }
-
+ throw new NameIDFormatNotSupportedException(nameIDFormat);
+
+ }
+
+ } else
+ Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");
+ } else
+ Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+
}