SAML1: if OA parameter is empty then return an error

1 files changed, 10 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index d82bd1496..5bfaaa899 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.saml1;
 
+import iaik.util.logging.Log;
+
 import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
@@ -44,6 +46,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
 
 public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
@@ -101,6 +104,13 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 			target = null;
 		}
 		
+		if (MiscUtil.isEmpty(oaURL)) {
+			Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
+			throw new WrongParametersException("StartAuthentication", PARAM_OA,
+					"auth.12");
+			
+		}
+		
 		if (!ParamValidatorUtils.isValidOA(oaURL))
 			throw new WrongParametersException("StartAuthentication", PARAM_OA,
 					"auth.12");