From bbeef4d494f2af3b60a8093258887e4223dbe5d7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Nov 2017 08:13:34 +0100 Subject: Fix problem in SAML2 AuthnRequestValidator --- .../builder/assertion/PVP2AssertionBuilder.java | 3 ++- .../pvp2x/validation/AuthnRequestValidator.java | 24 +++++++++++++--------- 2 files changed, 16 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 45539da3f..196aa47af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -373,7 +373,8 @@ public class PVP2AssertionBuilder implements PVPConstants { //get NameIDFormat from request AuthnRequest authnReq = (AuthnRequestImpl) authnRequest; - if (authnReq.getNameIDPolicy() != null) { + if (authnReq.getNameIDPolicy() != null && + MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) { nameIDFormat = authnReq.getNameIDPolicy().getFormat(); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java index ab8fab5d1..4ae89466d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java @@ -28,6 +28,7 @@ import org.opensaml.saml2.core.NameIDPolicy; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; +import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz @@ -41,17 +42,20 @@ public class AuthnRequestValidator { NameIDPolicy nameIDPolicy = req.getNameIDPolicy(); if (nameIDPolicy != null) { String nameIDFormat = nameIDPolicy.getFormat(); - - if ( !(nameIDFormat != null && - (NameID.TRANSIENT.equals(nameIDFormat) || - NameID.PERSISTENT.equals(nameIDFormat) || - NameID.UNSPECIFIED.equals(nameIDFormat))) ) { - - throw new NameIDFormatNotSupportedException(nameIDFormat); + if (nameIDFormat != null) { + if ( !(NameID.TRANSIENT.equals(nameIDFormat) || + NameID.PERSISTENT.equals(nameIDFormat) || + NameID.UNSPECIFIED.equals(nameIDFormat)) ) { - } - } - + throw new NameIDFormatNotSupportedException(nameIDFormat); + + } + + } else + Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); + } else + Logger.trace("AuthnRequest includes no 'NameIDPolicy'"); + } -- cgit v1.2.3