From db5ee0cfc0d6456f1631c499f899113d2eda29d2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 11 Mar 2014 11:53:26 +0100 Subject: SAML1: if OA parameter is empty then return an error --- .../gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index d82bd1496..5bfaaa899 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.saml1; +import iaik.util.logging.Log; + import java.util.HashMap; import javax.servlet.http.HttpServletRequest; @@ -44,6 +46,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { @@ -101,6 +104,13 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { target = null; } + if (MiscUtil.isEmpty(oaURL)) { + Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + } + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); -- cgit v1.2.3