import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
-import org.apache.log4j.Logger;
import org.opensaml.Configuration;
+import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnContextDeclRef;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
private static final long serialVersionUID = -2518779446947534977L;
/** Class logger. */
- private final Logger log = Logger.getLogger(Saml2LoginContext.class);
+ private final Logger log = LoggerFactory.getLogger(Saml2LoginContext.class);
+
+ /** Relay state from authentication request. */
+ private String relayState;
/** Serialized authentication request. */
private String serialAuthnRequest;
* Creates a new instance of Saml2LoginContext.
*
* @param relyingParty entity ID of the relying party
+ * @param state relay state from incoming authentication request
* @param request SAML 2.0 Authentication Request
*
* @throws MarshallingException thrown if the given request can not be marshalled and serialized into a string
*/
- public Saml2LoginContext(String relyingParty, AuthnRequest request) throws MarshallingException {
+ public Saml2LoginContext(String relyingParty, String state, AuthnRequest request) throws MarshallingException {
super();
if (relyingParty == null || request == null) {
throw new IllegalArgumentException("SAML 2 authentication request and relying party ID may not be null");
}
setRelyingParty(relyingParty);
+ relayState = state;
authnRequest = request;
serialAuthnRequest = serializeRequest(request);
- setForceAuth(authnRequest.isForceAuthn());
- setPassiveAuth(authnRequest.isPassive());
+ setForceAuthRequired(authnRequest.isForceAuthn());
+ setPassiveAuthRequired(authnRequest.isPassive());
getRequestedAuthenticationMethods().addAll(extractRequestedAuthenticationMethods());
}
return authnRequest;
}
+
+ /**
+ * Gets the relay state from the orginating authentication request.
+ *
+ * @return relay state from the orginating authentication request
+ */
+ public String getRelayState(){
+ return relayState;
+ }
/**
* Gets the requested authentication context information from the authentication request.
/**
* Extracts the authentication methods requested within the request.
*
- * @return requested authentication methods
+ * @return requested authentication methods, or an empty list if no preference
*/
protected List<String> extractRequestedAuthenticationMethods(){
ArrayList<String> requestedMethods = new ArrayList<String>();
// build a list of all requested authn classes and declrefs
List<AuthnContextClassRef> authnClasses = authnContext.getAuthnContextClassRefs();
- List<AuthnContextDeclRef> authnDeclRefs = authnContext.getAuthnContextDeclRefs();
-
if (authnClasses != null) {
for (AuthnContextClassRef classRef : authnClasses) {
- if (classRef != null) {
+ if (classRef != null && !DatatypeHelper.isEmpty(classRef.getAuthnContextClassRef())) {
requestedMethods.add(classRef.getAuthnContextClassRef());
}
}
}
+ List<AuthnContextDeclRef> authnDeclRefs = authnContext.getAuthnContextDeclRefs();
if (authnDeclRefs != null) {
for (AuthnContextDeclRef declRef : authnDeclRefs) {
- if (declRef != null) {
+ if (declRef != null&& !DatatypeHelper.isEmpty(declRef.getAuthnContextDeclRef())) {
requestedMethods.add(declRef.getAuthnContextDeclRef());
}
}
}
+
+ if(requestedMethods.contains(AuthnContext.UNSPECIFIED_AUTHN_CTX)){
+ requestedMethods.clear();
+ }
return requestedMethods;
}
projects / java-idp.git / blobdiff