Add some logging messages
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / idp / profile / saml2 / SSOProfileHandler.java
index af2de05..f198ba9 100644 (file)
@@ -18,7 +18,6 @@ package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
 import java.io.IOException;
 import java.util.ArrayList;
-import java.util.List;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -57,6 +56,7 @@ import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.io.UnmarshallingException;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
+import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.SSOConfiguration;
 import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
@@ -87,9 +87,6 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
 
-    /** URI of SAML 2 bindings supported for outgoing messaged encoding. */
-    private ArrayList<String> supportedOutgoingBindings;
-
     /** URI of request decoder. */
     private String decodingBinding;
 
@@ -97,25 +94,13 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
      * Constructor.
      * 
      * @param authnManagerPath path to the authentication manager servlet
-     * @param outgoingBindings URIs of SAML 2 bindings supported for outgoing message encoding
-     * @param decoder URI of the request decoder to use
      */
     @SuppressWarnings("unchecked")
-    public SSOProfileHandler(String authnManagerPath, List<String> outgoingBindings, String decoder) {
+    public SSOProfileHandler(String authnManagerPath) {
         super();
 
-        if (authnManagerPath == null || decoder == null) {
-            throw new IllegalArgumentException("AuthN manager path or decoding bindings URI may not be null");
-        }
         authenticationManagerPath = authnManagerPath;
 
-        if (outgoingBindings == null || outgoingBindings.isEmpty()) {
-            throw new IllegalArgumentException("List of supported outgoing bindings may not be empty");
-        }
-        supportedOutgoingBindings = new ArrayList<String>(outgoingBindings);
-
-        decodingBinding = decoder;
-
         authnStatementBuilder = (SAMLObjectBuilder<AuthnStatement>) getBuilderFactory().getBuilder(
                 AuthnStatement.DEFAULT_ELEMENT_NAME);
         authnContextBuilder = (SAMLObjectBuilder<AuthnContext>) getBuilderFactory().getBuilder(
@@ -136,7 +121,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
     /** {@inheritDoc} */
     public void processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) throws ProfileException {
         HttpServletRequest servletRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
-        HttpSession httpSession = servletRequest.getSession();
+        HttpSession httpSession = servletRequest.getSession(true);
 
         if (httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY) == null) {
             performAuthentication(inTransport, outTransport);
@@ -162,13 +147,16 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         try {
             SSORequestContext requestContext = decodeRequest(inTransport, outTransport);
 
-            String relyingPartyId = requestContext.getPeerEntityId();
+            String relyingPartyId = requestContext.getInboundMessageIssuer();
             RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-            if (rpConfig == null) {
-                log.error("No relying party configuration for " + relyingPartyId);
-                throw new ProfileException("No relying party configuration for " + relyingPartyId);
+            ProfileConfiguration ssoConfig = rpConfig.getProfileConfiguration(SSOConfiguration.PROFILE_ID);
+            if (ssoConfig == null) {
+                log.error("SAML 2 SSO profile is not configured for relying party " + requestContext.getInboundMessageIssuer());
+                throw new ProfileException("SAML 2 SSO profile is not configured for relying party "
+                        + requestContext.getInboundMessageIssuer());
             }
 
+            log.debug("Creating login context and transferring control to authentication engine");
             Saml2LoginContext loginContext = new Saml2LoginContext(relyingPartyId, requestContext.getRelayState(),
                     requestContext.getInboundSAMLMessage());
             loginContext.setAuthenticationEngineURL(authenticationManagerPath);
@@ -261,9 +249,14 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         }
 
         SSORequestContext requestContext = new SSORequestContext();
+        requestContext.setMetadataProvider(getMetadataProvider());
+        
         requestContext.setInboundMessageTransport(inTransport);
+        requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
+        requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+        
         requestContext.setOutboundMessageTransport(outTransport);
-        requestContext.setMetadataProvider(getMetadataProvider());
+        requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
         try {
             SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
@@ -295,6 +288,8 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         SSORequestContext requestContext = new SSORequestContext();
 
         try {
+            requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
+            
             requestContext.setLoginContext(loginContext);
             requestContext.setPrincipalName(loginContext.getPrincipalName());
             requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
@@ -311,7 +306,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             requestContext.setMetadataProvider(metadataProvider);
 
             String relyingPartyId = loginContext.getRelyingPartyId();
-            requestContext.setPeerEntityId(relyingPartyId);
+            requestContext.setInboundMessageIssuer(relyingPartyId);
             EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
             requestContext.setPeerEntityMetadata(relyingPartyMetadata);
             requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
@@ -333,6 +328,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             SSOConfiguration profileConfig = (SSOConfiguration) rpConfig
                     .getProfileConfiguration(SSOConfiguration.PROFILE_ID);
             requestContext.setProfileConfiguration(profileConfig);
+            requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
             if (profileConfig.getSigningCredential() != null) {
                 requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
             } else if (rpConfig.getDefaultSigningCredential() != null) {
@@ -449,10 +445,10 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         AuthnResponseEndpointSelector endpointSelector = new AuthnResponseEndpointSelector();
         endpointSelector.setEndpointType(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
         endpointSelector.setMetadataProvider(getMetadataProvider());
-        endpointSelector.setRelyingParty(requestContext.getPeerEntityMetadata());
-        endpointSelector.setRelyingPartyRole(requestContext.getPeerEntityRoleMetadata());
+        endpointSelector.setEntityMetadata(requestContext.getPeerEntityMetadata());
+        endpointSelector.setEntityRoleMetadata(requestContext.getPeerEntityRoleMetadata());
         endpointSelector.setSamlRequest(requestContext.getInboundSAMLMessage());
-        endpointSelector.getSupportedIssuerBindings().addAll(supportedOutgoingBindings);
+        endpointSelector.getSupportedIssuerBindings().addAll(getSupportedOutboundBindings());
         return endpointSelector.selectEndpoint();
     }