return proper status code to IsPassive requests
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / idp / profile / saml2 / SSOProfileHandler.java
index 582e9fe..fd84784 100644 (file)
@@ -209,8 +209,13 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         try {
             if (loginContext.getPrincipalName() == null) {
                 log.error("User's login context did not contain a principal, user considered unauthenticiated.");
-                requestContext
+                if (loginContext.getPassiveAuth()) {
+                    requestContext
+                        .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.NO_PASSIVE_URI, null));
+                } else {
+                    requestContext
                         .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI, null));
+                }
                 throw new ProfileException("User failed authentication");
             }