/*
- * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
+ * Copyright 2006 University Corporation for Advanced Internet Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package edu.internet2.middleware.shibboleth.idp.profile.saml2;
+import java.text.MessageFormat;
+
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SAMLObjectBuilder;
public void processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) throws ProfileException {
ArtifactResponse samlResponse;
- ArtifactResolutionRequestContext requestContext = decodeRequest(inTransport, outTransport);
-
+ ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
try {
+ decodeRequest(requestContext, inTransport, outTransport);
+
if (requestContext.getProfileConfiguration() == null) {
- log.error("SAML 2 Artifact Resolve profile is not configured for relying party "
- + requestContext.getInboundMessageIssuer());
- requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
- "SAML 2 Artifact Resolve profile is not configured for relying party "
- + requestContext.getInboundMessageIssuer()));
- throw new ProfileException("SAML 2 Artifact Resolve profile is not configured for relying party "
- + requestContext.getInboundMessageIssuer());
+ String msg = MessageFormat.format(
+ "SAML 2 Artifact Resolve profile is not configured for relying party ''{0}''", requestContext
+ .getInboundMessageIssuer());
+ requestContext
+ .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
+ log.warn(msg);
+ throw new ProfileException(msg);
}
checkSamlVersion(requestContext);
SAMLArtifactMapEntry artifactEntry = artifactMap.get(requestContext.getArtifact());
if (artifactEntry == null || artifactEntry.isExpired()) {
- log.error("Unknown artifact.");
- requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
- "Unknown artifact."));
+ String msg = MessageFormat.format("Unknown artifact ''{0}'' from relying party ''{1}''", requestContext
+ .getArtifact(), requestContext.getInboundMessageIssuer());
+ log.error(msg);
+ requestContext
+ .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
}
if (!artifactEntry.getIssuerId().equals(requestContext.getLocalEntityId())) {
- log.error("Artifact issuer mismatch. Artifact issued by " + artifactEntry.getIssuerId()
- + " but IdP has entity ID of " + requestContext.getLocalEntityId());
- requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
- "Artifact issuer mismatch."));
+ String msg = MessageFormat.format(
+ "Artifact issuer mismatch. Artifact issued by ''{0}'' but IdP has entity ID of ''{1}''",
+ artifactEntry.getIssuerId(), requestContext.getLocalEntityId());
+ log.warn(msg);
+ requestContext
+ .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
+ return;
}
if (!artifactEntry.getRelyingPartyId().equals(requestContext.getInboundMessageIssuer())) {
- log.error("Artifact requester mismatch. Artifact was issued to " + artifactEntry.getRelyingPartyId()
- + " but was resolve request came from " + requestContext.getInboundMessageIssuer());
- requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
- "Artifact requester mismatch."));
+ String msg = MessageFormat
+ .format(
+ "Artifact requester mismatch. Artifact was issued to ''{0}'' but the resolve request came from ''{1}''",
+ artifactEntry.getRelyingPartyId(), requestContext.getInboundMessageIssuer());
+ log.warn(msg);
+ requestContext
+ .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
+ return;
}
// create the SAML response
*
* @param inTransport inbound message transport
* @param outTransport outbound message transport
- *
- * @return the created request context
+ * @param requestContext request context to which decoded information should be added
*
* @throws ProfileException throw if there is a problem decoding the request
*/
- protected ArtifactResolutionRequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
- throws ProfileException {
- log.debug("Decoding message with decoder binding {}", getInboundBinding());
+ protected void decodeRequest(ArtifactResolutionRequestContext requestContext, HTTPInTransport inTransport,
+ HTTPOutTransport outTransport) throws ProfileException {
+ if (log.isDebugEnabled()) {
+ log.debug("Decoding message with decoder binding '{}'",
+ getInboundMessageDecoder(requestContext).getBindingURI());
+ }
- ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
requestContext.setCommunicationProfileId(getProfileId());
MetadataProvider metadataProvider = getMetadataProvider();
requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
try {
- SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
+ SAMLMessageDecoder decoder = getInboundMessageDecoder(requestContext);
requestContext.setMessageDecoder(decoder);
decoder.decode(requestContext);
- log.debug("Decoded request");
- return requestContext;
+ log.debug("Decoded request from relying party '{}'", requestContext.getInboundMessageIssuer());
} catch (MessageDecodingException e) {
- log.error("Error decoding artifact resolve message", e);
- requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error decoding message"));
- throw new ProfileException("Error decoding artifact resolve message");
+ String msg = "Error decoding artifact resolve message";
+ requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, msg));
+ log.warn(msg, e);
+ throw new ProfileException(msg);
} catch (SecurityException e) {
- log.error("Message did not meet security requirements", e);
- requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.REQUEST_DENIED_URI,
- "Message did not meet security requirements"));
- throw new ProfileException("Message did not meet security requirements", e);
+ String msg = "Message did not meet security requirements";
+ requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.REQUEST_DENIED_URI, msg));
+ log.warn(msg, e);
+ throw new ProfileException(msg, e);
} finally {
populateRequestContext(requestContext);
}
*/
protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
ArtifactResolve samlMessage = (ArtifactResolve) requestContext.getInboundSAMLMessage();
- ((ArtifactResolutionRequestContext) requestContext).setArtifact(samlMessage.getArtifact().getArtifact());
+ if (samlMessage != null && samlMessage.getArtifact() != null) {
+ ((ArtifactResolutionRequestContext) requestContext).setArtifact(samlMessage.getArtifact().getArtifact());
+ }
}
/**
return samlResponse;
}
- /** Represents the internal state of a SAML 2.0 Artiface resolver request while it's being processed by the IdP. */
+ /** Represents the internal state of a SAML 2.0 Artifact resolver request while it's being processed by the IdP. */
public class ArtifactResolutionRequestContext extends
BaseSAML2ProfileRequestContext<ArtifactResolve, ArtifactResponse, ArtifactResolutionConfiguration>
implements SAML2ArtifactMessageContext<ArtifactResolve, ArtifactResponse, NameID> {
projects / java-idp.git / blobdiff