Fix bug SIDP-58

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2483 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
index bdefac4..713ec62 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
@@ -23,6 +23,7 @@ import org.opensaml.common.binding.BasicEndpointSelector;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml1.core.AttributeQuery;
+import org.opensaml.saml1.core.AttributeStatement;
 import org.opensaml.saml1.core.Request;
 import org.opensaml.saml1.core.Response;
 import org.opensaml.saml1.core.Statement;
@@ -88,9 +89,10 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
                 requestContext.setReleasedAttributes(requestContext.getPrincipalAttributes().keySet());
 
                 ArrayList<Statement> statements = new ArrayList<Statement>();
-                if (!requestContext.getPrincipalAttributes().isEmpty()) {
-                    statements.add(buildAttributeStatement(requestContext,
-                            "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"));
+                AttributeStatement attributeStatement = buildAttributeStatement(requestContext,
+                        "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
+                if (attributeStatement != null) {
+                    statements.add(attributeStatement);
                 }
 
                 samlResponse = buildResponse(requestContext, statements);

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
index c8c5325..275a220 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpSession;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml1.core.AttributeStatement;
 import org.opensaml.saml1.core.AuthenticationStatement;
 import org.opensaml.saml1.core.Request;
 import org.opensaml.saml1.core.Response;
@@ -113,8 +114,9 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         if (loginContext == null) {
             log.debug("User session does not contain a login context, processing as first leg of request");
             performAuthentication(inTransport, outTransport);
-        }else if (!loginContext.isPrincipalAuthenticated()){
-            log.debug("User session contained a login context but user was not authenticated, processing as first leg of request");
+        } else if (!loginContext.isPrincipalAuthenticated()) {
+            log
+                    .debug("User session contained a login context but user was not authenticated, processing as first leg of request");
             performAuthentication(inTransport, outTransport);
         } else {
             log.debug("User session contains a login context, processing as second leg of request");
@@ -249,10 +251,13 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
             ArrayList<Statement> statements = new ArrayList<Statement>();
             statements.add(buildAuthenticationStatement(requestContext));
-            if (requestContext.getProfileConfiguration().includeAttributeStatement()
-                    && !requestContext.getPrincipalAttributes().isEmpty()) {
-                requestContext.setRequestedAttributes(requestContext.getPrincipalAttributes().keySet());
-                statements.add(buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:bearer"));
+            if (requestContext.getProfileConfiguration().includeAttributeStatement()) {
+                AttributeStatement attributeStatement = buildAttributeStatement(requestContext,
+                        "urn:oasis:names:tc:SAML:1.0:cm:bearer");
+                if (attributeStatement != null) {
+                    requestContext.setRequestedAttributes(requestContext.getPrincipalAttributes().keySet());
+                    statements.add(attributeStatement);
+                }
             }
 
             samlResponse = buildResponse(requestContext, statements);

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
index c1a7cbf..6fe99bc 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
@@ -23,6 +23,7 @@ import org.opensaml.common.binding.BasicEndpointSelector;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Statement;
 import org.opensaml.saml2.core.StatusCode;
@@ -92,8 +93,9 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
             // Lookup principal name and attributes, create attribute statement from information
             ArrayList<Statement> statements = new ArrayList<Statement>();
-            if(!requestContext.getPrincipalAttributes().isEmpty()){
-                statements.add(buildAttributeStatement(requestContext));
+            AttributeStatement attributeStatement = buildAttributeStatement(requestContext);
+            if (attributeStatement != null) {
+                statements.add(attributeStatement);
             }
 
             // create the SAML response

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index 6f794a1..5d13655 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -28,6 +28,7 @@ import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.AuthnResponseEndpointSelector;
+import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.AuthnContext;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextDeclRef;
@@ -226,10 +227,12 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
 
             ArrayList<Statement> statements = new ArrayList<Statement>();
             statements.add(buildAuthnStatement(requestContext));
-            if (requestContext.getProfileConfiguration().includeAttributeStatement()
-                    && !requestContext.getPrincipalAttributes().isEmpty()) {
-                requestContext.setRequestedAttributes(requestContext.getPrincipalAttributes().keySet());
-                statements.add(buildAttributeStatement(requestContext));
+            if (requestContext.getProfileConfiguration().includeAttributeStatement()){
+                AttributeStatement attributeStatement = buildAttributeStatement(requestContext);
+                if(attributeStatement != null){
+                    requestContext.setRequestedAttributes(requestContext.getPrincipalAttributes().keySet());
+                    statements.add(attributeStatement);
+                }
             }
 
             samlResponse = buildResponse(requestContext, "urn:oasis:names:tc:SAML:2.0:cm:bearer", statements);