[SIDP-251[ - NPE when SAML1 Attribute Query Handler hit with GET request
[SIDP-252] - IdPSessionFilter throws ArrayIndexOutOfBoundsException on validation of unexpected cookie
[SIDP-257] - Previous session is used if the user has an existing session but the SP requests an authentication method that is not currently active.
-[SIDP-258] - Authentication Engine does not check to ensure returned authentication mechanism from Login Handler is acceptable to the SP
Changes in Release 2.1.0
=============================================
protected void validateSuccessfulAuthentication(LoginContext loginContext, HttpServletRequest httpRequest,
String authenticationMethod) throws AuthenticationException {
LOG.debug("Validating authentication was performed successfully");
-
- List<String> requestedAuthnMethods = loginContext.getRequestedAuthenticationMethods();
- if (requestedAuthnMethods != null && !requestedAuthnMethods.isEmpty()) {
- if (!requestedAuthnMethods.contains(authenticationMethod)) {
- LOG.error("User was authenticated but the authentication method reported by the LoginHandler does not meet relying party requirements");
- throw new AuthenticationException(
- "No authentication method, requested by the service provider, is supported");
- }
- }
-
+
String errorMessage = DatatypeHelper.safeTrimOrNullString((String) httpRequest
.getAttribute(LoginHandler.AUTHENTICATION_ERROR_KEY));
if (errorMessage != null) {