Log, on debug, when login handlers report an error during authentication - SIDP-510
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 10 Oct 2011 18:51:14 +0000 (18:51 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 10 Oct 2011 18:51:14 +0000 (18:51 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@3075 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

doc/RELEASE-NOTES.txt
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java

index dbc691d..9e0ded3 100644 (file)
@@ -1,5 +1,6 @@
 Changes in Release 2.3.4
 =============================================
+[SIDP-510] - Error with stack trace when passive cannot be honored
 [SIDP-511] - ExternalAuthnSystemLoginHandler does not support forceAuthn/isPassive
 [SIDP-513] - idpui taglib could look for more languages matches
 [SIDP-514] - Alt text for IdP Logos is not esapiEncoder.encodeForHTMLAttribute
index 50801c8..a1fdf79 100644 (file)
@@ -531,6 +531,9 @@ public class AuthenticationEngine extends HttpServlet {
 
             // Check to make sure the login handler did the right thing
             validateSuccessfulAuthentication(loginContext, httpRequest, actualAuthnMethod);
+            if(loginContext.getAuthenticationFailure() != null){
+                returnToProfileHandler(httpRequest, httpResponse);
+            }
 
             // Check for an overridden authn instant.
             DateTime actualAuthnInstant = (DateTime) httpRequest.getAttribute(LoginHandler.AUTHENTICATION_INSTANT_KEY);
@@ -584,15 +587,21 @@ public class AuthenticationEngine extends HttpServlet {
         String errorMessage = DatatypeHelper.safeTrimOrNullString((String) httpRequest
                 .getAttribute(LoginHandler.AUTHENTICATION_ERROR_KEY));
         if (errorMessage != null) {
-            LOG.error("Error returned from login handler for authentication method {}:\n{}",
+            LOG.debug("Error returned from login handler for authentication method {}:\n{}",
                     loginContext.getAttemptedAuthnMethod(), errorMessage);
-            throw new AuthenticationException(errorMessage);
+            loginContext.setAuthenticationFailure(new AuthenticationException(errorMessage));
+            loginContext.setPrincipalAuthenticated(false);
+            return;
         }
 
         AuthenticationException authnException = (AuthenticationException) httpRequest
                 .getAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY);
         if (authnException != null) {
-            throw authnException;
+            LOG.debug("Exception returned from login handler for authentication method {}:\n{}",
+                    loginContext.getAttemptedAuthnMethod(), authnException);
+            loginContext.setAuthenticationFailure(authnException);
+            loginContext.setPrincipalAuthenticated(false);
+            return;
         }
 
         Subject subject = (Subject) httpRequest.getAttribute(LoginHandler.SUBJECT_KEY);