Remove previous session handler if we're not going to use it.
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Feb 2008 09:50:29 +0000 (09:50 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Feb 2008 09:50:29 +0000 (09:50 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2671 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java

index 2f1ff69..74c2199 100644 (file)
@@ -206,6 +206,7 @@ public class AuthenticationEngine extends HttpServlet {
                     && possibleLoginHandlers.containsKey(PreviousSessionLoginHandler.PREVIOUS_SESSION_AUTHN_METHOD)) {
                 authenticateUserWithPreviousSession(loginContext, possibleLoginHandlers, httpRequest, httpResponse);
             } else {
+                possibleLoginHandlers.remove(PreviousSessionLoginHandler.PREVIOUS_SESSION_AUTHN_METHOD);
                 Entry<String, LoginHandler> chosenLoginHandler = possibleLoginHandlers.entrySet().iterator().next();
                 authenticateUser(chosenLoginHandler.getKey(), chosenLoginHandler.getValue(), loginContext, httpRequest,
                         httpResponse);