Changes in Release 2.1.1
=============================================
+[SIDP-248] - Signing code in profile handlers and encoders should not just check that a signing credential is supplied, but that a signing key is available in that credential.
[SIDP-249] - PreviousSession INFO message printed as ERROR message
[SIDP-250] - AuthenticationEngine::returnToAuthenticationEngine() static method called before servlet init() when clustered.
[SIDP-252] - IdPSessionFilter throws ArrayIndexOutOfBoundsException on validation of unexpected cookie
if (profileConfig.getSignResponses() == CryptoOperationRequirementLevel.always
|| (profileConfig.getSignResponses() == CryptoOperationRequirementLevel.conditional && !encoder
.providesMessageIntegrity(requestContext))) {
- Credential signingCredential = null;
- if (profileConfig.getSigningCredential() != null) {
- signingCredential = profileConfig.getSigningCredential();
- } else if (requestContext.getRelyingPartyConfiguration().getDefaultSigningCredential() != null) {
+ Credential signingCredential = profileConfig.getSigningCredential();
+ if (signingCredential == null) {
signingCredential = requestContext.getRelyingPartyConfiguration().getDefaultSigningCredential();
}
"Signing of responses is required but no signing credential is available");
}
+ if (signingCredential.getPrivateKey() == null) {
+ throw new ProfileException(
+ "Signing of response is required but signing credential does not have a private key");
+ }
+
requestContext.setOutboundSAMLMessageSigningCredential(signingCredential);
}
}