Log plan NameID value even if it is encrypted later - SIDP-279

author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Tue, 3 Mar 2009 08:31:09 +0000 (08:31 +0000)

committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Tue, 3 Mar 2009 08:31:09 +0000 (08:31 +0000)
author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 3 Mar 2009 08:31:09 +0000 (08:31 +0000)
committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 3 Mar 2009 08:31:09 +0000 (08:31 +0000)
diff --git a/doc/RELEASE-NOTES.txt b/doc/RELEASE-NOTES.txt

index 3a5a155..cd2f3e5 100644 (file)
--- a/doc/RELEASE-NOTES.txt
+++ b/doc/RELEASE-NOTES.txt
@@ -4,6 +4,7 @@ Changes in Release 2.1.3
  [SIDP-263] - Suggest adding defaultSigningCredentialRef to the AnonymousRelyingParty element in the default config
  [SIDP-276] - Example RDB Connector, quote principal
  [SIDP-277] - Incorrect null check for request context in UsernamePasswordServlet
+[SIDP-279] - IdP should log NameID for auditing
  [SIDP-280] - when an Idp has no outside (WAN) access Idp fails to collect or release attributes
  [SIDP-285] - Use $IDP_SCOPE$ to populate IdP scope in conf-tmpl\attribute-resolver.xml
  [SIDP-291] - Update libs for 2.1.3 release
diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java

index bb2f659..52a32ea 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
@@ -784,7 +784,9 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                                  || supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
                              log.debug("Using attribute {} supporting NameID format {} to create the NameID.", attribute
                                      .getId(), nameIdEncoder.getNameFormat());
-                            return nameIdEncoder.encode(attribute);
+                            NameID nameIdentifier = nameIdEncoder.encode(attribute);
+                            requestContext.setSubjectNameIdentifier(nameIdentifier);
+                            return nameIdentifier;
                          }
                      }
                  }
@@ -903,6 +905,9 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
  
          /** The response to the SAML request. */
          private StatusResponseType samlResponse;
+        
+        /** The unencrypted NameID for the SAML response. */
+        private NameID unencryptedNameId;
  
          /**
           * Gets the response to the SAML request.
@@ -921,12 +926,29 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
          public void setSAMLResponse(StatusResponseType response) {
              samlResponse = response;
          }
+        
+        /**
+         * Gets the unencrypted NameID for the SAML response.
+         * 
+         * @return unencrypted NameID for the SAML response
+         */
+        public NameID getUnencryptedNameId() {
+            return unencryptedNameId;
+        }
+        
+        /**
+         * Sets the unencrypted NameID for the SAML response.
+         * 
+         * @param id unencrypted NameID for the SAML response
+         */
+        public void setUnencryptedNameId(NameID id) {
+            unencryptedNameId = id;
+        }
  
          /** {@inheritDoc} */
          public String toString() {
              StringBuilder entryString = new StringBuilder(super.toString());
  
-            NameID nameIdentifier = null;
              StringBuilder assertionIds = new StringBuilder();
  
              if (samlResponse instanceof Response) {
@@ -935,18 +957,12 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                      for (Assertion assertion : assertions) {
                          assertionIds.append(assertion.getID());
                          assertionIds.append(",");
-
-                        if (nameIdentifier == null) {
-                            if (assertion.getSubject() != null) {
-                                nameIdentifier = assertion.getSubject().getNameID();
-                            }
-                        }
                      }
                  }
              }
  
-            if (nameIdentifier != null) {
-                entryString.append(nameIdentifier.getValue());
+            if (unencryptedNameId != null) {
+                entryString.append(unencryptedNameId.getValue());
              }
              entryString.append("|");
author	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Tue, 3 Mar 2009 08:31:09 +0000 (08:31 +0000)
committer	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Tue, 3 Mar 2009 08:31:09 +0000 (08:31 +0000)
doc/RELEASE-NOTES.txt		patch \| blob \| history
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java		patch \| blob \| history