fix redirect loop within authentication engine

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2522 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java b/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
index 6107c04..ba85465 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
@@ -210,7 +210,8 @@ public class AuthenticationEngine extends HttpServlet {
 
         if (handler == null) {
             loginContext.setPrincipalAuthenticated(false);
-            loginContext.setAuthenticationFailureMessage("No AuthenticationHandler satisfys the request from: "
+            loginContext.setAuthenticationAttempted();
+            loginContext.setAuthenticationFailureMessage("No AuthenticationHandler satisfies the request from: "
                     + loginContext.getRelyingPartyId());
             LOG.error("No AuthenticationHandler satisfies the request from relying party: "
                     + loginContext.getRelyingPartyId());

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
index 502ccd1..b8f892a 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -114,7 +114,7 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         if (loginContext == null) {
             log.debug("User session does not contain a login context, processing as first leg of request");
             performAuthentication(inTransport, outTransport);
-        } else if (!loginContext.isPrincipalAuthenticated()) {
+        } else if (!loginContext.isPrincipalAuthenticated() && !loginContext.getAuthenticationAttempted()) {
             log.debug("User session contained a login context but user was not authenticated, processing as first leg of request");
             performAuthentication(inTransport, outTransport);
         } else {

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index 904540a..4a0eb55 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -131,7 +131,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         if (loginContext == null) {
             log.debug("User session does not contain a login context, processing as first leg of request");
             performAuthentication(inTransport, outTransport);
-        } else if (!loginContext.isPrincipalAuthenticated()) {
+        } else if (!loginContext.isPrincipalAuthenticated() && !loginContext.getAuthenticationAttempted()) {
             log.debug("User session contained a login context but user was not authenticated, processing as first leg of request");
             performAuthentication(inTransport, outTransport);
         } else {