import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
log.debug("User session does not contain a login context, processing as first leg of request");
performAuthentication(inTransport, outTransport);
} else if (!loginContext.isPrincipalAuthenticated() && !loginContext.getAuthenticationAttempted()) {
- log.debug("User session contained a login context but user was not authenticated, processing as first leg of request");
+ log
+ .debug("User session contained a login context but user was not authenticated, processing as first leg of request");
performAuthentication(inTransport, outTransport);
} else {
log.debug("User session contains a login context, processing as second leg of request");
protected ShibbolethSSORequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
log.debug("Decoding message with decoder binding {}", getInboundBinding());
-
+
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
ShibbolethSSORequestContext requestContext = new ShibbolethSSORequestContext();
protected void completeAuthenticationRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
- HttpSession httpSession = httpRequest.getSession(true);
-
- ShibbolethSSOLoginContext loginContext = (ShibbolethSSOLoginContext) httpSession
+ ShibbolethSSOLoginContext loginContext = (ShibbolethSSOLoginContext) httpRequest
.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
- httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
ShibbolethSSORequestContext requestContext = buildRequestContext(loginContext, inTransport, outTransport);
.getAuthenticationFailure().toString());
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "User failed authentication"));
}
-
+
resolveAttributes(requestContext);
ArrayList<Statement> statements = new ArrayList<Statement>();
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.SSOConfiguration;
import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
-import edu.internet2.middleware.shibboleth.idp.authn.ForceAuthenticationException;
import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
import edu.internet2.middleware.shibboleth.idp.authn.PassiveAuthenticationException;
import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
protected void completeAuthenticationRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
HttpServletRequest servletRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
- HttpSession httpSession = servletRequest.getSession();
-
- Saml2LoginContext loginContext = (Saml2LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
- httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
+ Saml2LoginContext loginContext = (Saml2LoginContext) servletRequest.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
SSORequestContext requestContext = buildRequestContext(loginContext, inTransport, outTransport);
checkSamlVersion(requestContext);