<classpathentry kind="src" path="resources/conf"/>
<classpathentry kind="src" path="resources/classpath"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry combineaccessrules="false" exported="true" kind="src" path="/java-shib-common"/>
<classpathentry kind="lib" path="build-lib/servlet-2.4.jar"/>
<classpathentry kind="lib" path="build-lib/junit-3.8.1.jar"/>
<classpathentry kind="lib" path="build-lib/spring-2.0.5-mock.jar"/>
+ <classpathentry combineaccessrules="false" exported="true" kind="src" path="/java-shib-common-logging"/>
<classpathentry kind="output" path="bin"/>
</classpath>
<jar destfile="${idp.home}/war/${war.name}" whenempty="fail">
<zipfileset dir="${webinf-temp.dir}" prefix="WEB-INF/" />
<zipfileset dir="${webpages.dir}" prefix="" />
- <zipfileset dir="${lib.dir}" prefix="WEB-INF/lib/" excludes="**/log4j*.jar" />
+ <zipfileset dir="${lib.dir}" prefix="WEB-INF/lib/" excludes="**/log4j-1.2.14.jar" />
<zipfileset file="${dist.dir}/${jar.name}" prefix="WEB-INF/lib/" />
</jar>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Basic configuration used until the IdP can load the real configuration -->
+<configuration>
+
+ <appender name="STDOUT"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </layout>
+ </appender>
+
+ <root>
+ <level value="warn" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
\ No newline at end of file
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+ <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
+ <constructor-arg value="true" type="boolean" />
+ </bean>
+
+ <bean id="shibboleth.LogbackLogging" class="edu.internet2.middleware.shibboleth.common.log.LogbackLoggingService" depends-on="shibboleth.TaskTimer">
+ <constructor-arg ref="shibboleth.TaskTimer" />
+ <constructor-arg value="$IDP_HOME$/conf/logging.xml" />
+ <constructor-arg value="600000" />
+ </bean>
+
<!-- Spring configuration file that boostraps OpenSAML -->
- <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean"
- lazy-init="false">
+ <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean" depends-on="shibboleth.LogbackLogging">
<constructor-arg>
<list>
<bean id="shibMetadataExtensions" class="org.opensaml.util.resource.ClasspathResource">
</constructor-arg>
</bean>
- <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator">
+ <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator" depends-on="shibboleth.LogbackLogging">
<constructor-arg value="SHA1PRNG" />
</bean>
- <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
+ <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" depends-on="shibboleth.LogbackLogging">
<property name="velocityProperties">
<props>
<prop key="resource.loader">classpath, string</prop>
</bean>
<bean id="shibboleth.TemplateEngine"
- class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine">
+ class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine"
+ depends-on="shibboleth.LogbackLogging">
<constructor-arg ref="shibboleth.VelocityEngine" />
</bean>
- <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool">
+ <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool" depends-on="shibboleth.LogbackLogging">
<property name="maxPoolSize" value="50" />
<property name="createBuildersAtPoolLimit" value="true" />
<property name="coalescing" value="true" />
<property name="namespaceAware" value="true" />
</bean>
- <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
- <constructor-arg value="true" type="boolean" />
- </bean>
-
- <bean id="shibboleth.StorageService" class="org.opensaml.util.storage.MapBasedStorageService" />
+ <bean id="shibboleth.StorageService" class="org.opensaml.util.storage.MapBasedStorageService" depends-on="shibboleth.LogbackLogging" />
- <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper">
+ <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper" depends-on="shibboleth.LogbackLogging">
<constructor-arg ref="shibboleth.TaskTimer" />
<constructor-arg ref="shibboleth.StorageService" />
<constructor-arg value="600000" type="long" />
</bean>
<bean id="shibboleth.SessionManager"
- class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl">
+ class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl"
+ depends-on="shibboleth.LogbackLogging">
<constructor-arg ref="shibboleth.StorageService" />
<constructor-arg value="1800000" type="long" />
</bean>
- <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap">
+ <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap" depends-on="shibboleth.LogbackLogging">
<constructor-arg ref="shibboleth.StorageService" />
<constructor-arg type="long" value="300000" />
</bean>
- <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache">
+ <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache" depends-on="shibboleth.LogbackLogging">
<constructor-arg ref="shibboleth.StorageService" />
<constructor-arg type="long" value="300000" />
</bean>
</util:map>
<bean id="shibboleth.SAML1AttributeAuthority"
- class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML1AttributeAuthority">
+ class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML1AttributeAuthority" depends-on="shibboleth.LogbackLogging">
<constructor-arg ref="shibboleth.AttributeResolver" />
<property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
</bean>
<bean id="shibboleth.SAML2AttributeAuthority"
- class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority">
+ class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority" depends-on="shibboleth.LogbackLogging">
<constructor-arg ref="shibboleth.AttributeResolver" />
<property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
</bean>
<bean id="shibboleth.ServletAttributeExporter"
- class="org.springframework.web.context.support.ServletContextAttributeExporter">
+ class="org.springframework.web.context.support.ServletContextAttributeExporter" depends-on="shibboleth.LogbackLogging">
<property name="attributes">
<map>
<entry>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration>
+
+ <!--
+ Logging appenders define where and how logging messages are logged.
+ -->
+ <appender name="IDP_ACCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>$IDP_HOME$/logs/idp-access.log</File>
+ <ImmediateFlush>true</ImmediateFlush>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <FileNamePattern>idp-access-%d{yyyy-MM-dd}.log</FileNamePattern>
+ </rollingPolicy>
+
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>%msg%n</Pattern>
+ </layout>
+ </appender>
+
+ <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>$IDP_HOME$/logs/idp-audit.log</File>
+ <ImmediateFlush>true</ImmediateFlush>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <FileNamePattern>idp-audit-%d{yyyy-MM-dd}.log</FileNamePattern>
+ </rollingPolicy>
+
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>%msg%n</Pattern>
+ </layout>
+ </appender>
+
+ <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>$IDP_HOME$/logs/idp.log</File>
+ <!-- Uncomment this if application is terminating in such as way that the last few log messages are not written to disk -->
+ <!--
+ <ImmediateFlush>true</ImmediateFlush>
+ -->
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <FileNamePattern>idp-%d{yyyy-MM-dd}.log</FileNamePattern>
+ </rollingPolicy>
+
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <!-- General logging pattern -->
+ <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern>
+
+ <!-- Debug logging pattern -->
+ <!--
+ <Pattern>%date{HH:mm:ss.SSS} %level [%logger:%line] - %msg%n</Pattern>
+ -->
+ </layout>
+ </appender>
+
+ <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+ <ImmediateFlush>true</ImmediateFlush>
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern>
+ </layout>
+ </appender>
+
+ <!--
+ Loggers define inidicate which packages/categories are logged, at which level, and to which appender.
+ Levels: ALL, ERROR, WARN, INFO, DEBUG, OFF
+ -->
+
+ <!-- Logs IdP, but not OpenSAML, messages -->
+ <logger name="edu.internet2.shibboleth">
+ <level value="INFO" />
+ <appender-ref ref="IDP_PROCESS" />
+ </logger>
+
+ <!-- Logs OpenSAML, but not IdP, messages -->
+ <logger name="org.opensaml">
+ <level value="OFF" />
+ <appender-ref ref="IDP_PROCESS" />
+ </logger>
+
+
+
+
+
+ <!-- Do no edit the loggers below here. -->
+ <logger name="Shibbolath-Access">
+ <level value="ALL" />
+ <appender-ref ref="IDP_ACCESS" />
+ </logger>
+
+ <logger name="Shibbolath-Audit">
+ <level value="ALL" />
+ <appender-ref ref="IDP_AUDIT" />
+ </logger>
+
+ <root>
+ <level value="WARN" />
+ <appender-ref ref="IDP_PROCESS" />
+ </root>
+
+</configuration>
\ No newline at end of file
<body>
<img src="images/logo.jpg" />
<h2>Shibboleth Identity Provider Login</h2>
-
- <% if ("true".equals(request.getParameter("loginFailed"))) { %>
- <p>Authentication Failed</p>
- <% } %>
-
- <form action="Authn/UserPassword" method="post">
<table>
<tr>
<td>Username:</td>
<td><input name="j_password" type="password" tabindex="2" /></td>
</tr>
<tr>
- <td rowspan="2"><input type="submit" value="Login" tabindex="3" /></td>
+ <td rowspan="2"><button tabindex="3"/></td>
</tr>
</table>
- </form>
</html>
\ No newline at end of file
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.Pair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.session.SessionManager;
import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
private static final long serialVersionUID = 8494202791991613148L;
/** Class logger. */
- private static final Logger LOG = Logger.getLogger(AuthenticationEngine.class);
+ private static final Logger LOG = LoggerFactory.getLogger(AuthenticationEngine.class);
/**
* Gets the manager used to retrieve handlers for requests.
*
* @param httpRequest current http request
* @param httpResponse current http response
- *
- * @throws ServletException thrown if unable to return to authentication engine
*/
- public static void returnToAuthenticationEngine(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
- throws ServletException {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Returning control to authentication engine");
- }
+ public static void returnToAuthenticationEngine(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
+ LOG.debug("Returning control to authentication engine");
HttpSession httpSession = httpRequest.getSession();
LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
if (loginContext == null) {
LOG.error("User HttpSession did not contain a login context. Unable to return to authentication engine");
- throw new ServletException(
- "User HttpSession did not contain a login context. Unable to return to authentication engine");
}
forwardRequest(loginContext.getAuthenticationEngineURL(), httpRequest, httpResponse);
}
*/
public static void returnToProfileHandler(LoginContext loginContext, HttpServletRequest httpRequest,
HttpServletResponse httpResponse) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Returning control to profile handler at: " + loginContext.getProfileHandlerURL());
- }
+ LOG.debug("Returning control to profile handler at: {}", loginContext.getProfileHandlerURL());
forwardRequest(loginContext.getProfileHandlerURL(), httpRequest, httpResponse);
}
dispatcher.forward(httpRequest, httpResponse);
return;
} catch (IOException e) {
- LOG.fatal("Unable to return control back to authentication engine", e);
+ LOG.error("Unable to return control back to authentication engine", e);
} catch (ServletException e) {
- LOG.fatal("Unable to return control back to authentication engine", e);
+ LOG.error("Unable to return control back to authentication engine", e);
}
}
@SuppressWarnings("unchecked")
protected void service(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException,
IOException {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Processing incoming request");
- }
+ LOG.debug("Processing incoming request");
if (httpResponse.isCommitted()) {
LOG.error("HTTP Response already committed");
AuthenticationMethodInformation authenticationMethod = getUsableExistingAuthenticationMethod(
loginContext, shibSession);
if (authenticationMethod != null) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("An active authentication method is applicable for relying party. "
- + "Using authentication method " + authenticationMethod.getAuthenticationMethod()
- + " as authentication method to relying party without re-authenticating user.");
- }
+ LOG
+ .debug(
+ "An active authentication method is applicable for relying party. "
+ + "Using authentication method {} as authentication method to relying party without re-authenticating user.",
+ authenticationMethod.getAuthenticationMethod());
authenticateUserWithActiveMethod(httpRequest, httpResponse, authenticationMethod);
}
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("No active authentication method is applicable for relying party. "
- + "Authenticating user with to be determined method.");
- }
+ LOG.debug("No active authentication method is applicable for relying party. "
+ + "Authenticating user with to be determined method.");
authenticateUserWithoutActiveMethod1(httpRequest, httpResponse);
} else {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Request returned from authentication handler, completing authentication process.");
- }
+ LOG.debug("Request returned from authentication handler, completing authentication process.");
authenticateUserWithoutActiveMethod2(httpRequest, httpResponse);
}
String shibSessionId = (String) httpSession.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
Session shibSession = getSessionManager().getSession(shibSessionId);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Populating login context with existing session and authentication method information.");
- }
+ LOG.debug("Populating login context with existing session and authentication method information.");
LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
loginContext.setAuthenticationDuration(authenticationMethod.getAuthenticationDuration());
loginContext.setAuthenticationInstant(authenticationMethod.getAuthenticationInstant());
protected void authenticateUserWithoutActiveMethod1(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
HttpSession httpSession = httpRequest.getSession();
LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("Selecting appropriate authentication method for request.");
- }
+ LOG.debug("Selecting appropriate authentication method for request.");
Pair<String, LoginHandler> handler = getProfileHandlerManager().getAuthenticationHandler(loginContext);
if (handler == null) {
return;
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("Authentication method " + handler.getFirst() + " will be used to authenticate user.");
- }
+ LOG.debug("Authentication method {} will be used to authenticate user.", handler.getFirst());
loginContext.setAuthenticationAttempted();
loginContext.setAuthenticationDuration(handler.getSecond().getAuthenticationDuration());
loginContext.setAuthenticationMethod(handler.getFirst());
loginContext.setAuthenticationEngineURL(HttpHelper.getRequestUriWithoutContext(httpRequest));
- if (LOG.isDebugEnabled()) {
- LOG.debug("Transferring control to authentication handler of type: "
- + handler.getSecond().getClass().getName());
- }
+ LOG.debug("Transferring control to authentication handler of type: {}", handler.getSecond().getClass()
+ .getName());
handler.getSecond().login(httpRequest, httpResponse);
}
Session shibSession = getSessionManager().getSession(shibSessionId);
if (shibSession == null) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Creating shibboleth session for principal " + principalName);
- }
+ LOG.debug("Creating shibboleth session for principal {}", principalName);
InetAddress addr;
try {
httpSession.setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, shibSession.getSessionID());
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("Recording authentication and service information in Shibboleth session for principal: "
- + principalName);
- }
+ LOG.debug("Recording authentication and service information in Shibboleth session for principal: {}",
+ principalName);
Subject subject = (Subject) httpRequest.getAttribute(LoginHandler.SUBJECT_KEY);
AuthenticationMethodInformation authnMethodInfo = new AuthenticationMethodInformationImpl(subject, loginContext
.getAuthenticationMethod(), new DateTime(), loginContext.getAuthenticationDuration());
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
-import org.apache.log4j.Logger;
import org.opensaml.Configuration;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
private static final long serialVersionUID = -2518779446947534977L;
/** Class logger. */
- private final Logger log = Logger.getLogger(Saml2LoginContext.class);
+ private final Logger log = LoggerFactory.getLogger(Saml2LoginContext.class);
/** Relay state from authentication request. */
private String relayState;
package edu.internet2.middleware.shibboleth.idp.authn.provider;
-import java.io.IOException;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.log4j.Logger;
-import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
-import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
/**
* IP Address authentication handler.
public class IPAddressLoginHandler extends AbstractLoginHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(IPAddressLoginHandler.class);
+ private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandler.class);
/** The URI of the AuthnContextDeclRef or the AuthnContextClass. */
private String authnMethodURI = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol";
for (String addr : entries) {
try {
- ipList.add(new edu.internet2.middleware.shibboleth.idp.authn.provider.IPAddressLoginHandler.IPEntry(addr));
+ ipList.add(new edu.internet2.middleware.shibboleth.idp.authn.provider.IPAddressLoginHandler.IPEntry(
+ addr));
} catch (UnknownHostException ex) {
log.error("IPAddressHandler: Error parsing entry \"" + addr + "\". Ignoring.");
}
handleDefaultAllow(httpRequest, httpResponse);
}
- try {
- AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
- } catch (ServletException e) {
- // this shouldn't ever happen since the handler can only be accessed through the authentication engine
- return;
- }
+ AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
}
protected void handleDefaultDeny(HttpServletRequest request, HttpServletResponse response) {
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.log4j.Logger;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
private static final long serialVersionUID = 1745454095756633626L;
/** Class logger. */
- private final Logger log = Logger.getLogger(RemoteUserAuthServlet.class);
+ private final Logger log = LoggerFactory.getLogger(RemoteUserAuthServlet.class);
/** {@inheritDoc} */
protected void service(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException,
IOException {
String principalName = httpRequest.getRemoteUser();
- if (log.isDebugEnabled()) {
- log.debug("Remote user identified as " + principalName
- + " returning control back to authentication engine");
- }
+ log.debug("Remote user identified as {} returning control back to authentication engine", principalName);
httpRequest.setAttribute(LoginHandler.PRINCIPAL_NAME_KEY, httpRequest.getRemoteUser());
-
- try {
- AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
- } catch (ServletException e) {
- throw new ServletException("Unable to return to authentication engine. "
- + "Authentication servlet should not be accessed directly.");
- }
-
+ AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
}
}
\ No newline at end of file
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.log4j.Logger;
import org.opensaml.util.URLBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Authentication Handler that redirects to servlet protected by a Web Single-Sign-On system.
public class RemoteUserLoginHandler extends AbstractLoginHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(RemoteUserLoginHandler.class);
+ private final Logger log = LoggerFactory.getLogger(RemoteUserLoginHandler.class);
/** The URL of the SSO-protected servlet. */
private String servletURL;
urlBuilder.setPort(httpRequest.getLocalPort());
urlBuilder.setPath(pathBuilder.toString());
- if (log.isDebugEnabled()) {
- log.debug("Redirecting to " + urlBuilder.buildURL());
- }
-
+ log.debug("Redirecting to {}", urlBuilder.buildURL());
httpResponse.sendRedirect(urlBuilder.buildURL());
return;
} catch (IOException ex) {
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.log4j.Logger;
import org.opensaml.util.URLBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Authenticate a username and password against a JAAS source.
*
- * This authenticaiton handler requires a JSP to collect a username and password from the user. It also requires
- * a JAAS configuration file to validate the username and password.
+ * This authenticaiton handler requires a JSP to collect a username and password from the user. It also requires a JAAS
+ * configuration file to validate the username and password.
*
* If an Authentication Context Class or DeclRef URI is not specified, it will default to
* "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport".
public class UsernamePasswordLoginHandler extends AbstractLoginHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(UsernamePasswordLoginHandler.class);
+ private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandler.class);
/** The URL of the servlet used to perform authentication. */
private String authenticationServletURL;
- /**
+ /**
* Constructor.
- *
+ *
* @param servletURL URL to the authentication servlet
*/
- public UsernamePasswordLoginHandler(String servletURL){
+ public UsernamePasswordLoginHandler(String servletURL) {
super();
setSupportsPassive(false);
setSupportsForceAuthentication(true);
urlBuilder.setPort(httpRequest.getLocalPort());
urlBuilder.setPath(pathBuilder.toString());
- if (log.isDebugEnabled()) {
- log.debug("Redirecting to " + urlBuilder.buildURL());
- }
-
+ log.debug("Redirecting to {}", urlBuilder.buildURL());
httpResponse.sendRedirect(urlBuilder.buildURL());
return;
} catch (IOException ex) {
import java.io.IOException;
import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.log4j.Logger;
import org.opensaml.util.URLBuilder;
import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.util.Pair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
private static final long serialVersionUID = -572799841125956990L;
/** Class logger. */
- private final Logger log = Logger.getLogger(RemoteUserAuthServlet.class);
+ private final Logger log = LoggerFactory.getLogger(RemoteUserAuthServlet.class);
/** Name of JAAS configuration used to authenticate users. */
private final String jaasConfigName = "ShibUserPassAuth";
/** Login page name. */
private final String loginPage = "login.jsp";
-
- /** Parameter name to indicate login failure. */
- private final String failureParam = "loginFailed";
/** HTTP request parameter containing the user name. */
private final String usernameAttribute = "j_username";
String password = DatatypeHelper.safeTrimOrNullString(request.getParameter(passwordAttribute));
if (username == null || password == null) {
- redirectToLoginPage(request, response, null);
+ redirectToLoginPage(request, response);
return;
}
if (authenticateUser(request)) {
- try {
- AuthenticationEngine.returnToAuthenticationEngine(request, response);
- } catch (ServletException e) {
- throw new ServletException("Unable to return to authentication engine. "
- + "Authentication servlet should not be accessed directly.");
- }
+ AuthenticationEngine.returnToAuthenticationEngine(request, response);
} else {
- List<Pair<String, String>> queryParams = new ArrayList<Pair<String, String>>();
- queryParams.add(new Pair<String, String>(failureParam, "true"));
- redirectToLoginPage(request, response, queryParams);
+ redirectToLoginPage(request, response);
return;
}
}
*
* @param request current request
* @param response current response
- * @param queryParams query parameters to pass to the login page
*/
- protected void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response,
- List<Pair<String, String>> queryParams) {
+ protected void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response) {
try {
StringBuilder pathBuilder = new StringBuilder();
pathBuilder.append(request.getContextPath());
urlBuilder.setHost(request.getLocalName());
urlBuilder.setPort(request.getLocalPort());
urlBuilder.setPath(pathBuilder.toString());
- if (queryParams != null) {
- urlBuilder.getQueryParams().addAll(queryParams);
- }
-
- if (log.isDebugEnabled()) {
- log.debug("Redirecting to login page " + urlBuilder.buildURL());
- }
+ log.debug("Redirecting to login page {}", urlBuilder.buildURL());
response.sendRedirect(urlBuilder.buildURL());
return;
} catch (IOException ex) {
jaasConfigName, cbh);
jaasLoginCtx.login();
- log.debug("Successfully authenticated user " + username);
+ log.debug("Successfully authenticated user {}", username);
Subject subject = jaasLoginCtx.getSubject();
Principal principal = subject.getPrincipals().iterator().next();
return true;
} catch (LoginException e) {
- if (log.isDebugEnabled()) {
- log.debug("User authentication failed", e);
- }
+ log.debug("User authentication failed", e);
return false;
}
}
/**
- * A callback handler that provides static name and password data to a JAAS login process.
+ * A callback handler that provides static name and password data to a JAAS loging process.
*
* This handler only supports {@link NameCallback} and {@link PasswordCallback}.
*/
package edu.internet2.middleware.shibboleth.idp.config.profile;
-import org.apache.log4j.Logger;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
AbstractShibbolethProfileHandlerBeanDefinitionParser {
/** Class loggger. */
- private static Logger log = Logger.getLogger(AbstractSAMLProfileHandlerBeanDefinitionParser.class);
+ private static Logger log = LoggerFactory.getLogger(AbstractSAMLProfileHandlerBeanDefinitionParser.class);
/** {@inheritDoc} */
protected void doParse(Element config, BeanDefinitionBuilder builder) {
- if (log.isInfoEnabled()) {
- log.info("Parsing configuration for " + config.getLocalName() + " SAML profile handler.");
- }
+ log.info("Parsing configuration for {} SAML profile handler.", config.getLocalName());
super.doParse(config, builder);
builder.addPropertyReference("idGenerator", config.getAttributeNS(null, "idGeneratorId"));
import javax.xml.namespace.QName;
-import org.apache.log4j.Logger;
import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ProfileHandlerGroup");
/** Class logger. */
- private static Logger log = Logger.getLogger(ProfileHandlerGroupBeanDefinitionParser.class);
+ private static Logger log = LoggerFactory.getLogger(ProfileHandlerGroupBeanDefinitionParser.class);
/** {@inheritDoc} */
protected AbstractBeanDefinition parseInternal(Element config, ParserContext context) {
List<Element> children;
children = configChildren.get(new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ErrorHandler"));
- if(log.isDebugEnabled()){
- log.debug(children.size() + " error handler definitions found");
- }
+ log.debug("{} error handler definitions found", children.size());
builder.addPropertyValue("errorHandler", SpringConfigurationUtils.parseCustomElement(children.get(0), context));
children = configChildren.get(new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ProfileHandler"));
- if(log.isDebugEnabled()){
- log.debug(children.size() + " profile handler definitions found");
- }
+ log.debug("{} profile handler definitions found", children.size());
builder.addPropertyValue("profileHandlers", SpringConfigurationUtils.parseCustomElements(children, context));
children = configChildren.get(new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "LoginHandler"));
- if(log.isDebugEnabled()){
- log.debug(children.size() + " login handler definitions found");
- }
+ log.debug("{} login handler definitions found", children.size());
builder.addPropertyValue("loginHandlers", SpringConfigurationUtils.parseCustomElements(children,
context));
import java.util.ArrayList;
import java.util.List;
-import org.apache.log4j.Logger;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.w3c.dom.Element;
public abstract class AbstractLoginHandlerBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
/** Class logger. */
- private static Logger log = Logger.getLogger(AbstractLoginHandlerBeanDefinitionParser.class);
+ private static Logger log = LoggerFactory.getLogger(AbstractLoginHandlerBeanDefinitionParser.class);
/** {@inheritDoc} */
protected void doParse(Element config, BeanDefinitionBuilder builder) {
- if (log.isInfoEnabled()) {
- log.info("Parsing configuration for " + config.getLocalName() + " authentication handler.");
- }
+ log.info("Parsing configuration for {} authentication handler.", config.getLocalName());
int duration = Integer.parseInt(config.getAttributeNS(null, "authenticationDuration"));
- if (log.isDebugEnabled()) {
- log.debug("Authentication handler declared duration of " + duration + " minutes");
- }
+ log.debug("Authentication handler declared duration of {} minutes", duration);
builder.addPropertyValue("authenticationDuration", duration);
String authnMethod;
ProfileHandlerNamespaceHandler.NAMESPACE, "AuthenticationMethod");
for (Element authnMethodElem : authnMethodElems) {
authnMethod = DatatypeHelper.safeTrimOrNullString(authnMethodElem.getTextContent());
- if (log.isDebugEnabled()) {
- log.debug("Authentication handler declared support for authentication method " + authnMethod);
- }
+ log.debug("Authentication handler declared support for authentication method {}", authnMethod);
authnMethods.add(authnMethod);
}
builder.addPropertyValue("authenticationMethods", authnMethods);
import javax.xml.namespace.QName;
-import org.apache.log4j.Logger;
-import org.opensaml.log.Level;
import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "UsernamePassword");
/** Class logger. */
- private final Logger log = Logger.getLogger("UsernamePasswordAuthenticationHandlerBeanDefinitionParser");
+ private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandlerBeanDefinitionParser.class);
/** {@inheritDoc} */
protected Class getBeanClass(Element element) {
"authenticationServletURL")));
String jaasConfigurationURL = DatatypeHelper.safeTrim(config.getAttributeNS(null, "jaasConfigurationLocation"));
- log.log(Level.CRITICAL, "Setting JAAS configuration file to: " + jaasConfigurationURL);
+ log.info("Setting JAAS configuration file to: {}", jaasConfigurationURL);
System.setProperty("java.security.auth.login.config", jaasConfigurationURL);
}
}
\ No newline at end of file
import javax.xml.namespace.QName;
-import org.opensaml.xml.util.DatatypeHelper;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.util.XMLHelper;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
/** {@inheritDoc} */
protected void doParse(Element config, ParserContext context, BeanDefinitionBuilder builder) {
Map<QName, List<Element>> configChildren = XMLHelper.getChildElements(config);
- List<Element> children;
-
- children = configChildren.get(new QName(IdPServicesNamespaceHandler.NAMESPACE, "LoggingConfiguration"));
- if (children != null && children.size() > 0) {
- builder.addPropertyValue("loggingService", SpringConfigurationUtils.parseCustomElement(children.get(0), context));
- }
-
- children = configChildren.get(new QName(ServiceNamespaceHandler.NAMESPACE, "Service"));
+ List<Element> children = configChildren.get(new QName(ServiceNamespaceHandler.NAMESPACE, "Service"));
builder.addConstructorArg(SpringConfigurationUtils.parseCustomElements(children, context));
}
* Collection of services loaded by the IdP.
*/
public class IdPServicesBean {
-
- /** Serivce components loaded into the IdP. */
+
+ /** Service components loaded into the IdP. */
private List<BaseService> services;
/**
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
import org.opensaml.common.IdentifierGenerator;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
-import org.opensaml.log.Level;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.InTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager, Session> {
/** SAML message audit log. */
- private final Logger auditLog = Logger.getLogger(AuditLogEntry.AUDIT_LOGGER_NAME);
+ private final Logger auditLog = LoggerFactory.getLogger(AuditLogEntry.AUDIT_LOGGER_NAME);
/** Class logger. */
- private final Logger log = Logger.getLogger(AbstractSAMLProfileHandler.class);
+ private final Logger log = LoggerFactory.getLogger(AbstractSAMLProfileHandler.class);
/** Generator of IDs which may be used for SAML assertions, requests, etc. */
private IdentifierGenerator idGenerator;
try {
Endpoint peerEndpoint = requestContext.getPeerEntityEndpoint();
if (peerEndpoint == null) {
- log.error("No return endpoint available for relying party " + requestContext.getInboundMessageIssuer());
+ log.error("No return endpoint available for relying party {}", requestContext
+ .getInboundMessageIssuer());
throw new ProfileException("No peer endpoint available to which to send SAML response");
}
SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
if (encoder == null) {
- log.error("No outbound message encoder configured for binding "
- + requestContext.getPeerEntityEndpoint().getBinding());
+ log.error("No outbound message encoder configured for binding {}", requestContext
+ .getPeerEntityEndpoint().getBinding());
throw new ProfileException("No outbound message encoder configured for binding "
+ requestContext.getPeerEntityEndpoint().getBinding());
}
-
- if (log.isDebugEnabled()) {
- log.debug("Encoding response to SAML request " + requestContext.getInboundSAMLMessageId()
- + " from relying party " + requestContext.getInboundMessageIssuer() + " with outbound binding "
- + encoder.getBindingURI());
- }
+ log.debug("Encoding response to SAML request {} from relying party {}", requestContext
+ .getInboundSAMLMessageId(), requestContext.getInboundMessageIssuer());
requestContext.setMessageEncoder(encoder);
encoder.encode(requestContext);
if (context.getReleasedAttributes() != null) {
auditLogEntry.getReleasedAttributes().addAll(context.getReleasedAttributes());
}
- getAduitLog().log(Level.CRITICAL, auditLogEntry);
+
+ getAduitLog().info(auditLogEntry.toString());
}
}
\ No newline at end of file
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
import org.opensaml.util.resource.Resource;
import org.opensaml.xml.util.Pair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import edu.internet2.middleware.shibboleth.common.config.BaseReloadableService;
public class IdPProfileHandlerManager extends BaseReloadableService implements ProfileHandlerManager {
/** Class logger. */
- private final Logger log = Logger.getLogger(IdPProfileHandlerManager.class);
+ private final Logger log = LoggerFactory.getLogger(IdPProfileHandlerManager.class);
/** Handler used for errors. */
private AbstractErrorHandler errorHandler;
ProfileHandler handler;
String requestPath = ((HttpServletRequest) request).getPathInfo();
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Looking up profile handler for request path: " + requestPath);
- }
+ log.debug("{}: Looking up profile handler for request path: {}", getId(), requestPath);
+
Lock readLock = getReadWriteLock().readLock();
readLock.lock();
handler = profileHandlers.get(requestPath);
readLock.unlock();
if (handler != null) {
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Located profile handler of the following type for request path "
- + requestPath + ": " + handler.getClass().getName());
- }
+ log.debug("{}: Located profile handler of the following type for the request path: {}", getId(), handler
+ .getClass().getName());
} else {
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": No profile handler registered for request path " + requestPath);
- }
+ log.debug("{}: No profile handler registered for request path {}", getId(), requestPath);
}
return handler;
}
* @return authentication method URI and handler appropriate for given login context
*/
public Pair<String, LoginHandler> getAuthenticationHandler(LoginContext loginContext) {
- if (loginContext == null) {
- return null;
- }
-
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Looking up authentication method for relying party "
- + loginContext.getRelyingPartyId());
- }
+ log.debug("{}: Looking up authentication method for relying party {}", getId(), loginContext
+ .getRelyingPartyId());
+
List<String> requestedMethods = loginContext.getRequestedAuthenticationMethods();
if (requestedMethods != null) {
LoginHandler candidateHandler;
for (String requestedMethod : requestedMethods) {
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Checking for authentication handler for method " + requestedMethod
- + " which was requested for relying party " + loginContext.getRelyingPartyId());
- }
+ log.debug(getId() + "{}: Checking for authentication handler for method {}", getId(), requestedMethod);
candidateHandler = authenticationHandlers.get(requestedMethod);
if (candidateHandler != null) {
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Authentication handler for method " + requestedMethod
- + " for relying party " + loginContext.getRelyingPartyId()
- + " found. Checking if it meets othe criteria.");
- }
- if(loginContext.getPassiveAuth() && !candidateHandler.supportsPassive()){
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Authentication handler for method " + requestedMethod
- + " for relying party " + loginContext.getRelyingPartyId()
- + " does not meet required support for passive auth. Skipping it");
- }
+ log.debug(getId()
+ + "{}: Authentication handler for method {} found. Checking if it meets othe criteria.",
+ getId(), requestedMethod);
+
+ if (loginContext.getPassiveAuth() && !candidateHandler.supportsPassive()) {
+ log.debug("{}: Authentication handler for method {} does not meet required support for passive auth. Skipping it",
+ getId(), requestedMethod);
continue;
}
-
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Authentication handler for method " + requestedMethod
- + " for relying party " + loginContext.getRelyingPartyId()
- + " meets all requirements, using it.");
- }
+
+ log.debug(getId() + "{}: Authentication handler for method {} meets all requirements, using it.",
+ getId(), requestedMethod);
return new Pair<String, LoginHandler>(requestedMethod, candidateHandler);
}
}
} else {
- log.error(getId() + ": No requested authentication methods for relying party "
- + loginContext.getRelyingPartyId());
+ log.error("{}: No requested authentication methods for relying party {}", getId(), loginContext
+ .getRelyingPartyId());
}
return null;
/** {@inheritDoc} */
protected void newContextCreated(ApplicationContext newServiceContext) {
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Loading new configuration into service");
- }
+ log.debug("{}: Loading new configuration into service", getId());
Lock writeLock = getReadWriteLock().writeLock();
writeLock.lock();
loadNewErrorHandler(newServiceContext);
*/
protected void loadNewErrorHandler(ApplicationContext newServiceContext) {
String[] errorBeanNames = newServiceContext.getBeanNamesForType(AbstractErrorHandler.class);
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Loading " + errorBeanNames.length + " new error handler.");
- }
+ log.debug("{}: Loading {} new error handler.", getId(), errorBeanNames.length);
errorHandler = (AbstractErrorHandler) newServiceContext.getBean(errorBeanNames[0]);
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Loaded new error handler of type: " + errorHandler.getClass().getName());
- }
+ log.debug("{}: Loaded new error handler of type: {}", getId(), errorHandler.getClass().getName());
}
/**
*/
protected void loadNewProfileHandlers(ApplicationContext newServiceContext) {
String[] profileBeanNames = newServiceContext.getBeanNamesForType(AbstractRequestURIMappedProfileHandler.class);
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Loading " + profileBeanNames.length + " new profile handlers.");
- }
+ log.debug("{}: Loading {} new profile handlers.", getId(), profileBeanNames.length);
profileHandlers.clear();
- AbstractRequestURIMappedProfileHandler<?,?> profileHandler;
+ AbstractRequestURIMappedProfileHandler<?, ?> profileHandler;
for (String profileBeanName : profileBeanNames) {
profileHandler = (AbstractRequestURIMappedProfileHandler) newServiceContext.getBean(profileBeanName);
for (String requestPath : profileHandler.getRequestPaths()) {
profileHandlers.put(requestPath, profileHandler);
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Loaded profile handler of type "
- + profileHandler.getClass().getName() + " handling requests to request path "
- + requestPath);
- }
+ log.debug("{}: Loaded profile handler for handling requests to request path {}", getId(), requestPath);
}
}
}
*/
protected void loadNewAuthenticationHandlers(ApplicationContext newServiceContext) {
String[] authnBeanNames = newServiceContext.getBeanNamesForType(LoginHandler.class);
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Loading " + authnBeanNames.length + " new authentication handlers.");
- }
+ log.debug("{}: Loading {} new authentication handlers.", getId(), authnBeanNames.length);
authenticationHandlers.clear();
LoginHandler authnHandler;
for (String authnBeanName : authnBeanNames) {
authnHandler = (LoginHandler) newServiceContext.getBean(authnBeanName);
- if (log.isDebugEnabled()) {
- log.debug(getId() + ": Loading authentication handler of type "
- + authnHandler.getClass().getName() + " supporting authentication methods: "
- + authnHandler.getSupportedAuthenticationMethods());
- }
+ log.debug("{}: Loading authentication handler of type supporting authentication methods: {}", getId(),
+ authnHandler.getSupportedAuthenticationMethods());
+
for (String authnMethod : authnHandler.getSupportedAuthenticationMethods()) {
authenticationHandlers.put(authnMethod, authnHandler);
}
import java.io.IOException;
import java.io.OutputStreamWriter;
-import org.apache.log4j.Logger;
import org.opensaml.ws.transport.InTransport;
import org.opensaml.ws.transport.OutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler;
public class StatusProfileHandler extends AbstractRequestURIMappedProfileHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(StatusProfileHandler.class);
+ private final Logger log = LoggerFactory.getLogger(StatusProfileHandler.class);
/** {@inheritDoc} */
public String getProfileId() {
import javax.xml.namespace.QName;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
public static final SAMLVersion SAML_VERSION = SAMLVersion.VERSION_11;
/** Class logger. */
- private static Logger log = Logger.getLogger(AbstractSAML1ProfileHandler.class);
+ private static Logger log = LoggerFactory.getLogger(AbstractSAML1ProfileHandler.class);
/** Builder of Response objects. */
private SAMLObjectBuilder<Response> responseBuilder;
*/
protected NameIdentifier buildNameId(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Building assertion NameIdentifier to relying party " + requestContext.getInboundMessageIssuer()
- + " for principal " + requestContext.getPrincipalName());
- }
+ log.debug("Building assertion NameIdentifier to relying party {} for principal {}", requestContext
+ .getInboundMessageIssuer(), requestContext.getPrincipalName());
Map<String, BaseAttribute> principalAttributes = requestContext.getPrincipalAttributes();
List<String> supportedNameFormats = getNameFormats(requestContext);
- if (log.isDebugEnabled()) {
- log.debug("Supported name formats: " + supportedNameFormats);
- }
-
+ log.debug("Supported name formats: {}", supportedNameFormats);
if (principalAttributes == null || supportedNameFormats == null) {
log.error("No attributes for principal " + requestContext.getPrincipalName()
+ " support constructions of NameIdentifier");
if (encoder instanceof SAML1NameIdentifierEncoder) {
nameIdEncoder = (SAML1NameIdentifierEncoder) encoder;
if (supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
- if (log.isDebugEnabled()) {
- log.debug("Using attribute " + attribute.getId() + " suppoting name format "
- + nameIdEncoder.getNameFormat()
- + " to create the NameIdentifier for principal "
- + requestContext.getPrincipalName());
- }
+ log.debug("Using attribute {} suppoting name format {} to create the NameIdentifier for principal",
+ attribute.getId(), nameIdEncoder.getNameFormat());
return nameIdEncoder.encode(attribute);
}
}
SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
try {
- if (log.isDebugEnabled()) {
- log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
- + " of SAML request from relying party " + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Resolving attributes for principal {} of SAML request from relying party {}", requestContext
+ .getPrincipalName(), requestContext.getInboundMessageIssuer());
Map<String, BaseAttribute> principalAttributes = attributeAuthority.getAttributes(requestContext);
requestContext.setAttributes(principalAttributes);
protected AttributeStatement buildAttributeStatement(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext,
String subjectConfMethod) throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Creating attribute statement in response to SAML request from relying party "
- + requestContext.getInboundMessageIssuer());
- }
-
+ log.debug("Creating attribute statement in response to SAML request from relying party {}", requestContext
+ .getInboundMessageIssuer());
AbstractSAML1ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
AbstractSAML1ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
- if (log.isDebugEnabled()) {
- log.debug("Resolving principal name for subject of SAML request from relying party "
- + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Resolving principal name for subject of SAML request from relying party {}", requestContext
+ .getInboundMessageIssuer());
try {
String principal = attributeAuthority.getPrincipal(requestContext);
*/
protected void signAssertion(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext, Assertion assertion)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Determining if SAML assertion to relying party " + requestContext.getInboundMessageIssuer()
- + " should be signed");
- }
+ log.debug("Determining if SAML assertion to relying party {} should be signed", requestContext
+ .getInboundMessageIssuer());
boolean signAssertion = false;
SPSSODescriptor ssoDescriptor = (SPSSODescriptor) relyingPartyRole;
if (ssoDescriptor.getWantAssertionsSigned() != null) {
signAssertion = ssoDescriptor.getWantAssertionsSigned().booleanValue();
- if (log.isDebugEnabled()) {
- log.debug("Entity metadata for relying party " + requestContext.getInboundMessageIssuer()
- + " indicates to sign assertions: " + signAssertion);
- }
+ log.debug("Entity metadata for relying party {} indicates to sign assertions: {}", requestContext
+ .getInboundMessageIssuer(), signAssertion);
}
} else if (profileConfig.getSignAssertions()) {
signAssertion = true;
- log.debug("IdP relying party configuration "
- + requestContext.getRelyingPartyConfiguration().getRelyingPartyId()
- + " indicates to sign assertions: " + signAssertion);
+ log.debug("IdP relying party configuration {} indicates to sign assertions: {}", requestContext
+ .getRelyingPartyConfiguration().getRelyingPartyId(), signAssertion);
}
if (!signAssertion) {
return;
}
- if (log.isDebugEnabled()) {
- log.debug("Determining signing credntial for assertion to relying party "
- + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Determining signing credntial for assertion to relying party {}", requestContext
+ .getInboundMessageIssuer());
Credential signatureCredential = profileConfig.getSigningCredential();
if (signatureCredential == null) {
signatureCredential = requestContext.getRelyingPartyConfiguration().getDefaultSigningCredential();
+ " or it's SAML2 attribute query profile configuration");
}
- if (log.isDebugEnabled()) {
- log.debug("Signing assertion to relying party " + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Signing assertion to relying party {}", requestContext.getInboundMessageIssuer());
Signature signature = signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
-
+
signature.setSigningCredential(signatureCredential);
try {
- //TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
- //TODO how to pull what keyInfoGenName to use?
+ // TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
+ // TODO how to pull what keyInfoGenName to use?
SecurityHelper.prepareSignatureParams(signature, signatureCredential, null, null);
} catch (SecurityException e) {
throw new ProfileException("Error preparing signature for signing", e);
}
-
+
assertion.setSignature(signature);
Signer.signObject(signature);
import java.util.Collection;
import java.util.List;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.binding.BasicEndpointSelector;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
public class ArtifactResolution extends AbstractSAML1ProfileHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(ArtifactResolution.class);
+ private final Logger log = LoggerFactory.getLogger(ArtifactResolution.class);
/** Builder of Response objects. */
private SAMLObjectBuilder<Response> responseBuilder;
*/
protected ArtifactResolutionRequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Decoding incomming request");
- }
+ log.debug("Decoding incomming request");
MetadataProvider metadataProvider = getMetadataProvider();
SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
requestContext.setMessageDecoder(decoder);
decoder.decode(requestContext);
- if (log.isDebugEnabled()) {
- log.debug("Decoded request");
- }
+ log.debug("Decoded request");
return requestContext;
} catch (MessageDecodingException e) {
log.error("Error decoding artifact resolve message", e);
String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
requestContext.setLocalEntityId(assertingPartyId);
- EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
- if (assertingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for asserting party "
- + assertingPartyId);
- }
- requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+ requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
- requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+ requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
.getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
.getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
- if (profileConfig != null) {
+ if(profileConfig != null){
requestContext.setProfileConfiguration(profileConfig);
if (profileConfig.getSigningCredential() != null) {
requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
}
} catch (MetadataProviderException e) {
- log.error(e.getMessage());
+ log.error("Unable to locate metadata for asserting or relying party");
requestContext
.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
throw new ProfileException("Error locating party metadata");
artifactMap.remove(assertionArtifact.getAssertionArtifact());
assertions.add((Assertion) artifactEntry.getSamlMessage());
}
-
+
requestContext.setReferencedAssertions(assertions);
}
import java.util.ArrayList;
-import org.apache.log4j.Logger;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.binding.BasicEndpointSelector;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(AttributeQueryProfileHandler.class);
+ private final Logger log = LoggerFactory.getLogger(AttributeQueryProfileHandler.class);
/** Builder of assertion consumer service endpoints. */
private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
*/
protected AttributeQueryContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Decoding incomming request");
- }
+ log.debug("Decoding incomming request");
MetadataProvider metadataProvider = getMetadataProvider();
}
requestContext.setMessageDecoder(decoder);
decoder.decode(requestContext);
- if (log.isDebugEnabled()) {
- log.debug("Decoded request");
- }
+ log.debug("Decoded request");
return requestContext;
} catch (MessageDecodingException e) {
log.error("Error decoding attribute query message", e);
// Set as much information as can be retrieved from the decoded message
try {
Request request = requestContext.getInboundSAMLMessage();
- if (request == null) {
- throw new ProfileException("No inbound SAML message found.");
- }
AttributeQuery query = request.getAttributeQuery();
requestContext.setSubjectNameIdentifier(query.getSubject().getNameIdentifier());
String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
requestContext.setLocalEntityId(assertingPartyId);
- EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
- if (assertingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for asserting party "
- + assertingPartyId);
- }
- requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+ requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
- requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+ requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
.getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
}
} catch (MetadataProviderException e) {
- log.error(e.getMessage());
+ log.error("Unable to locate metadata for asserting or relying party");
requestContext
.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
throw new ProfileException("Error locating party metadata");
package edu.internet2.middleware.shibboleth.idp.profile.saml1;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.joda.time.chrono.ISOChronology;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.ShibbolethSSORequestContext;
public class ShibbolethSSODecoder extends BaseSAML1MessageDecoder implements SAMLMessageDecoder {
/** Class logger. */
- private final Logger log = Logger.getLogger(ShibbolethSSODecoder.class);
+ private final Logger log = LoggerFactory.getLogger(ShibbolethSSODecoder.class);
/** Constructor. */
public ShibbolethSSODecoder(){
import java.util.List;
-import org.apache.log4j.Logger;
import org.opensaml.common.binding.BasicEndpointSelector;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* An endpoint selector that may optionally take a SP-provided assertion consumer service URL, validate it against
public class ShibbolethSSOEndpointSelector extends BasicEndpointSelector {
/** Class logger. */
- private final Logger log = Logger.getLogger(ShibbolethSSOEndpointSelector.class);
+ private final Logger log = LoggerFactory.getLogger(ShibbolethSSOEndpointSelector.class);
/** Assertion consumer service URL provided by SP. */
private String spAssertionConsumerService;
*/
protected Endpoint selectEndpointByACS() {
List<Endpoint> endpoints = getEntityRoleMetadata().getEndpoints();
- if (log.isDebugEnabled()) {
- log.debug("Relying party role contains " + endpoints.size() + " endpoints");
- log.debug("Selecting endpoint from metadata corresponding to provided ACS URL: "
- + getSpAssertionConsumerService());
- }
+ log.debug("Relying party role contains {} endpoints", endpoints.size());
+ log.debug("Selecting endpoint from metadata corresponding to provided ACS URL: {}",
+ getSpAssertionConsumerService());
+
if (endpoints != null && endpoints.size() > 0) {
for (Endpoint endpoint : endpoints) {
- if(endpoint == null || !getSupportedIssuerBindings().contains(endpoint.getBinding())){
+ if (endpoint == null || !getSupportedIssuerBindings().contains(endpoint.getBinding())) {
continue;
}
-
- if(endpoint.getLocation().equalsIgnoreCase(spAssertionConsumerService)){
+
+ if (endpoint.getLocation().equalsIgnoreCase(spAssertionConsumerService)) {
return endpoint;
}
-
- if(!DatatypeHelper.isEmpty(endpoint.getResponseLocation()) && endpoint
- .getResponseLocation().equalsIgnoreCase(spAssertionConsumerService)){
+
+ if (!DatatypeHelper.isEmpty(endpoint.getResponseLocation())
+ && endpoint.getResponseLocation().equalsIgnoreCase(spAssertionConsumerService)) {
return endpoint;
}
}
}
- if(log.isDebugEnabled()){
- log.debug("No endpoint meets selection criteria for SAML entity " + getEntityMetadata().getEntityID());
- }
+ log.debug("No endpoint meets selection criteria for SAML entity {}", getEntityMetadata().getEntityID());
return null;
}
}
\ No newline at end of file
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.ShibbolethConstants;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(ShibbolethSSOProfileHandler.class);
+ private final Logger log = LoggerFactory.getLogger(ShibbolethSSOProfileHandler.class);
/** Builder of AuthenticationStatement objects. */
private SAMLObjectBuilder<AuthenticationStatement> authnStatementBuilder;
/** {@inheritDoc} */
public void processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Processing incomming request");
- }
+ log.debug("Processing incomming request");
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
HttpSession httpSession = httpRequest.getSession();
if (httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY) == null) {
- if (log.isDebugEnabled()) {
- log.debug("User session does not contain a login context, processing as first leg of request");
- }
+ log.debug("User session does not contain a login context, processing as first leg of request");
performAuthentication(inTransport, outTransport);
} else {
- if (log.isDebugEnabled()) {
- log.debug("User session contains a login context, processing as second leg of request");
- }
+ log.debug("User session contains a login context, processing as second leg of request");
completeAuthenticationRequest(inTransport, outTransport);
}
}
dispatcher.forward(httpRequest, httpResponse);
return;
} catch (IOException ex) {
- httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
log.error("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
throw new ProfileException("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
} catch (ServletException ex) {
- httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
log.error("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
throw new ProfileException("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
}
ShibbolethSSORequestContext requestContext = new ShibbolethSSORequestContext();
requestContext.setMetadataProvider(getMetadataProvider());
-
+
requestContext.setInboundMessageTransport(inTransport);
- requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
+ requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+
requestContext.setOutboundMessageTransport(outTransport);
requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML11P_NS);
try {
requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
-
+
requestContext.setLoginContext(loginContext);
requestContext.setPrincipalName(loginContext.getPrincipalName());
requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
requestContext.setUserSession(getUserSession(in));
requestContext.setRelayState(loginContext.getSpTarget());
- // inbound message
requestContext.setInboundMessageTransport(in);
requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
MetadataProvider metadataProvider = getMetadataProvider();
requestContext.setMetadataProvider(metadataProvider);
- // relying party
String relyingPartyId = loginContext.getRelyingPartyId();
requestContext.setInboundMessageIssuer(relyingPartyId);
EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
- if (relyingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for relying party " + relyingPartyId);
- }
requestContext.setPeerEntityMetadata(relyingPartyMetadata);
requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML11P_NS));
requestContext.setRelyingPartyConfiguration(rpConfig);
requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
- // asserting party
String assertingPartyId = rpConfig.getProviderId();
requestContext.setLocalEntityId(assertingPartyId);
EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
- if (assertingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for asserting party " + assertingPartyId);
- }
requestContext.setLocalEntityMetadata(assertingPartyMetadata);
requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
.getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
- // outbound message
requestContext.setOutboundMessageTransport(out);
requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
ShibbolethSSOConfiguration profileConfig = (ShibbolethSSOConfiguration) rpConfig
return requestContext;
} catch (MetadataProviderException e) {
- log.error(e.getMessage());
+ log.error("Unable to locate metadata for asserting or relying party");
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
throw new ProfileException("Error locating party metadata");
}
import java.util.List;
import java.util.Map;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.impl.SAMLObjectContentReference;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
public static final SAMLVersion SAML_VERSION = SAMLVersion.VERSION_20;
/** Class logger. */
- private Logger log = Logger.getLogger(AbstractSAML2ProfileHandler.class);
+ private Logger log = LoggerFactory.getLogger(AbstractSAML2ProfileHandler.class);
/** For building response. */
private SAMLObjectBuilder<Response> responseBuilder;
SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
try {
- if (log.isDebugEnabled()) {
- log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
- + " of SAML request " + requestContext.getInboundSAMLMessageId() + " from relying party "
- + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Resolving attributes for principal {} of SAML request from relying party {}", requestContext
+ .getPrincipalName(), requestContext.getInboundMessageIssuer());
Map<String, BaseAttribute> principalAttributes = attributeAuthority.getAttributes(requestContext);
requestContext.setAttributes(principalAttributes);
*/
protected AttributeStatement buildAttributeStatement(BaseSAML2ProfileRequestContext<?, ?, ?> requestContext)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Creating attribute statement in response to SAML request "
- + requestContext.getInboundSAMLMessageId() + " from relying party "
- + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Creating attribute statement in response to SAML request {} from relying party {}", requestContext
+ .getInboundSAMLMessageId(), requestContext.getInboundMessageIssuer());
+
AbstractSAML2ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
try {
+ requestContext.getInboundMessageIssuer());
}
SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
-
- if (log.isDebugEnabled()) {
- log.debug("Resolving principal name for subject of SAML request "
- + requestContext.getInboundSAMLMessageId() + " from relying party "
- + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Resolving principal name for subject of SAML request {} from relying party {}", requestContext
+ .getInboundSAMLMessageId(), requestContext.getInboundMessageIssuer());
try {
String principal = attributeAuthority.getPrincipal(requestContext);
*/
protected void signAssertion(BaseSAML2ProfileRequestContext<?, ?, ?> requestContext, Assertion assertion)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Determining if SAML assertion to relying party " + requestContext.getInboundMessageIssuer()
- + " should be signed");
- }
+ log.debug("Determining if SAML assertion to relying party {} should be signed", requestContext
+ .getInboundMessageIssuer());
boolean signAssertion = false;
SPSSODescriptor ssoDescriptor = (SPSSODescriptor) requestContext.getPeerEntityRoleMetadata();
if (ssoDescriptor.getWantAssertionsSigned() != null) {
signAssertion = ssoDescriptor.getWantAssertionsSigned().booleanValue();
- if (log.isDebugEnabled()) {
- log.debug("Entity metadata for relying party " + requestContext.getInboundMessageIssuer()
- + " indicates to sign assertions: " + signAssertion);
- }
+ log.debug("Entity metadata for relying party {} indicates to sign assertions: {}", requestContext
+ .getInboundMessageIssuer(), signAssertion);
}
} else if (profileConfig.getSignAssertions()) {
signAssertion = true;
- log.debug("IdP relying party configuration "
- + requestContext.getRelyingPartyConfiguration().getRelyingPartyId()
- + " indicates to sign assertions: " + signAssertion);
+ log.debug("IdP relying party configuration {} indicates to sign assertions: {}", requestContext
+ .getRelyingPartyConfiguration().getRelyingPartyId(), signAssertion);
}
if (!signAssertion) {
return;
}
- if (log.isDebugEnabled()) {
- log.debug("Determining signing credntial for assertion to relying party "
- + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Determining signing credntial for assertion to relying party {}", requestContext
+ .getInboundMessageIssuer());
Credential signatureCredential = profileConfig.getSigningCredential();
if (signatureCredential == null) {
signatureCredential = requestContext.getRelyingPartyConfiguration().getDefaultSigningCredential();
+ " or it's SAML2 attribute query profile configuration");
}
- if (log.isDebugEnabled()) {
- log.debug("Signing assertion to relying party " + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Signing assertion to relying party {}", requestContext.getInboundMessageIssuer());
Signature signature = signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
-
+
signature.setSigningCredential(signatureCredential);
try {
- //TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
- //TODO how to pull what keyInfoGenName to use?
+ // TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
+ // TODO how to pull what keyInfoGenName to use?
SecurityHelper.prepareSignatureParams(signature, signatureCredential, null, null);
} catch (SecurityException e) {
throw new ProfileException("Error preparing signature for signing", e);
}
-
+
assertion.setSignature(signature);
Signer.signObject(signature);
* name ID attribute or because there are no supported name formats
*/
protected NameID buildNameId(BaseSAML2ProfileRequestContext<?, ?, ?> requestContext) throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Building assertion NameID for principal/relying party:" + requestContext.getPrincipalName()
- + "/" + requestContext.getInboundMessageIssuer());
- }
+ log.debug("Building assertion NameID for principal/relying party:{}/{}", requestContext.getPrincipalName(),
+ requestContext.getInboundMessageIssuer());
Map<String, BaseAttribute> principalAttributes = requestContext.getPrincipalAttributes();
List<String> supportedNameFormats = getNameFormats(requestContext);
- if (log.isDebugEnabled()) {
- log.debug("Supported NameID formats: " + supportedNameFormats);
- }
+ log.debug("Supported NameID formats: {}", supportedNameFormats);
if (principalAttributes == null || supportedNameFormats == null) {
log.error("No attributes for principal " + requestContext.getPrincipalName()
if (encoder instanceof SAML2NameIDAttributeEncoder) {
nameIdEncoder = (SAML2NameIDAttributeEncoder) encoder;
if (supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
- if (log.isDebugEnabled()) {
- log.debug("Using attribute " + attribute.getId() + " suppoting NameID format "
- + nameIdEncoder.getNameFormat() + " to create the NameID for principal "
- + requestContext.getPrincipalName());
- }
+ log.debug("Using attribute {} suppoting NameID format {} to create the NameID for principal.{}",
+ attribute.getId(), nameIdEncoder.getNameFormat());
return nameIdEncoder.encode(attribute);
}
}
package edu.internet2.middleware.shibboleth.idp.profile.saml2;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
public class ArtifactResolution extends AbstractSAML2ProfileHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(ArtifactResolution.class);
+ private final Logger log = LoggerFactory.getLogger(ArtifactResolution.class);
/** Map artifacts to SAML messages. */
private SAMLArtifactMap artifactMap;
/** Artifact response object builder. */
private SAMLObjectBuilder<ArtifactResponse> responseBuilder;
-
+
/** Builder of assertion consumer service endpoints. */
private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
*/
public ArtifactResolution(SAMLArtifactMap map) {
super();
-
+
artifactMap = map;
-
+
responseBuilder = (SAMLObjectBuilder<ArtifactResponse>) getBuilderFactory().getBuilder(
ArtifactResponse.DEFAULT_ELEMENT_NAME);
acsEndpointBuilder = (SAMLObjectBuilder<AssertionConsumerService>) getBuilderFactory().getBuilder(
*/
protected ArtifactResolutionRequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Decoding incomming request");
- }
+ log.debug("Decoding incomming request");
MetadataProvider metadataProvider = getMetadataProvider();
ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
requestContext.setMetadataProvider(metadataProvider);
-
+
requestContext.setInboundMessageTransport(inTransport);
requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
requestContext.setOutboundMessageTransport(outTransport);
requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
requestContext.setMessageDecoder(decoder);
decoder.decode(requestContext);
- if (log.isDebugEnabled()) {
- log.debug("Decoded request");
- }
+ log.debug("Decoded request");
return requestContext;
} catch (MessageDecodingException e) {
log.error("Error decoding artifact resolve message", e);
// Set as much information as can be retrieved from the decoded message
try {
requestContext.setArtifact(requestContext.getInboundSAMLMessage().getArtifact().getArtifact());
-
+
String relyingPartyId = requestContext.getInboundMessageIssuer();
RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
requestContext.setRelyingPartyConfiguration(rpConfig);
String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
requestContext.setLocalEntityId(assertingPartyId);
- EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
- if (assertingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for asserting party "
- + assertingPartyId);
- }
- requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+ requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
- requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+ requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
.getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
.getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
- if (profileConfig != null) {
+ if(profileConfig != null){
requestContext.setProfileConfiguration(profileConfig);
if (profileConfig.getSigningCredential() != null) {
requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
}
} catch (MetadataProviderException e) {
- log.error(e.getMessage());
+ log.error("Unable to locate metadata for asserting or relying party");
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
"Error locating party metadata"));
throw new ProfileException("Error locating party metadata");
endpointSelector.getSupportedIssuerBindings().addAll(getSupportedOutboundBindings());
endpoint = endpointSelector.selectEndpoint();
}
-
+
return endpoint;
}
import java.util.ArrayList;
-import org.apache.log4j.Logger;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.binding.BasicEndpointSelector;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
/** Class logger. */
- private static Logger log = Logger.getLogger(AttributeQueryProfileHandler.class);
-
+ private static Logger log = LoggerFactory.getLogger(AttributeQueryProfileHandler.class);
+
/** Builder of assertion consumer service endpoints. */
private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
"SAML 2 Attribute Query profile is not configured for relying party "
+ requestContext.getInboundMessageIssuer()));
throw new ProfileException("SAML 2 Attribute Query profile is not configured for relying party "
- + requestContext.getInboundMessageIssuer());
+ + requestContext.getInboundMessageIssuer());
}
checkSamlVersion(requestContext);
*/
protected AttributeQueryContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Decoding incomming request");
- }
+ log.debug("Decoding incomming request");
MetadataProvider metadataProvider = getMetadataProvider();
AttributeQueryContext requestContext = new AttributeQueryContext();
requestContext.setMetadataProvider(metadataProvider);
-
+
requestContext.setInboundMessageTransport(inTransport);
requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
requestContext.setOutboundMessageTransport(outTransport);
requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
requestContext.setMessageDecoder(decoder);
decoder.decode(requestContext);
- if (log.isDebugEnabled()) {
- log.debug("Decoded request");
- }
+ log.debug("Decoded request");
return requestContext;
} catch (MessageDecodingException e) {
log.error("Error decoding attribute query message", e);
// Set as much information as can be retrieved from the decoded message
try {
AttributeQuery query = requestContext.getInboundSAMLMessage();
- if (query == null) {
- throw new ProfileException("No inbound SAML message found.");
- }
requestContext.setSubjectNameIdentifier(query.getSubject().getNameID());
-
+
String relyingPartyId = requestContext.getInboundMessageIssuer();
RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
requestContext.setRelyingPartyConfiguration(rpConfig);
String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
requestContext.setLocalEntityId(assertingPartyId);
- EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
- if (assertingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for asserting party "
- + assertingPartyId);
- }
- requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+ requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
- requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+ requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
.getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
.getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
- if (profileConfig != null) {
+ if(profileConfig != null){
requestContext.setProfileConfiguration(profileConfig);
requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
if (profileConfig.getSigningCredential() != null) {
}
}
} catch (MetadataProviderException e) {
- log.error(e.getMessage());
+ log.error("Unable to locate metadata for asserting or relying party");
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
"Error locating party metadata"));
throw new ProfileException("Error locating party metadata");
}
}
}
-
+
/**
* Selects the appropriate endpoint for the relying party and stores it in the request context.
*
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
/** Class logger. */
- private final Logger log = Logger.getLogger(SSOProfileHandler.class);
+ private final Logger log = LoggerFactory.getLogger(SSOProfileHandler.class);
/** Builder of AuthnStatement objects. */
private SAMLObjectBuilder<AuthnStatement> authnStatementBuilder;
protected void performAuthentication(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
HttpServletRequest servletRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
- HttpSession httpSession = servletRequest.getSession();
try {
SSORequestContext requestContext = decodeRequest(inTransport, outTransport);
RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
ProfileConfiguration ssoConfig = rpConfig.getProfileConfiguration(SSOConfiguration.PROFILE_ID);
if (ssoConfig == null) {
- log.error("SAML 2 SSO profile is not configured for relying party "
- + requestContext.getInboundMessageIssuer());
+ log.error("SAML 2 SSO profile is not configured for relying party " + requestContext.getInboundMessageIssuer());
throw new ProfileException("SAML 2 SSO profile is not configured for relying party "
+ requestContext.getInboundMessageIssuer());
}
loginContext.getRequestedAuthenticationMethods().add(rpConfig.getDefaultAuthenticationMethod());
}
+ HttpSession httpSession = servletRequest.getSession();
httpSession.setAttribute(Saml2LoginContext.LOGIN_CONTEXT_KEY, loginContext);
RequestDispatcher dispatcher = servletRequest.getRequestDispatcher(authenticationManagerPath);
dispatcher.forward(servletRequest, ((HttpServletResponseAdapter) outTransport).getWrappedResponse());
} catch (MarshallingException e) {
- httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
log.error("Unable to marshall authentication request context");
throw new ProfileException("Unable to marshall authentication request context", e);
} catch (IOException ex) {
- httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
log.error("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
throw new ProfileException("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
} catch (ServletException ex) {
- httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
log.error("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
throw new ProfileException("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
}
try {
if (loginContext.getPrincipalName() == null) {
log.error("User's login context did not contain a principal, user considered unauthenticiated.");
- if (loginContext.getPassiveAuth()) {
- requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.NO_PASSIVE_URI,
- null));
- } else {
- requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI,
- null));
- }
+ requestContext
+ .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI, null));
throw new ProfileException("User failed authentication");
}
*/
protected SSORequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("Decoding message with decoder binding " + decodingBinding);
- }
+ log.debug("Decoding message with decoder binding {}", decodingBinding);
SSORequestContext requestContext = new SSORequestContext();
requestContext.setMetadataProvider(getMetadataProvider());
-
+
requestContext.setInboundMessageTransport(inTransport);
requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+
requestContext.setOutboundMessageTransport(outTransport);
requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
try {
requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
-
+
requestContext.setLoginContext(loginContext);
requestContext.setPrincipalName(loginContext.getPrincipalName());
requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
requestContext.setUserSession(getUserSession(in));
requestContext.setRelayState(loginContext.getRelayState());
- // inbound message
requestContext.setInboundMessageTransport(in);
requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
requestContext.setInboundMessage(loginContext.getAuthenticationRequest());
MetadataProvider metadataProvider = getMetadataProvider();
requestContext.setMetadataProvider(metadataProvider);
- // relying party
String relyingPartyId = loginContext.getRelyingPartyId();
requestContext.setInboundMessageIssuer(relyingPartyId);
EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
- if (relyingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for relying party " + relyingPartyId);
- }
requestContext.setPeerEntityMetadata(relyingPartyMetadata);
requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS));
requestContext.setRelyingPartyConfiguration(rpConfig);
requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
- // asserting party
String assertingPartyId = rpConfig.getProviderId();
requestContext.setLocalEntityId(assertingPartyId);
EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
- if (assertingPartyMetadata == null) {
- throw new MetadataProviderException("Unable to locate metadata for asserting party " + assertingPartyId);
- }
requestContext.setLocalEntityMetadata(assertingPartyMetadata);
requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
.getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
- // outbound message
requestContext.setOutboundMessageTransport(out);
requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
SSOConfiguration profileConfig = (SSOConfiguration) rpConfig
"Error recovering request state"));
throw new ProfileException("Error recovering request state", e);
} catch (MetadataProviderException e) {
- log.error(e.getMessage());
+ log.error("Unable to locate metadata for asserting or relying party");
requestContext
.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error locating party metadata"));
throw new ProfileException("Error locating party metadata");