better handling when endpoints are accessed directly (SIDP-55). Also add a few more...

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2425 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
index a54c6ed..103cd5f 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
@@ -39,6 +39,7 @@ import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -178,14 +179,19 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
+                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (assertingPartyMetadata == null) {
+                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
+                            + assertingPartyId);
+                }
+                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
+                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
 
                 ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
                         .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-                if(profileConfig != null){
+                if (profileConfig != null) {
                     requestContext.setProfileConfiguration(profileConfig);
                     if (profileConfig.getSigningCredential() != null) {
                         requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
@@ -195,7 +201,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
                 }
 
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
+                log.error(e.getMessage());
                 requestContext
                         .setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
@@ -262,7 +268,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
             artifactMap.remove(assertionArtifact.getAssertionArtifact());
             assertions.add((Assertion) artifactEntry.getSamlMessage());
         }
-        
+
         requestContext.setReferencedAssertions(assertions);
     }
 

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
index 21f643b..51c79df 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
@@ -31,6 +31,7 @@ import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -154,6 +155,9 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             // Set as much information as can be retrieved from the decoded message
             try {
                 Request request = requestContext.getInboundSAMLMessage();
+                if (request == null) {
+                    throw new ProfileException("No inbound SAML message found.");
+                }
                 AttributeQuery query = request.getAttributeQuery();
                 requestContext.setSubjectNameIdentifier(query.getSubject().getNameIdentifier());
 
@@ -164,9 +168,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
+                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (assertingPartyMetadata == null) {
+                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
+                            + assertingPartyId);
+                }
+                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
+                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
 
                 AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
@@ -182,7 +191,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
                 }
 
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
+                log.error(e.getMessage());
                 requestContext
                         .setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
index 724268e..69dba05 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
@@ -34,6 +34,7 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -59,7 +60,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
     /** Artifact response object builder. */
     private SAMLObjectBuilder<ArtifactResponse> responseBuilder;
-    
+
     /** Builder of assertion consumer service endpoints. */
     private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
 
@@ -70,9 +71,9 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
      */
     public ArtifactResolution(SAMLArtifactMap map) {
         super();
-        
+
         artifactMap = map;
-        
+
         responseBuilder = (SAMLObjectBuilder<ArtifactResponse>) getBuilderFactory().getBuilder(
                 ArtifactResponse.DEFAULT_ELEMENT_NAME);
         acsEndpointBuilder = (SAMLObjectBuilder<AssertionConsumerService>) getBuilderFactory().getBuilder(
@@ -161,12 +162,11 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
         ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
         requestContext.setMetadataProvider(metadataProvider);
-        
+
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
-        
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
@@ -191,7 +191,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             // Set as much information as can be retrieved from the decoded message
             try {
                 requestContext.setArtifact(requestContext.getInboundSAMLMessage().getArtifact().getArtifact());
-                
+
                 String relyingPartyId = requestContext.getInboundMessageIssuer();
                 RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
                 requestContext.setRelyingPartyConfiguration(rpConfig);
@@ -199,14 +199,19 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
+                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (assertingPartyMetadata == null) {
+                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
+                            + assertingPartyId);
+                }
+                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
+                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
 
                 ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
                         .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-                if(profileConfig != null){
+                if (profileConfig != null) {
                     requestContext.setProfileConfiguration(profileConfig);
                     if (profileConfig.getSigningCredential() != null) {
                         requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
@@ -216,7 +221,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
                 }
 
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
+                log.error(e.getMessage());
                 requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
                         "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
@@ -247,7 +252,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             endpointSelector.getSupportedIssuerBindings().addAll(getSupportedOutboundBindings());
             endpoint = endpointSelector.selectEndpoint();
         }
-        
+
         return endpoint;
     }
 

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
index 7893ae8..00a87e6 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
@@ -30,6 +30,7 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -47,7 +48,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** Class logger. */
     private static Logger log = Logger.getLogger(AttributeQueryProfileHandler.class);
-    
+
     /** Builder of assertion consumer service endpoints. */
     private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
 
@@ -78,7 +79,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
                         "SAML 2 Attribute Query profile is not configured for relying party "
                                 + requestContext.getInboundMessageIssuer()));
                 throw new ProfileException("SAML 2 Attribute Query profile is not configured for relying party "
-                                + requestContext.getInboundMessageIssuer());
+                        + requestContext.getInboundMessageIssuer());
             }
 
             checkSamlVersion(requestContext);
@@ -126,12 +127,11 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
         AttributeQueryContext requestContext = new AttributeQueryContext();
         requestContext.setMetadataProvider(metadataProvider);
-        
+
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
-        
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
@@ -156,8 +156,11 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             // Set as much information as can be retrieved from the decoded message
             try {
                 AttributeQuery query = requestContext.getInboundSAMLMessage();
+                if (query == null) {
+                    throw new ProfileException("No inbound SAML message found.");
+                }
                 requestContext.setSubjectNameIdentifier(query.getSubject().getNameID());
-                
+
                 String relyingPartyId = requestContext.getInboundMessageIssuer();
                 RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
                 requestContext.setRelyingPartyConfiguration(rpConfig);
@@ -165,14 +168,19 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
+                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (assertingPartyMetadata == null) {
+                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
+                            + assertingPartyId);
+                }
+                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
+                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
 
                 AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
                         .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
-                if(profileConfig != null){
+                if (profileConfig != null) {
                     requestContext.setProfileConfiguration(profileConfig);
                     requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
                     if (profileConfig.getSigningCredential() != null) {
@@ -182,14 +190,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
                     }
                 }
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
+                log.error(e.getMessage());
                 requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
                         "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
             }
         }
     }
-    
+
     /**
      * Selects the appropriate endpoint for the relying party and stores it in the request context.
      * 

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index 05991ed..7d41736 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -211,11 +211,11 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             if (loginContext.getPrincipalName() == null) {
                 log.error("User's login context did not contain a principal, user considered unauthenticiated.");
                 if (loginContext.getPassiveAuth()) {
-                    requestContext
-                        .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.NO_PASSIVE_URI, null));
+                    requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.NO_PASSIVE_URI,
+                            null));
                 } else {
-                    requestContext
-                        .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI, null));
+                    requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI,
+                            null));
                 }
                 throw new ProfileException("User failed authentication");
             }