partyOverrides.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
}
+ attribute = ((Element) partyConfig).getAttribute("defaultAuthMethod");
+ if (attribute != null && !attribute.equals("")) {
+ log.debug("Overriding defaultAuthMethod for Relying Pary (" + name + ") with (" + attribute + ").");
+ partyOverrides.setProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+ attribute);
+ }
+
identityProvider =
new RelyingPartyIdentityProvider(
getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username", "REMOTE_USER");
//TODO need a way to set this, remember to test for number format
properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.maxThreads", "5");
- //TODO need a way to set this
- properties.setProperty(
- "edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod",
- SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);
-
- //TODO default relying party group
log.debug("Loading global configuration properties.");
throw new HSConfigurationException("Required configuration not specified.");
}
properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId", attribute);
-
+
attribute = ((Element) config).getAttribute("defaultRelyingParty");
if (attribute == null || attribute.equals("")) {
log.error("Global providerId not set. Add a (defaultRelyingParty) attribute to <ShibbolethOriginConfig>.");
throw new HSConfigurationException("Required configuration not specified.");
}
- properties.setProperty("edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty", attribute);
+ properties.setProperty(
+ "edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty",
+ attribute);
attribute = ((Element) config).getAttribute("AAUrl");
if (attribute == null || attribute.equals("")) {
}
properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
+ attribute = ((Element) config).getAttribute("defaultAuthMethod");
+ if (attribute == null || attribute.equals("")) {
+ properties.setProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+ "urn:oasis:names:tc:SAML:1.0:am:unspecified");
+ }
+ properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod", attribute);
+
if (log.isDebugEnabled()) {
ByteArrayOutputStream debugStream = new ByteArrayOutputStream();
PrintStream debugPrinter = new PrintStream(debugStream);
//Load relying party config
try {
targetMapper =
- new ServiceProviderMapper(parser.getDocument().getDocumentElement(), configuration, credentials, nameMapper);
+ new ServiceProviderMapper(
+ parser.getDocument().getDocumentElement(),
+ configuration,
+ credentials,
+ nameMapper);
} catch (ServiceProviderMapperException e) {
log.error("Could not load origin configuration: " + e);
throw new HSConfigurationException("Could not load origin configuration.");
relyingParty,
relyingParty.getIdentityProvider());
- //Print out something better here
- //log.info("Issued Handle (" + handle + ") to (" + username +
- // ")");
+ String authenticationMethod = req.getHeader("SAMLAuthenticationMethod");
+ if (authenticationMethod == null || authenticationMethod.equals("")) {
+ authenticationMethod =
+ relyingParty.getConfigProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod");
+ log.debug(
+ "User was authenticated via the default method for this relying party ("
+ + authenticationMethod
+ + ").");
+ } else {
+ log.debug("User was authenticated via the method (" + authenticationMethod + ").");
+ }
//TODO decide what to do about authMethod
byte[] buf =
nameId,
req.getParameter("shire"),
req.getRemoteAddr(),
- relyingParty.getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod"));
+ authenticationMethod);
createForm(req, res, buf);
<xs:attribute name="providerId" type="xs:anyURI" use="optional"/>
<xs:attribute name="signingCredential" type="xs:string" use="optional"/>
<xs:attribute name="name" type="xs:string" use="required"/>
+ <xs:attribute name="defaultAuthMethod" type="xs:string" use="optional"/>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="passThruErrors" type="xs:boolean" use="optional" default="false"/>
<xs:attribute name="providerId" type="xs:anyURI" use="required"/>
<xs:attribute name="defaultRelyingParty" type="xs:anyURI" use="required"/>
+ <xs:attribute name="defaultAuthMethod" type="xs:string" use="optional" default="urn:oasis:names:tc:SAML:1.0:am:unspecified"/>
</xs:complexType>
</xs:element>
</xs:schema>