SAML auth method can be set by site, overriden by relying party, or overriden by...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@859 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java
src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
src/schemas/origin.xsd

index 096f5c9..fba922e 100644 (file)
@@ -268,6 +268,14 @@ public class ServiceProviderMapper {
                                partyOverrides.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
                        }
 
+                       attribute = ((Element) partyConfig).getAttribute("defaultAuthMethod");
+                       if (attribute != null && !attribute.equals("")) {
+                               log.debug("Overriding defaultAuthMethod for Relying Pary (" + name + ") with (" + attribute + ").");
+                               partyOverrides.setProperty(
+                                       "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+                                       attribute);
+                       }
+
                        identityProvider =
                                new RelyingPartyIdentityProvider(
                                        getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
index 69d126e..9d6c7a0 100644 (file)
@@ -79,12 +79,6 @@ public class ShibbolethOriginConfig {
                properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username", "REMOTE_USER");
                //TODO need a way to set this, remember to test for number format
                properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.maxThreads", "5");
-               //TODO need a way to set this
-               properties.setProperty(
-                       "edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod",
-                       SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);
-
-               //TODO default relying party group
 
                log.debug("Loading global configuration properties.");
 
@@ -94,13 +88,15 @@ public class ShibbolethOriginConfig {
                        throw new HSConfigurationException("Required configuration not specified.");
                }
                properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId", attribute);
-               
+
                attribute = ((Element) config).getAttribute("defaultRelyingParty");
                if (attribute == null || attribute.equals("")) {
                        log.error("Global providerId not set.  Add a (defaultRelyingParty) attribute to <ShibbolethOriginConfig>.");
                        throw new HSConfigurationException("Required configuration not specified.");
                }
-               properties.setProperty("edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty", attribute);
+               properties.setProperty(
+                       "edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty",
+                       attribute);
 
                attribute = ((Element) config).getAttribute("AAUrl");
                if (attribute == null || attribute.equals("")) {
@@ -109,6 +105,14 @@ public class ShibbolethOriginConfig {
                }
                properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
 
+               attribute = ((Element) config).getAttribute("defaultAuthMethod");
+               if (attribute == null || attribute.equals("")) {
+                       properties.setProperty(
+                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+                               "urn:oasis:names:tc:SAML:1.0:am:unspecified");
+               }
+               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod", attribute);
+
                if (log.isDebugEnabled()) {
                        ByteArrayOutputStream debugStream = new ByteArrayOutputStream();
                        PrintStream debugPrinter = new PrintStream(debugStream);
index afe97ea..190d704 100644 (file)
@@ -157,7 +157,11 @@ public class HandleServlet extends HttpServlet {
                //Load relying party config
                try {
                        targetMapper =
-                               new ServiceProviderMapper(parser.getDocument().getDocumentElement(), configuration, credentials, nameMapper);
+                               new ServiceProviderMapper(
+                                       parser.getDocument().getDocumentElement(),
+                                       configuration,
+                                       credentials,
+                                       nameMapper);
                } catch (ServiceProviderMapperException e) {
                        log.error("Could not load origin configuration: " + e);
                        throw new HSConfigurationException("Could not load origin configuration.");
@@ -271,9 +275,18 @@ public class HandleServlet extends HttpServlet {
                                        relyingParty,
                                        relyingParty.getIdentityProvider());
 
-                       //Print out something better here
-                       //log.info("Issued Handle (" + handle + ") to (" + username +
-                       // ")");
+                       String authenticationMethod = req.getHeader("SAMLAuthenticationMethod");
+                       if (authenticationMethod == null || authenticationMethod.equals("")) {
+                               authenticationMethod =
+                                       relyingParty.getConfigProperty(
+                                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod");
+                               log.debug(
+                                       "User was authenticated via the default method for this relying party ("
+                                               + authenticationMethod
+                                               + ").");
+                       } else {
+                               log.debug("User was authenticated via the method (" + authenticationMethod + ").");
+                       }
 
                        //TODO decide what to do about authMethod
                        byte[] buf =
@@ -282,7 +295,7 @@ public class HandleServlet extends HttpServlet {
                                        nameId,
                                        req.getParameter("shire"),
                                        req.getRemoteAddr(),
-                                       relyingParty.getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod"));
+                                       authenticationMethod);
 
                        createForm(req, res, buf);
 
index 4bbb9aa..dc0d836 100644 (file)
@@ -24,6 +24,7 @@
                                                        <xs:attribute name="providerId" type="xs:anyURI" use="optional"/>
                                                        <xs:attribute name="signingCredential" type="xs:string" use="optional"/>
                                                        <xs:attribute name="name" type="xs:string" use="required"/>
+                                                       <xs:attribute name="defaultAuthMethod" type="xs:string" use="optional"/>
                                                </xs:complexType>
                                        </xs:element>
                                </xs:sequence>
@@ -42,6 +43,7 @@
                        <xs:attribute name="passThruErrors" type="xs:boolean" use="optional" default="false"/>
                        <xs:attribute name="providerId" type="xs:anyURI" use="required"/>
                        <xs:attribute name="defaultRelyingParty" type="xs:anyURI" use="required"/>
+                       <xs:attribute name="defaultAuthMethod" type="xs:string" use="optional" default="urn:oasis:names:tc:SAML:1.0:am:unspecified"/>
                </xs:complexType>
        </xs:element>
 </xs:schema>