SAML auth method can be set by site, overriden by relying party, or overriden by...

author wassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)

committer wassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)
author wassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)
committer wassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)
diff --git a/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java b/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java

index 096f5c9..fba922e 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
+++ b/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
@@ -268,6 +268,14 @@ public class ServiceProviderMapper {
                                 partyOverrides.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
                         }
  
+                       attribute = ((Element) partyConfig).getAttribute("defaultAuthMethod");
+                       if (attribute != null && !attribute.equals("")) {
+                               log.debug("Overriding defaultAuthMethod for Relying Pary (" + name + ") with (" + attribute + ").");
+                               partyOverrides.setProperty(
+                                       "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+                                       attribute);
+                       }
+
                         identityProvider =
                                 new RelyingPartyIdentityProvider(
                                         getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
diff --git a/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java b/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java

index 69d126e..9d6c7a0 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java
+++ b/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java
@@ -79,12 +79,6 @@ public class ShibbolethOriginConfig {
                 properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username", "REMOTE_USER");
                 //TODO need a way to set this, remember to test for number format
                 properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.maxThreads", "5");
-               //TODO need a way to set this
-               properties.setProperty(
-                       "edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod",
-                       SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);
-
-               //TODO default relying party group
  
                 log.debug("Loading global configuration properties.");
  
@@ -94,13 +88,15 @@ public class ShibbolethOriginConfig {
                         throw new HSConfigurationException("Required configuration not specified.");
                 }
                 properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId", attribute);
-               
+
                 attribute = ((Element) config).getAttribute("defaultRelyingParty");
                 if (attribute == null || attribute.equals("")) {
                         log.error("Global providerId not set.  Add a (defaultRelyingParty) attribute to <ShibbolethOriginConfig>.");
                         throw new HSConfigurationException("Required configuration not specified.");
                 }
-               properties.setProperty("edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty", attribute);
+               properties.setProperty(
+                       "edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty",
+                       attribute);
  
                 attribute = ((Element) config).getAttribute("AAUrl");
                 if (attribute == null || attribute.equals("")) {
@@ -109,6 +105,14 @@ public class ShibbolethOriginConfig {
                 }
                 properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
  
+               attribute = ((Element) config).getAttribute("defaultAuthMethod");
+               if (attribute == null || attribute.equals("")) {
+                       properties.setProperty(
+                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+                               "urn:oasis:names:tc:SAML:1.0:am:unspecified");
+               }
+               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod", attribute);
+
                 if (log.isDebugEnabled()) {
                         ByteArrayOutputStream debugStream = new ByteArrayOutputStream();
                         PrintStream debugPrinter = new PrintStream(debugStream);
diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java b/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java

index afe97ea..190d704 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
+++ b/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
@@ -157,7 +157,11 @@ public class HandleServlet extends HttpServlet {
                 //Load relying party config
                 try {
                         targetMapper =
-                               new ServiceProviderMapper(parser.getDocument().getDocumentElement(), configuration, credentials, nameMapper);
+                               new ServiceProviderMapper(
+                                       parser.getDocument().getDocumentElement(),
+                                       configuration,
+                                       credentials,
+                                       nameMapper);
                 } catch (ServiceProviderMapperException e) {
                         log.error("Could not load origin configuration: " + e);
                         throw new HSConfigurationException("Could not load origin configuration.");
@@ -271,9 +275,18 @@ public class HandleServlet extends HttpServlet {
                                         relyingParty,
                                         relyingParty.getIdentityProvider());
  
-                       //Print out something better here
-                       //log.info("Issued Handle (" + handle + ") to (" + username +
-                       // ")");
+                       String authenticationMethod = req.getHeader("SAMLAuthenticationMethod");
+                       if (authenticationMethod == null || authenticationMethod.equals("")) {
+                               authenticationMethod =
+                                       relyingParty.getConfigProperty(
+                                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod");
+                               log.debug(
+                                       "User was authenticated via the default method for this relying party ("
+                                               + authenticationMethod
+                                               + ").");
+                       } else {
+                               log.debug("User was authenticated via the method (" + authenticationMethod + ").");
+                       }
  
                         //TODO decide what to do about authMethod
                         byte[] buf =
@@ -282,7 +295,7 @@ public class HandleServlet extends HttpServlet {
                                         nameId,
                                         req.getParameter("shire"),
                                         req.getRemoteAddr(),
-                                       relyingParty.getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod"));
+                                       authenticationMethod);
  
                         createForm(req, res, buf);
  
diff --git a/src/schemas/origin.xsd b/src/schemas/origin.xsd

index 4bbb9aa..dc0d836 100644 (file)
--- a/src/schemas/origin.xsd
+++ b/src/schemas/origin.xsd
@@ -24,6 +24,7 @@
                                                         <xs:attribute name="providerId" type="xs:anyURI" use="optional"/>
                                                         <xs:attribute name="signingCredential" type="xs:string" use="optional"/>
                                                         <xs:attribute name="name" type="xs:string" use="required"/>
+                                                       <xs:attribute name="defaultAuthMethod" type="xs:string" use="optional"/>
                                                 </xs:complexType>
                                         </xs:element>
                                 </xs:sequence>
@@ -42,6 +43,7 @@
                         <xs:attribute name="passThruErrors" type="xs:boolean" use="optional" default="false"/>
                         <xs:attribute name="providerId" type="xs:anyURI" use="required"/>
                         <xs:attribute name="defaultRelyingParty" type="xs:anyURI" use="required"/>
+                       <xs:attribute name="defaultAuthMethod" type="xs:string" use="optional" default="urn:oasis:names:tc:SAML:1.0:am:unspecified"/>
                 </xs:complexType>
         </xs:element>
  </xs:schema>
author	wassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)
committer	wassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Tue, 27 Jan 2004 05:43:15 +0000 (05:43 +0000)
src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java		patch \| blob \| history
src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java		patch \| blob \| history
src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java		patch \| blob \| history
src/schemas/origin.xsd		patch \| blob \| history