fix order problem that caused name identifier construction to occur before attribute...

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2311 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
index 7883665..f58129e 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -199,10 +199,12 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
                 throw new ProfileException("User failed authentication");
             }
 
-            AuthenticationStatement authnStatement = buildAuthenticationStatement(requestContext);
+            //TODO currently attribute query must come first in order to get the principal's attributes, fix this
             AttributeStatement attributeStatement = buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:bearer");
+            AuthenticationStatement authnStatement = buildAuthenticationStatement(requestContext);
             
             ArrayList<Statement> statements = new ArrayList<Statement>();
+            //TODO make this more effecient
             statements.add(authnStatement);
             if (requestContext.getProfileConfiguration().includeAttributeStatement()) {
                 statements.add(attributeStatement);