Moved supported name format determination code up into base SAML profile class
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 15 Mar 2008 07:17:51 +0000 (07:17 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 15 Mar 2008 07:17:51 +0000 (07:17 +0000)
Treat unspec format appearing in the metadata to mean "any" just as if it had appeared in a NameIDPolicy
No longer need unspec encoders in resolver

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2696 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/attribute-resolver.xml
src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
src/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java

index 990010a..b239192 100644 (file)
         <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
             nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
             
-        <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
-
         <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
             nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
 
-        <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
     </resolver:AttributeDefinition>
 
     <!-- ========================================== -->
index 74c2199..ea883bf 100644 (file)
@@ -239,6 +239,7 @@ public class AuthenticationEngine extends HttpServlet {
             supportedLoginHandler = supportedLoginHandlerItr.next();
             if (!(supportedLoginHandler.getKey().equals(PreviousSessionLoginHandler.PREVIOUS_SESSION_AUTHN_METHOD))
                     && !loginContext.getRequestedAuthenticationMethods().contains(supportedLoginHandler.getKey())) {
+// treat no req method as any
                 supportedLoginHandlerItr.remove();
                 continue;
             }
index 0e8876d..c507ea0 100644 (file)
@@ -16,6 +16,7 @@
 
 package edu.internet2.middleware.shibboleth.idp.profile;
 
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 
@@ -24,8 +25,15 @@ import javax.servlet.http.HttpServletRequest;
 import org.opensaml.common.IdentifierGenerator;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
+import org.opensaml.saml1.core.NameIdentifier;
+import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
+import org.opensaml.saml2.metadata.AuthnAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.PDPDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
@@ -392,6 +400,64 @@ public abstract class AbstractSAMLProfileHandler extends
     }
 
     /**
+     * Gets the name identifier formats to use when creating identifiers for the relying party.
+     * 
+     * @param requestContext current request context
+     * 
+     * @return list of formats that may be used with the relying party, or an empty list for no preference
+     * 
+     * @throws ProfileException thrown if there is a problem determining the name identifier format to use
+     */
+    protected List<String> getNameFormats(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        ArrayList<String> nameFormats = new ArrayList<String>();
+
+        RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
+        if (relyingPartyRole != null) {
+            List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
+            if (relyingPartySupportedFormats != null && !relyingPartySupportedFormats.isEmpty()) {
+                nameFormats.addAll(relyingPartySupportedFormats);
+            }
+        }
+
+        // If metadata contains the unspecified name format this means that any are supported
+        if (nameFormats.contains(NameIdentifier.UNSPECIFIED)) {
+            nameFormats.clear();
+        }
+
+        return nameFormats;
+    }
+
+    /**
+     * Gets the list of name identifier formats supported for a given role.
+     * 
+     * @param role the role to get the list of supported name identifier formats
+     * 
+     * @return list of supported name identifier formats
+     */
+    protected List<String> getEntitySupportedFormats(RoleDescriptor role) {
+        List<NameIDFormat> nameIDFormats = null;
+
+        if (role instanceof SSODescriptor) {
+            nameIDFormats = ((SSODescriptor) role).getNameIDFormats();
+        } else if (role instanceof AuthnAuthorityDescriptor) {
+            nameIDFormats = ((AuthnAuthorityDescriptor) role).getNameIDFormats();
+        } else if (role instanceof PDPDescriptor) {
+            nameIDFormats = ((PDPDescriptor) role).getNameIDFormats();
+        } else if (role instanceof AttributeAuthorityDescriptor) {
+            nameIDFormats = ((AttributeAuthorityDescriptor) role).getNameIDFormats();
+        }
+
+        ArrayList<String> supportedFormats = new ArrayList<String>();
+        if (nameIDFormats != null) {
+            for (NameIDFormat format : nameIDFormats) {
+                supportedFormats.add(format.getFormat());
+            }
+        }
+
+        return supportedFormats;
+    }
+
+    /**
      * Populates the request context with the information about the user if they have an existing session. Unless
      * overridden, {@link #populateRequestContext(BaseSAMLProfileRequestContext)} has already invoked
      * {@link #populateRelyingPartyInformation(BaseSAMLProfileRequestContext)},
index a7fc133..2df02b2 100644 (file)
@@ -16,7 +16,6 @@
 
 package edu.internet2.middleware.shibboleth.idp.profile.saml1;
 
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -46,13 +45,8 @@ import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml1.core.StatusMessage;
 import org.opensaml.saml1.core.Subject;
 import org.opensaml.saml1.core.SubjectConfirmation;
-import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
-import org.opensaml.saml2.metadata.AuthnAuthorityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.PDPDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SSODescriptor;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.XMLObjectBuilder;
 import org.opensaml.xml.io.Marshaller;
@@ -399,60 +393,6 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
     }
 
     /**
-     * Gets the NameIdentifier format to use when creating NameIdentifiers for the relying party.
-     * 
-     * @param requestContext current request context
-     * 
-     * @return list of formats that may be used with the relying party, or an empty list for no preference
-     * 
-     * @throws ProfileException thrown if there is a problem determining the NameIdentifier format to use
-     */
-    protected List<String> getNameFormats(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext)
-            throws ProfileException {
-        ArrayList<String> nameFormats = new ArrayList<String>();
-
-        RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
-        if (relyingPartyRole != null) {
-            List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
-            if (relyingPartySupportedFormats != null && !relyingPartySupportedFormats.isEmpty()) {
-                nameFormats.addAll(relyingPartySupportedFormats);
-            }
-        }
-
-        return nameFormats;
-    }
-
-    /**
-     * Gets the list of NameIdentifier formats supported for a given role.
-     * 
-     * @param role the role to get the list of supported NameIdentifier formats
-     * 
-     * @return list of supported NameIdentifier formats
-     */
-    protected List<String> getEntitySupportedFormats(RoleDescriptor role) {
-        List<NameIDFormat> nameIDFormats = null;
-
-        if (role instanceof SSODescriptor) {
-            nameIDFormats = ((SSODescriptor) role).getNameIDFormats();
-        } else if (role instanceof AuthnAuthorityDescriptor) {
-            nameIDFormats = ((AuthnAuthorityDescriptor) role).getNameIDFormats();
-        } else if (role instanceof PDPDescriptor) {
-            nameIDFormats = ((PDPDescriptor) role).getNameIDFormats();
-        } else if (role instanceof AttributeAuthorityDescriptor) {
-            nameIDFormats = ((AttributeAuthorityDescriptor) role).getNameIDFormats();
-        }
-
-        ArrayList<String> supportedFormats = new ArrayList<String>();
-        if (nameIDFormats != null) {
-            for (NameIDFormat format : nameIDFormats) {
-                supportedFormats.add(format.getFormat());
-            }
-        }
-
-        return supportedFormats;
-    }
-
-    /**
      * Constructs an SAML response message carrying a request error.
      * 
      * @param requestContext current request context containing the failure status
index d8190e8..71e137b 100644 (file)
@@ -807,61 +807,6 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
     }
 
     /**
-     * Gets the NameID format to use when creating NameIDs for the relying party.
-     * 
-     * @param requestContext current request context
-     * 
-     * @return list of formats that may be used with the relying party, or an empty list for no preference
-     * 
-     * @throws ProfileException thrown if there is a problem determining the NameID format to use
-     */
-    protected List<String> getNameFormats(BaseSAML2ProfileRequestContext<?, ?, ?> requestContext)
-            throws ProfileException {
-        ArrayList<String> nameFormats = new ArrayList<String>();
-
-        // Determine SP-supported formats.
-        RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
-        if (relyingPartyRole != null) {
-            List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
-            if (relyingPartySupportedFormats != null && !relyingPartySupportedFormats.isEmpty()) {
-                nameFormats.addAll(relyingPartySupportedFormats);
-            }
-        }
-
-        return nameFormats;
-    }
-
-    /**
-     * Gets the list of NameID formats supported for a given role.
-     * 
-     * @param role the role to get the list of supported NameID formats
-     * 
-     * @return list of supported NameID formats
-     */
-    protected List<String> getEntitySupportedFormats(RoleDescriptor role) {
-        List<NameIDFormat> nameIDFormats = null;
-
-        if (role instanceof SSODescriptor) {
-            nameIDFormats = ((SSODescriptor) role).getNameIDFormats();
-        } else if (role instanceof AuthnAuthorityDescriptor) {
-            nameIDFormats = ((AuthnAuthorityDescriptor) role).getNameIDFormats();
-        } else if (role instanceof PDPDescriptor) {
-            nameIDFormats = ((PDPDescriptor) role).getNameIDFormats();
-        } else if (role instanceof AttributeAuthorityDescriptor) {
-            nameIDFormats = ((AttributeAuthorityDescriptor) role).getNameIDFormats();
-        }
-
-        ArrayList<String> supportedFormats = new ArrayList<String>();
-        if (nameIDFormats != null) {
-            for (NameIDFormat format : nameIDFormats) {
-                supportedFormats.add(format.getFormat());
-            }
-        }
-
-        return supportedFormats;
-    }
-
-    /**
      * Constructs an SAML response message carrying a request error.
      * 
      * @param requestContext current request context