SIDP-483: Log Completed, Unencrypted SAML Assertion
authorputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 15 Apr 2011 00:50:57 +0000 (00:50 +0000)
committerputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 15 Apr 2011 00:50:57 +0000 (00:50 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@3016 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

doc/RELEASE-NOTES.txt
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java

index b1a0b73..d9409c5 100644 (file)
@@ -17,6 +17,7 @@ Changes in Release 2.3.0
 [SIDP-478] - ECP profile support
 [SIDP-480] - Update POM to add plugin versions, use / publish to Shib.net Repo, and attach generated source and Javadocs
 [SIDP-482] - JSP pages should HTML-encode any strings they handle
+[SIDP-483] - Log Completed, Unencrypted SAML Assertion
 
 Changes in Release 2.2.1
 =============================================
index 8fe2e54..c61d043 100644 (file)
@@ -74,8 +74,10 @@ import org.opensaml.xml.signature.SignatureException;
 import org.opensaml.xml.signature.Signer;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.opensaml.xml.util.Pair;
+import org.opensaml.xml.util.XMLHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.w3c.dom.Element;
 
 import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
@@ -265,10 +267,20 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
             postProcessAssertion(requestContext, assertion);
 
             signAssertion(requestContext, assertion);
-
+            
             if (isEncryptAssertion(requestContext)) {
-                log.debug("Attempting to encrypt assertion to relying party '{}'",
-                        requestContext.getInboundMessageIssuer());
+                if (log.isDebugEnabled()) {
+                    log.debug("Attempting to encrypt assertion to relying party '{}'",
+                            requestContext.getInboundMessageIssuer());
+                    try {
+                        Element assertionDOM = 
+                            Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
+                        log.debug("Assertion to be encrypted is:\n{}", XMLHelper.prettyPrintXML(assertionDOM)); 
+                    } catch (MarshallingException e) {
+                        log.warn("Error attempting to marshall Assertion for debug log", e);
+                    }
+                }
+
                 try {
                     Encrypter encrypter = getEncrypter(requestContext.getInboundMessageIssuer());
                     samlResponse.getEncryptedAssertions().add(encrypter.encrypt(assertion));