Probably don't want to return an attribute statement with a failed authentication

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2569 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
index c1b2e55..9b1244b 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -236,6 +236,7 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
                 log.error("User authentication failed with the following error: {}", loginContext
                         .getAuthenticationFailure().toString());
                 requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "User failed authentication"));
+                throw new ProfileException("Authentication failure", loginContext.getAuthenticationFailure());
             }
 
             resolveAttributes(requestContext);

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index 5d1a2ab..4c7ff7f 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -219,6 +219,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
                     requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI,
                             null));
                 }
+                throw new ProfileException("Authentication failure", loginContext.getAuthenticationFailure());
             }
 
             if (requestContext.getSubjectNameIdentifier() != null) {