Deal with case when AuthnRequest does not include a NameIDPolicy - SIDP-400

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2939 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index f27488c..af9ebaa 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -338,15 +338,17 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
      */
     protected void checkNameIDPolicy(SSORequestContext requestContext) throws ProfileException {
         AuthnRequest request = requestContext.getInboundSAMLMessage();
+
         NameIDPolicy nameIdPolcy = request.getNameIDPolicy();
-        String spNameQualifier = null;
-        if (nameIdPolcy != null) {
-            spNameQualifier = DatatypeHelper.safeTrimOrNullString(nameIdPolcy.getSPNameQualifier());
-            if (spNameQualifier == null) {
-                return;
-            }
+        if (nameIdPolcy == null) {
+            return;
         }
-
+        
+        String spNameQualifier = DatatypeHelper.safeTrimOrNullString(nameIdPolcy.getSPNameQualifier());
+        if (spNameQualifier == null) {
+            return;
+        }
+        
         log.debug("Checking if message issuer is a member of affiliation '{}'", spNameQualifier);
         try {
             EntityDescriptor affiliation = getMetadataProvider().getEntityDescriptor(spNameQualifier);