Check to make sure principal is authenticated if they have a login context and are...

author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Mon, 13 Sep 2010 12:59:26 +0000 (12:59 +0000)

committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Mon, 13 Sep 2010 12:59:26 +0000 (12:59 +0000)
author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 13 Sep 2010 12:59:26 +0000 (12:59 +0000)
committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 13 Sep 2010 12:59:26 +0000 (12:59 +0000)
diff --git a/doc/RELEASE-NOTES.txt b/doc/RELEASE-NOTES.txt

index 71a8703..27c8382 100644 (file)
--- a/doc/RELEASE-NOTES.txt
+++ b/doc/RELEASE-NOTES.txt
@@ -1,5 +1,6 @@
  Changes in Release 2.2.0
  =============================================
+[SIDP-409] - Pass IdP w/o authenticating
  [SIDP-407] - Shibboleth SSO profile handler sets incorrect protocol string in outbound message context
  [SIDP-402] - Update 3rd party libraries for 2.2 release
  [SIDP-397] - Remove any unit test that won't be fixed in the 2.X branch, fix the rest
diff --git a/src/installer/resources/conf-tmpl/logging.xml b/src/installer/resources/conf-tmpl/logging.xml

index 9799fc9..3fe2db6 100644 (file)
--- a/src/installer/resources/conf-tmpl/logging.xml
+++ b/src/installer/resources/conf-tmpl/logging.xml
@@ -63,19 +63,7 @@
  
          <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
              <charset>UTF-8</charset>
-            <!-- General logging pattern -->
              <Pattern>%date{HH:mm:ss.SSS} - %level [%logger:%line] - %msg%n</Pattern>
-            
-            <!-- 
-                Two MDC variables are available for authenticated users: 'idpSessionID' and 'principalName'. 
-                You may include these the data in the logging pattern by means of %mdc{NAME}
-                You may include the thread ID by means of %t
-            -->
-            <!-- Example logging pattern using thread ID and principal name -->
-            <!--
-            <Pattern>%date{HH:mm:ss.SSS} - %level [%logger:%line] - [%t:%mdc{principalName}] - %msg%n</Pattern>
-             -->
-            
          </encoder>
      </appender>
    
diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java

index f6a3dc3..3cc003d 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -123,6 +123,9 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
          if (loginContext == null) {
              log.debug("Incoming request does not contain a login context, processing as first leg of request");
              performAuthentication(inTransport, outTransport);
+        }else if(!loginContext.isPrincipalAuthenticated()){
+            log.debug("Incoming request contained a login context but principal was not authenticated, processing as first leg of request");
+            performAuthentication(inTransport, outTransport);            
          } else {
              log.debug("Incoming request contains a login context, processing as second leg of request");
              HttpServletHelper.unbindLoginContext(getStorageService(), servletContext, httpRequest, httpResponse);
diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java

index 37191b6..5d90567 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -155,6 +155,9 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
          if (loginContext == null) {
              log.debug("Incoming request does not contain a login context, processing as first leg of request");
              performAuthentication(inTransport, outTransport);
+        }else if(!loginContext.isPrincipalAuthenticated()){
+            log.debug("Incoming request contained a login context but principal was not authenticated, processing as first leg of request");
+            performAuthentication(inTransport, outTransport);            
          } else {
              log.debug("Incoming request contains a login context, processing as second leg of request");
              HttpServletHelper.unbindLoginContext(getStorageService(), servletContext, httpRequest, httpResponse);
author	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Mon, 13 Sep 2010 12:59:26 +0000 (12:59 +0000)
committer	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Mon, 13 Sep 2010 12:59:26 +0000 (12:59 +0000)
doc/RELEASE-NOTES.txt		patch \| blob \| history
src/installer/resources/conf-tmpl/logging.xml		patch \| blob \| history
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java		patch \| blob \| history
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java		patch \| blob \| history