Don't send attribute authority hint to service providers unless they are old shib...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 12 Apr 2004 18:46:58 +0000 (18:46 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 12 Apr 2004 18:46:58 +0000 (18:46 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@967 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java

index d774147..8a6cab0 100644 (file)
@@ -246,13 +246,17 @@ public class HandleServlet extends TargetFederationComponent {
        protected byte[] generateAssertion(HSRelyingParty relyingParty, SAMLNameIdentifier nameId, String shireURL,
                        String clientAddress, String authType) throws SAMLException, IOException {
 
-               SAMLAuthorityBinding binding = new SAMLAuthorityBinding(SAMLBinding.SAML_SOAP_HTTPS, relyingParty.getAAUrl()
-                               .toString(), new QName(org.opensaml.XML.SAMLP_NS, "AttributeQuery"));
-
-               SAMLResponse r = postProfile.prepare(shireURL, relyingParty, nameId, clientAddress, authType, new Date(System
-                               .currentTimeMillis()), Collections.singleton(binding));
-
-               return r.toBase64();
+               if (relyingParty.isLegacyProvider()) {
+                       //For compatibility with pre-1.2 shibboleth targets, include a pointer to the AA
+                       SAMLAuthorityBinding binding = new SAMLAuthorityBinding(SAMLBinding.SAML_SOAP_HTTPS, relyingParty.getAAUrl()
+                                       .toString(), new QName(org.opensaml.XML.SAMLP_NS, "AttributeQuery"));
+                       return postProfile.prepare(shireURL, relyingParty, nameId, clientAddress, authType, new Date(System
+                                       .currentTimeMillis()), Collections.singleton(binding)).toBase64();
+               
+               } else {
+                       return postProfile.prepare(shireURL, relyingParty, nameId, clientAddress, authType, new Date(System
+                                       .currentTimeMillis()), null).toBase64();
+               }
        }
 
        protected void createForm(HttpServletRequest req, HttpServletResponse res, byte[] buf) throws IOException,