Profile handlers override encoder nameQualifier setting

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2974 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/doc/RELEASE-NOTES.txt b/doc/RELEASE-NOTES.txt
index cbf4b8d..369e9dd 100644 (file)
--- a/doc/RELEASE-NOTES.txt
+++ b/doc/RELEASE-NOTES.txt
@@ -10,6 +10,7 @@ Changes in Release 2.2.1
 [SIDP-434] - More Typos in Default attribute-resolver.xml
 [SIDP-432] - Set explicit caching headers on redirects
 [SIDP-436] - Null AuthnContextClassRef causes NPE
+[SIDP-443] - Profile handlers override encoder nameQualifier setting
 [SIDP-447] - Fix for SIDP-417 missed RemoteUserLoginHandler
 [SIDP-450] - NPE with AttributeQueryProfile when there are errors resolving attributes
 [SIDP-453] - Session inactivity timeout being treated as a hard expiration time

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
index 4125766..db0a600 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
@@ -382,7 +382,9 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
                             new Object[] { nameIdAttribute.getId(), nameIdEncoder.getNameFormat(),
                                     requestContext.getInboundMessageIssuer(), });
             NameIdentifier nameId = nameIdEncoder.encode(nameIdAttribute);
-            nameId.setNameQualifier(requestContext.getRelyingPartyConfiguration().getProviderId());
+            if (nameId.getNameQualifier() == null) {
+                nameId.setNameQualifier(requestContext.getRelyingPartyConfiguration().getProviderId());
+            }
             return nameId;
         } catch (AttributeEncodingException e) {
             requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Unable to encode NameIdentifier"));

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
index 9e29035..b2719e8 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
@@ -840,7 +840,9 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
         try {
             // build the actual NameID
             NameID nameId = nameIdEncoder.encode(nameIdAttribute);
-            nameId.setNameQualifier(requestContext.getRelyingPartyConfiguration().getProviderId());
+            if (nameId.getNameQualifier() == null) {
+                nameId.setNameQualifier(requestContext.getRelyingPartyConfiguration().getProviderId());
+            }
             return nameId;
         } catch (AttributeEncodingException e) {
             log.error("Unable to encode NameID attribute", e);