https://bugs.internet2.edu/jira/browse/SIDP-342

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2892 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/doc/RELEASE-NOTES.txt b/doc/RELEASE-NOTES.txt
index b6661c1..36e2fcd 100644 (file)
--- a/doc/RELEASE-NOTES.txt
+++ b/doc/RELEASE-NOTES.txt
@@ -1,6 +1,7 @@
 Changes in Release 2.1.4
 =============================================
 [SIDP-340] - Default tc-config.xml causes TCNonPortableObjectError
+[SIDP-342] - NameIdentifier encoder mix-up when the SP doesn't support the first NameIdentifier format
 [SIDP-348] - Remove Terracotta Configuration from IdP Install
 [SIDP-249] - LoginContext is not removed from StorageService after Authentication Completes
 [SIDP-351] - Attribute resolution errors shouldn't prevent valid authn statement being returned

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
index 8c23354..89685cc 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
@@ -385,7 +385,7 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
 
         BaseAttribute<?> nameIdAttribute = null;
         SAML1NameIdentifierEncoder nameIdEncoder = null;
-        for (BaseAttribute<?> attribute : principalAttributes.values()) {
+        ATTRIBUTESELECT: for (BaseAttribute<?> attribute : principalAttributes.values()) {
             if (attribute == null) {
                 continue;
             }
@@ -397,26 +397,21 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
                     nameIdEncoder = (SAML1NameIdentifierEncoder) encoder;
                     if (supportedNameFormats.isEmpty() || supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
                         nameIdAttribute = attribute;
-                        break;
+                        break ATTRIBUTESELECT;
                     }
                 }
             }
         }
 
         if (nameIdAttribute == null || nameIdEncoder == null) {
-            log
-                    .debug(
-                            "No attributes for principal '{}' supports encoding into a supported NameIdentifier format for relying party '{}'",
+            log.debug("No attributes for principal '{}' supports encoding into a supported NameIdentifier format for relying party '{}'",
                             requestContext.getPrincipalName(), requestContext.getInboundMessageIssuer());
             return null;
         }
 
         try {
-            log
-                    .debug(
-                            "Using attribute '{}' supporting name format '{}' to create the NameIdentifier for relying party '{}'",
-                            new Object[] { nameIdAttribute.getId(), nameIdEncoder.getNameFormat(),
-                                    requestContext.getInboundMessageIssuer() });
+            log.debug("Using attribute '{}' supporting name format '{}' to create the NameIdentifier for relying party '{}'",
+                            new Object[] { nameIdAttribute.getId(), nameIdEncoder.getNameFormat(), requestContext.getInboundMessageIssuer(), });
             return nameIdEncoder.encode(nameIdAttribute);
         } catch (AttributeEncodingException e) {
             requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Unable to encode NameIdentifier"));

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
index 70ff9ab..60de211 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
@@ -867,7 +867,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
 
         Map<String, BaseAttribute> principalAttributes = requestContext.getAttributes();
         if (principalAttributes != null) {
-            for (BaseAttribute<?> attribute : principalAttributes.values()) {
+            ATTRIBUTESELECT: for (BaseAttribute<?> attribute : principalAttributes.values()) {
                 if (attribute == null) {
                     continue;
                 }
@@ -884,14 +884,14 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                             if (nameIdEncoder.getNameFormat().equals(requiredNameFormat)) {
                                 nameIdAttribute = attribute;
                                 nameIdEncoder = (SAML2NameIDEncoder) encoder;
-                                break;
+                                break ATTRIBUTESELECT;
                             }
                         } else {
                             if (supportedNameFormats.isEmpty()
                                     || supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
                                 nameIdAttribute = attribute;
                                 nameIdEncoder = (SAML2NameIDEncoder) encoder;
-                                break;
+                                break ATTRIBUTESELECT;
                             }
                         }
                     }