[SIDP-247] - Log Exception in UP LoginHandler Servlet
[SIDP-263] - Suggest adding defaultSigningCredentialRef to the AnonymousRelyingParty element in the default config
[SIDP-261] - IPAddressLoginHandler addresses comparasion fails
-[SIDP-265] - Distinguish requested AuthMethod and default AuthMethod
+[SIDP-265] - Distinguish requested AuthMethod and default AuthMethod
+[SIDP-271] - AuthenticationEngine doesn't correctly handle passive return from login servlet
[SIDP-276] - Example RDB Connector, quote principal
[SIDP-277] - Incorrect null check for request context in UsernamePasswordServlet
[SIDP-279] - IdP should log NameID for auditing
*
* After a successful authentication has been completed the handler <strong>MUST</strong> either:
* <ul>
- * <li>Bind a {@link javax.security.auth.Subject} to the attribute identified by {@link #SUBJECT_KEY} if one was
- * created during the authentication process. The principals, public, and private credentials from this subject will be
- * merged with those in the {@link javax.security.auth.Subject} within the
+ * <li>Bind a {@link javax.security.auth.Subject} to the attribute identified by {@link #SUBJECT_KEY} if one was created
+ * during the authentication process. The principals, public, and private credentials from this subject will be merged
+ * with those in the {@link javax.security.auth.Subject} within the
* {@link edu.internet2.middleware.shibboleth.idp.session.Session}.</li>
- * <li>Bind a {@link java.security.Principal} for the user to the request attribute identified by
- * {@link #PRINCIPAL_KEY}. Such a {@link java.security.Principal} <strong>MUST</strong> implement
- * {@link java.io.Serializable}. This principal will be added to the {@link javax.security.auth.Subject} within the
+ * <li>Bind a {@link java.security.Principal} for the user to the request attribute identified by {@link #PRINCIPAL_KEY}
+ * . Such a {@link java.security.Principal} <strong>MUST</strong> implement {@link java.io.Serializable}. This principal
+ * will be added to the {@link javax.security.auth.Subject} within the
* {@link edu.internet2.middleware.shibboleth.idp.session.Session}.</li>
- * <li>Bind a principal name string to the request attribute identified by {@link #PRINCIPAL_NAME_KEY}. In this case
- * the {@link AuthenticationEngine} will create a {@link java.security.Principal} object of type
+ * <li>Bind a principal name string to the request attribute identified by {@link #PRINCIPAL_NAME_KEY}. In this case the
+ * {@link AuthenticationEngine} will create a {@link java.security.Principal} object of type
* {@link edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal} and add that to the
* {@link javax.security.auth.Subject} within the {@link edu.internet2.middleware.shibboleth.idp.session.Session}.</li>
* </ul>
* <li>Bind a URI string, representing the authentication method actually used, to a request attribute identified by
* {@link #AUTHENTICATION_METHOD_KEY}. This may be used if a handler is capable of performing multiple types of
* authentication.</li>
- * <li>bind an error message, if an error occurred during authentication to the request attribute identified by
+ * <li>Bind an error message, if an error occurred during authentication to the request attribute identified by
* {@link LoginHandler#AUTHENTICATION_ERROR_KEY}.</li>
+ * <li>Bind a {@link AuthenticationException}, if an exception occurred during authentication to the request attribute
+ * identified by {@link LoginHandler#AUTHENTICATION_EXCEPTION_KEY}.</li>
* </ul>
*
* Finally, the handler must return control to the authentication engine by invoking
/** Request attribute to which an error message may be bound. */
public static final String AUTHENTICATION_ERROR_KEY = "authnError";
+ /** Request attribute to which an {@link AuthenticationException} may be bound. */
+ public static final String AUTHENTICATION_EXCEPTION_KEY = "authnException";
+
/**
* Gets the list of authentication methods this handler supports.
*
projects / java-idp.git / commitdiff