[SIDP-432] - Set explicit caching headers on redirects
[SIDP-435] - Different principal used for index into session storage and transient ID
[SIDP-436] - Null AuthnContextClassRef causes NPE
+[SIDP-438] - Improve user experience when switching versions of SAML
[SIDP-443] - Profile handlers override encoder nameQualifier setting
[SIDP-447] - Fix for SIDP-417 missed RemoteUserLoginHandler
[SIDP-450] - NPE with AttributeQueryProfile when there are errors resolving attributes
import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.ShibbolethSSOConfiguration;
import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
import edu.internet2.middleware.shibboleth.idp.authn.ShibbolethSSOLoginContext;
+import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
/** Shibboleth SSO request profile handler. */
HttpServletResponse httpResponse = ((HttpServletResponseAdapter) outTransport).getWrappedResponse();
ServletContext servletContext = httpRequest.getSession().getServletContext();
- ShibbolethSSOLoginContext loginContext = (ShibbolethSSOLoginContext) HttpServletHelper.getLoginContext(
+ LoginContext loginContext = HttpServletHelper.getLoginContext(
getStorageService(), servletContext, httpRequest);
- if (loginContext == null) {
+ if (loginContext == null || !(loginContext instanceof ShibbolethSSOLoginContext)) {
log.debug("Incoming request does not contain a login context, processing as first leg of request");
performAuthentication(inTransport, outTransport);
} else if (loginContext.isPrincipalAuthenticated() || loginContext.getAuthenticationFailure() != null) {
log.debug("Incoming request contains a login context, processing as second leg of request");
HttpServletHelper.unbindLoginContext(getStorageService(), servletContext, httpRequest, httpResponse);
- completeAuthenticationRequest(loginContext, inTransport, outTransport);
+ completeAuthenticationRequest((ShibbolethSSOLoginContext)loginContext, inTransport, outTransport);
} else {
log.debug("Incoming request contained a login context but principal was not authenticated, processing as first leg of request");
performAuthentication(inTransport, outTransport);
import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
import edu.internet2.middleware.shibboleth.idp.authn.PassiveAuthenticationException;
import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
+import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
import edu.internet2.middleware.shibboleth.idp.session.Session;
import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
HttpServletResponse httpResponse = ((HttpServletResponseAdapter) outTransport).getWrappedResponse();
ServletContext servletContext = httpRequest.getSession().getServletContext();
- Saml2LoginContext loginContext = (Saml2LoginContext) HttpServletHelper.getLoginContext(getStorageService(),
+ LoginContext loginContext = HttpServletHelper.getLoginContext(getStorageService(),
servletContext, httpRequest);
- if (loginContext == null) {
+ if (loginContext == null || !(loginContext instanceof Saml2LoginContext)) {
log.debug("Incoming request does not contain a login context, processing as first leg of request");
performAuthentication(inTransport, outTransport);
} else if (loginContext.isPrincipalAuthenticated() || loginContext.getAuthenticationFailure() != null) {
log.debug("Incoming request contains a login context, processing as second leg of request");
HttpServletHelper.unbindLoginContext(getStorageService(), servletContext, httpRequest, httpResponse);
- completeAuthenticationRequest(loginContext, inTransport, outTransport);
+ completeAuthenticationRequest((Saml2LoginContext)loginContext, inTransport, outTransport);
} else {
log.debug("Incoming request contained a login context but principal was not authenticated, processing as first leg of request");
performAuthentication(inTransport, outTransport);
projects / java-idp.git / commitdiff