Add initial (ineffecient) support for flag to turn off attribute pushing

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2308 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
index 026d1b1..7883665 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -35,6 +35,7 @@ import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.BasicEndpointSelector;
 import org.opensaml.common.binding.BindingException;
 import org.opensaml.common.binding.encoding.MessageEncoder;
+import org.opensaml.saml1.core.AttributeStatement;
 import org.opensaml.saml1.core.AuthenticationStatement;
 import org.opensaml.saml1.core.Request;
 import org.opensaml.saml1.core.Response;
@@ -198,11 +199,13 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
                 throw new ProfileException("User failed authentication");
             }
 
+            AuthenticationStatement authnStatement = buildAuthenticationStatement(requestContext);
+            AttributeStatement attributeStatement = buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:bearer");
+            
             ArrayList<Statement> statements = new ArrayList<Statement>();
-            statements.add(buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:bearer "));
-            statements.add(buildAuthenticationStatement(requestContext));
+            statements.add(authnStatement);
             if (requestContext.getProfileConfiguration().includeAttributeStatement()) {
-                // TODO support this
+                statements.add(attributeStatement);
             }
 
             samlResponse = buildResponse(requestContext, statements);

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index 9dcea39..6a47578 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -46,7 +46,6 @@ import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Statement;
 import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -232,8 +231,10 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             
             ArrayList<Statement> statements = new ArrayList<Statement>();
             statements.add(authnStatement);
-            //TODO optional include this
-            statements.add(attributeStatement);
+            //TODO this isn't very effecient, support this flag better
+            if(requestContext.getProfileConfiguration().includeAttributeStatement()){
+                statements.add(attributeStatement);
+            }
 
             samlResponse = buildResponse(requestContext, "urn:oasis:names:tc:SAML:2.0:cm:bearer", statements);
         } catch (ProfileException e) {