import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
-import org.joda.time.chrono.ISOChronology;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.util.URLBuilder;
import org.opensaml.util.storage.StorageService;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import edu.internet2.middleware.shibboleth.common.session.SessionManager;
import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
supportedLoginHandlerEntry = supportedLoginHandlerItr.next();
if (!supportedLoginHandlerEntry.getKey().equals(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX)
&& !requestedMethods.contains(supportedLoginHandlerEntry.getKey())) {
- LOG.debug("Filtering out login handler for authentication {}, it does not provide a requested authentication method",
+ LOG
+ .debug(
+ "Filtering out login handler for authentication {}, it does not provide a requested authentication method",
supportedLoginHandlerEntry.getKey());
supportedLoginHandlerItr.remove();
}
}
/**
- * Filters out the previous session login handler if there is no existing IdP session, no active authentication
- * methods, or if at least one of the active authentication methods do not match the requested authentication
+ * Filters out the previous session login handler if there is no existing IdP session, no active authentication
+ * methods, or if at least one of the active authentication methods do not match the requested authentication
* methods.
*
* @param supportedLoginHandlers login handlers supported by the authentication engine for this request, never null
* @param idpSession current IdP session, may be null if no session currently exists
* @param loginContext current login context, never null
*/
- protected void filterPreviousSessionLoginHandler(Map<String, LoginHandler> supportedLoginHandlers,
+ protected void filterPreviousSessionLoginHandler(Map<String, LoginHandler> supportedLoginHandlers,
Session idpSession, LoginContext loginContext) {
- if(!supportedLoginHandlers.containsKey(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX)){
+ if (!supportedLoginHandlers.containsKey(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX)) {
return;
}
-
+
if (idpSession == null) {
LOG.debug("Filtering out previous session login handler because there is no existing IdP session");
supportedLoginHandlers.remove(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX);
}
}
if (currentAuthnMethods.isEmpty()) {
- LOG.debug("Filtering out previous session login handler because there are no active authentication methods");
+ LOG
+ .debug("Filtering out previous session login handler because there are no active authentication methods");
supportedLoginHandlers.remove(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX);
return;
}
}
if (!retainPreviousSession) {
- LOG.debug("Filtering out previous session login handler, no active authentication methods match required methods");
+ LOG
+ .debug("Filtering out previous session login handler, no active authentication methods match required methods");
supportedLoginHandlers.remove(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX);
return;
}
loginHandler = loginHandlers.get(activeMethod.getAuthenticationMethod());
if (loginHandler != null && !loginHandler.supportsForceAuthentication()) {
for (String handlerSupportedMethods : loginHandler.getSupportedAuthenticationMethods()) {
- LOG.debug("Removing LoginHandler {}, it does not support forced re-authentication", loginHandler.getClass().getName());
+ LOG.debug("Removing LoginHandler {}, it does not support forced re-authentication", loginHandler
+ .getClass().getName());
loginHandlers.remove(handlerSupportedMethods);
}
}
}
}
-
/**
* Selects a login handler from a list of possible login handlers that could be used for the request.
*
}
}
}
-// possibleLoginHandlers.remove(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX);
-// if (possibleLoginHandlers.isEmpty()) {
-// LOG.info("No authentication mechanism available for use with relying party '{}'", loginContext
-// .getRelyingPartyId());
-// throw new AuthenticationException();
-// }
+ // possibleLoginHandlers.remove(AuthnContext.PREVIOUS_SESSION_AUTHN_CTX);
+ // if (possibleLoginHandlers.isEmpty()) {
+ // LOG.info("No authentication mechanism available for use with relying party '{}'", loginContext
+ // .getRelyingPartyId());
+ // throw new AuthenticationException();
+ // }
if (loginContext.getDefaultAuthenticationMethod() != null
&& possibleLoginHandlers.containsKey(loginContext.getDefaultAuthenticationMethod())) {
if (actualAuthnMethod != null) {
if (!loginContext.getRequestedAuthenticationMethods().isEmpty()
&& !loginContext.getRequestedAuthenticationMethods().contains(actualAuthnMethod)) {
- String msg = MessageFormatter
- .format(
- "Relying patry required an authentication method of '{}' but the login handler performed '{}'",
- loginContext.getRequestedAuthenticationMethods(), actualAuthnMethod);
+ String msg = "Relying patry required an authentication method of "
+ + loginContext.getRequestedAuthenticationMethods() + " but the login handler performed "
+ + actualAuthnMethod;
LOG.error(msg);
throw new AuthenticationException(msg);
}
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
"Client failed IP address authentication");
}
} catch (UnknownHostException e) {
- String msg = MessageFormatter.format("Unable to resolve {} in to an IP address", httpRequest
- .getRemoteAddr());
+ String msg = "Unable to resolve " + httpRequest.getRemoteAddr() + " in to an IP address";
log.warn(msg);
httpRequest.setAttribute(LoginHandler.AUTHENTICATION_ERROR_KEY, msg);
}
protected <T extends SAMLNameIdentifierEncoder> Pair<BaseAttribute, T> selectNameIDAttributeAndEncoderByRequiredFormat(
String requiredNameFormat, Class<T> nameIdEncoderType, BaseSAMLProfileRequestContext requestContext)
throws ProfileException {
- String requiredNameFormatErr = MessageFormatter.format(
- "No attribute of principal '{}' can be encoded in to a NameIdentifier of "
- + "required format '{}' for relying party '{}'", new Object[] {
- requestContext.getPrincipalName(), requiredNameFormat,
- requestContext.getInboundMessageIssuer(), });
+ String requiredNameFormatErr = "No attribute of principal '" + requestContext.getPrincipalName()
+ + "' can be encoded in to a NameIdentifier of " + "required format '" + requiredNameFormat
+ + "' for relying party '" + requestContext.getInboundMessageIssuer() + "'";
Map<String, BaseAttribute> principalAttributes = requestContext.getAttributes();
if (principalAttributes == null || principalAttributes.isEmpty()) {
nameIdAttributeAndEncoder = selectNameIDAttributeAndEncoder(nameIdEncoderType, principalAttributes,
supportedNameFormats);
if (nameIdAttributeAndEncoder == null) {
- log.debug( "No attributes for principal '{}' support encoding into a supported name identifier format for relying party '{}'",
+ log
+ .debug(
+ "No attributes for principal '{}' support encoding into a supported name identifier format for relying party '{}'",
requestContext.getPrincipalName(), requestContext.getInboundMessageIssuer());
}
import org.opensaml.xml.util.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
"Required NameIdentifier format not supported"));
throw e;
}
-
- if(nameIdAttributeAndEncoder == null){
+
+ if (nameIdAttributeAndEncoder == null) {
return null;
}
return nameId;
} catch (AttributeEncodingException e) {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Unable to encode NameIdentifier"));
- String msg = MessageFormatter.format("Unable to encode NameIdentifier for relying party '{}'",
- requestContext.getInboundMessageIssuer());
+ String msg = "Unable to encode NameIdentifier for relying party "
+ + requestContext.getInboundMessageIssuer();
log.error(msg, e);
throw new ProfileException(msg, e);
}
return statment;
} catch (AttributeRequestException e) {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error resolving attributes"));
- String msg = MessageFormatter.format("Error encoding attributes for principal '{}'", requestContext
- .getPrincipalName());
+ String msg = "Error encoding attributes for principal " + requestContext.getPrincipalName();
log.error(msg, e);
throw new ProfileException(msg, e);
}
} catch (AttributeRequestException e) {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, StatusCode.REQUEST_DENIED,
"Error resolving principal"));
- String msg = MessageFormatter.arrayFormat(
- "Error resolving principal name for SAML request from relying party '{}'. Cause: {}", new Object[] {
- requestContext.getInboundMessageIssuer(), e.getMessage() });
+ String msg = "Error resolving principal name for SAML request from relying party '"
+ + requestContext.getInboundMessageIssuer() + "'. Cause: " + e.getMessage();
log.warn(msg);
throw new ProfileException(msg, e);
}
}
if (signatureCredential == null) {
- String msg = MessageFormatter.format(
- "No signing credential is specified for relying party configuration '{}'", requestContext
- .getRelyingPartyConfiguration().getProviderId());
+ String msg = "No signing credential is specified for relying party configuration "
+ + requestContext.getRelyingPartyConfiguration().getProviderId();
log.warn(msg);
throw new ProfileException(msg);
}
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
try {
if (requestContext.getProfileConfiguration() == null) {
- String msg = MessageFormatter.format(
- "SAML 1 Artifact resolution profile is not configured for relying party '{}'", requestContext
- .getInboundMessageIssuer());
+ String msg = "SAML 1 Artifact resolution profile is not configured for relying party "
+ + requestContext.getInboundMessageIssuer();
requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS, StatusCode.REQUEST_DENIED, msg));
log.warn(msg);
throw new ProfileException(msg);
protected void decodeRequest(ArtifactResolutionRequestContext requestContext, HTTPInTransport inTransport,
HTTPOutTransport outTransport) throws ProfileException {
if (log.isDebugEnabled()) {
- log.debug("Decoding message with decoder binding '{}'",
- getInboundMessageDecoder(requestContext).getBindingURI());
+ log.debug("Decoding message with decoder binding '{}'", getInboundMessageDecoder(requestContext)
+ .getBindingURI());
}
requestContext.setCommunicationProfileId(getProfileId());
List<AssertionArtifact> assertionArtifacts = request.getAssertionArtifacts();
if (assertionArtifacts == null || assertionArtifacts.size() == 0) {
- String msg = MessageFormatter.format("No AssertionArtifacts available in request from relying party '{}'",
- requestContext.getInboundMessageIssuer());
+ String msg = "No AssertionArtifacts available in request from relying party "
+ + requestContext.getInboundMessageIssuer();
log.warn(msg);
throw new ProfileException(msg);
}
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import edu.internet2.middleware.shibboleth.common.ShibbolethConstants;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
loginContext.setDefaultAuthenticationMethod(rpConfig.getDefaultAuthenticationMethod());
ProfileConfiguration ssoConfig = rpConfig.getProfileConfiguration(ShibbolethSSOConfiguration.PROFILE_ID);
if (ssoConfig == null) {
- String msg = MessageFormatter.format("Shibboleth SSO profile is not configured for relying party '{}'",
- loginContext.getRelyingPartyId());
+ String msg = "Shibboleth SSO profile is not configured for relying party "
+ + loginContext.getRelyingPartyId();
log.warn(msg);
throw new ProfileException(msg);
}
import org.opensaml.xml.util.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
}
} catch (AttributeRequestException e) {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error resolving attributes"));
- String msg = MessageFormatter.format("Error encoding attributes for principal '{}'", requestContext
- .getPrincipalName());
+ String msg = "Error encoding attributes for principal " + requestContext.getPrincipalName();
log.error(msg, e);
throw new ProfileException(msg, e);
}
if (profileConfiguration == null) {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.REQUEST_DENIED_URI,
"Error resolving principal"));
- String msg = MessageFormatter.format(
- "Unable to resolve principal, no SAML 2 profile configuration for relying party '{}'",
- requestContext.getInboundMessageIssuer());
+ String msg = "Unable to resolve principal, no SAML 2 profile configuration for relying party "
+ + requestContext.getInboundMessageIssuer();
log.warn(msg);
throw new ProfileException(msg);
}
} catch (AttributeRequestException e) {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.UNKNOWN_PRINCIPAL_URI,
"Error resolving principal"));
- String msg = MessageFormatter.arrayFormat(
- "Error resolving principal name for SAML request '{}' from relying party '{}'. Cause: {}", new Object[]{requestContext
- .getInboundSAMLMessageId(), requestContext.getInboundMessageIssuer(),e.getMessage()});
+ String msg = "Error resolving principal name for SAML request '" + requestContext.getInboundSAMLMessageId()
+ + "' from relying party '" + requestContext.getInboundMessageIssuer() + "'. Cause: "
+ + e.getMessage();
log.warn(msg);
throw new ProfileException(msg, e);
}
}
if (signatureCredential == null) {
- String msg = MessageFormatter.format(
- "No signing credential is specified for relying party configuration '{}'", requestContext
- .getRelyingPartyConfiguration().getProviderId());
+ String msg = "No signing credential is specified for relying party configuration "
+ + requestContext.getRelyingPartyConfiguration().getProviderId();
log.warn(msg);
throw new ProfileException(msg);
}
|| (requestContext.getProfileConfiguration().getEncryptNameID() == CryptoOperationRequirementLevel.conditional && !encoder
.providesMessageConfidentiality(requestContext));
} catch (MessageEncodingException e) {
- String msg = MessageFormatter.format(
- "Unable to determine if outbound encoding '{}' provides message confidentiality protection",
- encoder.getBindingURI());
+ String msg = "Unable to determine if outbound encoding '" + encoder.getBindingURI()
+ + "' provides message confidentiality protection";
log.error(msg);
throw new ProfileException(msg);
}
"Required NameID format not supported"));
throw e;
}
-
- if(nameIdAttributeAndEncoder == null){
+
+ if (nameIdAttributeAndEncoder == null) {
return null;
}
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
decodeRequest(requestContext, inTransport, outTransport);
if (requestContext.getProfileConfiguration() == null) {
- String msg = MessageFormatter.format(
- "SAML 2 Attribute Query profile is not configured for relying party '{}'", requestContext
- .getInboundMessage());
+ String msg = "SAML 2 Attribute Query profile is not configured for relying party "
+ + requestContext.getInboundMessage();
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.REQUEST_DENIED_URI,
msg));
log.warn(msg);
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.slf4j.helpers.MessageFormatter;
import org.w3c.dom.Element;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
throws ProfileException {
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
HttpServletResponse httpResponse = ((HttpServletResponseAdapter) outTransport).getWrappedResponse();
-
+
SSORequestContext requestContext = new SSORequestContext();
try {
RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
ProfileConfiguration ssoConfig = rpConfig.getProfileConfiguration(getProfileId());
if (ssoConfig == null) {
- String msg = MessageFormatter.format("SAML 2 SSO profile is not configured for relying party '{}'",
- requestContext.getInboundMessageIssuer());
+ String msg = "SAML 2 SSO profile is not configured for relying party "
+ + requestContext.getInboundMessageIssuer();
log.warn(msg);
throw new ProfileException(msg);
}
HttpServletHelper.bindLoginContext(loginContext, getStorageService(), httpRequest.getSession()
.getServletContext(), httpRequest, httpResponse);
-
+
URLBuilder urlBuilder = HttpServletHelper.getServletContextUrl(httpRequest);
urlBuilder.setPath(urlBuilder.getPath() + authenticationManagerPath);
String authnEngineUrl = urlBuilder.buildURL();
requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER_URI, StatusCode.INVALID_NAMEID_POLICY_URI,
"Invalid SPNameQualifier for this request"));
- throw new ProfileException(MessageFormatter.format(
- "Relying party '{}' is not a member of the affiliation '{}'", requestContext
- .getInboundMessageIssuer(), spNameQualifier));
+ throw new ProfileException("Relying party '" + requestContext.getInboundMessageIssuer()
+ + "' is not a member of the affiliation " + spNameQualifier);
} catch (MetadataProviderException e) {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Internal service error"));
log.error("Error looking up metadata for affiliation", e);
- throw new ProfileException(MessageFormatter.format(
- "Relying party '{}' is not a member of the affiliation '{}'", requestContext
- .getInboundMessageIssuer(), spNameQualifier));
+ throw new ProfileException("Relying party '" + requestContext.getInboundMessageIssuer()
+ + "' is not a member of the affiliation " + spNameQualifier);
}
}
projects / java-idp.git / commitdiff