[SIDP-285] - Use $IDP_SCOPE$ to populate IdP scope in conf-tmpl\attribute-resolver.xml
[SIDP-291] - Update libs for 2.1.3 release
[SIDP-292] - login.jsp: wrong using of the attribute rowspan within the tag <td>
+[SIDP-296] - Make LoginContext / IdP Session availabe through the public API
[SIDP-306] - Remove ClientCertAuth rule from SAML 2 SSO SecurityPolicy in relying-party.xml
[SIDP-310] - Change default relying-party.xml settings for SAML 2 profiles' encryptNameIds parameter from "conditional" to "never"
[SIDP-315] - Credential provided by UsernamePasswordLogin handler as attribute
* @param httpResponse current HTTP response
*/
public static void returnToProfileHandler(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
- LOG.debug("Returning control to login handler");
- LoginContext loginContext = HttpServletHelper.unbindLoginContext(storageService, context, httpRequest,
- httpResponse);
+ LOG.debug("Returning control to profile handler");
+ LoginContext loginContext = HttpServletHelper.getLoginContext(storageService, context, httpRequest);
if (loginContext == null) {
LOG.warn("No login context available, unable to return to profile handler");
forwardRequest("/idp-error.jsp", httpRequest, httpResponse);
* @param httpRequest the current HTTP request
* @param httpResponse the current HTTP response
*/
- public static void bindLoginContext(LoginContext loginContext,
- StorageService storageService, ServletContext context,
- HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
+ public static void bindLoginContext(LoginContext loginContext, StorageService storageService,
+ ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
if (storageService == null) {
throw new IllegalArgumentException("Storage service may not be null");
}
*
* @return the login context or null if none is available
*/
- public static LoginContext getLoginContext(StorageService storageService,
- ServletContext context, HttpServletRequest httpRequest) {
+ public static LoginContext getLoginContext(StorageService storageService, ServletContext context,
+ HttpServletRequest httpRequest) {
if (storageService == null) {
throw new IllegalArgumentException("Storage service may not be null");
}
}
/**
+ * Gets the user session from the request. Retrieving the session in this manner does NOT update the last activity
+ * time of the session.
+ *
+ * @param httpRequest current request
+ *
+ * @return the users session, if one exists
+ */
+ public static Session getUserSession(HttpServletRequest httpRequest) {
+ return (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+ }
+
+ /**
* Unbinds a {@link LoginContext} from the current request. The unbinding results in the destruction of the
* associated context key cookie and removes the context from the storage service.
*
*
* @return the login context that was unbound or null if there was no bound context
*/
- public static LoginContext unbindLoginContext(StorageService storageService,
- ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
+ public static LoginContext unbindLoginContext(StorageService storageService, ServletContext context,
+ HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
if (storageService == null || context == null || httpRequest == null || httpResponse == null) {
return null;
}
}
return null;
}
-
- // public static Session getUserSession(ServletContext context, HttpServletRequest request) {
- //
- // }
- //
- // public static Session getUserSession(ServletContext context, String sessionId) {
- //
- // }
}
\ No newline at end of file
<filter-mapping>
<filter-name>IdPSessionFilter</filter-name>
- <url-pattern>/profile/*</url-pattern>
+ <url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Profile Request Dispatcher -->
<%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginContext" %>
+<%@ page import="edu.internet2.middleware.shibboleth.idp.session.*" %>
<%@ page import="edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper" %>
<%@ page import="org.opensaml.saml2.metadata.*" %>
<%
- LoginContext loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
- application, request);
- EntityDescriptor entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(),
- HttpServletHelper.getRelyingPartyConfirmationManager(application));
+ LoginContext loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
+ application, request);
+
+ EntityDescriptor entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(),
+ HttpServletHelper.getRelyingPartyConfirmationManager(application));
+
+ Session userSession = HttpServletHelper.getUserSession(request);
%>
<html>
<body>
<img src="<%= request.getContextPath() %>/images/logo.jpg" />
- <h2>Shibboleth Identity Provider Login to <%= entityDescriptor.getEntityID() %></h2>
+ <h2>Shibboleth Identity Provider Login to Service Provider <%= entityDescriptor.getEntityID() %></h2>
+ <p>
+ Existing Session: <%= userSession != null %><br/>
+ Requested Authentication Methods: <%= loginContext.getRequestedAuthenticationMethods() %><br/>
+ Attempting Authentication Method: <%= loginContext.getAttemptedAuthnMethod() %> <br/>
+ Is Forced Authentication: <%= loginContext.isForceAuthRequired() %><br/>
+ </p>
<% if ("true".equals(request.getAttribute("loginFailed"))) { %>
<p><font color="red">Authentication Failed</font></p>