Some cleanups on the protocol handler interface. More flesh on the Shib v1 SSO handler.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 11 Mar 2005 05:19:31 +0000 (05:19 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 11 Mar 2005 05:19:31 +0000 (05:19 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1288 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/IdPProtocolHandler.java
src/edu/internet2/middleware/shibboleth/idp/IdPProtocolSupport.java
src/edu/internet2/middleware/shibboleth/idp/IdPResponder.java
src/edu/internet2/middleware/shibboleth/idp/provider/SAMLv1_1ArtifactQueryHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/SAMLv1_AttributeQueryHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/ShibbolethV1SSOHandler.java

index 2359ae6..fcad4f6 100644 (file)
@@ -44,6 +44,5 @@ public interface IdPProtocolHandler {
        public String getHandlerName();
 
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
        public String getHandlerName();
 
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
-                       SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, InvalidClientDataException,
-                       IOException, ServletException;
-}
+                       SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, IOException, ServletException;
+}
\ No newline at end of file
index e513f5f..094be7f 100644 (file)
@@ -64,14 +64,14 @@ import edu.internet2.middleware.shibboleth.metadata.SPSSODescriptor;
  */
 public class IdPProtocolSupport implements Metadata {
 
  */
 public class IdPProtocolSupport implements Metadata {
 
-       private static Logger log = Logger.getLogger(IdPProtocolSupport.class.getName());
-       private Logger transactionLog;
-       private IdPConfig config;
-       private ArrayList fedMetadata = new ArrayList();
-       private NameMapper nameMapper;
-       private ServiceProviderMapper spMapper;
-       private ArpEngine arpEngine;
-       private AttributeResolver resolver;
+       private static Logger                   log                     = Logger.getLogger(IdPProtocolSupport.class.getName());
+       private Logger                                  transactionLog;
+       private IdPConfig                               config;
+       private ArrayList                               fedMetadata     = new ArrayList();
+       private NameMapper                              nameMapper;
+       private ServiceProviderMapper   spMapper;
+       private ArpEngine                               arpEngine;
+       private AttributeResolver               resolver;
 
        IdPProtocolSupport(IdPConfig config, Logger transactionLog, NameMapper nameMapper, ServiceProviderMapper spMapper,
                        ArpEngine arpEngine, AttributeResolver resolver) {
 
        IdPProtocolSupport(IdPConfig config, Logger transactionLog, NameMapper nameMapper, ServiceProviderMapper spMapper,
                        ArpEngine arpEngine, AttributeResolver resolver) {
@@ -87,8 +87,8 @@ public class IdPProtocolSupport implements Metadata {
 
        public static void validateEngineData(HttpServletRequest req) throws InvalidClientDataException {
 
 
        public static void validateEngineData(HttpServletRequest req) throws InvalidClientDataException {
 
-               if ((req.getRemoteUser() == null) || (req.getRemoteUser().equals(""))) { throw new InvalidClientDataException(
-                               "Unable to authenticate remote user"); }
+               //TODO this should be pulled out into handlers
+
                if ((req.getRemoteAddr() == null) || (req.getRemoteAddr().equals(""))) { throw new InvalidClientDataException(
                                "Unable to obtain client address."); }
        }
                if ((req.getRemoteAddr() == null) || (req.getRemoteAddr().equals(""))) { throw new InvalidClientDataException(
                                "Unable to obtain client address."); }
        }
@@ -263,4 +263,4 @@ public class IdPProtocolSupport implements Metadata {
                resolver.destroy();
                arpEngine.destroy();
        }
                resolver.destroy();
                arpEngine.destroy();
        }
-}
+}
\ No newline at end of file
index 5951965..90d89ad 100644 (file)
@@ -75,14 +75,14 @@ import edu.internet2.middleware.shibboleth.metadata.MetadataException;
 
 public class IdPResponder extends HttpServlet {
 
 
 public class IdPResponder extends HttpServlet {
 
-       private static Logger transactionLog = Logger.getLogger("Shibboleth-TRANSACTION");
-       private static Logger log = Logger.getLogger(IdPResponder.class.getName());
-       private static Random idgen = new Random();
-       private SAMLBinding binding;
-       private Semaphore throttle;
-       private IdPConfig configuration;
-       private HashMap protocolHandlers = new HashMap();
-       private IdPProtocolSupport protocolSupport;
+       private static Logger           transactionLog          = Logger.getLogger("Shibboleth-TRANSACTION");
+       private static Logger           log                                     = Logger.getLogger(IdPResponder.class.getName());
+       private static Random           idgen                           = new Random();
+       private SAMLBinding                     binding;
+       private Semaphore                       throttle;
+       private IdPConfig                       configuration;
+       private HashMap                         protocolHandlers        = new HashMap();
+       private IdPProtocolSupport      protocolSupport;
 
        /*
         * @see javax.servlet.GenericServlet#init()
 
        /*
         * @see javax.servlet.GenericServlet#init()
@@ -206,28 +206,27 @@ public class IdPResponder extends HttpServlet {
 
                MDC.put("serviceId", "[IdP] " + idgen.nextInt());
                MDC.put("remoteAddr", request.getRemoteAddr());
 
                MDC.put("serviceId", "[IdP] " + idgen.nextInt());
                MDC.put("remoteAddr", request.getRemoteAddr());
-               log.debug("Recieved a request via GET.");
+               log.debug("Recieved a request via GET for endpoint (" + request.getRequestURI() + ").");
 
                try {
                        // TODO this throttle should probably just wrap signing operations...
                        throttle.enter();
 
 
                try {
                        // TODO this throttle should probably just wrap signing operations...
                        throttle.enter();
 
-                       // Determine which protocol we are responding to (at this point, Shibv1 vs. EAuth)
-                       IdPProtocolHandler activeHandler = null;
-                       activeHandler = (IdPProtocolHandler) protocolHandlers.get(request.getRequestURI());
-
-                       if (activeHandler == null) { throw new InvalidClientDataException(
-                                       "The request did not contain sufficient parameter data to determine the protocol."); }
+                       // Determine which protocol we are responding to (at this point normally Shibv1 vs. EAuth)
+                       IdPProtocolHandler activeHandler = (IdPProtocolHandler) protocolHandlers.get(request.getRequestURI());
+                       if (activeHandler == null) {
+                               log.error("No protocol handler registered for endpoint (" + request.getRequestURI() + ").");
+                               throw new SAMLException("Request submitted to an invalid endpoint.");
+                       }
 
                        // Pass request to the appropriate handler
                        log.info("Processing " + activeHandler.getHandlerName() + " request.");
 
                        // Pass request to the appropriate handler
                        log.info("Processing " + activeHandler.getHandlerName() + " request.");
-                       activeHandler.processRequest(request, response, null, protocolSupport);
+                       if (activeHandler.processRequest(request, response, null, protocolSupport) != null) {
+                               // This shouldn't happen unless somebody configures a protocol handler incorrectly
+                               log.error("Protocol Handler returned a SAML Response, but there is no binding to handle it.");
+                               throw new SAMLException(SAMLException.RESPONDER, "General error processing request.");
+                       }
 
 
-                       // TODO hmmm... there is kind of an assupmtion here that we don't get a response... how to handle?
-               } catch (InvalidClientDataException ex) {
-                       log.error(ex);
-                       displayBrowserError(request, response, ex);
-                       return;
                } catch (SAMLException ex) {
                        log.error(ex);
                        displayBrowserError(request, response, ex);
                } catch (SAMLException ex) {
                        log.error(ex);
                        displayBrowserError(request, response, ex);
@@ -245,7 +244,7 @@ public class IdPResponder extends HttpServlet {
 
                MDC.put("serviceId", "[IdP] " + idgen.nextInt());
                MDC.put("remoteAddr", request.getRemoteAddr());
 
                MDC.put("serviceId", "[IdP] " + idgen.nextInt());
                MDC.put("remoteAddr", request.getRemoteAddr());
-               log.debug("Recieved a request via POST.");
+               log.debug("Recieved a request via POST for endpoint (" + request.getRequestURI() + ").");
 
                // Parse SOAP request and marshall SAML request object
                SAMLRequest samlRequest = null;
 
                // Parse SOAP request and marshall SAML request object
                SAMLRequest samlRequest = null;
@@ -273,43 +272,27 @@ public class IdPResponder extends HttpServlet {
                        }
 
                        // Determine which protocol handler is active for this endpoint
                        }
 
                        // Determine which protocol handler is active for this endpoint
-                       IdPProtocolHandler activeHandler = null;
-                       activeHandler = (IdPProtocolHandler) protocolHandlers.get(request.getRequestURI());
+                       IdPProtocolHandler activeHandler = (IdPProtocolHandler) protocolHandlers.get(request.getRequestURI());
                        if (activeHandler == null) {
                        if (activeHandler == null) {
-                               log.fatal("No protocol handler registered for endpoint (" + request.getRequestURI() + ").");
-                               throw new SAMLException("Invalid request endpoint.");
+                               log.error("No protocol handler registered for endpoint (" + request.getRequestURI() + ").");
+                               throw new SAMLException("Request submitted to an invalid endpoint.");
                        }
 
                        // Pass request to the appropriate handler and respond
                        log.info("Processing " + activeHandler.getHandlerName() + " request.");
                        }
 
                        // Pass request to the appropriate handler and respond
                        log.info("Processing " + activeHandler.getHandlerName() + " request.");
-                       try {
-                               SAMLResponse samlResponse = activeHandler.processRequest(request, response, samlRequest,
-                                               protocolSupport);
-                               binding.respond(response, samlResponse, null);
 
 
-                       } catch (InvalidClientDataException e1) {
-                               // TODO throw SAML Exception here
-                               e1.printStackTrace();
-                       }
+                       SAMLResponse samlResponse = activeHandler.processRequest(request, response, samlRequest, protocolSupport);
+                       binding.respond(response, samlResponse, null);
 
                } catch (SAMLException e) {
 
                } catch (SAMLException e) {
-                       log.error("Error while processing request: " + e);
-                       try {
-                               // TODO pass thru SAML Exception
-                               sendSAMLFailureResponse(response, samlRequest, new SAMLException(SAMLException.RESPONDER,
-                                               "General error processing request."));
-                               return;
-                       } catch (Exception ee) {
-                               log.fatal("Could not construct a SAML error response: " + ee);
-                               throw new ServletException("Identity Provider response failure.");
-                       }
+                       sendFailureToSAMLBinding(response, samlRequest, e);
                }
                }
-
        }
 
        }
 
-       private void sendSAMLFailureResponse(HttpServletResponse httpResponse, SAMLRequest samlRequest,
-                       SAMLException exception) throws IOException {
+       private void sendFailureToSAMLBinding(HttpServletResponse httpResponse, SAMLRequest samlRequest,
+                       SAMLException exception) throws ServletException {
 
 
+               log.error("Error while processing request: " + exception);
                try {
                        SAMLResponse samlResponse = new SAMLResponse((samlRequest != null) ? samlRequest.getId() : null, null,
                                        null, exception);
                try {
                        SAMLResponse samlResponse = new SAMLResponse((samlRequest != null) ? samlRequest.getId() : null, null,
                                        null, exception);
@@ -331,7 +314,12 @@ public class IdPResponder extends HttpServlet {
                                binding.respond(httpResponse, null, exception);
                        } catch (SAMLException e) {
                                log.error("Caught exception while responding to requester: " + e.getMessage());
                                binding.respond(httpResponse, null, exception);
                        } catch (SAMLException e) {
                                log.error("Caught exception while responding to requester: " + e.getMessage());
-                               httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Error while responding.");
+                               try {
+                                       httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Error while responding.");
+                               } catch (IOException ee) {
+                                       log.fatal("Could not construct a SAML error response: " + ee);
+                                       throw new ServletException("Identity Provider response failure.");
+                               }
                        }
                        log.error("Identity Provider failed to make an error message: " + se);
                }
                        }
                        log.error("Identity Provider failed to make an error message: " + se);
                }
@@ -348,7 +336,7 @@ public class IdPResponder extends HttpServlet {
 
        private class Semaphore {
 
 
        private class Semaphore {
 
-               private int value;
+               private int     value;
 
                public Semaphore(int value) {
 
 
                public Semaphore(int value) {
 
@@ -378,7 +366,7 @@ public class IdPResponder extends HttpServlet {
 
 class FederationProviderFactory {
 
 
 class FederationProviderFactory {
 
-       private static Logger log = Logger.getLogger(FederationProviderFactory.class.getName());
+       private static Logger   log     = Logger.getLogger(FederationProviderFactory.class.getName());
 
        public static Metadata loadProvider(Element e) throws MetadataException {
 
 
        public static Metadata loadProvider(Element e) throws MetadataException {
 
index 45fc12a..888dcf7 100644 (file)
@@ -48,7 +48,6 @@ import edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMappe
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
-import edu.internet2.middleware.shibboleth.idp.InvalidClientDataException;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 
 /**
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 
 /**
@@ -62,7 +61,7 @@ public class SAMLv1_1ArtifactQueryHandler extends BaseServiceHandler implements
        private static Logger   log     = Logger.getLogger(SAMLv1_1ArtifactQueryHandler.class.getName());
 
        SAMLv1_1ArtifactQueryHandler() throws ShibbolethConfigurationException {
        private static Logger   log     = Logger.getLogger(SAMLv1_1ArtifactQueryHandler.class.getName());
 
        SAMLv1_1ArtifactQueryHandler() throws ShibbolethConfigurationException {
-
+               //TODO move the mapper out into protocol support
                artifactMapper = new MemoryArtifactMapper();
        }
 
                artifactMapper = new MemoryArtifactMapper();
        }
 
@@ -81,8 +80,7 @@ public class SAMLv1_1ArtifactQueryHandler extends BaseServiceHandler implements
         *      javax.servlet.http.HttpServletResponse, edu.internet2.middleware.shibboleth.idp.ProtocolSupport)
         */
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
         *      javax.servlet.http.HttpServletResponse, edu.internet2.middleware.shibboleth.idp.ProtocolSupport)
         */
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
-                       SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, InvalidClientDataException,
-                       IOException, ServletException {
+                       SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, IOException, ServletException {
 
                log.info("Recieved a request to dereference an assertion artifact.");
 
 
                log.info("Recieved a request to dereference an assertion artifact.");
 
index 49e2683..9b98f11 100644 (file)
@@ -63,7 +63,6 @@ import edu.internet2.middleware.shibboleth.common.RelyingParty;
 import edu.internet2.middleware.shibboleth.common.ShibBrowserProfile;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
 import edu.internet2.middleware.shibboleth.common.ShibBrowserProfile;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
-import edu.internet2.middleware.shibboleth.idp.InvalidClientDataException;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 
 /**
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 
 /**
@@ -135,8 +134,7 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
         *      edu.internet2.middleware.shibboleth.idp.ProtocolSupport)
         */
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
         *      edu.internet2.middleware.shibboleth.idp.ProtocolSupport)
         */
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
-                       SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, InvalidClientDataException,
-                       IOException, ServletException {
+                       SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, IOException, ServletException {
 
                // TODO negate this and throw an error if it isn't
                if (samlRequest.getQuery() != null && (samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
 
                // TODO negate this and throw an error if it isn't
                if (samlRequest.getQuery() != null && (samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
@@ -323,6 +321,11 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                        e.printStackTrace();
                }
 
                        e.printStackTrace();
                }
 
+               /*
+                * this needs to go in here for no passthru sendSAMLFailureResponse(response, samlRequest, new
+                * SAMLException(SAMLException.RESPONDER, "General error processing request."));
+                */
+
                // TODO not NULL!!!
                return null;
 
                // TODO not NULL!!!
                return null;
 
index 523e7ef..6605a16 100644 (file)
@@ -1,9 +1,28 @@
 /*
 /*
- * Created on Mar 10, 2005
- *
- * TODO To change the template for this generated file go to
- * Window - Preferences - Java - Code Generation - Code and Comments
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
  */
+
 package edu.internet2.middleware.shibboleth.idp.provider;
 
 import java.io.IOException;
 package edu.internet2.middleware.shibboleth.idp.provider;
 
 import java.io.IOException;
@@ -48,184 +67,172 @@ import edu.internet2.middleware.shibboleth.metadata.Endpoint;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.SPSSODescriptor;
 
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.SPSSODescriptor;
 
-
 /**
  * @author Walter Hoehn
  */
 public class ShibbolethV1SSOHandler implements IdPProtocolHandler {
 
 /**
  * @author Walter Hoehn
  */
 public class ShibbolethV1SSOHandler implements IdPProtocolHandler {
 
-       private static Logger log = Logger.getLogger(ShibbolethV1SSOHandler.class.getName());
-
-       /*
-        * (non-Javadoc)
-        * 
-        * @see edu.internet2.middleware.shibboleth.idp.IdPResponder.ProtocolHandler#validForRequest(javax.servlet.http.HttpServletRequest)
-        */
-       // TODO move this into the process method
-       boolean validForRequest(HttpServletRequest request) {
-
-               if (request.getParameter("target") != null && !request.getParameter("target").equals("")
-                               && request.getParameter("shire") != null && !request.getParameter("shire").equals("")) {
-                       log.debug("Found (target) and (shire) parameters.  Request "
-                                       + "appears to be valid for the Shibboleth v1 profile.");
-                       return true;
-               } else {
-                       return false;
-               }
-       }
+       private static Logger   log     = Logger.getLogger(ShibbolethV1SSOHandler.class.getName());
 
        /*
 
        /*
-        * (non-Javadoc)
-        * 
         * @see edu.internet2.middleware.shibboleth.idp.IdPResponder.ProtocolHandler#processRequest(javax.servlet.http.HttpServletRequest,
         *      javax.servlet.http.HttpServletResponse)
         */
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
         * @see edu.internet2.middleware.shibboleth.idp.IdPResponder.ProtocolHandler#processRequest(javax.servlet.http.HttpServletRequest,
         *      javax.servlet.http.HttpServletResponse)
         */
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
-                       SAMLRequest samlRequest, IdPProtocolSupport support) throws InvalidClientDataException, SAMLException,
-                       ServletException, IOException {
-
-               // TODO make sure the saml request is null for now
-
-               // Ensure that we have the required data from the servlet container
-               IdPProtocolSupport.validateEngineData(request);
-
-               // Get the authN info
-               String username = support.getIdPConfig().getAuthHeaderName().equalsIgnoreCase("REMOTE_USER") ? request
-                               .getRemoteUser() : request.getHeader(support.getIdPConfig().getAuthHeaderName());
+                       SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, ServletException, IOException {
 
 
-               // Select the appropriate Relying Party configuration for the request
-               RelyingParty relyingParty = null;
-               String remoteProviderId = request.getParameter("providerId");
+               //TODO attribute push?
 
 
-               // If the target did not send a Provider Id, then assume it is a Shib
-               // 1.1 or older target
-               if (remoteProviderId == null) {
-                       relyingParty = support.getServiceProviderMapper().getLegacyRelyingParty();
-               } else if (remoteProviderId.equals("")) {
-                       throw new InvalidClientDataException("Invalid service provider id.");
-               } else {
-                       log.debug("Remote provider has identified itself as: (" + remoteProviderId + ").");
-                       relyingParty = support.getServiceProviderMapper().getRelyingParty(remoteProviderId);
+               if (request != null) {
+                       log.error("Protocol Handler received a SAML Request, but is unable to handle it.");
+                       throw new SAMLException(SAMLException.RESPONDER, "General error processing request.");
                }
                }
+               try {
+                       // Ensure that we have the required data from the servlet container
+                       IdPProtocolSupport.validateEngineData(request);
+                       validateShibSpecificData(request);
+
+                       // Get the authN info
+                       String username = support.getIdPConfig().getAuthHeaderName().equalsIgnoreCase("REMOTE_USER") ? request
+                                       .getRemoteUser() : request.getHeader(support.getIdPConfig().getAuthHeaderName());
+                       if ((username == null) || (username.equals(""))) { throw new InvalidClientDataException(
+                                       "Unable to authenticate remote user"); }
+
+                       // Select the appropriate Relying Party configuration for the request
+                       RelyingParty relyingParty = null;
+                       String remoteProviderId = request.getParameter("providerId");
+                       // If the target did not send a Provider Id, then assume it is a Shib
+                       // 1.1 or older target
+                       if (remoteProviderId == null) {
+                               relyingParty = support.getServiceProviderMapper().getLegacyRelyingParty();
+                       } else if (remoteProviderId.equals("")) {
+                               throw new InvalidClientDataException("Invalid service provider id.");
+                       } else {
+                               log.debug("Remote provider has identified itself as: (" + remoteProviderId + ").");
+                               relyingParty = support.getServiceProviderMapper().getRelyingParty(remoteProviderId);
+                       }
 
 
-               // Grab the metadata for the provider
-               EntityDescriptor provider = support.lookup(relyingParty.getProviderId());
-
-               // Determine the acceptance URL
-               String acceptanceURL = request.getParameter("shire");
+                       // Grab the metadata for the provider
+                       EntityDescriptor provider = support.lookup(relyingParty.getProviderId());
 
 
-               // Make sure that the selected relying party configuration is appropriate for this
-               // acceptance URL
-               if (!relyingParty.isLegacyProvider()) {
+                       // Determine the acceptance URL
+                       String acceptanceURL = request.getParameter("shire");
 
 
-                       if (provider == null) {
-                               log.info("No metadata found for provider: (" + relyingParty.getProviderId() + ").");
-                               relyingParty = support.getServiceProviderMapper().getRelyingParty(null);
+                       // Make sure that the selected relying party configuration is appropriate for this
+                       // acceptance URL
+                       if (!relyingParty.isLegacyProvider()) {
 
 
-                       } else {
+                               if (provider == null) {
+                                       log.info("No metadata found for provider: (" + relyingParty.getProviderId() + ").");
+                                       relyingParty = support.getServiceProviderMapper().getRelyingParty(null);
 
 
-                               if (isValidAssertionConsumerURL(provider, acceptanceURL)) {
-                                       log.info("Supplied consumer URL validated for this provider.");
                                } else {
                                } else {
-                                       log.error("Assertion consumer service URL (" + acceptanceURL + ") is NOT valid for provider ("
-                                                       + relyingParty.getProviderId() + ").");
-                                       throw new InvalidClientDataException("Invalid assertion consumer service URL.");
+
+                                       if (isValidAssertionConsumerURL(provider, acceptanceURL)) {
+                                               log.info("Supplied consumer URL validated for this provider.");
+                                       } else {
+                                               log.error("Assertion consumer service URL (" + acceptanceURL + ") is NOT valid for provider ("
+                                                               + relyingParty.getProviderId() + ").");
+                                               throw new InvalidClientDataException("Invalid assertion consumer service URL.");
+                                       }
                                }
                        }
                                }
                        }
-               }
-
-               // Create SAML Name Identifier
-               SAMLNameIdentifier nameId;
-               try {
-                       nameId = support.getNameMapper().getNameIdentifierName(relyingParty.getHSNameFormatId(),
-                                       new AuthNPrincipal(username), relyingParty, relyingParty.getIdentityProvider());
-               } catch (NameIdentifierMappingException e) {
-                       log.error("Error converting principal to SAML Name Identifier: " + e);
-                       throw new SAMLException("Error converting principal to SAML Name Identifier.", e);
-               }
 
 
-               String authenticationMethod = request.getHeader("SAMLAuthenticationMethod");
-               if (authenticationMethod == null || authenticationMethod.equals("")) {
-                       authenticationMethod = relyingParty.getDefaultAuthMethod().toString();
-                       log.debug("User was authenticated via the default method for this relying party (" + authenticationMethod
-                                       + ").");
-               } else {
-                       log.debug("User was authenticated via the method (" + authenticationMethod + ").");
-               }
-
-               // TODO change name!!!
-               // TODO We might someday want to provide a mechanism for the authenticator to specify the auth time
-               SAMLAssertion[] assertions = foo(request, relyingParty, provider, nameId, authenticationMethod, new Date(System
-                               .currentTimeMillis()));
-
-               // TODO do assertion signing for artifact stuff
-
-               // SAML Artifact profile
-               if (useArtifactProfile(provider, acceptanceURL)) {
-                       log.debug("Responding with Artifact profile.");
+                       // Create SAML Name Identifier
+                       SAMLNameIdentifier nameId;
+                       try {
+                               nameId = support.getNameMapper().getNameIdentifierName(relyingParty.getHSNameFormatId(),
+                                               new AuthNPrincipal(username), relyingParty, relyingParty.getIdentityProvider());
+                       } catch (NameIdentifierMappingException e) {
+                               log.error("Error converting principal to SAML Name Identifier: " + e);
+                               throw new SAMLException("Error converting principal to SAML Name Identifier.", e);
+                       }
 
 
-                       // Create artifacts for each assertion
-                       ArrayList artifacts = new ArrayList();
-                       for (int i = 0; i < assertions.length; i++) {
-                               // TODO replace the artifact stuff here!!!
-                               // artifacts.add(artifactMapper.generateArtifact(assertions[i], relyingParty));
+                       String authenticationMethod = request.getHeader("SAMLAuthenticationMethod");
+                       if (authenticationMethod == null || authenticationMethod.equals("")) {
+                               authenticationMethod = relyingParty.getDefaultAuthMethod().toString();
+                               log.debug("User was authenticated via the default method for this relying party ("
+                                               + authenticationMethod + ").");
+                       } else {
+                               log.debug("User was authenticated via the method (" + authenticationMethod + ").");
                        }
 
                        }
 
-                       // Assemble the query string
-                       StringBuffer destination = new StringBuffer(acceptanceURL);
-                       destination.append("?TARGET=");
+                       // TODO Provide a mechanism for the authenticator to specify the auth time
+                       SAMLAssertion[] assertions = generateAssertion(request, relyingParty, provider, nameId,
+                                       authenticationMethod, new Date(System.currentTimeMillis()));
 
 
-                       destination.append(URLEncoder.encode(request.getParameter("target"), "UTF-8"));
+                       // TODO do assertion signing for artifact stuff
 
 
-                       Iterator iterator = artifacts.iterator();
-                       StringBuffer artifactBuffer = new StringBuffer(); // Buffer for the transaction log
-                       while (iterator.hasNext()) {
-                               destination.append("&SAMLart=");
-                               String artifact = (String) iterator.next();
+                       // SAML Artifact profile
+                       if (useArtifactProfile(provider, acceptanceURL)) {
+                               log.debug("Responding with Artifact profile.");
 
 
-                               destination.append(URLEncoder.encode(artifact, "UTF-8"));
-                               artifactBuffer.append("(" + artifact + ")");
+                               // Create artifacts for each assertion
+                               ArrayList artifacts = new ArrayList();
+                               for (int i = 0; i < assertions.length; i++) {
+                                       // TODO replace the artifact stuff here!!!
+                                       // artifacts.add(artifactMapper.generateArtifact(assertions[i], relyingParty));
+                               }
 
 
-                       }
-                       log.debug("Redirecting to (" + destination.toString() + ").");
-                       response.sendRedirect(destination.toString()); // Redirect to the artifact receiver
+                               // Assemble the query string
+                               StringBuffer destination = new StringBuffer(acceptanceURL);
+                               destination.append("?TARGET=");
 
 
-                       support.getTransactionLog().info(
-                                       "Assertion artifact(s) (" + artifactBuffer.toString() + ") issued to provider ("
-                                                       + relyingParty.getIdentityProvider().getProviderId() + ") on behalf of principal ("
-                                                       + username + "). Name Identifier: (" + nameId.getName() + "). Name Identifier Format: ("
-                                                       + nameId.getFormat() + ").");
+                               destination.append(URLEncoder.encode(request.getParameter("target"), "UTF-8"));
 
 
-                       // SAML POST profile
-               } else {
-                       log.debug("Responding with POST profile.");
-                       request.setAttribute("acceptanceURL", acceptanceURL);
-                       request.setAttribute("target", request.getParameter("target"));
+                               Iterator iterator = artifacts.iterator();
+                               StringBuffer artifactBuffer = new StringBuffer(); // Buffer for the transaction log
+                               while (iterator.hasNext()) {
+                                       destination.append("&SAMLart=");
+                                       String artifact = (String) iterator.next();
 
 
-                       SAMLResponse samlResponse = new SAMLResponse(null, acceptanceURL, Arrays.asList(assertions), null);
-                       IdPProtocolSupport.addSignatures(samlResponse, relyingParty, provider, true);
-                       createPOSTForm(request, response, samlResponse.toBase64());
+                                       destination.append(URLEncoder.encode(artifact, "UTF-8"));
+                                       artifactBuffer.append("(" + artifact + ")");
+
+                               }
+                               log.debug("Redirecting to (" + destination.toString() + ").");
+                               response.sendRedirect(destination.toString()); // Redirect to the artifact receiver
 
 
-                       // Make transaction log entry
-                       if (relyingParty.isLegacyProvider()) {
-                               support.getTransactionLog().info(
-                                               "Authentication assertion issued to legacy provider (SHIRE: " + request.getParameter("shire")
-                                                               + ") on behalf of principal (" + username + ") for resource ("
-                                                               + request.getParameter("target") + "). Name Identifier: (" + nameId.getName()
-                                                               + "). Name Identifier Format: (" + nameId.getFormat() + ").");
-                       } else {
                                support.getTransactionLog().info(
                                support.getTransactionLog().info(
-                                               "Authentication assertion issued to provider ("
+                                               "Assertion artifact(s) (" + artifactBuffer.toString() + ") issued to provider ("
                                                                + relyingParty.getIdentityProvider().getProviderId() + ") on behalf of principal ("
                                                                + username + "). Name Identifier: (" + nameId.getName()
                                                                + "). Name Identifier Format: (" + nameId.getFormat() + ").");
                                                                + relyingParty.getIdentityProvider().getProviderId() + ") on behalf of principal ("
                                                                + username + "). Name Identifier: (" + nameId.getName()
                                                                + "). Name Identifier Format: (" + nameId.getFormat() + ").");
+
+                               // SAML POST profile
+                       } else {
+                               log.debug("Responding with POST profile.");
+                               request.setAttribute("acceptanceURL", acceptanceURL);
+                               request.setAttribute("target", request.getParameter("target"));
+
+                               SAMLResponse samlResponse = new SAMLResponse(null, acceptanceURL, Arrays.asList(assertions), null);
+                               IdPProtocolSupport.addSignatures(samlResponse, relyingParty, provider, true);
+                               createPOSTForm(request, response, samlResponse.toBase64());
+
+                               // Make transaction log entry
+                               if (relyingParty.isLegacyProvider()) {
+                                       support.getTransactionLog().info(
+                                                       "Authentication assertion issued to legacy provider (SHIRE: "
+                                                                       + request.getParameter("shire") + ") on behalf of principal (" + username
+                                                                       + ") for resource (" + request.getParameter("target") + "). Name Identifier: ("
+                                                                       + nameId.getName() + "). Name Identifier Format: (" + nameId.getFormat() + ").");
+                               } else {
+                                       support.getTransactionLog().info(
+                                                       "Authentication assertion issued to provider ("
+                                                                       + relyingParty.getIdentityProvider().getProviderId() + ") on behalf of principal ("
+                                                                       + username + "). Name Identifier: (" + nameId.getName()
+                                                                       + "). Name Identifier Format: (" + nameId.getFormat() + ").");
+                               }
                        }
                        }
+               } catch (InvalidClientDataException e) {
+                       throw new SAMLException(SAMLException.RESPONDER, e.getMessage());
                }
                return null;
        }
 
                }
                return null;
        }
 
-       SAMLAssertion[] foo(HttpServletRequest request, RelyingParty relyingParty, EntityDescriptor provider,
-                       SAMLNameIdentifier nameId, String authenticationMethod, Date authTime) throws SAMLException, IOException {
+       private SAMLAssertion[] generateAssertion(HttpServletRequest request, RelyingParty relyingParty,
+                       EntityDescriptor provider, SAMLNameIdentifier nameId, String authenticationMethod, Date authTime)
+                       throws SAMLException, IOException {
 
                Document doc = org.opensaml.XML.parserPool.newDocument();
 
 
                Document doc = org.opensaml.XML.parserPool.newDocument();
 
@@ -295,6 +302,14 @@ public class ShibbolethV1SSOHandler implements IdPProtocolHandler {
                return "Shibboleth v1.x SSO";
        }
 
                return "Shibboleth v1.x SSO";
        }
 
+       private void validateShibSpecificData(HttpServletRequest request) throws InvalidClientDataException {
+
+               if (request.getParameter("target") == null || request.getParameter("target").equals("")) { throw new InvalidClientDataException(
+                               "Invalid data from Service Provider: no target URL received."); }
+               if ((request.getParameter("shire") == null) || (request.getParameter("shire").equals(""))) { throw new InvalidClientDataException(
+                               "Invalid data from Service Provider: No acceptance URL received."); }
+       }
+
        private static void createPOSTForm(HttpServletRequest req, HttpServletResponse res, byte[] buf) throws IOException,
                        ServletException {
 
        private static void createPOSTForm(HttpServletRequest req, HttpServletResponse res, byte[] buf) throws IOException,
                        ServletException {
 
@@ -352,4 +367,4 @@ public class ShibbolethV1SSOHandler implements IdPProtocolHandler {
                log.info("Supplied consumer URL not found in metadata.");
                return false;
        }
                log.info("Supplied consumer URL not found in metadata.");
                return false;
        }
-}
+}
\ No newline at end of file