Generate endpoint if there is no metadata for the relying party
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 25 Feb 2008 13:11:27 +0000 (13:11 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 25 Feb 2008 13:11:27 +0000 (13:11 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2642 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java

index db31103..d74b0ad 100644 (file)
@@ -72,6 +72,9 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
     /** Builder of SubjectLocality objects. */
     private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
 
+    /** Builder of Endpoint objects. */
+    private SAMLObjectBuilder<Endpoint> endpointBuilder;
+
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
 
@@ -94,6 +97,8 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
         subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) getBuilderFactory().getBuilder(
                 SubjectLocality.DEFAULT_ELEMENT_NAME);
+
+        endpointBuilder = (SAMLObjectBuilder<Endpoint>) getBuilderFactory().getBuilder(Endpoint.DEFAULT_ELEMENT_NAME);
     }
 
     /** {@inheritDoc} */
@@ -326,8 +331,7 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
     }
 
     /** {@inheritDoc} */
-    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) 
-        throws ProfileException {
+    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
         // nothing to do here
     }
 
@@ -350,7 +354,16 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         endpointSelector.setSamlRequest(requestContext.getInboundSAMLMessage());
         endpointSelector.getSupportedIssuerBindings().addAll(getSupportedOutboundBindings());
 
-        return endpointSelector.selectEndpoint();
+        Endpoint endpoint = endpointSelector.selectEndpoint();
+        if (endpoint == null && loginContext.getSpAssertionConsumerService() != null) {
+            endpoint = endpointBuilder.buildObject();
+            endpoint.setLocation(loginContext.getSpAssertionConsumerService());
+            endpoint.setBinding(getInboundBinding());
+            log.warn("No endpoint available for relying party {}. Generating endpoint with ACS url {} and binding {}",
+                    new Object[] { requestContext.getPeerEntityId(), endpoint.getLocation(), endpoint.getBinding() });
+        }
+
+        return endpoint;
     }
 
     /**
index c38b3a8..52e0cc8 100644 (file)
@@ -88,6 +88,9 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
     /** Builder of SubjectLocality objects. */
     private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
 
+    /** Builder of Endpoint objects. */
+    private SAMLObjectBuilder<Endpoint> endpointBuilder;
+
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
 
@@ -112,6 +115,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
                 AuthnContextDeclRef.DEFAULT_ELEMENT_NAME);
         subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) getBuilderFactory().getBuilder(
                 SubjectLocality.DEFAULT_ELEMENT_NAME);
+        endpointBuilder = (SAMLObjectBuilder<Endpoint>) getBuilderFactory().getBuilder(Endpoint.DEFAULT_ELEMENT_NAME);
     }
 
     /** {@inheritDoc} */
@@ -500,6 +504,8 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
      * @return Endpoint selected from the information provided in the request context
      */
     protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) {
+        AuthnRequest authnRequest = ((SSORequestContext) requestContext).getInboundSAMLMessage();
+
         AuthnResponseEndpointSelector endpointSelector = new AuthnResponseEndpointSelector();
         endpointSelector.setEndpointType(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
         endpointSelector.setMetadataProvider(getMetadataProvider());
@@ -507,7 +513,22 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         endpointSelector.setEntityRoleMetadata(requestContext.getPeerEntityRoleMetadata());
         endpointSelector.setSamlRequest(requestContext.getInboundSAMLMessage());
         endpointSelector.getSupportedIssuerBindings().addAll(getSupportedOutboundBindings());
-        return endpointSelector.selectEndpoint();
+
+        Endpoint endpoint = endpointSelector.selectEndpoint();
+        if (endpoint == null && authnRequest.getAssertionConsumerServiceURL() != null) {
+            endpoint = endpointBuilder.buildObject();
+            endpoint.setLocation(authnRequest.getAssertionConsumerServiceURL());
+            if (authnRequest.getProtocolBinding() != null) {
+                endpoint.setBinding(authnRequest.getProtocolBinding());
+            } else {
+                endpoint.setBinding(getInboundBinding());
+            }
+            endpoint.setBinding(getInboundBinding());
+            log.warn("No endpoint available for relying party {}. Generating endpoint with ACS url {} and binding {}",
+                    new Object[] { requestContext.getPeerEntityId(), endpoint.getLocation(), endpoint.getBinding() });
+        }
+
+        return endpoint;
     }
 
     /** Represents the internal state of a SAML 2.0 SSO Request while it's being processed by the IdP. */