encode the failure response for saml 2 authnreq
authordmorr <dmorr@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 May 2007 16:23:22 +0000 (16:23 +0000)
committerdmorr <dmorr@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 May 2007 16:23:22 +0000 (16:23 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2216 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractAuthenticationRequest.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AuthenticationRequestBrowserPost.java

index 6dcf149..fc4a5f9 100644 (file)
@@ -533,8 +533,6 @@ public abstract class AbstractAuthenticationRequest extends AbstractSAML2Profile
         // Check if we are in scope to handle this AuthnRequest
         checkScope(authnRequest, issuer);
         
         // Check if we are in scope to handle this AuthnRequest
         checkScope(authnRequest, issuer);
         
-        // XXX: run signature checks on authnRequest
-        
         // verify that the AssertionConsumerService url is valid.
         AssertionConsumerService acsEndpoint = getAndVerifyACSEndpoint(
                 authnRequest, relyingParty.getRelyingPartyId(),
         // verify that the AssertionConsumerService url is valid.
         AssertionConsumerService acsEndpoint = getAndVerifyACSEndpoint(
                 authnRequest, relyingParty.getRelyingPartyId(),
index 4fb1267..29eb74f 100644 (file)
@@ -29,6 +29,7 @@ import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfi
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.SSOConfiguration;
 
 import org.apache.log4j.Logger;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.SSOConfiguration;
 
 import org.apache.log4j.Logger;
+import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BindingException;
 import org.opensaml.common.binding.decoding.MessageDecoder;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BindingException;
 import org.opensaml.common.binding.decoding.MessageDecoder;
@@ -143,9 +144,12 @@ public class AuthenticationRequestBrowserPost extends AbstractAuthenticationRequ
                 log.error("SAML 2 Authentication Request: Unable to decode SAML 2 Authentication Request", ex);
                 throw new ProfileException(
                         "SAML 2 Authentication Request: Unable to decode SAML 2 Authentication Request", ex);
                 log.error("SAML 2 Authentication Request: Unable to decode SAML 2 Authentication Request", ex);
                 throw new ProfileException(
                         "SAML 2 Authentication Request: Unable to decode SAML 2 Authentication Request", ex);
-            } catch (AuthenticationRequestException ex) { 
-                // XXX: todo: generate and send the error, with a REQUEST_URI
-                // failure.
+            } catch (AuthenticationRequestException ex) {
+                
+                // AuthN failed. Send the failure status.
+                retrieveRequestData(httpSession, authnRequest, issuer, relyingParty, ssoConfig, spDescriptor);
+                Response failureResponse = buildResponse(authnRequest.getID(), new DateTime(), issuer, ex.getStatus());
+                encodeResponse(BINDING_URI, response, failureResponse, relyingParty, ssoConfig, spDescriptor);
             } 
         }
         
             } 
         }