*
* @return list of formats that may be used with the relying party
*
- * @throws ProfileException thrown if there is a problem determing the NameIdentifier format to use
+ * @throws ProfileException thrown if there is a problem determining the NameIdentifier format to use
*/
protected List<String> getNameFormats(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext)
throws ProfileException {
ArrayList<String> nameFormats = new ArrayList<String>();
- RoleDescriptor assertingPartyRole = requestContext.getLocalEntityRoleMetadata();
- List<String> assertingPartySupportedFormats = getEntitySupportedFormats(assertingPartyRole);
-
- if (nameFormats.isEmpty()) {
- RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
+ RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
+ if(relyingPartyRole != null){
List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
-
- assertingPartySupportedFormats.retainAll(relyingPartySupportedFormats);
- nameFormats.addAll(assertingPartySupportedFormats);
+ if(relyingPartySupportedFormats != null && !relyingPartySupportedFormats.isEmpty()){
+ nameFormats.addAll(relyingPartySupportedFormats);
+
+ RoleDescriptor assertingPartyRole = requestContext.getLocalEntityRoleMetadata();
+ if(assertingPartyRole != null){
+ List<String> assertingPartySupportedFormats = getEntitySupportedFormats(assertingPartyRole);
+ if(assertingPartySupportedFormats != null && !assertingPartySupportedFormats.isEmpty()){
+ nameFormats.retainAll(assertingPartySupportedFormats);
+ }
+ }
+ }
}
+
if (nameFormats.isEmpty()) {
nameFormats.add("urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified");
}
throws ProfileException {
ArrayList<String> nameFormats = new ArrayList<String>();
- List<String> assertingPartySupportedFormats = getEntitySupportedFormats(requestContext
- .getLocalEntityRoleMetadata());
+ // Determine name formats supported by both SP and IdP
+ RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
+ if(relyingPartyRole != null){
+ List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
+ if(relyingPartySupportedFormats != null && !relyingPartySupportedFormats.isEmpty()){
+ nameFormats.addAll(relyingPartySupportedFormats);
+
+ RoleDescriptor assertingPartyRole = requestContext.getLocalEntityRoleMetadata();
+ if(assertingPartyRole != null){
+ List<String> assertingPartySupportedFormats = getEntitySupportedFormats(assertingPartyRole);
+ if(assertingPartySupportedFormats != null && !assertingPartySupportedFormats.isEmpty()){
+ nameFormats.retainAll(assertingPartySupportedFormats);
+ }
+ }
+ }
+ }
+ if (nameFormats.isEmpty()) {
+ nameFormats.add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+ }
+
+ // If authn request and name ID policy format specified, make sure it's in the list of supported formats
String nameFormat = null;
if (requestContext.getInboundSAMLMessage() instanceof AuthnRequest) {
AuthnRequest authnRequest = (AuthnRequest) requestContext.getInboundSAMLMessage();
- if (authnRequest.getNameIDPolicy() != null && !DatatypeHelper.isEmpty(nameFormat)) {
- nameFormat = authnRequest.getNameIDPolicy().getFormat();
- if (assertingPartySupportedFormats.contains(nameFormat)) {
+ if (authnRequest.getNameIDPolicy() != null) {
+ nameFormat = DatatypeHelper.safeTrimOrNullString(authnRequest.getNameIDPolicy().getFormat());
+ if(nameFormat != null && nameFormats.contains(nameFormat)){
+ nameFormats.clear();
nameFormats.add(nameFormat);
} else {
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI,
}
}
}
-
- if (nameFormats.isEmpty()) {
- List<String> relyingPartySupportedFormats = getEntitySupportedFormats(requestContext
- .getPeerEntityRoleMetadata());
-
- assertingPartySupportedFormats.retainAll(relyingPartySupportedFormats);
- nameFormats.addAll(assertingPartySupportedFormats);
- }
- if (nameFormats.isEmpty()) {
- nameFormats.add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
- }
-
+
return nameFormats;
}