Rework name ID format handling to fix bug SC-23
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 5 Nov 2007 17:43:53 +0000 (17:43 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 5 Nov 2007 17:43:53 +0000 (17:43 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2445 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java

index ba02eae..2bcc556 100644 (file)
@@ -351,22 +351,28 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
      * 
      * @return list of formats that may be used with the relying party
      * 
      * 
      * @return list of formats that may be used with the relying party
      * 
-     * @throws ProfileException thrown if there is a problem determing the NameIdentifier format to use
+     * @throws ProfileException thrown if there is a problem determining the NameIdentifier format to use
      */
     protected List<String> getNameFormats(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext)
             throws ProfileException {
         ArrayList<String> nameFormats = new ArrayList<String>();
 
      */
     protected List<String> getNameFormats(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext)
             throws ProfileException {
         ArrayList<String> nameFormats = new ArrayList<String>();
 
-        RoleDescriptor assertingPartyRole = requestContext.getLocalEntityRoleMetadata();
-        List<String> assertingPartySupportedFormats = getEntitySupportedFormats(assertingPartyRole);
-
-        if (nameFormats.isEmpty()) {
-            RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
+        RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
+        if(relyingPartyRole != null){
             List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
             List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
-
-            assertingPartySupportedFormats.retainAll(relyingPartySupportedFormats);
-            nameFormats.addAll(assertingPartySupportedFormats);
+            if(relyingPartySupportedFormats != null && !relyingPartySupportedFormats.isEmpty()){
+                nameFormats.addAll(relyingPartySupportedFormats);
+                
+                RoleDescriptor assertingPartyRole = requestContext.getLocalEntityRoleMetadata();
+                if(assertingPartyRole != null){
+                    List<String> assertingPartySupportedFormats = getEntitySupportedFormats(assertingPartyRole);
+                    if(assertingPartySupportedFormats != null && !assertingPartySupportedFormats.isEmpty()){
+                        nameFormats.retainAll(assertingPartySupportedFormats);
+                    }
+                }
+            }                     
         }
         }
+
         if (nameFormats.isEmpty()) {
             nameFormats.add("urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified");
         }
         if (nameFormats.isEmpty()) {
             nameFormats.add("urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified");
         }
index c5f8ba3..4832935 100644 (file)
@@ -618,15 +618,35 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
             throws ProfileException {
         ArrayList<String> nameFormats = new ArrayList<String>();
 
             throws ProfileException {
         ArrayList<String> nameFormats = new ArrayList<String>();
 
-        List<String> assertingPartySupportedFormats = getEntitySupportedFormats(requestContext
-                .getLocalEntityRoleMetadata());
+        // Determine name formats supported by both SP and IdP
+        RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
+        if(relyingPartyRole != null){
+            List<String> relyingPartySupportedFormats = getEntitySupportedFormats(relyingPartyRole);
+            if(relyingPartySupportedFormats != null && !relyingPartySupportedFormats.isEmpty()){
+                nameFormats.addAll(relyingPartySupportedFormats);
+                
+                RoleDescriptor assertingPartyRole = requestContext.getLocalEntityRoleMetadata();
+                if(assertingPartyRole != null){
+                    List<String> assertingPartySupportedFormats = getEntitySupportedFormats(assertingPartyRole);
+                    if(assertingPartySupportedFormats != null && !assertingPartySupportedFormats.isEmpty()){
+                        nameFormats.retainAll(assertingPartySupportedFormats);
+                    }
+                }
+            }                     
+        }
 
 
+        if (nameFormats.isEmpty()) {
+            nameFormats.add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+        }
+        
+        // If authn request and name ID policy format specified, make sure it's in the list of supported formats
         String nameFormat = null;
         if (requestContext.getInboundSAMLMessage() instanceof AuthnRequest) {
             AuthnRequest authnRequest = (AuthnRequest) requestContext.getInboundSAMLMessage();
         String nameFormat = null;
         if (requestContext.getInboundSAMLMessage() instanceof AuthnRequest) {
             AuthnRequest authnRequest = (AuthnRequest) requestContext.getInboundSAMLMessage();
-            if (authnRequest.getNameIDPolicy() != null && !DatatypeHelper.isEmpty(nameFormat)) {
-                nameFormat = authnRequest.getNameIDPolicy().getFormat();
-                if (assertingPartySupportedFormats.contains(nameFormat)) {
+            if (authnRequest.getNameIDPolicy() != null) {
+                nameFormat = DatatypeHelper.safeTrimOrNullString(authnRequest.getNameIDPolicy().getFormat());
+                if(nameFormat != null && nameFormats.contains(nameFormat)){
+                    nameFormats.clear();
                     nameFormats.add(nameFormat);
                 } else {
                     requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI,
                     nameFormats.add(nameFormat);
                 } else {
                     requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI,
@@ -635,18 +655,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                 }
             }
         }
                 }
             }
         }
-
-        if (nameFormats.isEmpty()) {
-            List<String> relyingPartySupportedFormats = getEntitySupportedFormats(requestContext
-                    .getPeerEntityRoleMetadata());
-
-            assertingPartySupportedFormats.retainAll(relyingPartySupportedFormats);
-            nameFormats.addAll(assertingPartySupportedFormats);
-        }
-        if (nameFormats.isEmpty()) {
-            nameFormats.add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
-        }
-
+        
         return nameFormats;
     }
 
         return nameFormats;
     }