Commit 379677a1 authored by michael.simon's avatar michael.simon
Browse files

Add support for SAML Unknown Principal code. #38

parent 38da028c
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.exc;
import java.io.Serializable;
public class SamlUnknownPrincipalException extends SamlAuthenticationException implements Serializable {
private static final long serialVersionUID = 1L;
public SamlUnknownPrincipalException(String msg) {
super(msg);
}
public SamlUnknownPrincipalException(String msg, Throwable t) {
super(msg, t);
}
}
......@@ -51,6 +51,7 @@ import edu.kit.scc.webreg.exc.EventSubmitException;
import edu.kit.scc.webreg.exc.MetadataException;
import edu.kit.scc.webreg.exc.NoAssertionException;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
import edu.kit.scc.webreg.exc.SamlUnknownPrincipalException;
import edu.kit.scc.webreg.exc.UserUpdateException;
import edu.kit.scc.webreg.service.SerialService;
import edu.kit.scc.webreg.service.ServiceService;
......@@ -289,8 +290,8 @@ public class UserUpdater implements Serializable {
} catch (SecurityException e) {
updateFail(user, e);
throw new UserUpdateException(e);
}
}
try {
/*
* Don't check Assertion Signature, because we are contacting the IDP directly
......@@ -309,6 +310,12 @@ public class UserUpdater implements Serializable {
else
logger.warn("No assertion delivered for user {} from idp {}", user.getEppn());
assertion = null;
} catch (SamlUnknownPrincipalException e) {
if (user.getIdp() != null)
logger.warn("Unknown principal status for user {} from idp {}", user.getEppn(), user.getIdp().getEntityId());
else
logger.warn("Unknown principal status for user {}", user.getEppn());
assertion = null;
}
return updateUser(user, assertion, "attribute-query", service);
......
......@@ -44,6 +44,7 @@ import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
import edu.kit.scc.webreg.exc.SamlUnknownPrincipalException;
@ApplicationScoped
public class Saml2ResponseValidationService {
......@@ -92,7 +93,13 @@ public class Saml2ResponseValidationService {
throw new SamlAuthenticationException("SAML Response does not contain a status code");
Status status = samlResponse.getStatus();
if (! status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
if (status.getStatusCode().getStatusCode() != null &&
StatusCode.UNKNOWN_PRINCIPAL_URI.equals(status.getStatusCode().getStatusCode().getValue())) {
String s = samlHelper.prettyPrint(status);
logger.info("SAML Response Status: {}", s);
throw new SamlUnknownPrincipalException("SAML Response: Unknown Principal " + status.getStatusCode().getValue());
}
else if (! status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
String s = samlHelper.prettyPrint(status);
logger.info("SAML Response Status: {}", s);
throw new SamlAuthenticationException("SAML Response: Login was not successful " + status.getStatusCode().getValue());
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment