saml1 support

Support SAML1 by using generic LoginContext Add support for user initiated failure during authentication. Change dependency to released Shibboleth version
Internet2 · Apr 11, 2014 · 3cfea92 · 3cfea92
1 parent f0182a0
commit 3cfea92
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 19 deletions.
diff --git a/mcb-project/pom.xml b/mcb-project/pom.xml
@@ -4,15 +4,18 @@
 
     <groupId>edu.internet2.middleware.assurance.mcb</groupId>
     <artifactId>multi-context-broker</artifactId>
-    <version>1.1.2</version>
+    <version>1.1.3</version>
     <packaging>jar</packaging>
 
     <name>multi-context-broker</name>
-    <url>http://maven.apache.org</url>
+    <url>https://github.com/Internet2/Shibboleth-Multi-Context-Broker</url>
 
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<maven.compiler.source>1.6</maven.compiler.source>
+		<maven.compiler.target>1.6</maven.compiler.target>
+	</properties>
 
 
     <repositories>
@@ -41,22 +44,22 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
+<!--         <dependency>
             <groupId>edu.internet2.middleware</groupId>
             <artifactId>shibboleth-common</artifactId>
-            <version>1.4.1-SNAPSHOT</version>
+            <version>1.4.0</version>
         </dependency>
 
         <dependency>
             <groupId>org.opensaml</groupId>
             <artifactId>opensaml</artifactId>
-            <version>2.6.1-SNAPSHOT</version>
+            <version>2.6.0</version>
         </dependency>
-
+ -->
         <dependency>
             <groupId>edu.internet2.middleware</groupId>
             <artifactId>shibboleth-identityprovider</artifactId>
-            <version>2.4.1-SNAPSHOT</version>
+            <version>2.4.0</version>
         </dependency>
 
         <dependency>

diff --git a/.../src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginHandler.java b/.../src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginHandler.java
@@ -35,6 +35,7 @@
 import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
+import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
 import edu.internet2.middleware.shibboleth.idp.authn.PassiveAuthenticationException;
 import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
@@ -53,7 +54,7 @@ public class MCBLoginHandler extends AbstractLoginHandler {
 
     /** Class logger. */
     private final Logger log = LoggerFactory.getLogger(MCBLoginHandler.class);
-    private final String version = "MCB Login Handler -- Version 1.0.0 (2014-01-05)";
+    private final String version = "MCB Login Handler -- Version 1.0.1 (2014-04-11)";
 
     /** The URL of the servlet used to perform authentication. */
     private String authenticationServletURL;
@@ -90,12 +91,12 @@ public void login(final HttpServletRequest httpRequest, final HttpServletRespons
 		log.debug("MCBConfiguration bean = [{}]", mcbConfiguration);
 
     	ServletContext application = null;
-    	Saml2LoginContext loginContext = null;
+    	LoginContext loginContext = null;
     	EntityDescriptor entityDescriptor = null;
     	String entityID = "(unknown)";
 
    		application = httpRequest.getSession().getServletContext();
-		loginContext = (Saml2LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
+		loginContext = (LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
 				application, httpRequest);
 
 		entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(),

diff --git a/.../src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginServlet.java b/.../src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginServlet.java
@@ -42,11 +42,12 @@
 
 import edu.internet2.middleware.assurance.mcb.authn.provider.ui.IDPUIHandler;
 import edu.internet2.middleware.assurance.mcb.config.Method;
+import edu.internet2.middleware.assurance.mcb.exception.UserInitiatedLoginFailureException;
 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
 import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
 import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException;
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
-import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
+import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
 import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
 
 /**
@@ -57,7 +58,7 @@
  */
 public class MCBLoginServlet extends HttpServlet {
 
-	public static final String VERSION = "1.1.1";
+	public static final String VERSION = "1.1.2 (2014-04-11)";
 	/**
 	 * Serial UID 
 	 */
@@ -103,7 +104,7 @@ public void init(ServletConfig config) throws ServletException {
     protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException,
             IOException {
     	ServletContext application = null;
-    	Saml2LoginContext loginContext = null;
+    	LoginContext loginContext = null;
     	EntityDescriptor entityDescriptor = null;
     	String entityID = null;
     	String selectedMethodName = null;
@@ -121,7 +122,7 @@ protected void service(HttpServletRequest request, HttpServletResponse response)
     	log.debug("principal = [{}]", principal);
 
 		application = this.getServletContext();
-		loginContext = (Saml2LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
+		loginContext = (LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
 				application, request);
 		entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(),
 				HttpServletHelper.getRelyingPartyConfigurationManager(application));
@@ -332,6 +333,15 @@ protected boolean performAuthentication(HttpServletRequest request, HttpServletR
 			request.getSession().removeAttribute(MCBLoginServlet.UPGRADE_AUTH);
 			log.debug("submodule display login returned [{}]", b);
 			return true;
+		} catch (UserInitiatedLoginFailureException uilfe) {
+			// this is meant to capture an expected failure that ends the login cycle
+			// it does not log at error level or generate a stack trace
+			log.debug("User initiated login failure caught. {}",uilfe.getMessage());
+			AuthenticationException ae = new AuthenticationException("User initiated login failure during authentication.");
+        	request.setAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY, ae);
+        	// send them back with a SAML error
+            AuthenticationEngine.returnToAuthenticationEngine(request, response);
+            return true;
 		} catch (Exception e) {
 			log.error("Exception calling submodule.", e);
 			AuthenticationException ae = new AuthenticationException("Exception during authentication.");
@@ -638,12 +648,12 @@ protected void showMethods(HttpServletRequest request, HttpServletResponse respo
      */
     private List<String> getRequestedContexts(HttpServletRequest request) {
     	ServletContext application = null;
-    	Saml2LoginContext loginContext = null;
+    	LoginContext loginContext = null;
     	EntityDescriptor entityDescriptor = null;
     	String entityID = null;
 
 		application = this.getServletContext();
-		loginContext = (Saml2LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
+		loginContext = (LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
 				application, request);
 		entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(),
 				HttpServletHelper.getRelyingPartyConfigurationManager(application));

diff --git a/.../edu/internet2/middleware/assurance/mcb/exception/UserInitiatedLoginFailureException.java b/.../edu/internet2/middleware/assurance/mcb/exception/UserInitiatedLoginFailureException.java
@@ -0,0 +1,12 @@
+package edu.internet2.middleware.assurance.mcb.exception;
+
+import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException;
+
+public class UserInitiatedLoginFailureException extends AuthenticationException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -6813687033968748471L;
+
+}