From 3cfea928bb274eec5069dbb5108b3c30693fbfc5 Mon Sep 17 00:00:00 2001 From: Paul Hethmon Date: Fri, 11 Apr 2014 08:47:07 -0400 Subject: [PATCH] saml1 support Support SAML1 by using generic LoginContext Add support for user initiated failure during authentication. Change dependency to released Shibboleth version --- mcb-project/pom.xml | 23 +++++++++++-------- .../mcb/authn/provider/MCBLoginHandler.java | 7 +++--- .../mcb/authn/provider/MCBLoginServlet.java | 22 +++++++++++++----- .../UserInitiatedLoginFailureException.java | 12 ++++++++++ 4 files changed, 45 insertions(+), 19 deletions(-) create mode 100644 mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/exception/UserInitiatedLoginFailureException.java diff --git a/mcb-project/pom.xml b/mcb-project/pom.xml index cfe96bd..eaf589a 100644 --- a/mcb-project/pom.xml +++ b/mcb-project/pom.xml @@ -4,15 +4,18 @@ edu.internet2.middleware.assurance.mcb multi-context-broker - 1.1.2 + 1.1.3 jar multi-context-broker - http://maven.apache.org + https://github.com/Internet2/Shibboleth-Multi-Context-Broker - - UTF-8 - + + UTF-8 + UTF-8 + 1.6 + 1.6 + @@ -41,22 +44,22 @@ test - + edu.internet2.middleware shibboleth-identityprovider - 2.4.1-SNAPSHOT + 2.4.0 diff --git a/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginHandler.java b/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginHandler.java index 728352a..890b256 100644 --- a/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginHandler.java +++ b/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginHandler.java @@ -35,6 +35,7 @@ import org.slf4j.LoggerFactory; import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine; +import edu.internet2.middleware.shibboleth.idp.authn.LoginContext; import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler; import edu.internet2.middleware.shibboleth.idp.authn.PassiveAuthenticationException; import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext; @@ -53,7 +54,7 @@ public class MCBLoginHandler extends AbstractLoginHandler { /** Class logger. */ private final Logger log = LoggerFactory.getLogger(MCBLoginHandler.class); - private final String version = "MCB Login Handler -- Version 1.0.0 (2014-01-05)"; + private final String version = "MCB Login Handler -- Version 1.0.1 (2014-04-11)"; /** The URL of the servlet used to perform authentication. */ private String authenticationServletURL; @@ -90,12 +91,12 @@ public void login(final HttpServletRequest httpRequest, final HttpServletRespons log.debug("MCBConfiguration bean = [{}]", mcbConfiguration); ServletContext application = null; - Saml2LoginContext loginContext = null; + LoginContext loginContext = null; EntityDescriptor entityDescriptor = null; String entityID = "(unknown)"; application = httpRequest.getSession().getServletContext(); - loginContext = (Saml2LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), + loginContext = (LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), application, httpRequest); entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(), diff --git a/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginServlet.java b/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginServlet.java index 00faa74..0402be3 100644 --- a/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginServlet.java +++ b/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/authn/provider/MCBLoginServlet.java @@ -42,11 +42,12 @@ import edu.internet2.middleware.assurance.mcb.authn.provider.ui.IDPUIHandler; import edu.internet2.middleware.assurance.mcb.config.Method; +import edu.internet2.middleware.assurance.mcb.exception.UserInitiatedLoginFailureException; import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute; import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine; import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException; import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler; -import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext; +import edu.internet2.middleware.shibboleth.idp.authn.LoginContext; import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper; /** @@ -57,7 +58,7 @@ */ public class MCBLoginServlet extends HttpServlet { - public static final String VERSION = "1.1.1"; + public static final String VERSION = "1.1.2 (2014-04-11)"; /** * Serial UID */ @@ -103,7 +104,7 @@ public void init(ServletConfig config) throws ServletException { protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ServletContext application = null; - Saml2LoginContext loginContext = null; + LoginContext loginContext = null; EntityDescriptor entityDescriptor = null; String entityID = null; String selectedMethodName = null; @@ -121,7 +122,7 @@ protected void service(HttpServletRequest request, HttpServletResponse response) log.debug("principal = [{}]", principal); application = this.getServletContext(); - loginContext = (Saml2LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), + loginContext = (LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), application, request); entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(), HttpServletHelper.getRelyingPartyConfigurationManager(application)); @@ -332,6 +333,15 @@ protected boolean performAuthentication(HttpServletRequest request, HttpServletR request.getSession().removeAttribute(MCBLoginServlet.UPGRADE_AUTH); log.debug("submodule display login returned [{}]", b); return true; + } catch (UserInitiatedLoginFailureException uilfe) { + // this is meant to capture an expected failure that ends the login cycle + // it does not log at error level or generate a stack trace + log.debug("User initiated login failure caught. {}",uilfe.getMessage()); + AuthenticationException ae = new AuthenticationException("User initiated login failure during authentication."); + request.setAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY, ae); + // send them back with a SAML error + AuthenticationEngine.returnToAuthenticationEngine(request, response); + return true; } catch (Exception e) { log.error("Exception calling submodule.", e); AuthenticationException ae = new AuthenticationException("Exception during authentication."); @@ -638,12 +648,12 @@ protected void showMethods(HttpServletRequest request, HttpServletResponse respo */ private List getRequestedContexts(HttpServletRequest request) { ServletContext application = null; - Saml2LoginContext loginContext = null; + LoginContext loginContext = null; EntityDescriptor entityDescriptor = null; String entityID = null; application = this.getServletContext(); - loginContext = (Saml2LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), + loginContext = (LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), application, request); entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(), HttpServletHelper.getRelyingPartyConfigurationManager(application)); diff --git a/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/exception/UserInitiatedLoginFailureException.java b/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/exception/UserInitiatedLoginFailureException.java new file mode 100644 index 0000000..bc2a2cc --- /dev/null +++ b/mcb-project/src/main/java/edu/internet2/middleware/assurance/mcb/exception/UserInitiatedLoginFailureException.java @@ -0,0 +1,12 @@ +package edu.internet2.middleware.assurance.mcb.exception; + +import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException; + +public class UserInitiatedLoginFailureException extends AuthenticationException { + + /** + * + */ + private static final long serialVersionUID = -6813687033968748471L; + +}