diff options
| author | Stephan Schwär | 2021-07-08 13:37:04 +0200 |
|---|---|---|
| committer | Stephan Schwär | 2021-07-08 13:43:12 +0200 |
| commit | 82e06bcc6000af413cd6a8efd522a5017d123f86 (patch) | |
| tree | ef11fb3d8c910d82095269a2a76f301ed9f3f572 | |
| parent | Add URL to the project's website to the Maven configuration (diff) | |
| download | ecp-client-lean-error-feedback.tar.gz ecp-client-lean-error-feedback.tar.xz ecp-client-lean-error-feedback.zip | |
First unfinished work on better ecp error feedbackerror-feedback
Issue #3797
| -rw-r--r-- | src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java | 83 |
1 files changed, 56 insertions, 27 deletions
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java index 089bc88..702e678 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java @@ -2,6 +2,8 @@ package edu.kit.scc.dei.ecplean; import java.io.IOException;
import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
@@ -24,18 +26,17 @@ import org.xml.sax.SAXException; public class ECPAuthenticator extends ECPAuthenticatorBase {
- public ECPAuthenticator(CloseableHttpClient client, String username, String password,
- URI idpEcpEndpoint, URI spUrl) {
+ public ECPAuthenticator(CloseableHttpClient client, String username, String password, URI idpEcpEndpoint,
+ URI spUrl) {
super(client);
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
}
-
- public ECPAuthenticator(String username, String password,
- URI idpEcpEndpoint, URI spUrl) {
+
+ public ECPAuthenticator(String username, String password, URI idpEcpEndpoint, URI spUrl) {
super();
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
}
-
+
public HttpResponse authenticate() throws ECPAuthenticationException {
logger.info("Starting authentication");
@@ -43,12 +44,13 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { authInfo.setAuthState(ECPAuthState.INITIAL_PAOS_SP);
setChanged();
notifyObservers(authInfo);
-
+
logger.info("Sending initial SP Request");
-
+
HttpGet httpGet = new HttpGet(authInfo.getSpUrl().toString());
httpGet.setHeader("Accept", "text/html, application/vnd.paos+xml");
- httpGet.setHeader("PAOS", "ver=\"urn:liberty:paos:2003-08\";\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"");
+ httpGet.setHeader("PAOS",
+ "ver=\"urn:liberty:paos:2003-08\";\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"");
HttpClientContext ctx = HttpClientContext.create();
ctx.setCookieStore(new BasicCookieStore());
@@ -62,7 +64,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { logger.debug("Initial SP Request failed");
throw new ECPAuthenticationException(e);
}
-
+
Document initResponse;
try {
initResponse = buildDocumentFromString(responseBody);
@@ -70,7 +72,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { logger.debug("Parsing SP Response failed");
throw new ECPAuthenticationException(e);
}
-
+
String relayState;
try {
relayState = (String) queryDocument(initResponse, "//ecp:RelayState", XPathConstants.STRING);
@@ -81,7 +83,8 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { logger.info("Got relayState: " + relayState);
String responseConsumerUrl;
try {
- responseConsumerUrl = (String) queryDocument(initResponse, "/S:Envelope/S:Header/paos:Request/@responseConsumerURL", XPathConstants.STRING);
+ responseConsumerUrl = (String) queryDocument(initResponse,
+ "/S:Envelope/S:Header/paos:Request/@responseConsumerURL", XPathConstants.STRING);
} catch (XPathException e) {
logger.debug("Could not find response consumer url in PAOS answer from SP");
throw new ECPAuthenticationException(e);
@@ -104,23 +107,29 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { throw e;
}
- String statusCode = getStatusCode(idpResponse);
+ List<String> statusCodes = getStatusCode(idpResponse);
- if (statusCode == null)
+ if (statusCodes.isEmpty())
throw new ECPAuthenticationException("IdP returned no status code!!!x");
- if (!statusCode.endsWith(":Success") && !statusCode.endsWith(":success"))
- throw new ECPAuthenticationException("IdP Returned StatusCode " + statusCode);
-
+ if (!statusCodes.get(0).endsWith(":Success") && !statusCodes.get(0).endsWith(":success")) {
+ String allCodes = "";
+ for (String sCode : statusCodes) {
+ allCodes = allCodes + sCode + "\n";
+ }
+ throw new ECPAuthenticationException("IdP Returned StatusCodes:\n" + allCodes);
+ }
+
String assertionConsumerUrl;
try {
- assertionConsumerUrl = (String) queryDocument(idpResponse, "/S:Envelope/S:Header/ecp:Response/@AssertionConsumerServiceURL", XPathConstants.STRING);
+ assertionConsumerUrl = (String) queryDocument(idpResponse,
+ "/S:Envelope/S:Header/ecp:Response/@AssertionConsumerServiceURL", XPathConstants.STRING);
} catch (Exception e) {
logger.debug("Could not find assertion consumer url in answer from IdP");
throw new ECPAuthenticationException(e);
}
logger.info("Got assertionConsumerUrl: " + assertionConsumerUrl);
- if (! assertionConsumerUrl.equals(responseConsumerUrl)) {
+ if (!assertionConsumerUrl.equals(responseConsumerUrl)) {
throw new ECPAuthenticationException("Assertion- and ResponseConsumerURL don't match");
}
@@ -139,7 +148,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { logger.debug("Could not post assertion back to SP");
throw new ECPAuthenticationException(e);
}
-
+
logger.info("Requesting original URL");
httpGet = new HttpGet(authInfo.getSpUrl().toString());
try {
@@ -151,16 +160,27 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { return httpResponse;
}
- private String getStatusCode(Document idpResponse) {
+ /**
+ * Parse the IDP Response for the status code.
+ *
+ * @param idpResponse
+ * @return A list of strings of messages returned by the IDP or an empty list on
+ * error.
+ */
+ private List<String> getStatusCode(Document idpResponse) {
NodeList nl;
- String result = null;
+ List<String> result = new ArrayList<String>();
try {
nl = (NodeList) queryDocument(idpResponse, "//*", XPathConstants.NODESET);
} catch (XPathException e) {
- return null;
+ result.clear();
+ return result;
}
- if (nl == null)
- return null;
+ if (nl == null) {
+ result.clear();
+ return result;
+ }
+
for (int i = 0; i < nl.getLength(); ++i) {
Node ns = nl.item(i);
if (!ns.getLocalName().endsWith("StatusCode"))
@@ -170,8 +190,17 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { Node val = ns.getAttributes().getNamedItem("Value");
if (val == null)
continue;
- if (result == null || result.endsWith(":Responder")) {
- result = val.getNodeValue();
+
+ if (result.isEmpty() || result.get(0).endsWith(":Responder")) {
+ result.clear();
+ result.add(val.getNodeValue());
+ logger.debug("Current idpResponse status code result: " + result);
+ NodeList subnodes = ns.getChildNodes();
+ if (subnodes.getLength() != 0) {
+ Node subval = subnodes.item(0).getAttributes().getNamedItem("Value");
+ if (subval != null)
+ result.add(subval.getNodeValue());
+ }
}
}
return result;
|