/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final SubjectCanonicalizationContext c14nContext) { attributeCtx = attributeContextLookupStrategy.apply(profileRequestContext); if (attributeCtx == null || attributeCtx.getIdPAttributes().isEmpty()) { log.warn("{} No attributes found, canonicalization not possible", getLogPrefix()); c14nContext.setException(new SubjectCanonicalizationException("No attributes were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } return super.doPreExecute(profileRequestContext, c14nContext); }
/** * Performs this c14n action's pre-execute step. Default implementation just returns true iff a subject * is set. * * @param profileRequestContext the current IdP profile request context * @param c14nContext the current subject canonicalization context * * @return true iff execution should continue */ protected boolean doPreExecute( @Nonnull final ProfileRequestContext<InboundMessageType, OutboundMessageType> profileRequestContext, @Nonnull final SubjectCanonicalizationContext c14nContext) { if (c14nContext.getSubject() == null) { c14nContext.setException(new SubjectCanonicalizationException("No Subject found in context")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } return true; }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final SubjectCanonicalizationContext c14nContext) { final Set<X509Certificate> certificates = c14nContext.getSubject().getPublicCredentials(X509Certificate.class); if (certificates != null && certificates.size() == 1) { certificate = certificates.iterator().next(); x500Principal = certificate.getSubjectX500Principal(); } else { final Set<X500Principal> principals = c14nContext.getSubject().getPrincipals(X500Principal.class); if (principals != null && principals.size() == 1) { x500Principal = principals.iterator().next(); } } if (x500Principal != null) { return super.doPreExecute(profileRequestContext, c14nContext); } c14nContext.setException(new SubjectCanonicalizationException( "Neither a single X509Certificate nor X500Principal were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; }
if (usernames == null || usernames.isEmpty()) { c14nContext.setException( new SubjectCanonicalizationException("No UsernamePrincipals were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } else if (usernames.size() > 1) { c14nContext.setException( new SubjectCanonicalizationException("Multiple UsernamePrincipals were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false;
c14nContext.setException(new SubjectCanonicalizationException( "Neither a single X509Certificate nor X500Principal were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
if (nameIdentifiers == null || nameIdentifiers.isEmpty()) { c14nContext.setException( new SubjectCanonicalizationException("No NameIdentifierPrincipals were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } else if (nameIdentifiers.size() > 1) { c14nContext.setException( new SubjectCanonicalizationException("Multiple NameIdentifierPrincipals were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } else if (!formatMatches(nameIdentifiers.iterator().next().getNameIdentifier().getFormat(), c14nContext)) { c14nContext.setException(new SubjectCanonicalizationException("Format not supported")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false;
c14nContext.setException(new SubjectCanonicalizationException("No NameIDPrincipals were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } else if (nameIDs.size() > 1) { c14nContext.setException( new SubjectCanonicalizationException("Multiple NameIDPrincipals were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false; } else if (!formatMatches(nameIDs.iterator().next().getNameID().getFormat(), c14nContext)) { c14nContext.setException(new SubjectCanonicalizationException("Format not supported")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); return false;
log.error("{} Error resolving PrincipalConnector: Invalid Attribute resolver configuration.", getLogPrefix()); c14nContext.setException(new SubjectCanonicalizationException( "Error resolving PrincipalConnectore: Invalid Attribute resolver configuration.")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); if (!(attributeResolver instanceof LegacyPrincipalDecoder)) { log.info("{} Attribute Resolver did not implement LegacyPrincipalDecoder.", getLogPrefix()); c14nContext.setException(new SubjectCanonicalizationException( "Attribute Resolver did not implement LegacyPrincipalDecoder.")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT); if (null == decodedPrincipal) { log.info("{} Legacy Principal Decoding returned no value", getLogPrefix()); c14nContext.setException(new SubjectCanonicalizationException( "Legacy Principal Decoding returned no value")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
c14nContext.setException(new SubjectCanonicalizationException("No usable attribute values were found")); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);