Direct access to login servlet #15
Assignees
Labels
Comments
|
Added code to detect the bookmark access. If this occurs the new behavior will be to return the error: urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported By sending this value to the Shib authentication engine. |
|
Will be fixed in v1.2.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using version 1.2.1 of the MCB and if somebody directly accesses the login servlet, MCBLoginServlet.java, it raises an exception and code 500 is returned by Apache httpd. In IdP without MCB there is a possibility to check for a direct access and return a proper message without returning 500 status.
<%
StorageService storageService = HttpServletHelper.getStorageService(application);
LoginContext loginContext = HttpServletHelper.getLoginContext(storageService, application,request);
if (loginContext == null) {
%>
To fix this issue I added "try" block, line 130, in the "service" method of MCBLoginServlet class and that solved the problem.
try { application = this.getServletContext();
loginContext = (LoginContext)HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), application, request);
entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(),
HttpServletHelper.getRelyingPartyConfigurationManager(application));
entityID = entityDescriptor.getEntityID();
log.debug("Relying party = [{}]", entityID);
} catch (Exception e) {
log.error("Can't find entityID of the SP");
}
Is the original behavior intentional or is it an overlooked error?
The text was updated successfully, but these errors were encountered: