Unicon / shib-cas-authn3

Integrates an external CAS Server and Shibboleth IdPv3.
Apache License 2.0
22 stars 16 forks source link

Passive AuthnRequest isn't properly responded to #3

Closed jtgasper3 closed 7 years ago

jtgasper3 commented 9 years ago

The response needs to work something like this:

log.info("Passive authentication requested without a valid SSO session. Returning SAML error to SP [{}]", entityId);
AuthenticationException ae = isPassive ? new PassiveAuthenticationException("Passive authentication not supported without a previous session.")
    : new AuthenticationException("The user could not be authenticated for an unknown reason.");
mmoayyed commented 9 years ago

I dont think the above solution would work with IdP3. I see no classes for a passive authN exception.

Also, one thing that I realized was, how does the client validation set gateway to true?

jtgasper3 commented 9 years ago

Looks like we need to follow the guidance at http://shibboleth.1660669.n2.nabble.com/Shibboleth-IdP-3-External-Authn-isPassive-td7610365.html, if it isn't already being done.

What do you mean by "client validation"? The validation doesn't care whether gateway was true or not? If there was an ST in the response, we validate it. Otherwise not user was returned... Or are you thinking of renew=true?; where it does care.

mmoayyed commented 9 years ago

Oh, I was thinking of renew=true. Never mind :)

jtgasper3 commented 7 years ago

I think this is resolved. Closing