Add support for SAML Unknown Principal code. #38

bwreg-service/src/main/java/edu/kit/scc/webreg/exc/SamlUnknownPrincipalException.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.exc;
+
+import java.io.Serializable;
+
+public class SamlUnknownPrincipalException extends SamlAuthenticationException implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	public SamlUnknownPrincipalException(String msg) {
+		super(msg);
+	}
+
+	public SamlUnknownPrincipalException(String msg, Throwable t) {
+		super(msg, t);
+	}
+
+}

bwreg-service/src/main/java/edu/kit/scc/webreg/service/impl/UserUpdater.java

@@ -51,6 +51,7 @@ import edu.kit.scc.webreg.exc.EventSubmitException;
 import edu.kit.scc.webreg.exc.MetadataException;
 import edu.kit.scc.webreg.exc.NoAssertionException;
 import edu.kit.scc.webreg.exc.SamlAuthenticationException;
+import edu.kit.scc.webreg.exc.SamlUnknownPrincipalException;
 import edu.kit.scc.webreg.exc.UserUpdateException;
 import edu.kit.scc.webreg.service.SerialService;
 import edu.kit.scc.webreg.service.ServiceService;
@@ -289,8 +290,8 @@ public class UserUpdater implements Serializable {
 		} catch (SecurityException e) {
 			updateFail(user, e);
 			throw new UserUpdateException(e);
-		}
-
+		} 
+		
 		try {
 			/*
 			 * Don't check Assertion Signature, because we are contacting the IDP directly
@@ -309,6 +310,12 @@ public class UserUpdater implements Serializable {
 				else
 					logger.warn("No assertion delivered for user {} from idp {}", user.getEppn());
 				assertion = null;
+			} catch (SamlUnknownPrincipalException e) {
+				if (user.getIdp() != null)
+					logger.warn("Unknown principal status for user {} from idp {}", user.getEppn(), user.getIdp().getEntityId());
+				else
+					logger.warn("Unknown principal status  for user {}", user.getEppn());
+				assertion = null;
 			}
 
 			return updateUser(user, assertion, "attribute-query", service);

bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/Saml2ResponseValidationService.java

@@ -44,6 +44,7 @@ import org.slf4j.Logger;
 
 import edu.kit.scc.webreg.entity.SamlMetadataEntity;
 import edu.kit.scc.webreg.exc.SamlAuthenticationException;
+import edu.kit.scc.webreg.exc.SamlUnknownPrincipalException;
 
 @ApplicationScoped
 public class Saml2ResponseValidationService {
@@ -92,7 +93,13 @@ public class Saml2ResponseValidationService {
 			throw new SamlAuthenticationException("SAML Response does not contain a status code");
 			
 		Status status = samlResponse.getStatus();
-		if (! status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+		if (status.getStatusCode().getStatusCode() != null &&
+				StatusCode.UNKNOWN_PRINCIPAL_URI.equals(status.getStatusCode().getStatusCode().getValue())) {
+			String s = samlHelper.prettyPrint(status);
+			logger.info("SAML Response Status: {}", s);
+			throw new SamlUnknownPrincipalException("SAML Response: Unknown Principal " + status.getStatusCode().getValue());
+		}
+		else if (! status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
 			String s = samlHelper.prettyPrint(status);
 			logger.info("SAML Response Status: {}", s);
 			throw new SamlAuthenticationException("SAML Response: Login was not successful " + status.getStatusCode().getValue());