Log requestDelegation with no entity set

author Scott Cantor <cantor.2@osu.edu>

Mon, 30 Apr 2012 15:18:48 +0000 (15:18 +0000)

committer Scott Cantor <cantor.2@osu.edu>

Mon, 30 Apr 2012 15:18:48 +0000 (15:18 +0000)
author Scott Cantor <cantor.2@osu.edu>
Mon, 30 Apr 2012 15:18:48 +0000 (15:18 +0000)
committer Scott Cantor <cantor.2@osu.edu>
Mon, 30 Apr 2012 15:18:48 +0000 (15:18 +0000)
diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp

index d12c7f2..32fe3a8 100644 (file)
--- a/shibsp/handler/impl/SAML2SessionInitiator.cpp
+++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp
@@ -664,21 +664,26 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
      }
  
      pair<bool,bool> requestDelegation = getBool("requestDelegation");
-    if (requestDelegation.first && requestDelegation.second && entity.first) {
-        // Request delegation by including the IdP as an Audience.
-        // Also specify the expected session lifetime as the bound on the assertion lifetime.
-        const PropertySet* sessionProps = app.getPropertySet("Sessions");
-        pair<bool,unsigned int> lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair<bool,unsigned int>(true,28800);
-        if (!lifetime.first || lifetime.second == 0)
-            lifetime.second = 28800;
-        if (!req->getConditions())
-            req->setConditions(ConditionsBuilder::buildConditions());
-        req->getConditions()->setNotOnOrAfter(time(nullptr) + lifetime.second + 300);
-        AudienceRestriction* audrest = AudienceRestrictionBuilder::buildAudienceRestriction();
-        req->getConditions()->getConditions().push_back(audrest);
-        Audience* aud = AudienceBuilder::buildAudience();
-        audrest->getAudiences().push_back(aud);
-        aud->setAudienceURI(entity.first->getEntityID());
+    if (requestDelegation.first && requestDelegation.second) {
+        if (entity.first) {
+            // Request delegation by including the IdP as an Audience.
+            // Also specify the expected session lifetime as the bound on the assertion lifetime.
+            const PropertySet* sessionProps = app.getPropertySet("Sessions");
+            pair<bool,unsigned int> lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair<bool,unsigned int>(true,28800);
+            if (!lifetime.first || lifetime.second == 0)
+                lifetime.second = 28800;
+            if (!req->getConditions())
+                req->setConditions(ConditionsBuilder::buildConditions());
+            req->getConditions()->setNotOnOrAfter(time(nullptr) + lifetime.second + 300);
+            AudienceRestriction* audrest = AudienceRestrictionBuilder::buildAudienceRestriction();
+            req->getConditions()->getConditions().push_back(audrest);
+            Audience* aud = AudienceBuilder::buildAudience();
+            audrest->getAudiences().push_back(aud);
+            aud->setAudienceURI(entity.first->getEntityID());
+        }
+        else {
+            m_log.warn("requestDelegation set, but IdP unknown at request time");
+        }
      }
  
      if (ECP && entityID) {
author	Scott Cantor <cantor.2@osu.edu>
	Mon, 30 Apr 2012 15:18:48 +0000 (15:18 +0000)
committer	Scott Cantor <cantor.2@osu.edu>
	Mon, 30 Apr 2012 15:18:48 +0000 (15:18 +0000)