acClass = getString("authnContextClassRef");
}
- // Since we're not passing by index, we need to fully compute the return URL.
if (!ACS) {
pair<bool,unsigned int> index = getUnsignedInt("acsIndex");
if (index.first) {
if (!ACS)
request.log(SPRequest::SPWarn, "invalid acsIndex property, using default ACS location");
}
- if (!ACS)
- ACS = app.getDefaultAssertionConsumerService();
+ if (!ACS) {
+ const vector<const Handler*>& endpoints = app.getAssertionConsumerServicesByBinding(m_binding.get());
+ if (endpoints.empty()) {
+ m_log.error("unable to locate a compatible ACS");
+ throw ConfigurationException("Unable to locate an ADFS-compatible ACS in the configuration.");
+ }
+ ACS = endpoints.front();
+ }
}
// Validate the ACS for use with this protocol.
- pair<bool,const XMLCh*> ACSbinding = ACS ? ACS->getXMLString("Binding") : pair<bool,const XMLCh*>(false,NULL);
+ pair<bool,const XMLCh*> ACSbinding = ACS->getXMLString("Binding");
if (ACSbinding.first) {
if (!XMLString::equals(ACSbinding.second, m_binding.get())) {
- m_log.info("configured or requested ACS has non-ADFS binding");
- return make_pair(false,0L);
+ m_log.error("configured or requested ACS has non-ADFS binding");
+ throw ConfigurationException("Configured or requested ACS has non-ADFS binding ($1).", params(1, ACSbinding.second));
}
}
+ // Since we're not passing by index, we need to fully compute the return URL.
// Compute the ACS URL. We add the ACS location to the base handlerURL.
string ACSloc=request.getHandlerURL(target.c_str());
- pair<bool,const char*> loc=ACS ? ACS->getString("Location") : pair<bool,const char*>(false,NULL);
+ pair<bool,const char*> loc=ACS->getString("Location");
if (loc.first) ACSloc+=loc.second;
if (isHandler) {
if (ACSbinding.first) {
pair<bool,const char*> compatibleBindings = getString("compatibleBindings");
if (compatibleBindings.first && strstr(compatibleBindings.second, ACSbinding.second) == NULL) {
- m_log.info("configured or requested ACS has non-SAML 2.0 binding");
- return make_pair(false,0L);
+ m_log.error("configured or requested ACS has non-SAML 2.0 binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 2.0 binding ($1).", params(1, ACSbinding.second));
}
else if (strcmp(ACSbinding.second, samlconstants::SAML20_BINDING_HTTP_POST) &&
strcmp(ACSbinding.second, samlconstants::SAML20_BINDING_HTTP_ARTIFACT) &&
strcmp(ACSbinding.second, samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN)) {
- m_log.info("configured or requested ACS has non-SAML 2.0 binding");
- return make_pair(false,0L);
+ m_log.error("configured or requested ACS has non-SAML 2.0 binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 2.0 binding ($1).", params(1, ACSbinding.second));
}
}
}
if (ACSbinding.first) {
pair<bool,const char*> compatibleBindings = getString("compatibleBindings");
if (compatibleBindings.first && strstr(compatibleBindings.second, ACSbinding.second) == NULL) {
- m_log.info("configured or requested ACS has non-SAML 1.x binding");
- return make_pair(false,0L);
+ m_log.error("configured or requested ACS has non-SAML 1.x binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
}
else if (strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_POST) &&
strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT)) {
- m_log.info("configured or requested ACS has non-SAML 1.x binding");
- return make_pair(false,0L);
+ m_log.error("configured or requested ACS has non-SAML 1.x binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
}
}
if (ACSbinding.first) {
pair<bool,const char*> compatibleBindings = getString("compatibleBindings");
if (compatibleBindings.first && strstr(compatibleBindings.second, ACSbinding.second) == NULL) {
- m_log.info("configured or requested ACS has non-SAML 1.x binding");
- return make_pair(false,0L);
+ m_log.error("configured or requested ACS has non-SAML 1.x binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
}
else if (strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_POST) &&
strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT)) {
- m_log.info("configured or requested ACS has non-SAML 1.x binding");
- return make_pair(false,0L);
+ m_log.error("configured or requested ACS has non-SAML 1.x binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
}
}