From: cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Date: Mon, 4 Jun 2007 18:04:29 +0000 (+0000)
Subject: A stab at handling empty response from DS.
X-Git-Tag: 2.4~903
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=2659d46c2acc2aa713b5b3e0abfb6416f19413b6

A stab at handling empty response from DS.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2288 cb58f699-b61c-0410-a6fe-9272a202ed29
---

diff --git a/.project b/.project
index c57abe7..404625c 100644
--- a/.project
+++ b/.project
@@ -1,10 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <projectDescription>
-	<name>Shibboleth-C</name>
+	<name>cpp-sp</name>
 	<comment></comment>
-	<projects>
-		<project>OpenSAML-C</project>
-	</projects>
 	<buildSpec>
 		<buildCommand>
 			<name>org.eclipse.cdt.make.core.makeBuilder</name>
diff --git a/configs/metadataError.html b/configs/metadataError.html
index 931b525..05218a4 100644
--- a/configs/metadataError.html
+++ b/configs/metadataError.html
@@ -7,13 +7,13 @@
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 	<link rel="stylesheet" type="text/css" href="<shibmlp styleSheet/>" />
-	<title>Unauthorized Identity Provider</title>
+	<title>Unknown Identity Provider</title>
 </head>
 
 <body>
 <div class="head">
 <img src="<shibmlp logoLocation/>" alt="Logo" />
-<h1>Unauthorized Identity Provider</h1>
+<h1>Unknown Identity Provider</h1>
 </div>
 
 <p>The identity provider supplying your login credentials is not authorized for use with this service.</p>
@@ -22,7 +22,7 @@
 enabled for your use.</p>
 
 <p>Please include the following error message in any email:</p>
-<p class="error">Metadata lookup failure at (<shibmlp requestURL/>)</p>
+<p class="error">Identity provider lookup failed at (<shibmlp requestURL/>)</p>
 <shibmlpif entityID>
 <p><strong>EntityID:</strong> <shibmlp entityID/></p>
 </shibmlpif>
diff --git a/configs/rmError.html b/configs/rmError.html
deleted file mode 100644
index 5026976..0000000
--- a/configs/rmError.html
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html 
-	PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
-	"DTD/xhtml1-strict.dtd">
-	
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-	<link rel="stylesheet" type="text/css" href="<shibmlp styleSheet/>" />
-	<title>Access System Failure</title>
-</head>
-
-<body>
-<div class="head">
-<img src="<shibmlp logoLocation/>" alt="Logo" />
-<h1>Inter-institutional Access System Failure</h1>
-</div>
-
-<p>The inter-institutional access system experienced a technical failure at
-<shibmlp now/></p>
-
-<p>Please email <a href="mailto:<shibmlp supportContact/>"><shibmlp supportContact/></a>
-and include the following error message:</p>
-
-<p class="error">Resource Manager failure at (<shibmlp requestURL/>)</p>
-<p><shibmlp errorType/></p>
-
-</body>
-</html>
diff --git a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
index b8ba663..a677bfc 100644
--- a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
+++ b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
@@ -89,6 +89,10 @@ pair<bool,long> SAMLDSSessionInitiator::run(SPRequest& request, const char* enti
     const Application& app=request.getApplication();
 
     if (isHandler) {
+        option = request.getParameter("SAMLDS");
+        if (option && !strcmp(option,"1"))
+            throw MetadataException("No identity provider was selected by user.");
+        
         option = request.getParameter("target");
         if (option)
             target = option;
@@ -113,6 +117,7 @@ pair<bool,long> SAMLDSSessionInitiator::run(SPRequest& request, const char* enti
     string returnURL=request.getHandlerURL(target.c_str());
     pair<bool,const char*> thisloc = getString("Location");
     if (thisloc.first) returnURL += thisloc.second;
+    returnURL += "?SAMLDS=1"; // signals us not to loop if we get no answer back
 
     if (isHandler) {
         // We may already have RelayState set if we looped back here,
@@ -136,14 +141,14 @@ pair<bool,long> SAMLDSSessionInitiator::run(SPRequest& request, const char* enti
                 query = strchr(query, '&');
                 // If we still have more, just append it.
                 if (query && *(++query))
-                    returnURL = returnURL + '?' + query;
+                    returnURL = returnURL + '&' + query;
             }
             else {
                 // There's something in the query before target appears, so we have to find it.
                 thisloc.second = strstr(query,"&target=");
                 if (thisloc.second) {
                     // We found it, so first append everything up to it.
-                    returnURL += '?';
+                    returnURL += '&';
                     returnURL.append(query, thisloc.second - query);
                     query = thisloc.second + 8; // move up just past the equals sign.
                     thisloc.second = strchr(query, '&');
@@ -152,18 +157,18 @@ pair<bool,long> SAMLDSSessionInitiator::run(SPRequest& request, const char* enti
                 }
                 else {
                     // No target in the existing query, so just append it as is.
-                    returnURL = returnURL + '?' + query;
+                    returnURL = returnURL + '&' + query;
                 }
             }
         }
 
         // Now append the sanitized target as needed.
         if (!target.empty())
-            returnURL = returnURL + (returnURL.rfind('?')==string::npos ? '?' : '&') + "target=" + urlenc->encode(target.c_str());
+            returnURL = returnURL + "&target=" + urlenc->encode(target.c_str());
     }
     else if (!target.empty()) {
         // For a virtual handler, we just append target to the return link.
-        returnURL = returnURL + "?target=" + urlenc->encode(target.c_str());;
+        returnURL = returnURL + "&target=" + urlenc->encode(target.c_str());;
     }
 
     string req=string(m_url) + (strchr(m_url,'?') ? '&' : '?') + "entityID=" + urlenc->encode(app.getString("entityID").second) +