From 01e297108512a95aec8951b89f8022c3836cd72d Mon Sep 17 00:00:00 2001 From: YoungKi Hong Date: Wed, 13 Mar 2024 23:50:59 +0900 Subject: [PATCH] [ISSUE-11725] Add secondary statusCode messages on error --- .../OpenSaml4AuthenticationProvider.java | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java index 83ad3cace4..91c0ef43b0 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java @@ -26,6 +26,9 @@ import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.HashSet; +import java.util.Arrays; import java.util.function.Consumer; import javax.annotation.Nonnull; @@ -94,6 +97,8 @@ import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; +import static org.opensaml.saml.saml2.core.StatusCode.*; + /** * Implementation of {@link AuthenticationProvider} for SAML authentications when * receiving a {@code Response} object containing an {@code Assertion}. This @@ -621,7 +626,17 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv if (response.getStatus().getStatusCode() == null) { return StatusCode.SUCCESS; } - return response.getStatus().getStatusCode().getValue(); + + Set statusCodes = new HashSet<>(Arrays.asList(REQUESTER, RESPONDER, VERSION_MISMATCH)); + StatusCode parentStatusCode = response.getStatus().getStatusCode(); + String parentStatusCodeValue = parentStatusCode.getValue(); + if (statusCodes.contains(parentStatusCodeValue)) { + StatusCode childStatusCode = parentStatusCode.getStatusCode(); + String childStatusCodeValue = childStatusCode.getValue(); + return parentStatusCodeValue + childStatusCodeValue; + } + + return parentStatusCodeValue; } private Converter createDefaultAssertionSignatureValidator() {