CLOUDSTACK-8037: Fix attribute detection, tested to work with onelogin.com

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit 23de431f96) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-01-12 18:55:52 +05:30 · 2015-01-12 18:55:52 +05:30 · 1a7f76ac77
parent b528047fb6
commit 1a7f76ac77
1 changed files with 21 additions and 16 deletions
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@ -240,22 +240,27 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
                    }
                }

-                AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
-                List<Attribute> attributes = attributeStatement.getAttributes();
-
-                // Try capturing standard LDAP attributes
-                for (Attribute attribute: attributes) {
-                    String attributeName = attribute.getName();
-                    String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
-                    if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
-                        username = attributeValue;
-                        uniqueUserId = SAMLUtils.createSAMLId(username);
-                    } else if (attributeName.equalsIgnoreCase("givenName")) {
-                        firstName = attributeValue;
-                    } else if (attributeName.equalsIgnoreCase(("sn"))) {
-                        lastName = attributeValue;
-                    } else if (attributeName.equalsIgnoreCase("mail")) {
-                        email = attributeValue;
+                List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
+                if (attributeStatements != null && attributeStatements.size() > 0) {
+                    for (AttributeStatement attributeStatement: attributeStatements) {
+                        if (attributeStatement == null) {
+                            continue;
+                        }
+                        // Try capturing standard LDAP attributes
+                        for (Attribute attribute: attributeStatement.getAttributes()) {
+                            String attributeName = attribute.getName();
+                            String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
+                            if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
+                                username = attributeValue;
+                                uniqueUserId = SAMLUtils.createSAMLId(username);
+                            } else if (attributeName.equalsIgnoreCase("givenName")) {
+                                firstName = attributeValue;
+                            } else if (attributeName.equalsIgnoreCase(("sn"))) {
+                                lastName = attributeValue;
+                            } else if (attributeName.equalsIgnoreCase("mail")) {
+                                email = attributeValue;
+                            }
+                        }
                    }
                }