From 1a7f76ac77b05eec796637f96b4ceca3f1c7af33 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Mon, 12 Jan 2015 18:55:52 +0530
Subject: [PATCH] CLOUDSTACK-8037: Fix attribute detection, tested to work with
 onelogin.com

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 23de431f96e1dad8a21055ac98926c428e83c775)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../SAML2LoginAPIAuthenticatorCmd.java        | 37 +++++++++++--------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index e1ccc027cc9..6e86d23b42f 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -240,22 +240,27 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
                     }
                 }
 
-                AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
-                List<Attribute> attributes = attributeStatement.getAttributes();
-
-                // Try capturing standard LDAP attributes
-                for (Attribute attribute: attributes) {
-                    String attributeName = attribute.getName();
-                    String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
-                    if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
-                        username = attributeValue;
-                        uniqueUserId = SAMLUtils.createSAMLId(username);
-                    } else if (attributeName.equalsIgnoreCase("givenName")) {
-                        firstName = attributeValue;
-                    } else if (attributeName.equalsIgnoreCase(("sn"))) {
-                        lastName = attributeValue;
-                    } else if (attributeName.equalsIgnoreCase("mail")) {
-                        email = attributeValue;
+                List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
+                if (attributeStatements != null && attributeStatements.size() > 0) {
+                    for (AttributeStatement attributeStatement: attributeStatements) {
+                        if (attributeStatement == null) {
+                            continue;
+                        }
+                        // Try capturing standard LDAP attributes
+                        for (Attribute attribute: attributeStatement.getAttributes()) {
+                            String attributeName = attribute.getName();
+                            String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
+                            if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
+                                username = attributeValue;
+                                uniqueUserId = SAMLUtils.createSAMLId(username);
+                            } else if (attributeName.equalsIgnoreCase("givenName")) {
+                                firstName = attributeValue;
+                            } else if (attributeName.equalsIgnoreCase(("sn"))) {
+                                lastName = attributeValue;
+                            } else if (attributeName.equalsIgnoreCase("mail")) {
+                                email = attributeValue;
+                            }
+                        }
                     }
                 }