From ad13d3d7472bcb2361ba97914fa5c5c90b5429ca Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Mon, 25 Aug 2014 01:57:24 +0200
Subject: [PATCH] SAML2UserAuthenticator: check that request params has
 SAMLResponse

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../org/apache/cloudstack/saml/SAML2UserAuthenticator.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
index a4902d10312..5cd9b524a95 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
@@ -48,8 +48,8 @@ public class SAML2UserAuthenticator extends DefaultUserAuthenticator {
             return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
         } else {
             User user = _userDao.getUser(userAccount.getId());
-            // TODO: check SAMLRequest, signature etc. from requestParameters
-            if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid())) {
+            if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid()) &&
+                    requestParameters.containsKey(SAMLUtils.SAML_RESPONSE)) {
                 return new Pair<Boolean, ActionOnFailedAuthentication>(true, null);
             }
         }