CLOUDSTACK-8037: Fix attribute detection, tested to work with onelogin.com

yadvr · yadvr · commit 23de431f96e1 · 2015-01-12T19:40:05.000+05:30
Signed-off-by: Rohit Yadav &lt;rohit.yadav@shapeblue.com&gt;
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -239,22 +239,27 @@ public String authenticate(final String command, final Map<String, Object[]> par
                     }
                 }
 
-                AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
-                List<Attribute> attributes = attributeStatement.getAttributes();
-
-                // Try capturing standard LDAP attributes
-                for (Attribute attribute: attributes) {
-                    String attributeName = attribute.getName();
-                    String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
-                    if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
-                        username = attributeValue;
-                        uniqueUserId = SAMLUtils.createSAMLId(username);
-                    } else if (attributeName.equalsIgnoreCase("givenName")) {
-                        firstName = attributeValue;
-                    } else if (attributeName.equalsIgnoreCase(("sn"))) {
-                        lastName = attributeValue;
-                    } else if (attributeName.equalsIgnoreCase("mail")) {
-                        email = attributeValue;
+                List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
+                if (attributeStatements != null && attributeStatements.size() > 0) {
+                    for (AttributeStatement attributeStatement: attributeStatements) {
+                        if (attributeStatement == null) {
+                            continue;
+                        }
+                        // Try capturing standard LDAP attributes
+                        for (Attribute attribute: attributeStatement.getAttributes()) {
+                            String attributeName = attribute.getName();
+                            String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
+                            if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
+                                username = attributeValue;
+                                uniqueUserId = SAMLUtils.createSAMLId(username);
+                            } else if (attributeName.equalsIgnoreCase("givenName")) {
+                                firstName = attributeValue;
+                            } else if (attributeName.equalsIgnoreCase(("sn"))) {
+                                lastName = attributeValue;
+                            } else if (attributeName.equalsIgnoreCase("mail")) {
+                                email = attributeValue;
+                            }
+                        }
                     }
                 }
 
