From 7ffb5c79955eb447418478b5033aa6c6fb50af3f Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Tue, 24 Mar 2026 17:54:37 -0400
Subject: [PATCH 1/2] Add only public sso availability to institution login URL
 map

---
 .../support/OsfInstitutionUtils.java             | 16 ++++++++++++++++
 .../authentication/support/SsoAvailability.java  |  4 ++++
 2 files changed, 20 insertions(+)

diff --git a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java
index 89b28147..17340d6a 100644
--- a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java
+++ b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java
@@ -52,6 +52,22 @@ public static Map<String, String> getInstitutionLoginUrlMap(
         }
         final Map<String, String> institutionLoginUrlMap = new HashMap<>();
         for (final OsfInstitution institution: institutionList) {
+            final SsoAvailability ssoAvailability = institution.getSsoAvailability();
+            if (ssoAvailability == null) {
+                LOGGER.error(
+                        "Skipped due to invalid SSO Availability: [institutionId={}]",
+                        institution.getInstitutionId()
+                );
+                continue;
+            }
+            if (!ssoAvailability.isPublic()) {
+                LOGGER.debug(
+                        "Skipped because SSO Availability is not public: [institutionId={}, ssoAvailability={}]",
+                        institution.getInstitutionId(),
+                        ssoAvailability.getId()
+                );
+                continue;
+            }
             final DelegationProtocol delegationProtocol = institution.getDelegationProtocol();
             if (DelegationProtocol.SAML_SHIB.equals(delegationProtocol)) {
                 institutionLoginUrlMap.put(
diff --git a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java
index 0c3d29de..6baea19c 100644
--- a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java
+++ b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java
@@ -40,6 +40,10 @@ public static SsoAvailability getType(final String id) throws IllegalArgumentExc
         throw new IllegalArgumentException("No matching type for id " + id);
     }
 
+    public boolean isPublic () {
+        return SsoAvailability.PUBLIC.equals(this);
+    }
+
     public final String getId() {
         return id;
     }

From fd94fd0dff4ffbdbc45e1a6c6aab5e0565063d7f Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Wed, 25 Mar 2026 16:48:13 -0400
Subject: [PATCH 2/2] Add/update JavaDoc/comments

---
 .../cas/osf/authentication/support/OsfInstitutionUtils.java | 5 ++++-
 .../cos/cas/osf/authentication/support/SsoAvailability.java | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java
index 17340d6a..ada97c89 100644
--- a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java
+++ b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java
@@ -14,7 +14,7 @@
 import java.util.Map;
 
 /**
- * This is {@link OsfInstitutionUtils}.
+ * This is {@link OsfInstitutionUtils}, which provides helper methods supporting the institution SSO login flow.
  *
  * @author Longze Chen
  * @since 21.0.0
@@ -54,6 +54,8 @@ public static Map<String, String> getInstitutionLoginUrlMap(
         for (final OsfInstitution institution: institutionList) {
             final SsoAvailability ssoAvailability = institution.getSsoAvailability();
             if (ssoAvailability == null) {
+                // Catch a rare exception case where OSF DB has changed the choices of the field
+                // `sso_availability` in table `osf_institution` without syncing with CAS.
                 LOGGER.error(
                         "Skipped due to invalid SSO Availability: [institutionId={}]",
                         institution.getInstitutionId()
@@ -61,6 +63,7 @@ public static Map<String, String> getInstitutionLoginUrlMap(
                 continue;
             }
             if (!ssoAvailability.isPublic()) {
+                // Hide institutions of which SSO Availability is not Public
                 LOGGER.debug(
                         "Skipped because SSO Availability is not public: [institutionId={}, ssoAvailability={}]",
                         institution.getInstitutionId(),
diff --git a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java
index 6baea19c..47abe71c 100644
--- a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java
+++ b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java
@@ -1,7 +1,8 @@
 package io.cos.cas.osf.authentication.support;
 
 /**
- * This is {@link SsoAvailability}.
+ * This is {@link SsoAvailability}, which is used in {@link io.cos.cas.osf.model.OsfInstitution}
+ * to map to the types/choices of its counterpart in the OSF model.
  *
  * @author Longze Chen
  * @since 26.1.0
@@ -40,6 +41,9 @@ public static SsoAvailability getType(final String id) throws IllegalArgumentExc
         throw new IllegalArgumentException("No matching type for id " + id);
     }
 
+    /**
+     * @return whether the enum type is {@link SsoAvailability#PUBLIC}.
+     */
     public boolean isPublic () {
         return SsoAvailability.PUBLIC.equals(this);
     }