2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 * Specialized SOAPClient for SAML 1.x SOAP binding.
24 #include "exceptions.h"
25 #include "saml1/binding/SAML1SOAPClient.h"
26 #include "saml1/core/Protocols.h"
27 #include "saml2/metadata/Metadata.h"
29 #include <log4cpp/Category.hh>
30 #include <xmltooling/soap/SOAP.h>
32 using namespace opensaml::saml1p;
33 using namespace opensaml::saml2md;
34 using namespace opensaml;
35 using namespace soap11;
36 using namespace xmltooling;
37 using namespace log4cpp;
40 void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint)
42 auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
43 Body* body = BodyBuilder::buildBody();
45 body->getUnknownXMLObjects().push_back(request);
46 m_soaper.send(*env.get(), peer, endpoint);
47 m_correlate = XMLString::replicate(request->getRequestID());
50 Response* SAML1SOAPClient::receiveSAML()
52 auto_ptr<Envelope> env(m_soaper.receive());
54 Body* body = env->getBody();
55 if (body && body->hasChildren()) {
56 // Check for SAML Response.
57 Response* response = dynamic_cast<Response*>(body->getUnknownXMLObjects().front());
60 // Check InResponseTo.
61 if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
62 throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
64 m_soaper.getPolicy().evaluate(*response);
66 if (!m_soaper.getPolicy().isSecure()) {
67 SecurityPolicyException ex("Security policy could not authenticate the message.");
68 if (m_soaper.getPolicy().getIssuerMetadata())
69 annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
75 Status* status = response->getStatus();
77 const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
78 if (code && *code != StatusCode::SUCCESS && handleError(*status)) {
79 BindingException ex("SAML Response contained an error.");
80 if (m_soaper.getPolicy().getIssuerMetadata())
81 annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
88 body->detach(); // frees Envelope
89 response->detach(); // frees Body
94 BindingException ex("SOAP Envelope did not contain a SAML Response or a Fault.");
95 if (m_soaper.getPolicy().getIssuerMetadata())
96 annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
103 bool SAML1SOAPClient::handleError(const Status& status)
105 const QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : NULL;
106 auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : NULL));
107 Category::getInstance(SAML_LOGCAT".SOAPClient").error(
108 "SOAP client detected a SAML error: (%s) (%s)",
109 (code ? code->toString().c_str() : "no code"),
110 (str.get() ? str.get() : "no message")