2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* shib.h - Shibboleth header file
62 #include <saml/saml.h>
63 #include <shib/shib-threads.h>
64 #include <xsec/xenc/XENCEncryptionMethod.hpp>
68 # define SHIB_EXPORTS __declspec(dllimport)
76 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,ResourceAccessException,SAMLException);
77 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,MetadataException,SAMLException);
78 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,CredentialException,SAMLException);
79 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,InvalidHandleException,RetryableProfileException);
80 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,InvalidSessionException,RetryableProfileException);
82 // Metadata abstract interfaces, based on SAML 2.0
84 struct SHIB_EXPORTS IContactPerson
86 enum ContactType { technical, support, administrative, billing, other };
87 virtual ContactType getType() const=0;
88 virtual const char* getCompany() const=0;
89 virtual const char* getGivenName() const=0;
90 virtual const char* getSurName() const=0;
91 virtual saml::Iterator<std::string> getEmailAddresses() const=0;
92 virtual saml::Iterator<std::string> getTelephoneNumbers() const=0;
93 virtual const DOMElement* getElement() const=0;
94 virtual ~IContactPerson() {}
97 struct SHIB_EXPORTS IOrganization
99 virtual const char* getName(const char* lang="en") const=0;
100 virtual const char* getDisplayName(const char* lang="en") const=0;
101 virtual const char* getURL(const char* lang="en") const=0;
102 virtual const DOMElement* getElement() const=0;
103 virtual ~IOrganization() {}
106 struct SHIB_EXPORTS IKeyDescriptor
108 enum KeyUse { unspecified, encryption, signing };
109 virtual KeyUse getUse() const=0;
110 virtual DSIGKeyInfoList* getKeyInfo() const=0;
111 virtual saml::Iterator<const XENCEncryptionMethod*> getEncryptionMethods() const=0;
112 virtual ~IKeyDescriptor() {}
115 struct SHIB_EXPORTS IEndpoint
117 virtual const XMLCh* getBinding() const=0;
118 virtual const XMLCh* getLocation() const=0;
119 virtual const XMLCh* getResponseLocation() const=0;
120 virtual const DOMElement* getElement() const=0;
121 virtual ~IEndpoint() {}
124 struct SHIB_EXPORTS IIndexedEndpoint : public virtual IEndpoint
126 virtual unsigned short getIndex() const=0;
127 virtual ~IIndexedEndpoint() {}
130 struct SHIB_EXPORTS IEndpointManager
132 virtual saml::Iterator<const IEndpoint*> getEndpoints() const=0;
133 virtual const IEndpoint* getDefaultEndpoint() const=0;
134 virtual const IEndpoint* getEndpointByIndex(unsigned short index) const=0;
135 virtual const IEndpoint* getEndpointByBinding(const XMLCh* binding) const=0;
136 virtual ~IEndpointManager() {}
139 struct SHIB_EXPORTS IEntityDescriptor;
140 struct SHIB_EXPORTS IRoleDescriptor
142 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
143 virtual saml::Iterator<const XMLCh*> getProtocolSupportEnumeration() const=0;
144 virtual bool hasSupport(const XMLCh* protocol) const=0;
145 virtual bool isValid() const=0;
146 virtual const char* getErrorURL() const=0;
147 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
148 virtual const IOrganization* getOrganization() const=0;
149 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
150 virtual const DOMElement* getElement() const=0;
151 virtual ~IRoleDescriptor() {}
154 struct SHIB_EXPORTS ISSODescriptor : public virtual IRoleDescriptor
156 virtual const IEndpointManager* getArtifactResolutionServiceManager() const=0;
157 virtual const IEndpointManager* getSingleLogoutServiceManager() const=0;
158 virtual const IEndpointManager* getManageNameIDServiceManager() const=0;
159 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
160 virtual ~ISSODescriptor() {}
163 struct SHIB_EXPORTS IIDPSSODescriptor : public virtual ISSODescriptor
165 virtual bool getWantAuthnRequestsSigned() const=0;
166 virtual const IEndpointManager* getSingleSignOnServiceManager() const=0;
167 virtual const IEndpointManager* getNameIDMappingServiceManager() const=0;
168 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
169 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
170 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
171 virtual ~IIDPSSODescriptor() {}
174 struct SHIB_EXPORTS IAttributeConsumingService
176 virtual const XMLCh* getName(const char* lang="en") const=0;
177 virtual const XMLCh* getDescription(const char* lang="en") const=0;
178 virtual saml::Iterator<std::pair<const saml::SAMLAttribute*,bool> > getRequestedAttributes() const=0;
179 virtual ~IAttributeConsumingService() {}
182 struct SHIB_EXPORTS ISPSSODescriptor : public virtual ISSODescriptor
184 virtual bool getAuthnRequestsSigned() const=0;
185 virtual bool getWantAssertionsSigned() const=0;
186 virtual const IEndpointManager* getAssertionConsumerServiceManager() const=0;
187 virtual saml::Iterator<const IAttributeConsumingService*> getAttributeConsumingServices() const=0;
188 virtual const IAttributeConsumingService* getDefaultAttributeConsumingService() const=0;
189 virtual const IAttributeConsumingService* getAttributeConsumingServiceByID(const XMLCh* id) const=0;
190 virtual ~ISPSSODescriptor() {}
193 struct SHIB_EXPORTS IAuthnAuthorityDescriptor : public virtual IRoleDescriptor
195 virtual const IEndpointManager* getAuthnQueryServiceManager() const=0;
196 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
197 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
198 virtual ~IAuthnAuthorityDescriptor() {}
201 struct SHIB_EXPORTS IPDPDescriptor : public virtual IRoleDescriptor
203 virtual const IEndpointManager* getAuthzServiceManager() const=0;
204 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
205 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
206 virtual ~IPDPDescriptor() {}
209 struct SHIB_EXPORTS IAttributeAuthorityDescriptor : public virtual IRoleDescriptor
211 virtual const IEndpointManager* getAttributeServiceManager() const=0;
212 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
213 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
214 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
215 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
216 virtual ~IAttributeAuthorityDescriptor() {}
219 struct SHIB_EXPORTS IAffiliationDescriptor
221 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
222 virtual const XMLCh* getOwnerID() const=0;
223 virtual bool isValid() const=0;
224 virtual saml::Iterator<const XMLCh*> getMembers() const=0;
225 virtual bool isMember(const XMLCh* id) const=0;
226 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
227 virtual const DOMElement* getElement() const=0;
228 virtual ~IAffiliationDescriptor() {}
231 struct SHIB_EXPORTS IEntitiesDescriptor;
232 struct SHIB_EXPORTS IEntityDescriptor
234 virtual const XMLCh* getId() const=0;
235 virtual bool isValid() const=0;
236 virtual saml::Iterator<const IRoleDescriptor*> getRoleDescriptors() const=0;
237 virtual const IIDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0;
238 virtual const ISPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0;
239 virtual const IAuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0;
240 virtual const IAttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0;
241 virtual const IPDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0;
242 virtual const IAffiliationDescriptor* getAffiliationDescriptor() const=0;
243 virtual const IOrganization* getOrganization() const=0;
244 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
245 virtual saml::Iterator<std::pair<const XMLCh*,const XMLCh*> > getAdditionalMetadataLocations() const=0;
246 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
247 virtual const DOMElement* getElement() const=0;
248 virtual ~IEntityDescriptor() {}
251 struct SHIB_EXPORTS IEntitiesDescriptor
253 virtual const XMLCh* getName() const=0;
254 virtual bool isValid() const=0;
255 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
256 virtual saml::Iterator<const IEntitiesDescriptor*> getEntitiesDescriptors() const=0;
257 virtual saml::Iterator<const IEntityDescriptor*> getEntityDescriptors() const=0;
258 virtual const DOMElement* getElement() const=0;
259 virtual ~IEntitiesDescriptor() {}
262 // Supports Shib role extension describing attribute scoping rules
263 struct SHIB_EXPORTS IScopedRoleDescriptor : public virtual IRoleDescriptor
265 virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
266 virtual ~IScopedRoleDescriptor() {}
269 // Shib extension interfaces to key authority data
270 struct SHIB_EXPORTS IKeyAuthority
272 virtual int getVerifyDepth() const=0;
273 virtual saml::Iterator<DSIGKeyInfoList*> getKeyInfos() const=0;
274 virtual ~IKeyAuthority() {}
277 struct SHIB_EXPORTS IExtendedEntityDescriptor : public virtual IEntityDescriptor
279 virtual saml::Iterator<const IKeyAuthority*> getKeyAuthorities() const=0;
280 virtual ~IExtendedEntityDescriptor() {}
283 struct SHIB_EXPORTS IExtendedEntitiesDescriptor : public virtual IEntitiesDescriptor
285 virtual saml::Iterator<const IKeyAuthority*> getKeyAuthorities() const=0;
286 virtual ~IExtendedEntitiesDescriptor() {}
289 struct SHIB_EXPORTS IMetadata : public virtual saml::ILockable, public virtual saml::IPlugIn
291 virtual const IEntityDescriptor* lookup(const char* id, bool strict=true) const=0;
292 virtual const IEntityDescriptor* lookup(const XMLCh* id, bool strict=true) const=0;
293 virtual const IEntityDescriptor* lookup(const saml::SAMLArtifact* artifact) const=0;
294 virtual const IEntitiesDescriptor* lookupGroup(const char* name, bool strict=true) const=0;
295 virtual const IEntitiesDescriptor* lookupGroup(const XMLCh* name, bool strict=true) const=0;
296 virtual std::pair<const IEntitiesDescriptor*,const IEntityDescriptor*> getRoot() const=0;
297 virtual ~IMetadata() {}
300 // Trust interface hides *all* details of signature and SSL validation.
301 // Pluggable providers can fully override the Shibboleth trust model here.
303 struct SHIB_EXPORTS ITrust : public virtual saml::IPlugIn
305 // Performs certificate validation processing of an untrusted certificates
306 // using a library-specific representation, in this case an OpenSSL X509*
307 virtual bool validate(
309 const saml::Iterator<void*>& certChain,
310 const IRoleDescriptor* role,
314 // Validates signed SAML messages and assertions sent by an entity acting in a specific role.
315 // If certificate validation is required, the trust provider used can be overridden using
316 // the last parameter, or left null and the provider will rely on itself.
317 virtual bool validate(
318 const saml::SAMLSignedObject& token,
319 const IRoleDescriptor* role,
320 ITrust* certValidator=NULL
326 // Credentials interface abstracts access to "owned" keys and certificates.
328 struct SHIB_EXPORTS ICredResolver : public virtual saml::IPlugIn
330 virtual void attach(void* ctx) const=0;
331 virtual XSECCryptoKey* getKey() const=0;
332 virtual saml::Iterator<XSECCryptoX509*> getCertificates() const=0;
333 virtual void dump(FILE* f) const=0;
334 virtual void dump() const { dump(stdout); }
335 virtual ~ICredResolver() {}
338 struct SHIB_EXPORTS ICredentials : public virtual saml::ILockable, public virtual saml::IPlugIn
340 virtual const ICredResolver* lookup(const char* id) const=0;
341 virtual ~ICredentials() {}
344 // Attribute acceptance processing interfaces, applied to incoming attributes.
346 struct SHIB_EXPORTS IAttributeRule
348 virtual const XMLCh* getName() const=0;
349 virtual const XMLCh* getNamespace() const=0;
350 virtual const char* getAlias() const=0;
351 virtual const char* getHeader() const=0;
352 virtual bool getCaseSensitive() const=0;
353 virtual void apply(saml::SAMLAttribute& attribute, const IRoleDescriptor* role=NULL) const=0;
354 virtual ~IAttributeRule() {}
357 struct SHIB_EXPORTS IAAP : public virtual saml::ILockable, public virtual saml::IPlugIn
359 virtual bool anyAttribute() const=0;
360 virtual const IAttributeRule* lookup(const XMLCh* attrName, const XMLCh* attrNamespace=NULL) const=0;
361 virtual const IAttributeRule* lookup(const char* alias) const=0;
362 virtual saml::Iterator<const IAttributeRule*> getAttributeRules() const=0;
366 struct SHIB_EXPORTS IAttributeFactory : public virtual saml::IPlugIn
368 virtual saml::SAMLAttribute* build(DOMElement* e) const=0;
369 virtual ~IAttributeFactory() {}
372 #ifdef SHIB_INSTANTIATE
373 template class SHIB_EXPORTS saml::Iterator<const IContactPerson*>;
374 template class SHIB_EXPORTS saml::Iterator<const XENCEncryptionMethod*>;
375 template class SHIB_EXPORTS saml::Iterator<const IKeyDescriptor*>;
376 template class SHIB_EXPORTS saml::Iterator<const IAttributeConsumingService*>;
377 template class SHIB_EXPORTS saml::Iterator<const IRoleDescriptor*>;
378 template class SHIB_EXPORTS saml::Iterator<const IEntityDescriptor*>;
379 template class SHIB_EXPORTS saml::Iterator<const IEntitiesDescriptor*>;
380 template class SHIB_EXPORTS saml::Iterator<const IEndpoint*>;
381 template class SHIB_EXPORTS saml::Iterator<const IAttributeRule*>;
382 template class SHIB_EXPORTS saml::Iterator<const IKeyAuthority*>;
383 template class SHIB_EXPORTS saml::Iterator<DSIGKeyInfoList*>;
384 template class SHIB_EXPORTS saml::Iterator<IMetadata*>;
385 template class SHIB_EXPORTS saml::ArrayIterator<IMetadata*>;
386 template class SHIB_EXPORTS saml::Iterator<ITrust*>;
387 template class SHIB_EXPORTS saml::ArrayIterator<ITrust*>;
388 template class SHIB_EXPORTS saml::Iterator<ICredentials*>;
389 template class SHIB_EXPORTS saml::ArrayIterator<ICredentials*>;
390 template class SHIB_EXPORTS saml::Iterator<IAAP*>;
391 template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
394 struct SHIB_EXPORTS Constants
396 static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
397 static const XMLCh SHIB_NAMEID_FORMAT_URI[];
398 static const XMLCh SHIB_AUTHNREQUEST_PROFILE_URI[];
399 static const XMLCh SHIB_LEGACY_AUTHNREQUEST_PROFILE_URI[];
400 static const XMLCh SHIB_SESSIONINIT_PROFILE_URI[];
401 static const XMLCh SHIB_LOGOUT_PROFILE_URI[];
402 static const XMLCh SHIB_NS[];
403 static const XMLCh InvalidHandle[];
406 // Glue classes between abstract metadata and concrete providers
408 class SHIB_EXPORTS Metadata
411 Metadata(const saml::Iterator<IMetadata*>& metadatas) : m_metadatas(metadatas), m_mapper(NULL) {}
414 const IEntityDescriptor* lookup(const char* id, bool strict=true);
415 const IEntityDescriptor* lookup(const XMLCh* id, bool strict=true);
416 const IEntityDescriptor* lookup(const saml::SAMLArtifact* artifact);
419 Metadata(const Metadata&);
420 void operator=(const Metadata&);
422 const saml::Iterator<IMetadata*>& m_metadatas;
425 class SHIB_EXPORTS Trust
428 Trust(const saml::Iterator<ITrust*>& trusts) : m_trusts(trusts) {}
433 const saml::Iterator<void*>& certChain,
434 const IRoleDescriptor* role,
437 bool validate(const saml::SAMLSignedObject& token, const IRoleDescriptor* role) const;
441 void operator=(const Trust&);
442 const saml::Iterator<ITrust*>& m_trusts;
445 class SHIB_EXPORTS Credentials
448 Credentials(const saml::Iterator<ICredentials*>& creds) : m_creds(creds), m_mapper(NULL) {}
451 const ICredResolver* lookup(const char* id);
454 Credentials(const Credentials&);
455 void operator=(const Credentials&);
456 ICredentials* m_mapper;
457 const saml::Iterator<ICredentials*>& m_creds;
460 class SHIB_EXPORTS AAP
463 AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace=NULL);
464 AAP(const saml::Iterator<IAAP*>& aaps, const char* alias);
466 bool fail() const {return m_mapper==NULL;}
467 const IAttributeRule* operator->() const {return m_rule;}
468 operator const IAttributeRule*() const {return m_rule;}
470 static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IRoleDescriptor* role=NULL);
474 void operator=(const AAP&);
476 const IAttributeRule* m_rule;
479 // Subclass around the OpenSAML browser profile interface,
480 // incoporates additional functionality using Shib-defined APIs.
481 class SHIB_EXPORTS ShibBrowserProfile : virtual public saml::SAMLBrowserProfile
485 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*),
486 const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*)
488 virtual ~ShibBrowserProfile();
490 virtual saml::SAMLBrowserProfile::BrowserProfileResponse receive(
492 const XMLCh* recipient,
493 int supportedProfiles,
494 saml::IReplayCache* replayCache=NULL,
495 saml::SAMLBrowserProfile::ArtifactMapper* callback=NULL,
500 saml::SAMLBrowserProfile* m_profile;
501 saml::Iterator<IMetadata*> m_metadatas;
502 saml::Iterator<ITrust*> m_trusts;
505 // Instead of wrapping the binding to deal with mutual authentication, we
506 // just use the HTTP hook functionality offered by OpenSAML. The hook will
507 // register "itself" as a globalCtx pointer with the SAML binding and the caller
508 // will declare and pass the embedded struct as callCtx for use by the hook.
509 class SHIB_EXPORTS ShibHTTPHook : virtual public saml::SAMLSOAPHTTPBinding::HTTPHook
512 ShibHTTPHook(const saml::Iterator<ITrust*>& trusts, const saml::Iterator<ICredentials*>& creds)
513 : m_trusts(trusts), m_creds(creds) {}
514 virtual ~ShibHTTPHook() {}
516 // Only hook we need here is for outgoing connection to server.
517 virtual bool outgoing(saml::HTTPClient* conn, void* globalCtx=NULL, void* callCtx=NULL);
519 // Client declares a context object and pass as callCtx to send() method.
520 class SHIB_EXPORTS ShibHTTPHookCallContext {
522 ShibHTTPHookCallContext(const char* credResolverId, const IRoleDescriptor* role)
523 : m_credResolverId(credResolverId), m_role(role), m_hook(NULL), m_authenticated(false) {}
524 const ShibHTTPHook* getHook() {return m_hook;}
525 const char* getCredResolverId() {return m_credResolverId;}
526 const IRoleDescriptor* getRoleDescriptor() {return m_role;}
527 bool isAuthenticated() const {return m_authenticated;}
528 void setAuthenticated() {m_authenticated=true;}
531 const char* m_credResolverId;
532 const IRoleDescriptor* m_role;
533 ShibHTTPHook* m_hook;
534 bool m_authenticated;
535 friend class ShibHTTPHook;
538 const saml::Iterator<ITrust*>& getTrustProviders() const {return m_trusts;}
539 const saml::Iterator<ICredentials*>& getCredentialProviders() const {return m_creds;}
541 saml::Iterator<ITrust*> m_trusts;
542 saml::Iterator<ICredentials*> m_creds;
545 class SHIB_EXPORTS ShibConfig
549 virtual ~ShibConfig() {}
551 // global per-process setup and shutdown of Shibboleth runtime
555 // manages specific attribute name to factory mappings
556 void regAttributeMapping(const XMLCh* name, const IAttributeFactory* factory);
557 void unregAttributeMapping(const XMLCh* name);
558 void clearAttributeMappings();
560 // enables runtime and clients to access configuration
561 static ShibConfig& getConfig();
564 /* Helper classes for implementing reloadable XML-based config files
565 The ILockable interface will usually be inherited twice, once as
566 part of the external interface to clients and once as an implementation
567 detail of the reloading class below.
570 class SHIB_EXPORTS ReloadableXMLFileImpl
573 ReloadableXMLFileImpl(const char* pathname);
574 ReloadableXMLFileImpl(const DOMElement* pathname);
575 virtual ~ReloadableXMLFileImpl();
579 const DOMElement* m_root;
582 class SHIB_EXPORTS ReloadableXMLFile : protected virtual saml::ILockable
585 ReloadableXMLFile(const DOMElement* e);
586 ~ReloadableXMLFile() { delete m_lock; delete m_impl; }
589 virtual void unlock() { if (m_lock) m_lock->unlock(); }
591 ReloadableXMLFileImpl* getImplementation() const;
594 virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const=0;
595 virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const=0;
596 mutable ReloadableXMLFileImpl* m_impl;
599 const DOMElement* m_root;
600 std::string m_source;
605 /* These helpers attach metadata-derived information as exception properties and then
606 * rethrow the object. The following properties are attached, when possible:
608 * providerId The unique ID of the entity
609 * errorURL The error support URL of the entity or role
610 * contactName A formatted support or technical contact name
611 * contactEmail A contact email address
613 SHIB_EXPORTS void annotateException(saml::SAMLException* e, const IEntityDescriptor* entity, bool rethrow=true);
614 SHIB_EXPORTS void annotateException(saml::SAMLException* e, const IRoleDescriptor* role, bool rethrow=true);