2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file shibsp/handler/AssertionConsumerService.h
20 * Base class for handlers that create sessions by consuming SSO protocol responses.
23 #ifndef __shibsp_acshandler_h__
24 #define __shibsp_acshandler_h__
26 #include <shibsp/handler/AbstractHandler.h>
27 #include <shibsp/handler/RemotedHandler.h>
29 # include <saml/binding/MessageDecoder.h>
30 # include <saml/saml1/core/Assertions.h>
31 # include <saml/saml2/metadata/Metadata.h>
33 #include <xmltooling/unicode.h>
37 class SHIBSP_API Attribute;
38 class SHIBSP_API ResolutionContext;
40 #if defined (_MSC_VER)
41 #pragma warning( push )
42 #pragma warning( disable : 4250 )
46 * Base class for handlers that create sessions by consuming SSO protocol responses.
48 class SHIBSP_API AssertionConsumerService : public AbstractHandler, public RemotedHandler
51 virtual ~AssertionConsumerService();
53 std::pair<bool,long> run(SPRequest& request, bool isHandler=true) const;
54 void receive(DDF& in, std::ostream& out);
60 * @param e root of DOM configuration
61 * @param appId ID of application that "owns" the handler
62 * @param log a logging object to use
64 AssertionConsumerService(const xercesc::DOMElement* e, const char* appId, xmltooling::logging::Category& log);
67 * Enforce address checking requirements.
69 * @param application reference to application receiving message
70 * @param httpRequest client request that initiated session
71 * @param issuedTo address for which security assertion was issued
73 void checkAddress(const Application& application, const xmltooling::HTTPRequest& httpRequest, const char* issuedTo) const;
76 void generateMetadata(opensaml::saml2md::SPSSODescriptor& role, const char* handlerURL) const;
79 * Implement protocol-specific handling of the incoming decoded message.
81 * <p>The result of implementing the protocol should be an exception or
82 * modifications to the request/response objects to reflect processing
85 * @param application reference to application receiving message
86 * @param httpRequest client request that included message
87 * @param httpResponse response to client
88 * @param policy the SecurityPolicy in effect, after having evaluated the message
89 * @param settings policy configuration settings in effect
90 * @param xmlObject a protocol-specific message object
92 virtual void implementProtocol(
93 const Application& application,
94 const xmltooling::HTTPRequest& httpRequest,
95 xmltooling::HTTPResponse& httpResponse,
96 opensaml::SecurityPolicy& policy,
97 const PropertySet* settings,
98 const xmltooling::XMLObject& xmlObject
102 * Extracts policy-relevant assertion details.
104 * @param assertion the incoming assertion
105 * @param protocol the protocol family in use
106 * @param policy SecurityPolicy to provide various components and track message data
108 virtual void extractMessageDetails(
109 const opensaml::Assertion& assertion, const XMLCh* protocol, opensaml::SecurityPolicy& policy
113 * Attempt SSO-initiated attribute resolution using the supplied information,
114 * including NameID and token extraction and filtering followed by
115 * secondary resolution.
117 * <p>The caller must free the returned context handle.
119 * @param application reference to application receiving message
120 * @param issuer source of SSO tokens
121 * @param protocol SSO protocol used
122 * @param v1nameid identifier of principal in SAML 1.x form, if any
123 * @param nameid identifier of principal in SAML 2.0 form
124 * @param authncontext_class method/category of authentication event, if known
125 * @param authncontext_decl specifics of authentication event, if known
126 * @param tokens available assertions, if any
128 ResolutionContext* resolveAttributes(
129 const Application& application,
130 const opensaml::saml2md::RoleDescriptor* issuer=NULL,
131 const XMLCh* protocol=NULL,
132 const opensaml::saml1::NameIdentifier* v1nameid=NULL,
133 const opensaml::saml2::NameID* nameid=NULL,
134 const XMLCh* authncontext_class=NULL,
135 const XMLCh* authncontext_decl=NULL,
136 const std::vector<const opensaml::Assertion*>* tokens=NULL
140 const char* getType() const {
141 return "AssertionConsumerService";
146 std::pair<bool,long> processMessage(
147 const Application& application, const xmltooling::HTTPRequest& httpRequest, xmltooling::HTTPResponse& httpResponse
150 std::pair<bool,long> sendRedirect(
151 const Application& application,
152 const xmltooling::HTTPRequest& request,
153 xmltooling::HTTPResponse& response,
154 const char* entityID,
155 const char* relayState
158 void maintainHistory(
159 const Application& application, const xmltooling::HTTPRequest& request, xmltooling::HTTPResponse& response, const char* entityID
163 opensaml::MessageDecoder* m_decoder;
164 xmltooling::QName m_role;
168 #if defined (_MSC_VER)
169 #pragma warning( pop )
174 #endif /* __shibsp_acshandler_h__ */