+ pair<bool,bool> requestDelegation = getBool("requestDelegation");
+ if (requestDelegation.first && requestDelegation.second) {
+ if (entity.first) {
+ // Request delegation by including the IdP as an Audience.
+ // Also specify the expected session lifetime as the bound on the assertion lifetime.
+ const PropertySet* sessionProps = app.getPropertySet("Sessions");
+ pair<bool,unsigned int> lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair<bool,unsigned int>(true,28800);
+ if (!lifetime.first || lifetime.second == 0)
+ lifetime.second = 28800;
+ if (!req->getConditions())
+ req->setConditions(ConditionsBuilder::buildConditions());
+ req->getConditions()->setNotOnOrAfter(time(nullptr) + lifetime.second + 300);
+ AudienceRestriction* audrest = AudienceRestrictionBuilder::buildAudienceRestriction();
+ req->getConditions()->getConditions().push_back(audrest);
+ Audience* aud = AudienceBuilder::buildAudience();
+ audrest->getAudiences().push_back(aud);
+ aud->setAudienceURI(entity.first->getEntityID());
+ }
+ else {
+ m_log.warn("requestDelegation set, but IdP unknown at request time");
+ }
+ }
+
+ if (ECP && entityID) {
+ auto_ptr_XMLCh wideid(entityID);
+ Scoping* scoping = req->getScoping();
+ if (!scoping) {
+ scoping = ScopingBuilder::buildScoping();
+ req->setScoping(scoping);
+ }
+ IDPList* idplist = scoping->getIDPList();
+ if (!idplist) {
+ idplist = IDPListBuilder::buildIDPList();
+ scoping->setIDPList(idplist);
+ }
+ VectorOf(IDPEntry) entries = idplist->getIDPEntrys();
+ static bool (*wideequals)(const XMLCh*,const XMLCh*) = &XMLString::equals;
+ if (find_if(entries, boost::bind(wideequals, boost::bind(&IDPEntry::getProviderID, _1), wideid.get())) == nullptr) {
+ IDPEntry* entry = IDPEntryBuilder::buildIDPEntry();
+ entry->setProviderID(wideid.get());
+ entries.push_back(entry);
+ }
+ }
+
+ XMLCh* genid = SAMLConfig::getConfig().generateIdentifier();
+ req->setID(genid);
+ XMLString::release(&genid);
+ req->setIssueInstant(time(nullptr));
+
+ scoped_ptr<AuthnRequestEvent> ar_event(newAuthnRequestEvent(app, httpRequest));
+ if (ar_event) {
+ auto_ptr_char b(ep ? ep->getBinding() : nullptr);
+ ar_event->m_binding = b.get() ? b.get() : samlconstants::SAML20_BINDING_SOAP;
+ auto_ptr_char prot(getProtocolFamily());
+ ar_event->m_protocol = prot.get();
+ ar_event->m_peer = entity.first;
+ ar_event->m_saml2Request = req.get();
+ app.getServiceProvider().getTransactionLog()->write(*ar_event);
+ }
+
+ auto_ptr_char dest(ep ? ep->getLocation() : nullptr);
+
+ if (httpRequest) {
+ // If the request object is available, we're responsible for the POST data.
+ preservePostData(app, *httpRequest, httpResponse, relayState.c_str());
+ }