static const XMLCh _option[] = UNICODE_LITERAL_6(o,p,t,i,o,n);
static const XMLCh OutOfProcess[] = UNICODE_LITERAL_12(O,u,t,O,f,P,r,o,c,e,s,s);
static const XMLCh _path[] = UNICODE_LITERAL_4(p,a,t,h);
static const XMLCh _option[] = UNICODE_LITERAL_6(o,p,t,i,o,n);
static const XMLCh OutOfProcess[] = UNICODE_LITERAL_12(O,u,t,O,f,P,r,o,c,e,s,s);
static const XMLCh _path[] = UNICODE_LITERAL_4(p,a,t,h);
static const XMLCh _ProtocolProvider[] = UNICODE_LITERAL_16(P,r,o,t,o,c,o,l,P,r,o,v,i,d,e,r);
static const XMLCh _provider[] = UNICODE_LITERAL_8(p,r,o,v,i,d,e,r);
static const XMLCh RelyingParty[] = UNICODE_LITERAL_12(R,e,l,y,i,n,g,P,a,r,t,y);
static const XMLCh _ProtocolProvider[] = UNICODE_LITERAL_16(P,r,o,t,o,c,o,l,P,r,o,v,i,d,e,r);
static const XMLCh _provider[] = UNICODE_LITERAL_8(p,r,o,v,i,d,e,r);
static const XMLCh RelyingParty[] = UNICODE_LITERAL_12(R,e,l,y,i,n,g,P,a,r,t,y);
// First load any property sets.
map<string,string> remapper;
// First load any property sets.
map<string,string> remapper;
split(m_redirectWhitelist, dup, is_space(), algorithm::token_compress_on);
}
}
split(m_redirectWhitelist, dup, is_space(), algorithm::token_compress_on);
}
}
pair<bool,const char*> attributes = getString("REMOTE_USER");
if (attributes.first) {
string dup(attributes.second);
pair<bool,const char*> attributes = getString("REMOTE_USER");
if (attributes.first) {
string dup(attributes.second);
split(m_remoteUsers, dup, is_space(), algorithm::token_compress_on);
}
split(m_remoteUsers, dup, is_space(), algorithm::token_compress_on);
}
vector<string> headerNames;
split(headerNames, dup, is_space(), algorithm::token_compress_on);
for (vector<string>::const_iterator h = headerNames.begin(); h != headerNames.end(); ++h) {
vector<string> headerNames;
split(headerNames, dup, is_space(), algorithm::token_compress_on);
for (vector<string>::const_iterator h = headerNames.begin(); h != headerNames.end(); ++h) {
pathprop = (*b)->getXMLString("path");
if (idprop.first && pathprop.first) {
DOMElement* acsdom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _AssertionConsumerService);
pathprop = (*b)->getXMLString("path");
if (idprop.first && pathprop.first) {
DOMElement* acsdom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _AssertionConsumerService);
+
+ // Copy in any attributes from the <SSO> element so they can be accessed as properties in the ACS handler.
+ for (XMLSize_t p = 0; p < ssopropslen; ++p) {
+ DOMNode* ssoprop = ssoprops->item(p);
+ if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) {
+ acsdom->setAttributeNS(
+ ((DOMAttr*)ssoprop)->getNamespaceURI(),
+ ((DOMAttr*)ssoprop)->getLocalName(),
+ ((DOMAttr*)ssoprop)->getValue()
+ );
+ }
+ }
+
+ // Set necessary properties based on context.
acsdom->setAttributeNS(nullptr, Binding, idprop.second);
acsdom->setAttributeNS(nullptr, Location, pathprop.second);
xstring indexbuf(1, chDigit_1 + (index % 10));
acsdom->setAttributeNS(nullptr, Binding, idprop.second);
acsdom->setAttributeNS(nullptr, Location, pathprop.second);
xstring indexbuf(1, chDigit_1 + (index % 10));
pathprop = (*b)->getXMLString("path");
if (idprop.first && pathprop.first) {
DOMElement* slodom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _SingleLogoutService);
pathprop = (*b)->getXMLString("path");
if (idprop.first && pathprop.first) {
DOMElement* slodom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _SingleLogoutService);
+
+ // Copy in any attributes from the <Logout> element so they can be accessed as properties in the SLO handler.
+ for (XMLSize_t p = 0; p < slopropslen; ++p) {
+ DOMNode* sloprop = sloprops->item(p);
+ if (sloprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) {
+ slodom->setAttributeNS(
+ ((DOMAttr*)sloprop)->getNamespaceURI(),
+ ((DOMAttr*)sloprop)->getLocalName(),
+ ((DOMAttr*)sloprop)->getValue()
+ );
+ }
+ }
+
+ // Set necessary properties based on context.
slodom->setAttributeNS(nullptr, Binding, idprop.second);
slodom->setAttributeNS(nullptr, Location, pathprop.second);
slodom->setAttributeNS(nullptr, Binding, idprop.second);
slodom->setAttributeNS(nullptr, Location, pathprop.second);
log.info("adding SingleLogoutService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
boost::shared_ptr<Handler> handler(
log.info("adding SingleLogoutService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
boost::shared_ptr<Handler> handler(
pathprop = (*b)->getXMLString("path");
if (idprop.first && pathprop.first) {
DOMElement* nimdom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _ManageNameIDService);
pathprop = (*b)->getXMLString("path");
if (idprop.first && pathprop.first) {
DOMElement* nimdom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _ManageNameIDService);
+
+ // Copy in any attributes from the <NameIDMgmt> element so they can be accessed as properties in the NIM handler.
+ for (XMLSize_t p = 0; p < nimpropslen; ++p) {
+ DOMNode* nimprop = nimprops->item(p);
+ if (nimprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) {
+ nimdom->setAttributeNS(
+ ((DOMAttr*)nimprop)->getNamespaceURI(),
+ ((DOMAttr*)nimprop)->getLocalName(),
+ ((DOMAttr*)nimprop)->getValue()
+ );
+ }
+ }
+
+ // Set necessary properties based on context.
nimdom->setAttributeNS(nullptr, Binding, idprop.second);
nimdom->setAttributeNS(nullptr, Location, pathprop.second);
nimdom->setAttributeNS(nullptr, Binding, idprop.second);
nimdom->setAttributeNS(nullptr, Location, pathprop.second);
log.info("adding ManageNameIDService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
boost::shared_ptr<Handler> handler(
log.info("adding ManageNameIDService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
boost::shared_ptr<Handler> handler(
boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != m_redirectWhitelist.end()) {
return;
}
boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != m_redirectWhitelist.end()) {
return;
}
- Category::getInstance(SHIBSP_LOGCAT".Application").warn("redirectLimit policy enforced, blocked redirect to (%s)", url);
+ Category::getInstance(SHIBSP_LOGCAT ".Application").warn("redirectLimit policy enforced, blocked redirect to (%s)", url);
split(HTTPResponse::getAllowedSchemes(), schemes, is_space(), algorithm::token_compress_on);
}
split(HTTPResponse::getAllowedSchemes(), schemes, is_space(), algorithm::token_compress_on);
}
// For backward compatibility, wrap in a plugin element.
DOMElement* polwrapper = e->getOwnerDocument()->createElementNS(nullptr, _SecurityPolicyProvider);
polwrapper->appendChild(child);
// For backward compatibility, wrap in a plugin element.
DOMElement* polwrapper = e->getOwnerDocument()->createElementNS(nullptr, _SecurityPolicyProvider);
polwrapper->appendChild(child);
pair<bool,const char*> extraAuthTypes = inprocs->getString("extraAuthTypes");
if (extraAuthTypes.first) {
string types(extraAuthTypes.second);
pair<bool,const char*> extraAuthTypes = inprocs->getString("extraAuthTypes");
if (extraAuthTypes.first) {
string types(extraAuthTypes.second);
split(outer->m_authTypes, types, is_space(), algorithm::token_compress_on);
outer->m_authTypes.insert("shibboleth");
}
split(outer->m_authTypes, types, is_space(), algorithm::token_compress_on);
outer->m_authTypes.insert("shibboleth");
}
storage->createText("RelayState", rsKey.c_str(), value, time(nullptr) + 600);
}
else {
storage->createText("RelayState", rsKey.c_str(), value, time(nullptr) + 600);
}
else {
storage->createText("PostData", rsKey.c_str(), params.str().c_str(), time(nullptr) + 600);
}
else {
storage->createText("PostData", rsKey.c_str(), params.str().c_str(), time(nullptr) + 600);
}
else {