#include <shibsp/handler/AssertionConsumerService.h>
#include <shibsp/handler/LogoutInitiator.h>
#include <shibsp/handler/SessionInitiator.h>
-#include <boost/scoped_ptr.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/util/DateTime.h>
#include <xmltooling/util/NDC.h>
{
public:
ADFSSessionInitiator(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.ADFS"), nullptr, &m_remapper), m_appId(appId), m_binding(WSFED_NS) {
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT ".SessionInitiator.ADFS"), nullptr, &m_remapper), m_appId(appId), m_binding(WSFED_NS) {
// If Location isn't set, defer address registration until the setParent call.
pair<bool,const char*> loc = getString("Location");
if (loc.first) {
return m_binding.get();
}
+#ifndef SHIBSP_LITE
+ void generateMetadata(saml2md::SPSSODescriptor& role, const char* handlerURL) const {
+ doGenerateMetadata(role, handlerURL);
+ }
+#endif
+
private:
pair<bool,long> doRequest(
const Application& application,
auto_ptr_XMLCh m_protocol;
public:
ADFSConsumer(const DOMElement* e, const char* appId)
- : shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SSO.ADFS")), m_protocol(WSFED_NS) {}
+ : shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT ".SSO.ADFS")), m_protocol(WSFED_NS) {}
virtual ~ADFSConsumer() {}
#ifndef SHIBSP_LITE
{
public:
ADFSLogoutInitiator(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator.ADFS")), m_appId(appId), m_binding(WSFED_NS) {
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT ".LogoutInitiator.ADFS")), m_appId(appId), m_binding(WSFED_NS) {
// If Location isn't set, defer address registration until the setParent call.
pair<bool,const char*> loc = getString("Location");
if (loc.first) {
{
public:
ADFSLogout(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".Logout.ADFS")), m_login(e, appId) {
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT ".Logout.ADFS")), m_login(e, appId) {
m_initiator = false;
#ifndef SHIBSP_LITE
m_preserve.push_back("wreply");
// Since we're passing the ACS by value, we need to compute the return URL,
// so we'll need the target resource for real.
recoverRelayState(app, request, request, target, false);
+ app.limitRedirect(request, target.c_str());
acClass = getString("authnContextClassRef", request);
}
#ifdef _DEBUG
xmltooling::NDC ndc("decode");
#endif
- Category& log = Category::getInstance(SHIBSP_LOGCAT".MessageDecoder.ADFS");
+ Category& log = Category::getInstance(SHIBSP_LOGCAT ".MessageDecoder.ADFS");
log.debug("validating input");
const HTTPRequest* httpRequest=dynamic_cast<const HTTPRequest*>(&genericRequest);
&httpRequest,
policy.getIssuerMetadata(),
m_protocol.get(),
+ nullptr,
saml1name,
saml1statement,
(saml1name ? nameid.get() : saml2name),
);
}
+ const char* returnloc = httpRequest.getParameter("return");
+ if (returnloc)
+ application.limitRedirect(httpRequest, returnloc);
+
// Log the request.
scoped_ptr<LogoutEvent> logout_event(newLogoutEvent(application, &httpRequest, session));
if (logout_event) {
application.getServiceProvider().getTransactionLog()->write(*logout_event);
}
- const URLEncoder* urlenc = XMLToolingConfig::getConfig().getURLEncoder();
- const char* returnloc = httpRequest.getParameter("return");
auto_ptr_char dest(ep->getLocation());
string req=string(dest.get()) + (strchr(dest.get(),'?') ? '&' : '?') + "wa=wsignout1.0";
- if (returnloc)
- req += "&wreply=" + urlenc->encode(returnloc);
+ if (returnloc) {
+ req += "&wreply=";
+ if (*returnloc == '/') {
+ string s(returnloc);
+ httpRequest.absolutize(s);
+ req += XMLToolingConfig::getConfig().getURLEncoder()->encode(s.c_str());
+ }
+ else {
+ req += XMLToolingConfig::getConfig().getURLEncoder()->encode(returnloc);
+ }
+ }
ret.second = httpResponse.sendRedirect(req.c_str());
ret.first = true;
}
}
- if (param)
- return make_pair(true, request.sendRedirect(param));
+ if (param) {
+ if (*param == '/') {
+ string p(param);
+ request.absolutize(p);
+ return make_pair(true, request.sendRedirect(p.c_str()));
+ }
+ else {
+ app.limitRedirect(request, param);
+ return make_pair(true, request.sendRedirect(param));
+ }
+ }
return sendLogoutPage(app, request, request, "global");
}