MetadataProvider::Criteria mc(entityID, &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get());
pair<const EntityDescriptor*,const RoleDescriptor*> entity=m->getEntityDescriptor(mc);
if (!entity.first) {
- m_log.error("unable to locate metadata for provider (%s)", entityID);
+ m_log.warn("unable to locate metadata for provider (%s)", entityID);
throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID));
}
else if (!entity.second) {
- m_log.error("unable to locate ADFS-aware identity provider role for provider (%s)", entityID);
- return make_pair(false,0L);
+ m_log.warn("unable to locate ADFS-aware identity provider role for provider (%s)", entityID);
+ if (getParent())
+ return make_pair(false,0L);
+ throw MetadataException("Unable to locate ADFS-aware identity provider role for provider ($entityID)", namedparams(1, "entityID", entityID));
}
const EndpointType* ep = EndpointManager<SingleSignOnService>(
dynamic_cast<const IDPSSODescriptor*>(entity.second)->getSingleSignOnServices()
).getByBinding(m_binding.get());
if (!ep) {
- m_log.error("unable to locate compatible SSO service for provider (%s)", entityID);
- return make_pair(false,0L);
+ m_log.warn("unable to locate compatible SSO service for provider (%s)", entityID);
+ if (getParent())
+ return make_pair(false,0L);
+ throw MetadataException("Unable to locate compatible SSO service for provider ($entityID)", namedparams(1, "entityID", entityID));
}
preserveRelayState(app, httpResponse, relayState);
// authnskew allows rejection of SSO if AuthnInstant is too old.
const PropertySet* sessionProps = application.getPropertySet("Sessions");
- pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("authnskew") : pair<bool,unsigned int>(false,0);
+ pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair<bool,unsigned int>(false,0);
if (authnskew.first && authnskew.second &&
ssoStatement->getAuthenticationInstant() && (now - ssoStatement->getAuthenticationInstantEpoch() > authnskew.second))
}
application.getServiceProvider().getSessionCache()->insert(
- now + lifetime.second,
application,
httpRequest,
httpResponse,
+ now + lifetime.second,
policy.getIssuerMetadata() ? dynamic_cast<const EntityDescriptor*>(policy.getIssuerMetadata()->getParent()) : NULL,
m_protocol.get(),
nameid.get(),
}
// Best effort on back channel and to remove the user agent's session.
- string session_id = app.getServiceProvider().getSessionCache()->active(request, app);
+ string session_id = app.getServiceProvider().getSessionCache()->active(app, request);
if (!session_id.empty()) {
vector<string> sessions(1,session_id);
notifyBackChannel(app, request.getRequestURL(), sessions, false);
try {
- app.getServiceProvider().getSessionCache()->remove(request, &request, app);
+ app.getServiceProvider().getSessionCache()->remove(app, request, &request);
}
catch (exception& ex) {
m_log.error("error removing session (%s): %s", session_id.c_str(), ex.what());
if (param)
return make_pair(true, request.sendRedirect(param));
- return sendLogoutPage(app, request, false, "Logout complete.");
+ return sendLogoutPage(app, request, request, false, "Logout complete.");
}