Unneeded conditional.

[shibboleth/cpp-sp.git] / adfs / adfs.cpp

diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp
index 9b4d452..833cc63 100644 (file)
--- a/adfs/adfs.cpp
+++ b/adfs/adfs.cpp
@@ -335,29 +335,27 @@ pair<bool,long> ADFSSessionInitiator::run(SPRequest& request, const char* entity
     }
 
     // Since we're not passing by index, we need to fully compute the return URL.
-    if (!ACS) {
-        // Get all the ADFS endpoints.
-        const vector<const Handler*>& handlers = app.getAssertionConsumerServicesByBinding(m_binding.get());
-
-        // Index comes from request, or default set in the handler, or we just pick the first endpoint.
-        pair<bool,unsigned int> index = make_pair(false,0);
-        if (isHandler) {
-            option = request.getParameter("acsIndex");
-            if (option)
-                index = make_pair(true, atoi(option));
-        }
-        if (!index.first)
-            index = getUnsignedInt("defaultACSIndex");
-        if (index.first) {
-            for (vector<const Handler*>::const_iterator h = handlers.begin(); !ACS && h!=handlers.end(); ++h) {
-                if (index.second == (*h)->getUnsignedInt("index").second)
-                    ACS = *h;
-            }
-        }
-        else if (!handlers.empty()) {
-            ACS = handlers.front();
+    // Get all the ADFS endpoints.
+    const vector<const Handler*>& handlers = app.getAssertionConsumerServicesByBinding(m_binding.get());
+
+    // Index comes from request, or default set in the handler, or we just pick the first endpoint.
+    pair<bool,unsigned int> index = make_pair(false,0);
+    if (isHandler) {
+        option = request.getParameter("acsIndex");
+        if (option)
+            index = make_pair(true, atoi(option));
+    }
+    if (!index.first)
+        index = getUnsignedInt("defaultACSIndex");
+    if (index.first) {
+        for (vector<const Handler*>::const_iterator h = handlers.begin(); !ACS && h!=handlers.end(); ++h) {
+            if (index.second == (*h)->getUnsignedInt("index").second)
+                ACS = *h;
         }
     }
+    else if (!handlers.empty()) {
+        ACS = handlers.front();
+    }
     if (!ACS)
         throw ConfigurationException("Unable to locate ADFS response endpoint.");
 
@@ -437,18 +435,19 @@ pair<bool,long> ADFSSessionInitiator::doRequest(
     // Use metadata to invoke the SSO service directly.
     MetadataProvider* m=app.getMetadataProvider();
     Locker locker(m);
-    const EntityDescriptor* entity=m->getEntityDescriptor(entityID);
-    if (!entity) {
+    MetadataProvider::Criteria mc(entityID, &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get());
+    pair<const EntityDescriptor*,const RoleDescriptor*> entity=m->getEntityDescriptor(mc);
+    if (!entity.first) {
         m_log.error("unable to locate metadata for provider (%s)", entityID);
-        throw MetadataException("Unable to locate metadata for identity provider ($entityID)",
-            namedparams(1, "entityID", entityID));
+        throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID));
     }
-    const IDPSSODescriptor* role=find_if(entity->getIDPSSODescriptors(), isValidForProtocol(m_binding.get()));
-    if (!role) {
+    else if (!entity.second) {
         m_log.error("unable to locate ADFS-aware identity provider role for provider (%s)", entityID);
         return make_pair(false,0);
     }
-    const EndpointType* ep=EndpointManager<SingleSignOnService>(role->getSingleSignOnServices()).getByBinding(m_binding.get());
+    const EndpointType* ep = EndpointManager<SingleSignOnService>(
+        dynamic_cast<const IDPSSODescriptor*>(entity.second)->getSingleSignOnServices()
+        ).getByBinding(m_binding.get());
     if (!ep) {
         m_log.error("unable to locate compatible SSO service for provider (%s)", entityID);
         return make_pair(false,0);
@@ -727,23 +726,18 @@ pair<bool,long> ADFSLogoutInitiator::doRequest(
             throw ConfigurationException("Missing entityID parameter.");
 
         // With a session in hand, we can create a request message, if we can find a compatible endpoint.
-        Locker metadataLocker(application.getMetadataProvider());
-        const EntityDescriptor* entity = application.getMetadataProvider()->getEntityDescriptor(entityID);
-        if (!entity) {
-            throw MetadataException(
-                "Unable to locate metadata for identity provider ($entityID)",
-                namedparams(1, "entityID", entityID)
-                );
-        }
-        const IDPSSODescriptor* role = find_if(entity->getIDPSSODescriptors(), isValidForProtocol(m_binding.get()));
-        if (!role) {
-            throw MetadataException(
-                "Unable to locate ADFS IdP role for identity provider ($entityID).",
-                namedparams(1, "entityID", entityID)
-                );
-        }
-
-        const EndpointType* ep = EndpointManager<SingleLogoutService>(role->getSingleLogoutServices()).getByBinding(m_binding.get());
+        MetadataProvider* m=application.getMetadataProvider();
+        Locker locker(m);
+        MetadataProvider::Criteria mc(entityID, &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get());
+        pair<const EntityDescriptor*,const RoleDescriptor*> entity=m->getEntityDescriptor(mc);
+        if (!entity.first)
+            throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID));
+        else if (!entity.second)
+            throw MetadataException("Unable to locate ADFS IdP role for identity provider ($entityID).", namedparams(1, "entityID", entityID));
+
+        const EndpointType* ep = EndpointManager<SingleLogoutService>(
+            dynamic_cast<const IDPSSODescriptor*>(entity.second)->getSingleLogoutServices()
+            ).getByBinding(m_binding.get());
         if (!ep) {
             throw MetadataException(
                 "Unable to locate ADFS single logout service for identity provider ($entityID).",