namespace {
+#ifndef SHIBSP_LITE
+ class SHIBSP_DLLLOCAL ADFSDecoder : public MessageDecoder
+ {
+ auto_ptr_XMLCh m_ns;
+ public:
+ ADFSDecoder() : m_ns(WSTRUST_NS) {}
+ virtual ~ADFSDecoder() {}
+
+ XMLObject* decode(string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy) const;
+ };
+
+ MessageDecoder* ADFSDecoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
+ {
+ return new ADFSDecoder();
+ }
+#endif
+
#if defined (_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4250 )
ADFSConsumer(const DOMElement* e, const char* appId)
: shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SSO.ADFS"))
#ifndef SHIBSP_LITE
- ,m_binding(WSFED_NS)
+ ,m_protocol(WSFED_NS)
#endif
{}
virtual ~ADFSConsumer() {}
const PropertySet* settings,
const XMLObject& xmlObject
) const;
- auto_ptr_XMLCh m_binding;
+ auto_ptr_XMLCh m_protocol;
#endif
};
#pragma warning( pop )
#endif
-#ifndef SHIBSP_LITE
- class ADFSDecoder : public MessageDecoder
- {
- auto_ptr_XMLCh m_ns;
- public:
- ADFSDecoder() : m_ns(WSTRUST_NS) {}
- virtual ~ADFSDecoder() {}
-
- XMLObject* decode(string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy) const;
- };
-
- MessageDecoder* ADFSDecoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
- {
- return new ADFSDecoder();
- }
-#endif
-
SessionInitiator* ADFSSessionInitiatorFactory(const pair<const DOMElement*,const char*>& p)
{
return new ADFSSessionInitiator(p.first, p.second);
#ifndef SHIBSP_LITE
SAMLConfig::getConfig().MessageDecoderManager.registerFactory(WSFED_NS, ADFSDecoderFactory);
XMLObjectBuilder::registerBuilder(QName(WSTRUST_NS,"RequestedSecurityToken"), new AnyElementBuilder());
- XMLObjectBuilder::registerBuilder(QName(WSTRUST_NS,"RequestedSecurityTokenResponse"), new AnyElementBuilder());
+ XMLObjectBuilder::registerBuilder(QName(WSTRUST_NS,"RequestSecurityTokenResponse"), new AnyElementBuilder());
#endif
return 0;
}
if (!policy.getValidating())
SchemaValidators.validate(xmlObject.get());
- // Run through the policy.
- policy.evaluate(*xmlObject.get(), &genericRequest);
+ // Skip policy step here, there's no security in the wrapper.
+ // policy.evaluate(*xmlObject.get(), &genericRequest);
return xmlObject.release();
}
// Run the policy over the assertion. Handles issuer consistency, replay, freshness,
// and signature verification, assuming the relevant rules are configured.
- policy.evaluate(*token);
+ policy.evaluate(*token, NULL, m_protocol.get());
// If no security is in place now, we kick it.
if (!policy.isSecure())
// We've successfully "accepted" the SSO token.
// To complete processing, we need to extract and resolve attributes and then create the session.
- multimap<string,Attribute*> resolvedAttributes;
+ vector<Attribute*> resolvedAttributes;
AttributeExtractor* extractor = application.getAttributeExtractor();
if (extractor) {
m_log.debug("extracting pushed attributes...");
catch (exception& ex) {
m_log.error("caught exception filtering attributes: %s", ex.what());
m_log.error("dumping extracted attributes due to filtering exception");
- for_each(resolvedAttributes.begin(), resolvedAttributes.end(), cleanup_pair<string,shibsp::Attribute>());
+ for_each(resolvedAttributes.begin(), resolvedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>());
resolvedAttributes.clear();
}
}
resolveAttributes(
application,
issuerMetadata,
- m_binding.get(),
+ m_protocol.get(),
nameid.get(),
ssoStatement->getAuthenticationMethod(),
NULL,
tokens.insert(tokens.end(), ctx->getResolvedAssertions().begin(), ctx->getResolvedAssertions().end());
// Copy over new attributes, and transfer ownership.
- resolvedAttributes.insert(ctx->getResolvedAttributes().begin(), ctx->getResolvedAttributes().end());
+ resolvedAttributes.insert(resolvedAttributes.end(), ctx->getResolvedAttributes().begin(), ctx->getResolvedAttributes().end());
ctx->getResolvedAttributes().clear();
}
application,
httpRequest.getRemoteAddr().c_str(),
issuerMetadata,
- m_binding.get(),
+ m_protocol.get(),
nameid.get(),
ssoStatement->getAuthenticationInstant() ? ssoStatement->getAuthenticationInstant()->getRawData() : NULL,
NULL,
&tokens,
&resolvedAttributes
);
- for_each(resolvedAttributes.begin(), resolvedAttributes.end(), cleanup_pair<string,Attribute>());
+ for_each(resolvedAttributes.begin(), resolvedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>());
return key;
}
catch (exception&) {
- for_each(resolvedAttributes.begin(), resolvedAttributes.end(), cleanup_pair<string,Attribute>());
+ for_each(resolvedAttributes.begin(), resolvedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>());
throw;
}
}