namespace {
+#ifndef SHIBSP_LITE
+ class SHIBSP_DLLLOCAL ADFSDecoder : public MessageDecoder
+ {
+ auto_ptr_XMLCh m_ns;
+ public:
+ ADFSDecoder() : m_ns(WSTRUST_NS) {}
+ virtual ~ADFSDecoder() {}
+
+ XMLObject* decode(string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy) const;
+ };
+
+ MessageDecoder* ADFSDecoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
+ {
+ return new ADFSDecoder();
+ }
+#endif
+
#if defined (_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4250 )
ADFSConsumer(const DOMElement* e, const char* appId)
: shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SSO.ADFS"))
#ifndef SHIBSP_LITE
- ,m_binding(WSFED_NS)
+ ,m_protocol(WSFED_NS)
#endif
{}
virtual ~ADFSConsumer() {}
const PropertySet* settings,
const XMLObject& xmlObject
) const;
- auto_ptr_XMLCh m_binding;
+ auto_ptr_XMLCh m_protocol;
#endif
};
#pragma warning( pop )
#endif
-#ifndef SHIBSP_LITE
- class ADFSDecoder : public MessageDecoder
- {
- auto_ptr_XMLCh m_ns;
- public:
- ADFSDecoder() : m_ns(WSTRUST_NS) {}
- virtual ~ADFSDecoder() {}
-
- XMLObject* decode(string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy) const;
- };
-
- MessageDecoder* ADFSDecoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
- {
- return new ADFSDecoder();
- }
-#endif
-
SessionInitiator* ADFSSessionInitiatorFactory(const pair<const DOMElement*,const char*>& p)
{
return new ADFSSessionInitiator(p.first, p.second);
#ifndef SHIBSP_LITE
SAMLConfig::getConfig().MessageDecoderManager.registerFactory(WSFED_NS, ADFSDecoderFactory);
XMLObjectBuilder::registerBuilder(QName(WSTRUST_NS,"RequestedSecurityToken"), new AnyElementBuilder());
- XMLObjectBuilder::registerBuilder(QName(WSTRUST_NS,"RequestedSecurityTokenResponse"), new AnyElementBuilder());
+ XMLObjectBuilder::registerBuilder(QName(WSTRUST_NS,"RequestSecurityTokenResponse"), new AnyElementBuilder());
#endif
return 0;
}
if (!policy.getValidating())
SchemaValidators.validate(xmlObject.get());
- // Run through the policy.
- policy.evaluate(*xmlObject.get(), &genericRequest);
+ // Skip policy step here, there's no security in the wrapper.
+ // policy.evaluate(*xmlObject.get(), &genericRequest);
return xmlObject.release();
}
// Run the policy over the assertion. Handles issuer consistency, replay, freshness,
// and signature verification, assuming the relevant rules are configured.
- policy.evaluate(*token);
+ policy.evaluate(*token, NULL, m_protocol.get());
// If no security is in place now, we kick it.
if (!policy.isSecure())
resolveAttributes(
application,
issuerMetadata,
- m_binding.get(),
+ m_protocol.get(),
nameid.get(),
ssoStatement->getAuthenticationMethod(),
NULL,
application,
httpRequest.getRemoteAddr().c_str(),
issuerMetadata,
- m_binding.get(),
+ m_protocol.get(),
nameid.get(),
ssoStatement->getAuthenticationInstant() ? ssoStatement->getAuthenticationInstant()->getRawData() : NULL,
NULL,
projects / shibboleth / cpp-sp.git / blobdiff