/*
- * Copyright 2001-2005 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "internal.h"
-#include <log4cpp/FixedContextCategory.hh>
#include <xercesc/framework/MemBufInputSource.hpp>
using namespace std;
-using namespace log4cpp;
using namespace saml;
using namespace shibboleth;
using namespace shibtarget;
using namespace adfs;
+using namespace adfs::logging;
namespace {
class ADFSListener : public virtual IListener
log->debug("passing signed ADFS assertion to trust layer");
Trust t(app->getTrustProviders());
if (!t.validate(*assertion,role)) {
- log->error("unable to verify signed authentication assertion");
+ log->error("unable to verify signed ADFS assertion");
throw TrustException("unable to verify signed authentication assertion");
}
+ log->info("verified digital signature over ADFS assertion");
// Now dummy up the SAML profile response wrapper.
param=parser.get_value("wctx");
const XMLCh* wip = bpr.authnStatement->getSubjectIP();
if (wip && *wip) {
// Verify the client address matches authentication
- auto_ptr_char this_ip(ip);
+ auto_ptr_char this_ip(wip);
if (strcmp(ip, this_ip.get())) {
FatalProfileException ex(
SESSION_E_ADDRESSMISMATCH,
}
// It passes all our tests -- create a new session.
- log->info("creating new session");
// Are attributes present?
bool attributesPushed=false;
}
auto_ptr_char oname(role->getEntityDescriptor()->getId());
- auto_ptr_char hname(bpr.authnStatement->getSubject()->getNameIdentifier()->getName());
+ auto_ptr_char hname(
+ bpr.authnStatement->getSubject()->getNameIdentifier() ?
+ bpr.authnStatement->getSubject()->getNameIdentifier()->getName() :
+ NULL
+ );
try {
// Create a new session key.
") at (ClientAddress: " <<
ip <<
") with (NameIdentifier: " <<
- hname.get() <<
+ (hname.get() ? hname.get() : "none") <<
")";
//stc.releaseTransactionLog();
}