#include "internal.h"
+#include <ctime>
+#include <saml/SAMLConfig.h>
+#include <saml/binding/URLEncoder.h>
+#include <saml/util/CommonDomainCookie.h>
+#include <shibsp/SPConfig.h>
+#include <shibsp/SPConstants.h>
+
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
-#include <shib/shib-threads.h>
-
-using namespace std;
-using namespace saml;
-using namespace shibboleth;
+using namespace shibsp;
using namespace shibtarget;
+using namespace shibboleth;
+using namespace saml;
using namespace log4cpp;
+using namespace std;
+
+using opensaml::CommonDomainCookie;
+using opensaml::URLEncoder;
namespace {
class SessionInitiator : virtual public IHandler
) const;
};
- class SAML1Consumer : virtual public IHandler, public virtual IRemoted
+ class SAML1Consumer : virtual public IHandler, public virtual Remoted
{
public:
SAML1Consumer(const DOMElement* e);
const IEntityDescriptor* entity=m.lookup(option);
if (!entity)
throw MetadataException("Session initiator unable to locate metadata for provider ($1).", params(1,option));
- const IIDPSSODescriptor* role=entity->getIDPSSODescriptor(Constants::SHIB_NS);
+ const IIDPSSODescriptor* role=entity->getIDPSSODescriptor(shibspconstants::SHIB1_PROTOCOL_ENUM);
if (!role)
throw MetadataException(
"Session initiator unable to locate a Shibboleth-aware identity provider role for provider ($1).", params(1,option)
);
const IEndpointManager* SSO=role->getSingleSignOnServiceManager();
- const IEndpoint* ep=SSO->getEndpointByBinding(Constants::SHIB_AUTHNREQUEST_PROFILE_URI);
+ const IEndpoint* ep=SSO->getEndpointByBinding(shibspconstants::SHIB1_AUTHNREQUEST_PROFILE_URI);
if (!ep)
throw MetadataException(
"Session initiator unable to locate compatible SSO service for provider ($1).", params(1,option)
throw ConfigurationException("Session initiator is missing wayfURL property.");
pair<bool,const XMLCh*> wayfBinding=getProperties()->getXMLString("wayfBinding");
- if (!wayfBinding.first || !XMLString::compareString(wayfBinding.second,Constants::SHIB_AUTHNREQUEST_PROFILE_URI))
+ if (!wayfBinding.first || !XMLString::compareString(wayfBinding.second,shibspconstants::SHIB1_AUTHNREQUEST_PROFILE_URI))
// Standard Shib 1.x
return ShibAuthnRequest(st,ACS,wayfURL.second,resource,app->getString("providerId").second);
- else if (!XMLString::compareString(wayfBinding.second,Constants::SHIB_LEGACY_AUTHNREQUEST_PROFILE_URI))
- // Shib pre-1.2
- return ShibAuthnRequest(st,ACS,wayfURL.second,resource,NULL);
else if (!strcmp(getProperties()->getString("wayfBinding").second,"urn:mace:shibboleth:1.0:profiles:EAuth")) {
// TODO: Finalize E-Auth profile URI
pair<bool,bool> localRelayState=st->getConfig()->getPropertySet("InProcess")->getBool("localRelayState");
// Here we store the state in a cookie.
pair<string,const char*> shib_cookie=st->getCookieNameProps("_shibstate_");
- st->setCookie(shib_cookie.first,ShibTarget::url_encode(resource) + shib_cookie.second);
+ st->setCookie(shib_cookie.first,opensaml::SAMLConfig::getConfig().getURLEncoder()->encode(resource) + shib_cookie.second);
return make_pair(true, st->sendRedirect(wayfURL.second));
}
pair<bool,const char*> loc=shire ? shire->getProperties()->getString("Location") : pair<bool,const char*>(false,NULL);
if (loc.first) ACSloc+=loc.second;
+ URLEncoder* urlenc = opensaml::SAMLConfig::getConfig().getURLEncoder();
+
char timebuf[16];
sprintf(timebuf,"%u",time(NULL));
- string req=string(dest) + "?shire=" + ShibTarget::url_encode(ACSloc.c_str()) + "&time=" + timebuf;
+ string req=string(dest) + "?shire=" + urlenc->encode(ACSloc.c_str()) + "&time=" + timebuf;
// How should the resource value be preserved?
pair<bool,bool> localRelayState=st->getConfig()->getPropertySet("InProcess")->getBool("localRelayState");
if (!localRelayState.first || !localRelayState.second) {
// The old way, just send it along.
- req+="&target=" + ShibTarget::url_encode(target);
+ req+="&target=" + urlenc->encode(target);
}
else {
// Here we store the state in a cookie and send a fixed
// value to the IdP so we can recognize it on the way back.
pair<string,const char*> shib_cookie=st->getCookieNameProps("_shibstate_");
- st->setCookie(shib_cookie.first,ShibTarget::url_encode(target) + shib_cookie.second);
+ st->setCookie(shib_cookie.first,urlenc->encode(target) + shib_cookie.second);
req+="&target=cookie";
}
// Only omitted for 1.1 style requests.
if (providerId)
- req+="&providerId=" + ShibTarget::url_encode(providerId);
+ req+="&providerId=" + urlenc->encode(providerId);
return make_pair(true, st->sendRedirect(req));
}
m_address += "::SAML1Consumer::run";
// Register for remoted messages.
- if (ShibTargetConfig::getConfig().isEnabled(ShibTargetConfig::OutOfProcess)) {
- IListener* listener=ShibTargetConfig::getConfig().getINI()->getListener();
+ if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) {
+ ListenerService* listener=ShibTargetConfig::getConfig().getINI()->getListener();
if (listener)
listener->regListener(m_address.c_str(),this);
else
SAML1Consumer::~SAML1Consumer()
{
- IListener* listener=ShibTargetConfig::getConfig().getINI()->getListener();
- if (listener && ShibTargetConfig::getConfig().isEnabled(ShibTargetConfig::OutOfProcess))
+ ListenerService* listener=ShibTargetConfig::getConfig().getINI()->getListener();
+ if (listener && SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess))
listener->unregListener(m_address.c_str(),this);
counter--;
}
pair<bool,bool> checkAddress=pair<bool,bool>(false,true);
pair<bool,bool> checkReplay=pair<bool,bool>(false,true);
- const IPropertySet* props=app->getPropertySet("Sessions");
+ const PropertySet* props=app->getPropertySet("Sessions");
if (props) {
checkAddress=props->getBool("checkAddress");
if (!checkAddress.first)
}
else {
char* rscopy=strdup(relay_state);
- ShibTarget::url_decode(rscopy);
+ opensaml::SAMLConfig::getConfig().getURLEncoder()->decode(rscopy);
hURL=rscopy;
free(rscopy);
target=hURL.c_str();
}
+ st->setCookie(relay_cookie.first,relay_cookie.second);
}
// We've got a good session, set the session cookie.
const char* providerId=out["provider_id"].string();
if (providerId) {
- const IPropertySet* sessionProps=st->getApplication()->getPropertySet("Sessions");
+ const PropertySet* sessionProps=st->getApplication()->getPropertySet("Sessions");
pair<bool,bool> idpHistory=sessionProps->getBool("idpHistory");
if (!idpHistory.first || idpHistory.second) {
// Set an IdP history cookie locally (essentially just a CDC).