-/*
- * Copyright 2001-2009 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
#include <shibsp/handler/AbstractHandler.h>
#include <shibsp/handler/RemotedHandler.h>
+
+#include <boost/scoped_ptr.hpp>
+
#ifndef SHIBSP_LITE
-# include <saml/binding/MessageDecoder.h>
-# include <saml/saml1/core/Assertions.h>
-# include <saml/saml2/metadata/Metadata.h>
+namespace opensaml {
+ class SAML_API Assertion;
+ class SAML_API MessageDecoder;
+ namespace saml1 {
+ class SAML_API AuthenticationStatement;
+ class SAML_API NameIdentifier;
+ };
+ namespace saml2 {
+ class SAML_API AuthnStatement;
+ class SAML_API NameID;
+ };
+ namespace saml2md {
+ class SAML_API SPSSODescriptor;
+ };
+};
#endif
-#include <xmltooling/unicode.h>
namespace shibsp {
class SHIBSP_API Attribute;
+ class SHIBSP_API LoginEvent;
class SHIBSP_API ResolutionContext;
#if defined (_MSC_VER)
const xercesc::DOMElement* e,
const char* appId,
xmltooling::logging::Category& log,
- xercesc::DOMNodeFilter* filter=NULL,
- const std::map<std::string,std::string>* remapper=NULL
+ xercesc::DOMNodeFilter* filter=nullptr,
+ const std::map<std::string,std::string>* remapper=nullptr
);
/**
* @param issuedTo address for which security assertion was issued
*/
void checkAddress(const Application& application, const xmltooling::HTTPRequest& httpRequest, const char* issuedTo) const;
-
+
+
+ /**
+ * Complete the client's transition back to the expected resource.
+ *
+ * @param application reference to application receiving message
+ * @param httpRequest client request that included message
+ * @param httpResponse response to client
+ * @param relayState relay state token
+ */
+ virtual std::pair<bool,long> finalizeResponse(
+ const Application& application,
+ const xmltooling::HTTPRequest& httpRequest,
+ xmltooling::HTTPResponse& httpResponse,
+ std::string& relayState
+ ) const;
+
#ifndef SHIBSP_LITE
void generateMetadata(opensaml::saml2md::SPSSODescriptor& role, const char* handlerURL) const;
/**
+ * @deprecated
* Returns a SecurityPolicy instance to use for an incoming request.
*
* <p>Allows handlers to customize the type of policy object their policy rules might require.
* @param httpRequest client request that included message
* @param httpResponse response to client
* @param policy the SecurityPolicy in effect, after having evaluated the message
- * @param settings policy configuration settings in effect
+ * @param reserved ignore this parameter
* @param xmlObject a protocol-specific message object
*/
virtual void implementProtocol(
const xmltooling::HTTPRequest& httpRequest,
xmltooling::HTTPResponse& httpResponse,
opensaml::SecurityPolicy& policy,
- const PropertySet* settings,
+ const PropertySet* reserved,
const xmltooling::XMLObject& xmlObject
) const=0;
) const;
/**
+ * @deprecated
* Attempt SSO-initiated attribute resolution using the supplied information,
* including NameID and token extraction and filtering followed by
* secondary resolution.
*/
ResolutionContext* resolveAttributes(
const Application& application,
- const opensaml::saml2md::RoleDescriptor* issuer=NULL,
- const XMLCh* protocol=NULL,
- const opensaml::saml1::NameIdentifier* v1nameid=NULL,
- const opensaml::saml2::NameID* nameid=NULL,
- const XMLCh* authncontext_class=NULL,
- const XMLCh* authncontext_decl=NULL,
- const std::vector<const opensaml::Assertion*>* tokens=NULL
+ const opensaml::saml2md::RoleDescriptor* issuer=nullptr,
+ const XMLCh* protocol=nullptr,
+ const opensaml::saml1::NameIdentifier* v1nameid=nullptr,
+ const opensaml::saml2::NameID* nameid=nullptr,
+ const XMLCh* authncontext_class=nullptr,
+ const XMLCh* authncontext_decl=nullptr,
+ const std::vector<const opensaml::Assertion*>* tokens=nullptr
) const;
- public:
- const char* getType() const {
- return "AssertionConsumerService";
- }
+ /**
+ * Attempt SSO-initiated attribute resolution using the supplied information,
+ * including NameID and token extraction and filtering followed by
+ * secondary resolution.
+ *
+ * <p>The caller must free the returned context handle.
+ *
+ * @param application reference to application receiving message
+ * @param request request delivering message, if any
+ * @param issuer source of SSO tokens
+ * @param protocol SSO protocol used
+ * @param protmsg SSO protocol message, if any
+ * @param v1nameid identifier of principal in SAML 1.x form, if any
+ * @param v1statement SAML 1.x authentication statement, if any
+ * @param nameid identifier of principal in SAML 2.0 form
+ * @param statement SAML 2.0 authentication statement, if any
+ * @param authncontext_class method/category of authentication event, if known
+ * @param authncontext_decl specifics of authentication event, if known
+ * @param tokens available assertions, if any
+ */
+ ResolutionContext* resolveAttributes(
+ const Application& application,
+ const xmltooling::GenericRequest* request=nullptr,
+ const opensaml::saml2md::RoleDescriptor* issuer=nullptr,
+ const XMLCh* protocol=nullptr,
+ const xmltooling::XMLObject* protmsg=nullptr,
+ const opensaml::saml1::NameIdentifier* v1nameid=nullptr,
+ const opensaml::saml1::AuthenticationStatement* v1statement=nullptr,
+ const opensaml::saml2::NameID* nameid=nullptr,
+ const opensaml::saml2::AuthnStatement* statement=nullptr,
+ const XMLCh* authncontext_class=nullptr,
+ const XMLCh* authncontext_decl=nullptr,
+ const std::vector<const opensaml::Assertion*>* tokens=nullptr
+ ) const;
+
+ /**
+ * Creates a new AuthnRequestEvent for the event log.
+ *
+ * @param application the Application associated with the event
+ * @param request the HTTP client request associated with the event
+ * @return a fresh LoginEvent, prepopulated by the input parameters, or nullptr if an error occurs
+ */
+ virtual LoginEvent* newLoginEvent(const Application& application, const xmltooling::HTTPRequest& request) const;
+ public:
+ const char* getType() const;
+ const XMLCh* getProtocolFamily() const;
#endif
private:
std::pair<bool,long> processMessage(
) const;
#ifndef SHIBSP_LITE
- opensaml::MessageDecoder* m_decoder;
- xmltooling::QName m_role;
+ boost::scoped_ptr<opensaml::MessageDecoder> m_decoder;
#endif
};
projects / shibboleth / cpp-sp.git / blobdiff