#include <shibsp/handler/AbstractHandler.h>
#include <shibsp/handler/RemotedHandler.h>
-#include <saml/binding/MessageDecoder.h>
-#include <saml/saml2/metadata/Metadata.h>
+#ifndef SHIBSP_LITE
+# include <saml/binding/MessageDecoder.h>
+# include <saml/saml1/core/Assertions.h>
+# include <saml/saml2/metadata/Metadata.h>
+#endif
+#include <xmltooling/unicode.h>
namespace shibsp {
+ class SHIBSP_API Attribute;
class SHIBSP_API ResolutionContext;
#if defined (_MSC_VER)
* @param appId ID of application that "owns" the handler
* @param log a logging object to use
*/
- AssertionConsumerService(const DOMElement* e, const char* appId, log4cpp::Category& log);
+ AssertionConsumerService(const xercesc::DOMElement* e, const char* appId, xmltooling::logging::Category& log);
+#ifndef SHIBSP_LITE
+ void generateMetadata(opensaml::saml2md::SPSSODescriptor& role, const char* handlerURL) const;
+
/**
* Implement protocol-specific handling of the incoming decoded message.
*
*/
virtual std::string implementProtocol(
const Application& application,
- const opensaml::HTTPRequest& httpRequest,
+ const xmltooling::HTTPRequest& httpRequest,
opensaml::SecurityPolicy& policy,
const PropertySet* settings,
const xmltooling::XMLObject& xmlObject
) const=0;
-
+
/**
- * Enforce address checking requirements.
+ * Extracts policy-relevant assertion details.
*
- * @param application reference to application receiving message
- * @param httpRequest client request that initiated session
- * @param issuedTo address for which security assertion was issued
+ * @param assertion the incoming assertion
+ * @param protocol the protocol family in use
+ * @param policy SecurityPolicy to provide various components and track message data
*/
- void checkAddress(
- const Application& application, const opensaml::HTTPRequest& httpRequest, const char* issuedTo
+ virtual void extractMessageDetails(
+ const opensaml::Assertion& assertion, const XMLCh* protocol, opensaml::SecurityPolicy& policy
) const;
-
+
/**
- * Attempt SSO-initiated attribute resolution using the supplied information.
+ * Attempt SSO-initiated attribute resolution using the supplied information,
+ * including NameID and token extraction and filtering followed by
+ * secondary resolution.
*
* <p>The caller must free the returned context handle.
*
- * @param application reference to application receiving message
- * @param httpRequest client request that initiated session
- * @param issuer source of SSO tokens
- * @param nameid identifier of principal
- * @param tokens tokens to resolve, if any
+ * @param application reference to application receiving message
+ * @param issuer source of SSO tokens
+ * @param protocol SSO protocol used
+ * @param v1nameid identifier of principal in SAML 1.x form, if any
+ * @param nameid identifier of principal in SAML 2.0 form
+ * @param authncontext_class method/category of authentication event, if known
+ * @param authncontext_decl specifics of authentication event, if known
+ * @param tokens available assertions, if any
*/
ResolutionContext* resolveAttributes(
const Application& application,
- const opensaml::HTTPRequest& httpRequest,
- const opensaml::saml2md::EntityDescriptor* issuer=NULL,
+ const opensaml::saml2md::RoleDescriptor* issuer=NULL,
+ const XMLCh* protocol=NULL,
+ const opensaml::saml1::NameIdentifier* v1nameid=NULL,
const opensaml::saml2::NameID* nameid=NULL,
+ const XMLCh* authncontext_class=NULL,
+ const XMLCh* authncontext_decl=NULL,
const std::vector<const opensaml::Assertion*>* tokens=NULL
) const;
+#endif
+
+ /**
+ * Enforce address checking requirements.
+ *
+ * @param application reference to application receiving message
+ * @param httpRequest client request that initiated session
+ * @param issuedTo address for which security assertion was issued
+ */
+ void checkAddress(
+ const Application& application, const xmltooling::HTTPRequest& httpRequest, const char* issuedTo
+ ) const;
private:
std::string processMessage(
const Application& application,
- opensaml::HTTPRequest& httpRequest,
- std::string& providerId,
+ xmltooling::HTTPRequest& httpRequest,
+ std::string& entityID,
std::string& relayState
) const;
std::pair<bool,long> sendRedirect(
- SPRequest& request, const char* key, const char* providerId, const char* relayState
+ SPRequest& request, const char* key, const char* entityID, const char* relayState
) const;
- void maintainHistory(SPRequest& request, const char* providerId, const char* cookieProps) const;
+ void maintainHistory(SPRequest& request, const char* entityID, const char* cookieProps) const;
+#ifndef SHIBSP_LITE
opensaml::MessageDecoder* m_decoder;
- xmltooling::auto_ptr_char m_configNS;
xmltooling::QName m_role;
+#endif
};
#if defined (_MSC_VER)
projects / shibboleth / cpp-sp.git / blobdiff