# include <saml/binding/SAMLArtifact.h>
# include <saml/saml1/core/Assertions.h>
# include <saml/saml2/binding/SAML2ArtifactType0004.h>
-# include <saml/saml2/metadata/ChainingMetadataProvider.h>
-# include <xmltooling/security/ChainingTrustEngine.h>
# include <xmltooling/util/ReplayCache.h>
using namespace opensaml::saml2;
using namespace opensaml::saml2p;
vector<const XMLCh*> m_audiences;
// RelyingParty properties
-#ifdef HAVE_GOOD_STL
map<xstring,PropertySet*> m_partyMap;
-#else
- map<const XMLCh*,PropertySet*> m_partyMap;
-#endif
#endif
vector<string> m_remoteUsers,m_frontLogout,m_backLogout;
const Handler* m_acsDefault;
// maps binding strings to supporting consumer service(s)
-#ifdef HAVE_GOOD_STL
typedef map<xstring,vector<const Handler*> > ACSBindingMap;
-#else
- typedef map<string,vector<const Handler*> > ACSBindingMap;
-#endif
ACSBindingMap m_acsBindingMap;
// pointer to default session initiator
static const XMLCh OutOfProcess[] = UNICODE_LITERAL_12(O,u,t,O,f,P,r,o,c,e,s,s);
static const XMLCh _path[] = UNICODE_LITERAL_4(p,a,t,h);
static const XMLCh Policy[] = UNICODE_LITERAL_6(P,o,l,i,c,y);
+ static const XMLCh PolicyRule[] = UNICODE_LITERAL_10(P,o,l,i,c,y,R,u,l,e);
static const XMLCh _provider[] = UNICODE_LITERAL_8(p,r,o,v,i,d,e,r);
static const XMLCh RelyingParty[] = UNICODE_LITERAL_12(R,e,l,y,i,n,g,P,a,r,t,y);
static const XMLCh _ReplayCache[] = UNICODE_LITERAL_11(R,e,p,l,a,y,C,a,c,h,e);
}
handler=conf.AssertionConsumerServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));
// Map by binding (may be > 1 per binding, e.g. SAML 1.0 vs 1.1)
-#ifdef HAVE_GOOD_STL
m_acsBindingMap[handler->getXMLString("Binding").second].push_back(handler);
-#else
- m_acsBindingMap[handler->getString("Binding").second].push_back(handler);
-#endif
m_acsIndexMap[handler->getUnsignedInt("index").second]=handler;
if (!hardACS) {
#ifndef SHIBSP_LITE
nlist=e->getElementsByTagNameNS(samlconstants::SAML20_NS,Audience::LOCAL_NAME);
- if (nlist) {
+ if (nlist && nlist->getLength()) {
log.warn("use of <saml:Audience> elements outside of a Security Policy Rule is deprecated");
for (XMLSize_t i=0; i<nlist->getLength(); i++)
if (nlist->item(i)->getParentNode()->isSameNode(e) && nlist->item(i)->hasChildNodes())
for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup<Handler>());
m_handlers.clear();
#ifndef SHIBSP_LITE
-#ifdef HAVE_GOOD_STL
for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair<xstring,PropertySet>());
-#else
- for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair<const XMLCh*,PropertySet>());
-#endif
m_partyMap.clear();
delete m_credResolver;
m_credResolver = NULL;
if (!provider)
return this;
-#ifdef HAVE_GOOD_STL
map<xstring,PropertySet*>::const_iterator i=m_partyMap.find(provider->getEntityID());
if (i!=m_partyMap.end())
return i->second;
}
group=dynamic_cast<const EntitiesDescriptor*>(group->getParent());
}
-#else
- map<const XMLCh*,PropertySet*>::const_iterator i=m_partyMap.begin();
- for (; i!=m_partyMap.end(); i++) {
- if (XMLString::equals(i->first,provider->getEntityID()))
- return i->second;
- const EntitiesDescriptor* group=dynamic_cast<const EntitiesDescriptor*>(provider->getParent());
- while (group) {
- if (XMLString::equals(i->first,group->getName()))
- return i->second;
- group=dynamic_cast<const EntitiesDescriptor*>(group->getParent());
- }
- }
-#endif
return this;
}
if (!entityID)
return this;
-#ifdef HAVE_GOOD_STL
map<xstring,PropertySet*>::const_iterator i=m_partyMap.find(entityID);
if (i!=m_partyMap.end())
return i->second;
-#else
- map<const XMLCh*,PropertySet*>::const_iterator i=m_partyMap.begin();
- for (; i!=m_partyMap.end(); i++) {
- if (XMLString::equals(i->first,entityID))
- return i->second;
- }
-#endif
return this;
}
const vector<const Handler*>& XMLApplication::getAssertionConsumerServicesByBinding(const XMLCh* binding) const
{
-#ifdef HAVE_GOOD_STL
ACSBindingMap::const_iterator i=m_acsBindingMap.find(binding);
-#else
- auto_ptr_char temp(binding);
- ACSBindingMap::const_iterator i=m_acsBindingMap.find(temp.get());
-#endif
if (i!=m_acsBindingMap.end())
return i->second;
return m_base ? m_base->getAssertionConsumerServicesByBinding(binding) : g_noHandlers;
const Handler* XMLApplication::getHandler(const char* path) const
{
string wrap(path);
+ wrap = wrap.substr(0,wrap.find(';'));
map<string,const Handler*>::const_iterator i=m_handlerMap.find(wrap.substr(0,wrap.find('?')));
if (i!=m_handlerMap.end())
return i->second;
if (logconf && *logconf) {
auto_ptr_char logpath(logconf);
log.debug("loading new logging configuration from (%s), check log destination for status of configuration",logpath.get());
- XMLToolingConfig::getConfig().log_config(logpath.get());
+ if (!XMLToolingConfig::getConfig().log_config(logpath.get()))
+ log.crit("failed to load new logging configuration from (%s)", logpath.get());
}
#ifndef SHIBSP_LITE
settings->load(child, NULL, &filter);
rules.first = settings.release();
- // Process Rule elements.
- const DOMElement* rule = XMLHelper::getFirstChildElement(child,Rule);
+ // Process PolicyRule elements.
+ const DOMElement* rule = XMLHelper::getFirstChildElement(child,PolicyRule);
while (rule) {
auto_ptr_char type(rule->getAttributeNS(NULL,_type));
try {
catch (exception& ex) {
log.crit("error instantiating policy rule (%s) in policy (%s): %s", type.get(), id.get(), ex.what());
}
- rule = XMLHelper::getNextSiblingElement(rule,Rule);
+ rule = XMLHelper::getNextSiblingElement(rule,PolicyRule);
+ }
+
+ if (rules.second.size() == 0) {
+ // Process Rule elements.
+ log.warn("detected legacy Policy configuration, please convert to new PolicyRule syntax");
+ rule = XMLHelper::getFirstChildElement(child,Rule);
+ while (rule) {
+ auto_ptr_char type(rule->getAttributeNS(NULL,_type));
+ try {
+ rules.second.push_back(samlConf.SecurityPolicyRuleManager.newPlugin(type.get(),rule));
+ }
+ catch (exception& ex) {
+ log.crit("error instantiating policy rule (%s) in policy (%s): %s", type.get(), id.get(), ex.what());
+ }
+ rule = XMLHelper::getNextSiblingElement(rule,Rule);
+ }
+
+ // Manually add a basic Conditions rule.
+ log.info("installing a default Conditions rule in policy (%s) for compatibility with legacy configuration", id.get());
+ rules.second.push_back(samlConf.SecurityPolicyRuleManager.newPlugin(CONDITIONS_POLICY_RULE, NULL));
}
child = XMLHelper::getNextSiblingElement(child,Policy);
}
// Repack for return to caller.
- DDF ret=DDF(NULL).string(relayState.c_str());
+ DDF ret=DDF(NULL).unsafe_string(relayState.c_str());
DDFJanitor jret(ret);
out << ret;
}