#include <shibsp/exceptions.h>\r
#include <shibsp/SPConfig.h>\r
#include <shibsp/ServiceProvider.h>\r
+#include <shibsp/attribute/resolver/AttributeResolver.h>\r
#include <shibsp/binding/SOAPClient.h>\r
#include <shibsp/util/SPConstants.h>\r
\r
if (!a_param)\r
a_param="default";\r
\r
+ XMLToolingConfig::getConfig().log_config(getenv("SHIBSP_LOGGING") ? getenv("SHIBSP_LOGGING") : SHIBSP_LOGGING);\r
+\r
SPConfig& conf=SPConfig::getConfig();\r
conf.setFeatures(\r
SPConfig::Metadata |\r
SPConfig::Trust |\r
SPConfig::Credentials |\r
- SPConfig::AttributeResolver |\r
SPConfig::OutOfProcess\r
);\r
if (!conf.init(path))\r
try {\r
static const XMLCh path[] = UNICODE_LITERAL_4(p,a,t,h);\r
static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e);\r
- DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument();\r
- XercesJanitor<DOMDocument> docjanitor(dummydoc);\r
- DOMElement* dummy = dummydoc->createElementNS(NULL,path);\r
+ xercesc::DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument();\r
+ XercesJanitor<xercesc::DOMDocument> docjanitor(dummydoc);\r
+ xercesc::DOMElement* dummy = dummydoc->createElementNS(NULL,path);\r
auto_ptr_XMLCh src(config);\r
dummy->setAttributeNS(NULL,path,src.get());\r
dummy->setAttributeNS(NULL,validate,xmlconstants::XML_ONE);\r
auto_ptr_XMLCh domain(q_param);\r
auto_ptr_XMLCh name(n_param);\r
auto_ptr_XMLCh format(f_param);\r
- auto_ptr_XMLCh issuer(app->getString("providerId").second);\r
+ auto_ptr_XMLCh issuer(app->getString("entityID").second);\r
\r
MetadataProvider* m=app->getMetadataProvider();\r
xmltooling::Locker mlocker(m);\r
else\r
throw MetadataException("No AttributeAuthority role found in metadata.");\r
\r
- SecurityPolicy policy;\r
- shibsp::SOAPClient soaper(*app,policy);\r
+ shibsp::SecurityPolicy policy(*app);\r
+ shibsp::SOAPClient soaper(policy);\r
+ MetadataCredentialCriteria mcc(*AA);\r
\r
if (ver == v20) {\r
auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP);\r
nameid->setFormat(format.get() ? format.get() : NameID::TRANSIENT);\r
nameid->setNameQualifier(domain.get());\r
iss->setName(issuer.get());\r
- SAML2SOAPClient client(soaper);\r
- client.sendSAML(query, *AA, loc.get());\r
+ SAML2SOAPClient client(soaper, false);\r
+ client.sendSAML(query, mcc, loc.get());\r
srt = client.receiveSAML();\r
}\r
catch (exception& ex) {\r
}\r
\r
if (!srt)\r
- throw BindingException("Unable to successfully query for attributes.");\r
+ throw BindingException("Unable to obtain a SAML response from attribute authority.");\r
+ else if (!XMLString::equals(srt->getStatus()->getStatusCode()->getValue(), saml2p::StatusCode::SUCCESS)) {\r
+ delete srt;\r
+ throw BindingException("Attribute authority returned a SAML error.");\r
+ }\r
const opensaml::saml2p::Response* response = dynamic_cast<opensaml::saml2p::Response*>(srt);\r
\r
const vector<opensaml::saml2::Assertion*>& assertions = response->getAssertions();\r
nameid->setNameQualifier(domain.get());\r
query->setResource(issuer.get());\r
request->setMinorVersion(ver==v11 ? 1 : 0);\r
- SAML1SOAPClient client(soaper);\r
- client.sendSAML(request, *AA, loc.get());\r
+ SAML1SOAPClient client(soaper, false);\r
+ client.sendSAML(request, mcc, loc.get());\r
response = client.receiveSAML();\r
}\r
catch (exception& ex) {\r
}\r
\r
if (!response)\r
- throw BindingException("Unable to successfully query for attributes.");\r
+ throw BindingException("Unable to obtain a SAML response from attribute authority.");\r
+ else if (*(response->getStatus()->getStatusCode()->getValue()) != saml1p::StatusCode::SUCCESS) {\r
+ delete const_cast<opensaml::saml1p::Response*>(response);\r
+ throw BindingException("Attribute authority returned a SAML error.");\r
+ }\r
\r
const vector<opensaml::saml1::Assertion*>& assertions = response->getAssertions();\r
if (assertions.size())\r