/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* SUCH DAMAGE.
*/
+/*
+ * SAML attribute provider implementation.
+ */
+
#include "gssapiP_eap.h"
#include <sstream>
#include <xercesc/util/XMLUniDefs.hpp>
+#include <xmltooling/unicode.h>
#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/util/XMLHelper.h>
+#include <xmltooling/util/ParserPool.h>
+#include <xmltooling/util/DateTime.h>
+#include <saml/exceptions.h>
#include <saml/saml1/core/Assertions.h>
#include <saml/saml2/core/Assertions.h>
#include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
using namespace xmltooling;
using namespace opensaml::saml2md;
* gss_eap_saml_assertion_provider is for retrieving the underlying
* assertion.
*/
+gss_eap_saml_assertion_provider::gss_eap_saml_assertion_provider(void)
+{
+ m_assertion = NULL;
+ m_authenticated = false;
+}
+
+gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void)
+{
+ delete m_assertion;
+}
+
bool
-gss_eap_saml_assertion_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
+gss_eap_saml_assertion_provider::initWithExistingContext(const gss_eap_attr_ctx *manager,
const gss_eap_attr_provider *ctx)
{
/* Then we may be creating from an existing attribute context */
assert(m_assertion == NULL);
- if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
+ if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx))
return false;
saml = static_cast<const gss_eap_saml_assertion_provider *>(ctx);
}
bool
-gss_eap_saml_assertion_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
+gss_eap_saml_assertion_provider::initWithGssContext(const gss_eap_attr_ctx *manager,
const gss_cred_id_t gssCred,
const gss_ctx_id_t gssCtx)
{
const gss_eap_radius_attr_provider *radius;
gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
- int authenticated, complete, more = -1;
+ int authenticated, complete;
OM_uint32 minor;
assert(m_assertion == NULL);
- if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
+ if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx))
return false;
+ /*
+ * XXX TODO we need to support draft-howlett-radius-saml-attr-00
+ */
radius = static_cast<const gss_eap_radius_attr_provider *>
(m_manager->getProvider(ATTR_TYPE_RADIUS));
if (radius != NULL &&
- radius->getAttribute(512 /* XXX */, &authenticated, &complete,
- &value, NULL, &more)) {
+ radius->getFragmentedAttribute(PW_SAML_AAA_ASSERTION,
+ VENDORPEC_UKERNA,
+ &authenticated, &complete, &value)) {
setAssertion(&value, authenticated);
gss_release_buffer(&minor, &value);
} else {
return true;
}
-gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void)
-{
- delete m_assertion;
-}
-
void
gss_eap_saml_assertion_provider::setAssertion(const saml2::Assertion *assertion,
bool authenticated)
delete m_assertion;
if (assertion != NULL) {
+#ifdef __APPLE__
+ m_assertion = (saml2::Assertion *)((void *)assertion->clone());
+#else
m_assertion = dynamic_cast<saml2::Assertion *>(assertion->clone());
+#endif
m_authenticated = authenticated;
} else {
m_assertion = NULL;
DOMDocument *doc;
const XMLObjectBuilder *b;
- doc = XMLToolingConfig::getConfig().getParser().parse(istream);
- b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
+ try {
+ doc = XMLToolingConfig::getConfig().getParser().parse(istream);
+ if (doc == NULL)
+ return NULL;
+
+ b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
- return dynamic_cast<saml2::Assertion *>(b->buildFromDocument(doc));
+#ifdef __APPLE__
+ return (saml2::Assertion *)((void *)b->buildFromDocument(doc));
+#else
+ return dynamic_cast<saml2::Assertion *>(b->buildFromDocument(doc));
+#endif
+ } catch (exception &e) {
+ return NULL;
+ }
}
bool
gss_eap_saml_assertion_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
void *data) const
{
+ bool ret;
+
/* just add the prefix */
- return addAttribute(this, GSS_C_NO_BUFFER, data);
+ if (m_assertion != NULL)
+ ret = addAttribute(m_manager, this, GSS_C_NO_BUFFER, data);
+ else
+ ret = true;
+
+ return ret;
}
-void
-gss_eap_saml_assertion_provider::setAttribute(int complete,
+bool
+gss_eap_saml_assertion_provider::setAttribute(int complete GSSEAP_UNUSED,
const gss_buffer_t attr,
const gss_buffer_t value)
{
if (attr == GSS_C_NO_BUFFER || attr->length == 0) {
setAssertion(value);
+ return true;
}
+
+ return false;
}
-void
-gss_eap_saml_assertion_provider::deleteAttribute(const gss_buffer_t value)
+bool
+gss_eap_saml_assertion_provider::deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
{
delete m_assertion;
m_assertion = NULL;
m_authenticated = false;
+
+ return true;
+}
+
+time_t
+gss_eap_saml_assertion_provider::getExpiryTime(void) const
+{
+ saml2::Conditions *conditions;
+ time_t expiryTime = 0;
+
+ if (m_assertion == NULL)
+ return 0;
+
+ conditions = m_assertion->getConditions();
+
+ if (conditions != NULL && conditions->getNotOnOrAfter() != NULL)
+ expiryTime = conditions->getNotOnOrAfter()->getEpoch();
+
+ return expiryTime;
+}
+
+OM_uint32
+gss_eap_saml_assertion_provider::mapException(OM_uint32 *minor,
+ std::exception &e) const
+{
+ if (typeid(e) == typeid(SecurityPolicyException))
+ *minor = GSSEAP_SAML_SEC_POLICY_FAILURE;
+ else if (typeid(e) == typeid(BindingException))
+ *minor = GSSEAP_SAML_BINDING_FAILURE;
+ else if (typeid(e) == typeid(ProfileException))
+ *minor = GSSEAP_SAML_PROFILE_FAILURE;
+ else if (typeid(e) == typeid(FatalProfileException))
+ *minor = GSSEAP_SAML_FATAL_PROFILE_FAILURE;
+ else if (typeid(e) == typeid(RetryableProfileException))
+ *minor = GSSEAP_SAML_RETRY_PROFILE_FAILURE;
+ else if (typeid(e) == typeid(MetadataException))
+ *minor = GSSEAP_SAML_METADATA_FAILURE;
+ else
+ return GSS_S_CONTINUE_NEEDED;
+
+ gssEapSaveStatusInfo(*minor, "%s", e.what());
+
+ return GSS_S_FAILURE;
}
bool
int *authenticated,
int *complete,
gss_buffer_t value,
- gss_buffer_t display_value,
+ gss_buffer_t display_value GSSEAP_UNUSED,
int *more) const
{
string str;
- if (attr != GSS_C_NO_BUFFER || attr->length != 0)
+ if (attr != GSS_C_NO_BUFFER && attr->length != 0)
return false;
if (m_assertion == NULL)
if (*more != -1)
return false;
- *authenticated = m_authenticated;
- *complete = false;
+ if (authenticated != NULL)
+ *authenticated = m_authenticated;
+ if (complete != NULL)
+ *complete = true;
XMLHelper::serialize(m_assertion->marshall((DOMDocument *)NULL), str);
- duplicateBuffer(str, value);
+ if (value != NULL)
+ duplicateBuffer(str, value);
+ if (display_value != NULL)
+ duplicateBuffer(str, display_value);
+
*more = 0;
return true;
gss_any_t
gss_eap_saml_assertion_provider::mapToAny(int authenticated,
- gss_buffer_t type_id) const
+ gss_buffer_t type_id GSSEAP_UNUSED) const
{
+ if (authenticated && !m_authenticated)
+ return (gss_any_t)NULL;
+
return (gss_any_t)m_assertion;
}
void
-gss_eap_saml_assertion_provider::releaseAnyNameMapping(gss_buffer_t type_id,
+gss_eap_saml_assertion_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
gss_any_t input) const
{
delete ((saml2::Assertion *)input);
}
-void
-gss_eap_saml_assertion_provider::exportToBuffer(gss_buffer_t buffer) const
+const char *
+gss_eap_saml_assertion_provider::prefix(void) const
{
- ostringstream sink;
- string str;
-
- buffer->length = 0;
- buffer->value = NULL;
-
- if (m_assertion == NULL)
- return;
-
- sink << *m_assertion;
- str = sink.str();
-
- duplicateBuffer(str, buffer);
-}
-
-bool
-gss_eap_saml_assertion_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
- const gss_buffer_t buffer)
-{
- if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
- return false;
-
- if (buffer->length == 0)
- return true;
-
- assert(m_assertion == NULL);
-
- setAssertion(buffer);
- /* TODO XXX how to propagate authenticated flag? */
-
- return true;
+ return "urn:ietf:params:gss-eap:saml-aaa-assertion";
}
bool
gss_eap_saml_assertion_provider::init(void)
{
- gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML_ASSERTION,
- "urn:ietf:params:gss-eap:saml-aaa-assertion",
- gss_eap_saml_assertion_provider::createAttrContext);
+ gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML_ASSERTION, createAttrContext);
return true;
}
return new gss_eap_saml_assertion_provider;
}
+saml2::Assertion *
+gss_eap_saml_assertion_provider::initAssertion(void)
+{
+ delete m_assertion;
+ m_assertion = saml2::AssertionBuilder::buildAssertion();
+ m_authenticated = false;
+
+ return m_assertion;
+}
+
/*
* gss_eap_saml_attr_provider is for retrieving the underlying attributes.
*/
bool
gss_eap_saml_attr_provider::getAssertion(int *authenticated,
- const saml2::Assertion **pAssertion) const
+ saml2::Assertion **pAssertion,
+ bool createIfAbsent) const
{
- const gss_eap_saml_assertion_provider *saml;
+ gss_eap_saml_assertion_provider *saml;
- *authenticated = false;
- *pAssertion = NULL;
+ if (authenticated != NULL)
+ *authenticated = false;
+ if (pAssertion != NULL)
+ *pAssertion = NULL;
saml = static_cast<const gss_eap_saml_assertion_provider *>
(m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION));
if (saml == NULL)
return false;
- *authenticated = saml->authenticated();
- *pAssertion = saml->getAssertion();
-
- return (*pAssertion != NULL);
-}
+ if (authenticated != NULL)
+ *authenticated = saml->authenticated();
+ if (pAssertion != NULL)
+ *pAssertion = saml->getAssertion();
+
+ if (saml->getAssertion() == NULL) {
+ if (createIfAbsent) {
+ if (authenticated != NULL)
+ *authenticated = false;
+ if (pAssertion != NULL)
+ *pAssertion = saml->initAssertion();
+ } else
+ return false;
+ }
-gss_eap_saml_attr_provider::~gss_eap_saml_attr_provider(void)
-{
- /* Nothing to do, we're just a wrapper around the assertion provider. */
+ return true;
}
bool
gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
void *data) const
{
- const saml2::Assertion *assertion;
- bool ret = true;
+ saml2::Assertion *assertion;
int authenticated;
if (!getAssertion(&authenticated, &assertion))
* query, the retrieved attributes SHOULD be GSS-API name attributes
* using the same name syntax.
*/
- const vector<saml2::Attribute*>& attrs2 =
- const_cast<const saml2::AttributeStatement*>(assertion->getAttributeStatements().front())->getAttributes();
- for (vector<saml2::Attribute*>::const_iterator a = attrs2.begin();
- a != attrs2.end();
- ++a)
- {
- const XMLCh *attributeName = (*a)->getName();
- const XMLCh *attributeNameFormat = (*a)->getNameFormat();
- XMLCh *qualifiedName;
- XMLCh space[2] = { ' ', 0 };
- gss_buffer_desc utf8;
+ /* For each attribute statement, look for an attribute match */
+ const vector <saml2::AttributeStatement *> &statements =
+ const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
- qualifiedName = new XMLCh[XMLString::stringLen(attributeName) + 1 +
- XMLString::stringLen(attributeNameFormat) + 1];
- XMLString::copyString(qualifiedName, attributeName);
- XMLString::catString(qualifiedName, space);
- XMLString::catString(qualifiedName, attributeNameFormat);
+ for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
+ s != statements.end();
+ ++s) {
+ const vector<saml2::Attribute*> &attrs =
+ const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
- utf8.value = (void *)toUTF8(qualifiedName);
- utf8.length = strlen((char *)utf8.value);
+ for (vector<saml2::Attribute*>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
+ const XMLCh *attributeName, *attributeNameFormat;
+ XMLCh space[2] = { ' ', 0 };
+ gss_buffer_desc utf8;
+
+ attributeName = (*a)->getName();
+ attributeNameFormat = (*a)->getNameFormat();
+ if (attributeNameFormat == NULL || attributeNameFormat[0] == '\0')
+ attributeNameFormat = saml2::Attribute::UNSPECIFIED;
+
+ XMLCh qualifiedName[XMLString::stringLen(attributeNameFormat) + 1 +
+ XMLString::stringLen(attributeName) + 1];
+ XMLString::copyString(qualifiedName, attributeNameFormat);
+ XMLString::catString(qualifiedName, space);
+ XMLString::catString(qualifiedName, attributeName);
+
+ utf8.value = (void *)toUTF8(qualifiedName);
+ utf8.length = strlen((char *)utf8.value);
+
+ if (!addAttribute(m_manager, this, &utf8, data))
+ return false;
+ }
+ }
- ret = addAttribute(this, &utf8, data);
+ return true;
+}
- delete qualifiedName;
- delete qualifiedName;
+static BaseRefVectorOf<XMLCh> *
+decomposeAttributeName(const gss_buffer_t attr)
+{
+ BaseRefVectorOf<XMLCh> *components;
+ string str((const char *)attr->value, attr->length);
+ auto_ptr_XMLCh qualifiedAttr(str.c_str());
- if (!ret)
- break;
+ components = XMLString::tokenizeString(qualifiedAttr.get());
+
+ if (components->size() != 2) {
+ delete components;
+ components = NULL;
}
- return ret;
+ return components;
}
-void
-gss_eap_saml_attr_provider::setAttribute(int complete,
- const gss_buffer_t attr,
- const gss_buffer_t value)
+static bool
+isNotPrintable(const gss_buffer_t value)
{
+ size_t i;
+ char *p = (char *)value->value;
+
+ if (isgraph(p[0]) &&
+ isgraph(p[value->length - 1]))
+ {
+ for (i = 0; p[i]; i++) {
+ if (!isascii(p[i]) || !isprint(p[i]))
+ return true;
+ }
+ return false;
+ }
+
+ return true;
}
-void
-gss_eap_saml_attr_provider::deleteAttribute(const gss_buffer_t value)
+bool
+gss_eap_saml_attr_provider::setAttribute(int complete GSSEAP_UNUSED,
+ const gss_buffer_t attr,
+ const gss_buffer_t value)
{
+ saml2::Assertion *assertion;
+ saml2::Attribute *attribute;
+ saml2::AttributeValue *attributeValue;
+ saml2::AttributeStatement *attributeStatement;
+
+ if (!getAssertion(NULL, &assertion, true))
+ return false;
+
+ if (assertion->getAttributeStatements().size() != 0) {
+ attributeStatement = assertion->getAttributeStatements().front();
+ } else {
+ attributeStatement = saml2::AttributeStatementBuilder::buildAttributeStatement();
+ assertion->getAttributeStatements().push_back(attributeStatement);
+ }
+
+ /* Check the attribute name consists of name format | whsp | name */
+ BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
+ if (components == NULL)
+ return false;
+
+ attribute = saml2::AttributeBuilder::buildAttribute();
+ attribute->setNameFormat(components->elementAt(0));
+ attribute->setName(components->elementAt(1));
+
+ attributeValue = saml2::AttributeValueBuilder::buildAttributeValue();
+ if (isNotPrintable(value)) {
+ char *b64;
+
+ if (base64Encode(value->value, value->length, &b64))
+ return false;
+
+ auto_ptr_XMLCh unistr(b64);
+ attributeValue->setTextContent(unistr.get());
+ } else {
+ auto_ptr_XMLCh unistr((char *)value->value);
+ attributeValue->setTextContent(unistr.get());
+ }
+
+ attribute->getAttributeValues().push_back(attributeValue);
+
+ assert(attributeStatement != NULL);
+ attributeStatement->getAttributes().push_back(attribute);
+
+ delete components;
+
+ return true;
}
-static BaseRefVectorOf<XMLCh> *
-decomposeAttributeName(const gss_buffer_t attr)
+bool
+gss_eap_saml_attr_provider::deleteAttribute(const gss_buffer_t attr)
{
- XMLCh *qualifiedAttr = new XMLCh[attr->length + 1];
- XMLString::transcode((const char *)attr->value, qualifiedAttr, attr->length);
+ saml2::Assertion *assertion;
+ bool ret = false;
+
+ if (!getAssertion(NULL, &assertion) ||
+ assertion->getAttributeStatements().size() == 0)
+ return false;
- BaseRefVectorOf<XMLCh> *components = XMLString::tokenizeString(qualifiedAttr);
+ /* Check the attribute name consists of name format | whsp | name */
+ BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
+ if (components == NULL)
+ return false;
- delete qualifiedAttr;
+ /* For each attribute statement, look for an attribute match */
+ const vector<saml2::AttributeStatement *> &statements =
+ const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
- return components;
+ for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
+ s != statements.end();
+ ++s) {
+ const vector<saml2::Attribute *> &attrs =
+ const_cast<const saml2::AttributeStatement *>(*s)->getAttributes();
+ ssize_t index = -1, i = 0;
+
+ /* There's got to be an easier way to do this */
+ for (vector<saml2::Attribute *>::const_iterator a = attrs.begin();
+ a != attrs.end();
+ ++a) {
+ if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) &&
+ XMLString::equals((*a)->getName(), components->elementAt(1))) {
+ index = i;
+ break;
+ }
+ ++i;
+ }
+ if (index != -1) {
+ (*s)->getAttributes().erase((*s)->getAttributes().begin() + index);
+ ret = true;
+ }
+ }
+
+ delete components;
+
+ return ret;
}
bool
int *complete,
const saml2::Attribute **pAttribute) const
{
- const saml2::Assertion *assertion;
+ saml2::Assertion *assertion;
- *authenticated = false;
- *complete = true;
+ if (authenticated != NULL)
+ *authenticated = false;
+ if (complete != NULL)
+ *complete = true;
*pAttribute = NULL;
if (!getAssertion(authenticated, &assertion) ||
/* Check the attribute name consists of name format | whsp | name */
BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
- if (components == NULL || components->size() != 2) {
- delete components;
+ if (components == NULL)
return false;
- }
/* For each attribute statement, look for an attribute match */
- const vector <saml2::AttributeStatement *>&statements =
- assertion->getAttributeStatements();
+ const vector <saml2::AttributeStatement *> &statements =
+ const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
const saml2::Attribute *ret = NULL;
for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
s != statements.end();
++s) {
- const vector<saml2::Attribute*>& attrs =
+ const vector<saml2::Attribute *> &attrs =
const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
- for (vector<saml2::Attribute*>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
- if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) &&
- XMLString::equals((*a)->getName(), components->elementAt(1))) {
+ for (vector<saml2::Attribute *>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
+ const XMLCh *attributeName, *attributeNameFormat;
+
+ attributeName = (*a)->getName();
+ attributeNameFormat = (*a)->getNameFormat();
+ if (attributeNameFormat == NULL || attributeNameFormat[0] == '\0')
+ attributeNameFormat = saml2::Attribute::UNSPECIFIED;
+
+ if (XMLString::equals(attributeNameFormat, components->elementAt(0)) &&
+ XMLString::equals(attributeName, components->elementAt(1))) {
ret = *a;
break;
}
if (i == -1)
i = 0;
- else if (i >= nvalues)
+ if (i >= nvalues)
return false;
- av = dynamic_cast<const saml2::AttributeValue *>(a->getAttributeValues().at(i)
-);
+#ifdef __APPLE__
+ av = (const saml2::AttributeValue *)((void *)(a->getAttributeValues().at(i)));
+#else
+ av = dynamic_cast<const saml2::AttributeValue *>(a->getAttributeValues().at(i));
+#endif
if (av != NULL) {
- value->value = toUTF8(av->getTextContent(), true);
- value->length = strlen((char *)value->value);
-
- if (display_value != NULL)
- duplicateBuffer(*value, display_value);
-
- if (nvalues > ++i)
- *more = i;
+ if (value != NULL) {
+ value->value = toUTF8(av->getTextContent(), true);
+ value->length = strlen((char *)value->value);
+ }
+ if (display_value != NULL) {
+ display_value->value = toUTF8(av->getTextContent(), true);
+ display_value->length = strlen((char *)value->value);
+ }
}
+ if (nvalues > ++i)
+ *more = i;
+
return true;
}
gss_any_t
-gss_eap_saml_attr_provider::mapToAny(int authenticated,
- gss_buffer_t type_id) const
+gss_eap_saml_attr_provider::mapToAny(int authenticated GSSEAP_UNUSED,
+ gss_buffer_t type_id GSSEAP_UNUSED) const
{
return (gss_any_t)NULL;
}
void
-gss_eap_saml_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
- gss_any_t input) const
+gss_eap_saml_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
+ gss_any_t input GSSEAP_UNUSED) const
{
}
-void
-gss_eap_saml_attr_provider::exportToBuffer(gss_buffer_t buffer) const
+const char *
+gss_eap_saml_attr_provider::prefix(void) const
{
- buffer->length = 0;
- buffer->value = NULL;
-}
-
-bool
-gss_eap_saml_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
- const gss_buffer_t buffer)
-{
- return gss_eap_attr_provider::initFromBuffer(ctx, buffer);
+ return "urn:ietf:params:gss-eap:saml-attr";
}
bool
gss_eap_saml_attr_provider::init(void)
{
- gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML,
- "urn:ietf:params:gss-eap:saml-attr",
- gss_eap_saml_attr_provider::createAttrContext);
+ gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML, createAttrContext);
return true;
}
{
return new gss_eap_saml_attr_provider;
}
+
+OM_uint32
+gssEapSamlAttrProvidersInit(OM_uint32 *minor)
+{
+ if (!gss_eap_saml_assertion_provider::init() ||
+ !gss_eap_saml_attr_provider::init()) {
+ *minor = GSSEAP_SAML_INIT_FAILURE;
+ return GSS_S_FAILURE;
+ }
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+gssEapSamlAttrProvidersFinalize(OM_uint32 *minor)
+{
+ gss_eap_saml_attr_provider::finalize();
+ gss_eap_saml_assertion_provider::finalize();
+
+ *minor = 0;
+ return GSS_S_COMPLETE;
+}