X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=adfs%2Fadfs.cpp;h=333249f304ea4204ec53d6069d9f360f5d218092;hb=8d742a1e1f479f74eafd6f60e21c5f9f329a924b;hp=c957c1984c484e837b57f4449f1d309615c5f8fc;hpb=a8928d2b5c8101a9a90da022d6743c3d2a368e9e;p=shibboleth%2Fcpp-sp.git diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp index c957c19..333249f 100644 --- a/adfs/adfs.cpp +++ b/adfs/adfs.cpp @@ -90,6 +90,10 @@ namespace { ADFSDecoder() : m_ns(WSTRUST_NS) {} virtual ~ADFSDecoder() {} + const XMLCh* getProtocolFamily() const { + return m_ns.get(); + } + XMLObject* decode(string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy) const; protected: @@ -140,6 +144,10 @@ namespace { pair unwrap(SPRequest& request, DDF& out) const; pair run(SPRequest& request, string& entityID, bool isHandler=true) const; + const XMLCh* getProtocolFamily() const { + return m_binding.get(); + } + private: pair doRequest( const Application& application, @@ -156,13 +164,10 @@ namespace { class SHIBSP_DLLLOCAL ADFSConsumer : public shibsp::AssertionConsumerService { + auto_ptr_XMLCh m_protocol; public: ADFSConsumer(const DOMElement* e, const char* appId) - : shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SSO.ADFS")) -#ifndef SHIBSP_LITE - ,m_protocol(WSFED_NS) -#endif - {} + : shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SSO.ADFS")), m_protocol(WSFED_NS) {} virtual ~ADFSConsumer() {} #ifndef SHIBSP_LITE @@ -171,8 +176,6 @@ namespace { role.addSupport(m_protocol.get()); } - auto_ptr_XMLCh m_protocol; - private: void implementProtocol( const Application& application, @@ -182,6 +185,10 @@ namespace { const PropertySet*, const XMLObject& xmlObject ) const; +#else + const XMLCh* getProtocolFamily() const { + return m_protocol.get(); + } #endif }; @@ -219,6 +226,9 @@ namespace { return "LogoutInitiator"; } #endif + const XMLCh* getProtocolFamily() const { + return m_binding.get(); + } private: pair doRequest(const Application& application, const HTTPRequest& httpRequest, HTTPResponse& httpResponse, Session* session) const; @@ -254,7 +264,7 @@ namespace { auto_ptr_XMLCh widen(hurl.c_str()); SingleLogoutService* ep = SingleLogoutServiceBuilder::buildSingleLogoutService(); ep->setLocation(widen.get()); - ep->setBinding(m_login.m_protocol.get()); + ep->setBinding(m_login.getProtocolFamily()); role.getSingleLogoutServices().push_back(ep); } @@ -262,6 +272,9 @@ namespace { return m_login.getType(); } #endif + const XMLCh* getProtocolFamily() const { + return m_login.getProtocolFamily(); + } private: ADFSConsumer m_login; @@ -378,12 +391,9 @@ pair ADFSSessionInitiator::run(SPRequest& request, string& entityID, } // Validate the ACS for use with this protocol. - pair ACSbinding = ACS->getXMLString("Binding"); - if (ACSbinding.first) { - if (!XMLString::equals(ACSbinding.second, m_binding.get())) { - m_log.error("configured or requested ACS has non-ADFS binding"); - throw ConfigurationException("Configured or requested ACS has non-ADFS binding ($1).", params(1, ACSbinding.second)); - } + if (!XMLString::equals(getProtocolFamily(), ACS->getProtocolFamily())) { + m_log.error("configured or requested ACS has non-ADFS binding"); + throw ConfigurationException("Configured or requested ACS has non-ADFS binding ($1).", params(1, ACS->getString("Binding").second)); } // Since we're not passing by index, we need to fully compute the return URL.