X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibsp%2Fhandler%2Fimpl%2FShib1SessionInitiator.cpp;h=8d5e0653f0a5df258912ce99d1f9222e8b7203c1;hb=392d1448deb48beb75f219532ac248b4776f16db;hp=e7564e9832f941c695b6b62d13d690fadc940f27;hpb=7b7c8bd1f79f1ba7650f185970d0864a157b4818;p=shibboleth%2Fsp.git

diff --git a/shibsp/handler/impl/Shib1SessionInitiator.cpp b/shibsp/handler/impl/Shib1SessionInitiator.cpp
index e7564e9..8d5e065 100644
--- a/shibsp/handler/impl/Shib1SessionInitiator.cpp
+++ b/shibsp/handler/impl/Shib1SessionInitiator.cpp
@@ -54,7 +54,7 @@ namespace shibsp {
     {
     public:
         Shib1SessionInitiator(const DOMElement* e, const char* appId)
-                : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_appId(appId) {
+                : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.Shib1")), m_appId(appId) {
             // If Location isn't set, defer address registration until the setParent call.
             pair<bool,const char*> loc = getString("Location");
             if (loc.first) {
@@ -107,7 +107,7 @@ pair<bool,long> Shib1SessionInitiator::run(SPRequest& request, const char* entit
 {
     // We have to know the IdP to function.
     if (!entityID || !*entityID)
-        return make_pair(false,0);
+        return make_pair(false,0L);
 
     string target;
     const Handler* ACS=NULL;
@@ -128,7 +128,7 @@ pair<bool,long> Shib1SessionInitiator::run(SPRequest& request, const char* entit
 
         // Since we're passing the ACS by value, we need to compute the return URL,
         // so we'll need the target resource for real.
-        recoverRelayState(request.getApplication(), request, target, false);
+        recoverRelayState(request.getApplication(), request, request, target, false);
     }
     else {
         // We're running as a "virtual handler" from within the filter.
@@ -224,23 +224,26 @@ pair<bool,long> Shib1SessionInitiator::doRequest(
     // Use metadata to invoke the SSO service directly.
     MetadataProvider* m=app.getMetadataProvider();
     Locker locker(m);
-    const EntityDescriptor* entity=m->getEntityDescriptor(entityID);
-    if (!entity) {
-        m_log.error("unable to locate metadata for provider (%s)", entityID);
-        throw MetadataException("Unable to locate metadata for identity provider ($entityID)",
-            namedparams(1, "entityID", entityID));
+    MetadataProvider::Criteria mc(entityID, &IDPSSODescriptor::ELEMENT_QNAME, shibspconstants::SHIB1_PROTOCOL_ENUM);
+    pair<const EntityDescriptor*,const RoleDescriptor*> entity = m->getEntityDescriptor(mc);
+    if (!entity.first) {
+        m_log.warn("unable to locate metadata for provider (%s)", entityID);
+        throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID));
     }
-    const IDPSSODescriptor* role=entity->getIDPSSODescriptor(shibspconstants::SHIB1_PROTOCOL_ENUM);
-    if (!role) {
-        m_log.error("unable to locate Shibboleth-aware identity provider role for provider (%s)", entityID);
-        return make_pair(false,0);
+    else if (!entity.second) {
+        m_log.warn("unable to locate Shibboleth-aware identity provider role for provider (%s)", entityID);
+        if (getParent())
+            return make_pair(false,0L);
+        throw MetadataException("Unable to locate Shibboleth-aware identity provider role for provider ($entityID)", namedparams(1, "entityID", entityID));
     }
-    const EndpointType* ep=EndpointManager<SingleSignOnService>(role->getSingleSignOnServices()).getByBinding(
-        shibspconstants::SHIB1_AUTHNREQUEST_PROFILE_URI
-        );
+    const EndpointType* ep=EndpointManager<SingleSignOnService>(
+        dynamic_cast<const IDPSSODescriptor*>(entity.second)->getSingleSignOnServices()
+        ).getByBinding(shibspconstants::SHIB1_AUTHNREQUEST_PROFILE_URI);
     if (!ep) {
-        m_log.error("unable to locate compatible SSO service for provider (%s)", entityID);
-        return make_pair(false,0);
+        m_log.warn("unable to locate compatible SSO service for provider (%s)", entityID);
+        if (getParent())
+            return make_pair(false,0L);
+        throw MetadataException("Unable to locate compatible SSO service for provider ($entityID)", namedparams(1, "entityID", entityID));
     }
 
     preserveRelayState(app, httpResponse, relayState);
@@ -255,10 +258,10 @@ pair<bool,long> Shib1SessionInitiator::doRequest(
     auto_ptr_char dest(ep->getLocation());
     string req=string(dest.get()) + (strchr(dest.get(),'?') ? '&' : '?') + "shire=" + urlenc->encode(acsLocation) +
         "&time=" + timebuf + "&target=" + urlenc->encode(relayState.c_str()) +
-        "&providerId=" + urlenc->encode(app.getString("entityID").second);
+        "&providerId=" + urlenc->encode(app.getRelyingParty(entity.first)->getString("entityID").second);
 
     return make_pair(true, httpResponse.sendRedirect(req.c_str()));
 #else
-    return make_pair(false,0);
+    return make_pair(false,0L);
 #endif
 }