X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibsp%2Fhandler%2Fimpl%2FWAYFSessionInitiator.cpp;h=b04f0187e267da729744dad3270bbc193daf69c1;hb=c51bfd77603cf0ddb0b5e374c35586a8435895d6;hp=2947663848761a02728e92f1bbb184b990e55b1c;hpb=c6700090390ccb108e96ec1123eb3c26f39e6573;p=shibboleth%2Fcpp-sp.git diff --git a/shibsp/handler/impl/WAYFSessionInitiator.cpp b/shibsp/handler/impl/WAYFSessionInitiator.cpp index 2947663..b04f018 100644 --- a/shibsp/handler/impl/WAYFSessionInitiator.cpp +++ b/shibsp/handler/impl/WAYFSessionInitiator.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2010 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -34,12 +38,14 @@ #endif #include +#include #include #include using namespace shibsp; using namespace opensaml; using namespace xmltooling; +using namespace boost; using namespace std; namespace shibsp { @@ -53,7 +59,7 @@ namespace shibsp { { public: WAYFSessionInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.WAYF"), nullptr, &m_remapper), m_url(nullptr) { + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT ".SessionInitiator.WAYF"), nullptr, &m_remapper), m_url(nullptr) { pair url = getString("URL"); if (!url.first) throw ConfigurationException("WAYF SessionInitiator requires a URL property."); @@ -63,6 +69,10 @@ namespace shibsp { pair run(SPRequest& request, string& entityID, bool isHandler=true) const; + const XMLCh* getProtocolFamily() const { + return samlconstants::SAML11_PROTOCOL_ENUM; + } + private: const char* m_url; }; @@ -83,12 +93,12 @@ pair WAYFSessionInitiator::run(SPRequest& request, string& entityID, // The IdP CANNOT be specified for us to run. Otherwise, we'd be redirecting to a WAYF // anytime the IdP's metadata was wrong. if (!entityID.empty() || !checkCompatibility(request, isHandler)) - return make_pair(false,0L); + return make_pair(false, 0L); string target; pair prop; - const Handler* ACS=nullptr; - const Application& app=request.getApplication(); + const Handler* ACS = nullptr; + const Application& app = request.getApplication(); pair discoveryURL = pair(true, m_url); if (isHandler) { @@ -106,6 +116,7 @@ pair WAYFSessionInitiator::run(SPRequest& request, string& entityID, // Since we're passing the ACS by value, we need to compute the return URL, // so we'll need the target resource for real. recoverRelayState(request.getApplication(), request, request, target, false); + request.getApplication().limitRedirect(request, target.c_str()); prop.second = request.getParameter("discoveryURL"); if (prop.second && *prop.second) @@ -131,7 +142,8 @@ pair WAYFSessionInitiator::run(SPRequest& request, string& entityID, // If we picked by index, validate the ACS for use with this protocol. if (!ACS || !XMLString::equals(samlconstants::SAML11_PROTOCOL_ENUM, ACS->getProtocolFamily())) { - request.log(SPRequest::SPWarn, "invalid acsIndex property, or non-SAML 1.x ACS, using default SAML 1.x ACS"); + if (ACS) + request.log(SPRequest::SPWarn, "invalid acsIndex property, or non-SAML 1.x ACS, using default SAML 1.x ACS"); ACS = app.getAssertionConsumerServiceByProtocol(getProtocolFamily()); if (!ACS) throw ConfigurationException("Unable to locate a SAML 1.x ACS endpoint to use for response."); @@ -165,11 +177,9 @@ pair WAYFSessionInitiator::run(SPRequest& request, string& entityID, if (target.empty()) target = "default"; - char timebuf[16]; - sprintf(timebuf,"%lu",time(nullptr)); const URLEncoder* urlenc = XMLToolingConfig::getConfig().getURLEncoder(); string req=string(discoveryURL.second) + (strchr(discoveryURL.second,'?') ? '&' : '?') + "shire=" + urlenc->encode(ACSloc.c_str()) + - "&time=" + timebuf + "&target=" + urlenc->encode(target.c_str()) + + "&time=" + lexical_cast(time(nullptr)) + "&target=" + urlenc->encode(target.c_str()) + "&providerId=" + urlenc->encode(app.getString("entityID").second); return make_pair(true, request.sendRedirect(req.c_str()));