Thread* cleanup_thread;
// cached config settings
+ int AATimeout,AAConnectTimeout;
int defaultLifetime,retryInterval;
bool strictValidity,propagateErrors;
friend class InternalCCacheEntry;
/* InternalCCache: A Credential Cache */
/******************************************************************************/
-InternalCCache::InternalCCache() : defaultLifetime(1800), retryInterval(300), strictValidity(true), propagateErrors(false)
+InternalCCache::InternalCCache()
+ : AATimeout(30), AAConnectTimeout(15), defaultLifetime(1800), retryInterval(300), strictValidity(true), propagateErrors(false)
{
log = &(log4cpp::Category::getInstance("shibtarget.InternalCCache"));
lock = RWLock::create();
string tag;
ShibINI& ini = ShibTargetConfig::getConfig().getINI();
+ if (ini.get_tag(SHIBTARGET_SHAR, SHIBTARGET_TAG_AATIMEOUT, false, &tag))
+ AATimeout = atoi(tag.c_str());
+ if (ini.get_tag(SHIBTARGET_SHAR, SHIBTARGET_TAG_AACONNECTTO, false, &tag))
+ AAConnectTimeout = atoi(tag.c_str());
if (ini.get_tag(SHIBTARGET_SHAR, "defaultLifetime", false, &tag))
defaultLifetime=atoi(tag.c_str());
if (ini.get_tag(SHIBTARGET_SHAR, "retryInterval", false, &tag))
SAMLResponse* response = NULL;
ShibBinding binding(conf.getRevocationProviders(),conf.getTrustProviders(),conf.getCredentialProviders());
try {
- response=binding.send(*req,site,NULL,p_auth->getBindings());
+ SAMLConfig::SAMLBindingConfig bindconf;
+ bindconf.timeout=m_cache->AATimeout;
+ bindconf.conn_timeout=m_cache->AAConnectTimeout;
+ response=binding.send(*req,site,NULL,p_auth->getBindings(),bindconf);
}
catch (SAMLException& e) {
log->error("caught SAML exception during query to AA: %s", e.what());
if (ini->get_tag (app, SHIBTARGET_TAG_SCHEMAS, true, &tag))
samlConf.schema_dir = tag;
- // Init SAML Binding Configuration
- if (ini->get_tag (app, SHIBTARGET_TAG_AATIMEOUT, true, &tag))
- samlConf.binding_defaults.timeout = atoi(tag.c_str());
- if (ini->get_tag (app, SHIBTARGET_TAG_AACONNECTTO, true, &tag))
- samlConf.binding_defaults.conn_timeout = atoi(tag.c_str());
- if (ini->get_tag (app, SHIBTARGET_TAG_CERTFILE, true, &tag))
- log.error("using OBSOLETE certfile setting, please migrate to the XML-based credential format (see the latest target deploy guide)");
- if (ini->get_tag (app, SHIBTARGET_TAG_KEYFILE, true, &tag))
- log.error("using OBSOLETE keyfile setting, please migrate to the XML-based credential format (see the latest target deploy guide)");
- if (ini->get_tag (app, SHIBTARGET_TAG_KEYPASS, true, &tag))
- log.error("using OBSOLETE keypass setting, please migrate to the XML-based credential format (see the latest target deploy guide)");
- if (ini->get_tag (app, SHIBTARGET_TAG_CALIST, true, &tag))
- log.error("using OBSOLETE calist setting, please use the XML-based trust format (see the latest target deploy guide)");
-
try {
if (!samlConf.init()) {
log.fatal ("Failed to initialize SAML Library");
const ICredResolver* cr=c.lookup(b->m_credResolverId);
if (cr)
cr->attach(ssl_ctx);
- else
- Category::getInstance(SHIB_LOGCAT".ShibBinding").warn("unable to access credentials resolver, request will be anonymous");
+ else {
+ Category::getInstance(SHIB_LOGCAT".ShibBinding").error("unable to attach credentials to request");
+ return false;
+ }
Trust t(b->m_trusts);
if (!t.attach(b->m_revocations, b->m_AA, ssl_ctx)) {
virtual ~IKeyDescriptor() {}
};
+ struct SHIB_EXPORTS IEndpoint
+ {
+ virtual const XMLCh* getBinding() const=0;
+ virtual const XMLCh* getVersion() const=0;
+ virtual const XMLCh* getLocation() const=0;
+ virtual const XMLCh* getResponseLocation() const=0;
+ virtual const DOMElement* getElement() const=0;
+ virtual ~IEndpoint() {}
+ };
+
struct SHIB_EXPORTS IProvider;
struct SHIB_EXPORTS IProviderRole
{
virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
virtual const IOrganization* getOrganization() const=0;
virtual saml::Iterator<const IContactPerson*> getContacts() const=0;
- virtual const XMLCh* getSOAPEndpoint() const=0;
- virtual const XMLCh* getURLEndpoint() const=0;
+ virtual saml::Iterator<const IEndpoint*> getDefaultEndpoints() const=0;
virtual const char* getErrorURL() const=0;
virtual const DOMElement* getElement() const=0;
virtual ~IProviderRole() {}
};
-
- struct SHIB_EXPORTS IEndpoint
- {
- virtual const XMLCh* getBinding() const=0;
- virtual const XMLCh* getVersion() const=0;
- virtual const XMLCh* getLocation() const=0;
- virtual ~IEndpoint() {}
- };
-
+
struct SHIB_EXPORTS ISSOProviderRole : public virtual IProviderRole
{
virtual saml::Iterator<const IEndpoint*> getSingleLogoutServices() const=0;
- virtual const XMLCh* getSingleLogoutServiceReturnURL() const=0;
virtual saml::Iterator<const IEndpoint*> getFederationTerminationServices() const=0;
- virtual const XMLCh* getFederationTerminationServiceReturnURL() const=0;
virtual saml::Iterator<const IEndpoint*> getRegisterNameIdentifierServices() const=0;
- virtual const XMLCh* getRegisterNameIdentifierServiceReturnURL() const=0;
virtual ~ISSOProviderRole() {}
};
Iterator<const IKeyDescriptor*> getKeyDescriptors() const {return m_keys;}
const IOrganization* getOrganization() const {return NULL;}
Iterator<const IContactPerson*> getContacts() const {return m_provider->getContacts();}
- const XMLCh* getSOAPEndpoint() const {return NULL;}
- const XMLCh* getURLEndpoint() const {return NULL;}
+ Iterator<const IEndpoint*> getDefaultEndpoints() const {return EMPTY(const IEndpoint*);}
const char* getErrorURL() const {return m_provider->getErrorURL();}
const DOMElement* getElement() const {return m_root;}
const XMLCh* getBinding() const { return m_binding; }
const XMLCh* getVersion() const { return NULL; }
const XMLCh* getLocation() const { return m_location; }
+ const XMLCh* getResponseLocation() const { return NULL; }
+ const DOMElement* getElement() const { return NULL; }
private:
const XMLCh* m_binding;
SSORole(const Provider* provider, const DOMElement* e) : Role(provider,e) {}
~SSORole() {}
Iterator<const IEndpoint*> getSingleLogoutServices() const {return EMPTY(const IEndpoint*);}
- const XMLCh* getSingleLogoutServiceReturnURL() const {return NULL;}
Iterator<const IEndpoint*> getFederationTerminationServices() const {return EMPTY(const IEndpoint*);}
- const XMLCh* getFederationTerminationServiceReturnURL() const {return NULL;}
Iterator<const IEndpoint*> getRegisterNameIdentifierServices() const {return EMPTY(const IEndpoint*);}
- const XMLCh* getRegisterNameIdentifierServiceReturnURL() const {return NULL;}
};
class IDPRole : public SSORole, public virtual IIDPProviderRole