projects / mech_eap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
cleanup unused parameter warnings
[mech_eap.git] / util_saml.cpp
1 /*
2  * Copyright (c) 2011, JANET(UK)
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * 3. Neither the name of JANET(UK) nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32
33 /*
34  * SAML attribute provider implementation.
35  */
36
37 #include "gssapiP_eap.h"
38
39 #include <sstream>
40
41 #include <xercesc/util/XMLUniDefs.hpp>
42 #include <xmltooling/unicode.h>
43 #include <xmltooling/XMLToolingConfig.h>
44 #include <xmltooling/util/XMLHelper.h>
45 #include <xmltooling/util/ParserPool.h>
46 #include <xmltooling/util/DateTime.h>
47
48 #include <saml/exceptions.h>
49 #include <saml/saml1/core/Assertions.h>
50 #include <saml/saml2/core/Assertions.h>
51 #include <saml/saml2/metadata/Metadata.h>
52 #include <saml/saml2/metadata/MetadataProvider.h>
53
54 using namespace xmltooling;
55 using namespace opensaml::saml2md;
56 using namespace opensaml;
57 using namespace xercesc;
58 using namespace std;
59
60 /*
61  * gss_eap_saml_assertion_provider is for retrieving the underlying
62  * assertion.
63  */
64 gss_eap_saml_assertion_provider::gss_eap_saml_assertion_provider(void)
65 {
66     m_assertion = NULL;
67     m_authenticated = false;
68 }
69
70 gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void)
71 {
72     delete m_assertion;
73 }
74
75 bool
76 gss_eap_saml_assertion_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
77                                                          const gss_eap_attr_provider *ctx)
78 {
79     /* Then we may be creating from an existing attribute context */
80     const gss_eap_saml_assertion_provider *saml;
81
82     assert(m_assertion == NULL);
83
84     if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
85         return false;
86
87     saml = static_cast<const gss_eap_saml_assertion_provider *>(ctx);
88     setAssertion(saml->getAssertion(), saml->authenticated());
89
90     return true;
91 }
92
93 bool
94 gss_eap_saml_assertion_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
95                                                     const gss_cred_id_t gssCred,
96                                                     const gss_ctx_id_t gssCtx)
97 {
98     const gss_eap_radius_attr_provider *radius;
99     gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
100     int authenticated, complete;
101     OM_uint32 minor;
102
103     assert(m_assertion == NULL);
104
105     if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
106         return false;
107
108     /*
109      * XXX TODO we need to support draft-howlett-radius-saml-attr-00
110      */
111     radius = static_cast<const gss_eap_radius_attr_provider *>
112         (m_manager->getProvider(ATTR_TYPE_RADIUS));
113     if (radius != NULL &&
114         radius->getFragmentedAttribute(PW_SAML_AAA_ASSERTION,
115                                        VENDORPEC_UKERNA,
116                                        &authenticated, &complete, &value)) {
117         setAssertion(&value, authenticated);
118         gss_release_buffer(&minor, &value);
119     } else {
120         m_assertion = NULL;
121     }
122
123     return true;
124 }
125
126 void
127 gss_eap_saml_assertion_provider::setAssertion(const saml2::Assertion *assertion,
128                                               bool authenticated)
129 {
130
131     delete m_assertion;
132
133     if (assertion != NULL) {
134 #ifdef __APPLE__
135         m_assertion = (saml2::Assertion *)((void *)assertion->clone());
136 #else
137         m_assertion = dynamic_cast<saml2::Assertion *>(assertion->clone());
138 #endif
139         m_authenticated = authenticated;
140     } else {
141         m_assertion = NULL;
142         m_authenticated = false;
143     }
144 }
145
146 void
147 gss_eap_saml_assertion_provider::setAssertion(const gss_buffer_t buffer,
148                                               bool authenticated)
149 {
150     delete m_assertion;
151
152     m_assertion = parseAssertion(buffer);
153     m_authenticated = (m_assertion != NULL && authenticated);
154 }
155
156 saml2::Assertion *
157 gss_eap_saml_assertion_provider::parseAssertion(const gss_buffer_t buffer)
158 {
159     string str((char *)buffer->value, buffer->length);
160     istringstream istream(str);
161     DOMDocument *doc;
162     const XMLObjectBuilder *b;
163
164     try {
165         doc = XMLToolingConfig::getConfig().getParser().parse(istream);
166         if (doc == NULL)
167             return NULL;
168
169         b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
170
171 #ifdef __APPLE__
172         return (saml2::Assertion *)((void *)b->buildFromDocument(doc));
173 #else
174         return dynamic_cast<saml2::Assertion *>(b->buildFromDocument(doc));
175 #endif
176     } catch (exception &e) {
177         return NULL;
178     }
179 }
180
181 bool
182 gss_eap_saml_assertion_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
183                                                    void *data) const
184 {
185     bool ret;
186
187     /* just add the prefix */
188     if (m_assertion != NULL)
189         ret = addAttribute(this, GSS_C_NO_BUFFER, data);
190     else
191         ret = true;
192
193     return ret;
194 }
195
196 bool
197 gss_eap_saml_assertion_provider::setAttribute(int complete GSSEAP_UNUSED,
198                                               const gss_buffer_t attr,
199                                               const gss_buffer_t value)
200 {
201     if (attr == GSS_C_NO_BUFFER || attr->length == 0) {
202         setAssertion(value);
203         return true;
204     }
205
206     return false;
207 }
208
209 bool
210 gss_eap_saml_assertion_provider::deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
211 {
212     delete m_assertion;
213     m_assertion = NULL;
214     m_authenticated = false;
215
216     return true;
217 }
218
219 time_t
220 gss_eap_saml_assertion_provider::getExpiryTime(void) const
221 {
222     saml2::Conditions *conditions;
223     time_t expiryTime = 0;
224
225     if (m_assertion == NULL)
226         return 0;
227
228     conditions = m_assertion->getConditions();
229
230     if (conditions != NULL && conditions->getNotOnOrAfter() != NULL)
231         expiryTime = conditions->getNotOnOrAfter()->getEpoch();
232
233     return expiryTime;
234 }
235
236 OM_uint32
237 gss_eap_saml_assertion_provider::mapException(OM_uint32 *minor,
238                                               std::exception &e) const
239 {
240     if (typeid(e) == typeid(SecurityPolicyException))
241         *minor = GSSEAP_SAML_SEC_POLICY_FAILURE;
242     else if (typeid(e) == typeid(BindingException))
243         *minor = GSSEAP_SAML_BINDING_FAILURE;
244     else if (typeid(e) == typeid(ProfileException))
245         *minor = GSSEAP_SAML_PROFILE_FAILURE;
246     else if (typeid(e) == typeid(FatalProfileException))
247         *minor = GSSEAP_SAML_FATAL_PROFILE_FAILURE;
248     else if (typeid(e) == typeid(RetryableProfileException))
249         *minor = GSSEAP_SAML_RETRY_PROFILE_FAILURE;
250     else if (typeid(e) == typeid(MetadataException))
251         *minor = GSSEAP_SAML_METADATA_FAILURE;
252     else
253         return GSS_S_CONTINUE_NEEDED;
254
255     return GSS_S_FAILURE;
256 }
257
258 bool
259 gss_eap_saml_assertion_provider::getAttribute(const gss_buffer_t attr,
260                                               int *authenticated,
261                                               int *complete,
262                                               gss_buffer_t value,
263                                               gss_buffer_t display_value GSSEAP_UNUSED,
264                                               int *more) const
265 {
266     string str;
267
268     if (attr != GSS_C_NO_BUFFER && attr->length != 0)
269         return false;
270
271     if (m_assertion == NULL)
272         return false;
273
274     if (*more != -1)
275         return false;
276
277     if (authenticated != NULL)
278         *authenticated = m_authenticated;
279     if (complete != NULL)
280         *complete = true;
281
282     XMLHelper::serialize(m_assertion->marshall((DOMDocument *)NULL), str);
283
284     duplicateBuffer(str, value);
285     *more = 0;
286
287     return true;
288 }
289
290 gss_any_t
291 gss_eap_saml_assertion_provider::mapToAny(int authenticated,
292                                           gss_buffer_t type_id GSSEAP_UNUSED) const
293 {
294     if (authenticated && !m_authenticated)
295         return (gss_any_t)NULL;
296
297     return (gss_any_t)m_assertion;
298 }
299
300 void
301 gss_eap_saml_assertion_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
302                                                        gss_any_t input) const
303 {
304     delete ((saml2::Assertion *)input);
305 }
306
307 void
308 gss_eap_saml_assertion_provider::exportToBuffer(gss_buffer_t buffer) const
309 {
310     ostringstream sink;
311     string str;
312
313     buffer->length = 0;
314     buffer->value = NULL;
315
316     if (m_assertion == NULL)
317         return;
318
319     sink << *m_assertion;
320     str = sink.str();
321
322     duplicateBuffer(str, buffer);
323 }
324
325 bool
326 gss_eap_saml_assertion_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
327                                                 const gss_buffer_t buffer)
328 {
329     if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
330         return false;
331
332     if (buffer->length == 0)
333         return true;
334
335     assert(m_assertion == NULL);
336
337     setAssertion(buffer);
338     /* TODO XXX how to propagate authenticated flag? */
339
340     return true;
341 }
342
343 bool
344 gss_eap_saml_assertion_provider::init(void)
345 {
346     gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML_ASSERTION,
347                                        "urn:ietf:params:gss-eap:saml-aaa-assertion",
348                                        createAttrContext);
349     return true;
350 }
351
352 void
353 gss_eap_saml_assertion_provider::finalize(void)
354 {
355     gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML_ASSERTION);
356 }
357
358 gss_eap_attr_provider *
359 gss_eap_saml_assertion_provider::createAttrContext(void)
360 {
361     return new gss_eap_saml_assertion_provider;
362 }
363
364 saml2::Assertion *
365 gss_eap_saml_assertion_provider::initAssertion(void)
366 {
367     delete m_assertion;
368     m_assertion = saml2::AssertionBuilder::buildAssertion();
369     m_authenticated = false;
370
371     return m_assertion;
372 }
373
374 /*
375  * gss_eap_saml_attr_provider is for retrieving the underlying attributes.
376  */
377 bool
378 gss_eap_saml_attr_provider::getAssertion(int *authenticated,
379                                          saml2::Assertion **pAssertion,
380                                          bool createIfAbsent) const
381 {
382     gss_eap_saml_assertion_provider *saml;
383
384     if (authenticated != NULL)
385         *authenticated = false;
386     if (pAssertion != NULL)
387         *pAssertion = NULL;
388
389     saml = static_cast<const gss_eap_saml_assertion_provider *>
390         (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION));
391     if (saml == NULL)
392         return false;
393
394     if (authenticated != NULL)
395         *authenticated = saml->authenticated();
396     if (pAssertion != NULL)
397         *pAssertion = saml->getAssertion();
398
399     if (saml->getAssertion() == NULL) {
400         if (createIfAbsent) {
401             if (authenticated != NULL)
402                 *authenticated = false;
403             if (pAssertion != NULL)
404                 *pAssertion = saml->initAssertion();
405         } else
406             return false;
407     }
408
409     return true;
410 }
411
412 bool
413 gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
414                                               void *data) const
415 {
416     saml2::Assertion *assertion;
417     int authenticated;
418
419     if (!getAssertion(&authenticated, &assertion))
420         return true;
421
422     /*
423      * Note: the first prefix is added by the attribute provider manager
424      *
425      * From draft-hartman-gss-eap-naming-00:
426      *
427      *   Each attribute carried in the assertion SHOULD also be a GSS name
428      *   attribute.  The name of this attribute has three parts, all separated
429      *   by an ASCII space character.  The first part is
430      *   urn:ietf:params:gss-eap:saml-attr.  The second part is the URI for
431      *   the SAML attribute name format.  The final part is the name of the
432      *   SAML attribute.  If the mechanism performs an additional attribute
433      *   query, the retrieved attributes SHOULD be GSS-API name attributes
434      *   using the same name syntax.
435      */
436     /* For each attribute statement, look for an attribute match */
437     const vector <saml2::AttributeStatement *> &statements =
438         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
439
440     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
441         s != statements.end();
442         ++s) {
443         const vector<saml2::Attribute*> &attrs =
444             const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
445
446         for (vector<saml2::Attribute*>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
447             const XMLCh *attributeName = (*a)->getName();
448             const XMLCh *attributeNameFormat = (*a)->getNameFormat();
449             XMLCh *qualifiedName;
450             XMLCh space[2] = { ' ', 0 };
451             gss_buffer_desc utf8;
452             bool ret;
453
454             qualifiedName = new XMLCh[XMLString::stringLen(attributeNameFormat) + 1 +
455                                       XMLString::stringLen(attributeName) + 1];
456             XMLString::copyString(qualifiedName, attributeNameFormat);
457             XMLString::catString(qualifiedName, space);
458             XMLString::catString(qualifiedName, attributeName);
459
460             utf8.value = (void *)toUTF8(qualifiedName);
461             utf8.length = strlen((char *)utf8.value);
462
463             ret = addAttribute(this, &utf8, data);
464
465             delete qualifiedName;
466
467             if (!ret)
468                 return ret;
469         }
470     }
471
472     return true;
473 }
474
475 static BaseRefVectorOf<XMLCh> *
476 decomposeAttributeName(const gss_buffer_t attr)
477 {
478     XMLCh *qualifiedAttr = new XMLCh[attr->length + 1];
479     XMLString::transcode((const char *)attr->value, qualifiedAttr, attr->length);
480
481     BaseRefVectorOf<XMLCh> *components = XMLString::tokenizeString(qualifiedAttr);
482
483     delete qualifiedAttr;
484
485     if (components->size() != 2) {
486         delete components;
487         components = NULL;
488     }
489
490     return components;
491 }
492
493 bool
494 gss_eap_saml_attr_provider::setAttribute(int complete GSSEAP_UNUSED,
495                                          const gss_buffer_t attr,
496                                          const gss_buffer_t value)
497 {
498     saml2::Assertion *assertion;
499     saml2::Attribute *attribute;
500     saml2::AttributeValue *attributeValue;
501     saml2::AttributeStatement *attributeStatement;
502
503     if (!getAssertion(NULL, &assertion, true))
504         return false;
505
506     if (assertion->getAttributeStatements().size() != 0) {
507         attributeStatement = assertion->getAttributeStatements().front();
508     } else {
509         attributeStatement = saml2::AttributeStatementBuilder::buildAttributeStatement();
510         assertion->getAttributeStatements().push_back(attributeStatement);
511     }
512
513     /* Check the attribute name consists of name format | whsp | name */
514     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
515     if (components == NULL)
516         return false;
517
518     attribute = saml2::AttributeBuilder::buildAttribute();
519     attribute->setNameFormat(components->elementAt(0));
520     attribute->setName(components->elementAt(1));
521
522     XMLCh *xmlValue = new XMLCh[value->length + 1];
523     XMLString::transcode((const char *)value->value, xmlValue, attr->length);
524
525     attributeValue = saml2::AttributeValueBuilder::buildAttributeValue();
526     attributeValue->setTextContent(xmlValue);
527
528     attribute->getAttributeValues().push_back(attributeValue);
529
530     assert(attributeStatement != NULL);
531     attributeStatement->getAttributes().push_back(attribute);
532
533     delete components;
534     delete xmlValue;
535
536     return true;
537 }
538
539 bool
540 gss_eap_saml_attr_provider::deleteAttribute(const gss_buffer_t attr)
541 {
542     saml2::Assertion *assertion;
543     bool ret = false;
544
545     if (!getAssertion(NULL, &assertion) ||
546         assertion->getAttributeStatements().size() == 0)
547         return false;
548
549     /* Check the attribute name consists of name format | whsp | name */
550     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
551     if (components == NULL)
552         return false;
553
554     /* For each attribute statement, look for an attribute match */
555     const vector<saml2::AttributeStatement *> &statements =
556         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
557
558     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
559         s != statements.end();
560         ++s) {
561         const vector<saml2::Attribute *> &attrs =
562             const_cast<const saml2::AttributeStatement *>(*s)->getAttributes();
563         ssize_t index = -1, i = 0;
564
565         /* There's got to be an easier way to do this */
566         for (vector<saml2::Attribute *>::const_iterator a = attrs.begin();
567              a != attrs.end();
568              ++a) {
569             if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) &&
570                 XMLString::equals((*a)->getName(), components->elementAt(1))) {
571                 index = i;
572                 break;
573             }
574             ++i;
575         }
576         if (index != -1) {
577             (*s)->getAttributes().erase((*s)->getAttributes().begin() + index);
578             ret = true;
579         }
580     }
581
582     delete components;
583
584     return ret;
585 }
586
587 bool
588 gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr,
589                                          int *authenticated,
590                                          int *complete,
591                                          const saml2::Attribute **pAttribute) const
592 {
593     saml2::Assertion *assertion;
594
595     if (authenticated != NULL)
596         *authenticated = false;
597     if (complete != NULL)
598         *complete = true;
599     *pAttribute = NULL;
600
601     if (!getAssertion(authenticated, &assertion) ||
602         assertion->getAttributeStatements().size() == 0)
603         return false;
604
605     /* Check the attribute name consists of name format | whsp | name */
606     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
607     if (components == NULL)
608         return false;
609
610     /* For each attribute statement, look for an attribute match */
611     const vector <saml2::AttributeStatement *> &statements =
612         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
613     const saml2::Attribute *ret = NULL;
614
615     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
616         s != statements.end();
617         ++s) {
618         const vector<saml2::Attribute *> &attrs =
619             const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
620
621         for (vector<saml2::Attribute *>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
622             if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) &&
623                 XMLString::equals((*a)->getName(), components->elementAt(1))) {
624                 ret = *a;
625                 break;
626             }
627         }
628
629         if (ret != NULL)
630             break;
631     }
632
633     delete components;
634
635     *pAttribute = ret;
636
637     return (ret != NULL);
638 }
639
640 bool
641 gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr,
642                                          int *authenticated,
643                                          int *complete,
644                                          gss_buffer_t value,
645                                          gss_buffer_t display_value,
646                                          int *more) const
647 {
648     const saml2::Attribute *a;
649     const saml2::AttributeValue *av;
650     int nvalues, i = *more;
651
652     *more = 0;
653
654     if (!getAttribute(attr, authenticated, complete, &a))
655         return false;
656
657     nvalues = a->getAttributeValues().size();
658
659     if (i == -1)
660         i = 0;
661     else if (i >= nvalues)
662         return false;
663 #ifdef __APPLE__
664     av = (const saml2::AttributeValue *)((void *)(a->getAttributeValues().at(i)));
665 #else
666     av = dynamic_cast<const saml2::AttributeValue *>(a->getAttributeValues().at(i));
667 #endif
668     if (av != NULL) {
669         if (value != NULL) {
670             value->value = toUTF8(av->getTextContent(), true);
671             value->length = strlen((char *)value->value);
672         }
673         if (display_value != NULL) {
674             display_value->value = toUTF8(av->getTextContent(), true);
675             display_value->length = strlen((char *)value->value);
676         }
677     }
678
679     if (nvalues > ++i)
680         *more = i;
681
682     return true;
683 }
684
685 gss_any_t
686 gss_eap_saml_attr_provider::mapToAny(int authenticated GSSEAP_UNUSED,
687                                      gss_buffer_t type_id GSSEAP_UNUSED) const
688 {
689     return (gss_any_t)NULL;
690 }
691
692 void
693 gss_eap_saml_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
694                                                   gss_any_t input GSSEAP_UNUSED) const
695 {
696 }
697
698 void
699 gss_eap_saml_attr_provider::exportToBuffer(gss_buffer_t buffer) const
700 {
701     buffer->length = 0;
702     buffer->value = NULL;
703 }
704
705 bool
706 gss_eap_saml_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
707                                            const gss_buffer_t buffer)
708 {
709     return gss_eap_attr_provider::initFromBuffer(ctx, buffer);
710 }
711
712 bool
713 gss_eap_saml_attr_provider::init(void)
714 {
715     gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML,
716                                        "urn:ietf:params:gss-eap:saml-attr",
717                                        createAttrContext);
718     return true;
719 }
720
721 void
722 gss_eap_saml_attr_provider::finalize(void)
723 {
724     gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML);
725 }
726
727 gss_eap_attr_provider *
728 gss_eap_saml_attr_provider::createAttrContext(void)
729 {
730     return new gss_eap_saml_attr_provider;
731 }
732
733 OM_uint32
734 gssEapSamlAttrProvidersInit(OM_uint32 *minor)
735 {
736     if (!gss_eap_saml_assertion_provider::init() ||
737         !gss_eap_saml_attr_provider::init()) {
738         *minor = GSSEAP_SAML_INIT_FAILURE;
739         return GSS_S_FAILURE;
740     }
741
742     return GSS_S_COMPLETE;
743 }
744
745 OM_uint32
746 gssEapSamlAttrProvidersFinalize(OM_uint32 *minor)
747 {
748     gss_eap_saml_attr_provider::finalize();
749     gss_eap_saml_assertion_provider::finalize();
750
751     *minor = 0;
752     return GSS_S_COMPLETE;
753 }
Moonshot GSS-API mechanism