Stop setting appID to the acceptor name, adjust handling of resolver object.

diff --git a/util_shib.cpp b/util_shib.cpp
index 471d0c0..b625540 100644 (file)
--- a/util_shib.cpp
+++ b/util_shib.cpp
@@ -156,9 +156,8 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
 {
     const gss_eap_saml_assertion_provider *saml;
     const gss_eap_radius_attr_provider *radius;
-    gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
-    ShibbolethResolver *resolver;
-    OM_uint32 minor;
+    //gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
+    //OM_uint32 minor;
 
     if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
         return false;
@@ -168,13 +167,19 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
     radius = static_cast<const gss_eap_radius_attr_provider *>
         (m_manager->getProvider(ATTR_TYPE_RADIUS));
 
-    resolver = ShibbolethResolver::create();
+    auto_ptr<ShibbolethResolver> resolver(ShibbolethResolver::create());
 
+    // For now, leave ApplicationID defaulted.
+    // Later on, we could allow this via config option to the mechanism
+    // or rely on an SPRequest interface to pass in a URI identifying the
+    // acceptor.
+    /*
     if (gssCred != GSS_C_NO_CREDENTIAL &&
         gssEapDisplayName(&minor, gssCred->name, &nameBuf, NULL) == GSS_S_COMPLETE) {
         resolver->setApplicationID((const char *)nameBuf.value);
         gss_release_buffer(&minor, &nameBuf);
     }
+    */
 
     m_authenticated = false;
 
@@ -194,13 +199,9 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
         m_attributes = resolver->getResolvedAttributes();
         resolver->getResolvedAttributes().clear();
     } catch (exception &e) {
-#if 0
-        delete resolver;
-        throw e;
-#endif
+        //fprintf(stderr, "%s", e.what());
     }
 
-    delete resolver;
     return true;
 }