2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML1MessageDecoder.cpp
20 * Base class for SAML 1.x MessageDecoders.
24 #include "binding/SecurityPolicy.h"
25 #include "saml1/binding/SAML1MessageDecoder.h"
26 #include "saml1/core/Assertions.h"
27 #include "saml1/core/Protocols.h"
28 #include "saml2/metadata/Metadata.h"
29 #include "saml2/metadata/MetadataProvider.h"
31 #include <xmltooling/logging.h>
33 using namespace opensaml::saml2md;
34 using namespace opensaml::saml1p;
35 using namespace opensaml::saml1;
36 using namespace opensaml;
37 using namespace xmltooling::logging;
38 using namespace xmltooling;
41 SAML1MessageDecoder::SAML1MessageDecoder()
45 SAML1MessageDecoder::~SAML1MessageDecoder()
49 void SAML1MessageDecoder::extractMessageDetails(
50 const XMLObject& message, const GenericRequest& req, const XMLCh* protocol, SecurityPolicy& policy
53 // Only handle SAML 1.x protocol messages.
54 const xmltooling::QName& q = message.getElementQName();
55 if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1P_NS))
58 Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML1");
60 const Request* request=nullptr;
61 const Response* response=nullptr;
62 if (XMLString::equals(q.getLocalPart(), Request::LOCAL_NAME))
63 request = dynamic_cast<const Request*>(&message);
64 if (!request && XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME))
65 response = dynamic_cast<const Response*>(&message);
67 if (!request && !response) {
68 log.warn("decoder cannot extract details from non-SAML 1.x protocol message");
72 const RootObject* root = request ? static_cast<const RootObject*>(request) : static_cast<const RootObject*>(response);
74 // Extract message details.
75 policy.setMessageID(root->getID());
76 policy.setIssueInstant(root->getIssueInstantEpoch());
79 log.warn("issuer identity not extracted, only responses with assertions carry issuer information in standard SAML 1.x");
83 log.debug("extracting issuer from SAML 1.x Response");
84 const vector<saml1::Assertion*>& assertions = response->getAssertions();
85 if (assertions.empty()) {
86 log.warn("issuer identity not extracted from response (no assertions were present)");
90 const XMLCh* issuer = assertions.front()->getIssuer();
91 policy.setIssuer(issuer);
92 if (log.isDebugEnabled()) {
93 auto_ptr_char iname(issuer);
94 log.debug("response from (%s)", iname.get());
97 if (policy.getIssuerMetadata()) {
98 log.debug("metadata for issuer already set, leaving in place");
102 if (policy.getMetadataProvider() && policy.getRole()) {
103 log.debug("searching metadata for response issuer...");
104 MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria();
105 mc.entityID_unicode = issuer;
106 mc.role = policy.getRole();
107 mc.protocol = protocol;
108 pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
111 auto_ptr_char iname(issuer);
112 log.warn("no metadata found, can't establish identity of issuer (%s)", iname.get());
115 else if (!entity.second) {
116 log.warn("unable to find compatible role (%s) in metadata", policy.getRole()->toString().c_str());
119 policy.setIssuerMetadata(entity.second);