2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML1MessageDecoder.cpp
20 * Base class for SAML 1.x MessageDecoders.
24 #include "exceptions.h"
25 #include "binding/SecurityPolicy.h"
26 #include "saml1/binding/SAML1MessageDecoder.h"
27 #include "saml1/core/Assertions.h"
28 #include "saml1/core/Protocols.h"
29 #include "saml2/metadata/Metadata.h"
30 #include "saml2/metadata/MetadataProvider.h"
32 #include <xmltooling/logging.h>
34 using namespace opensaml::saml2md;
35 using namespace opensaml::saml1p;
36 using namespace opensaml::saml1;
37 using namespace opensaml;
38 using namespace xmltooling::logging;
39 using namespace xmltooling;
42 void SAML1MessageDecoder::extractMessageDetails(
43 const XMLObject& message, const GenericRequest& req, const XMLCh* protocol, SecurityPolicy& policy
46 // Only handle SAML 1.x protocol messages.
47 const xmltooling::QName& q = message.getElementQName();
48 if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1P_NS))
51 Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML1");
53 const Request* request=NULL;
54 const Response* response=NULL;
55 if (XMLString::equals(q.getLocalPart(), Request::LOCAL_NAME))
56 request = dynamic_cast<const Request*>(&message);
57 if (!request && XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME))
58 response = dynamic_cast<const Response*>(&message);
60 if (!request && !response) {
61 log.warn("decoder cannot extract details from non-SAML 1.x protocol message");
65 const RootObject* root = request ? static_cast<const RootObject*>(request) : static_cast<const RootObject*>(response);
67 // Extract message details.
68 policy.setMessageID(root->getID());
69 policy.setIssueInstant(root->getIssueInstantEpoch());
72 log.warn("issuer identity not extracted, only responses with assertions carry issuer information in standard SAML 1.x");
76 log.debug("extracting issuer from SAML 1.x Response");
77 const vector<saml1::Assertion*>& assertions = response->getAssertions();
78 if (assertions.empty()) {
79 log.warn("issuer identity not extracted from response (no assertions were present)");
83 const XMLCh* issuer = assertions.front()->getIssuer();
84 policy.setIssuer(issuer);
85 if (log.isDebugEnabled()) {
86 auto_ptr_char iname(issuer);
87 log.debug("response from (%s)", iname.get());
90 if (policy.getIssuerMetadata()) {
91 log.debug("metadata for issuer already set, leaving in place");
95 if (policy.getMetadataProvider() && policy.getRole()) {
96 log.debug("searching metadata for response issuer...");
97 MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria();
98 mc.entityID_unicode = issuer;
99 mc.role = policy.getRole();
100 mc.protocol = protocol;
101 pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
104 auto_ptr_char iname(issuer);
105 log.warn("no metadata found, can't establish identity of issuer (%s)", iname.get());
108 else if (!entity.second) {
109 log.warn("unable to find compatible role (%s) in metadata", policy.getRole()->toString().c_str());
112 policy.setIssuerMetadata(entity.second);