2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML1MessageDecoder.cpp
20 * Base class for SAML 1.x MessageDecoders.
24 #include "exceptions.h"
25 #include "saml1/binding/SAML1MessageDecoder.h"
26 #include "saml1/core/Assertions.h"
27 #include "saml1/core/Protocols.h"
28 #include "saml2/metadata/Metadata.h"
29 #include "saml2/metadata/MetadataProvider.h"
31 #include <xmltooling/logging.h>
33 using namespace opensaml::saml2md;
34 using namespace opensaml::saml1p;
35 using namespace opensaml::saml1;
36 using namespace opensaml;
37 using namespace xmltooling::logging;
38 using namespace xmltooling;
41 void SAML1MessageDecoder::extractMessageDetails(
42 const XMLObject& message, const GenericRequest& req, const XMLCh* protocol, SecurityPolicy& policy
45 // Only handle SAML 1.x protocol messages.
46 const QName& q = message.getElementQName();
47 if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1P_NS))
50 Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML1");
52 const Request* request=NULL;
53 const Response* response=NULL;
54 if (XMLString::equals(q.getLocalPart(), Request::LOCAL_NAME))
55 request = dynamic_cast<const Request*>(&message);
56 if (!request && XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME))
57 response = dynamic_cast<const Response*>(&message);
59 if (!request && !response) {
60 log.warn("decoder cannot extract details from non-SAML 1.x protocol message");
64 const RootObject* root = request ? static_cast<const RootObject*>(request) : static_cast<const RootObject*>(response);
66 // Extract message details.
67 policy.setMessageID(root->getID());
68 policy.setIssueInstant(root->getIssueInstantEpoch());
71 log.warn("issuer identity not extracted, only responses with assertions carry issuer information in standard SAML 1.x");
75 log.debug("extracting issuer from SAML 1.x Response");
76 const vector<saml1::Assertion*>& assertions = response->getAssertions();
77 if (assertions.empty()) {
78 log.warn("issuer identity not extracted from response (no assertions were present)");
82 const XMLCh* issuer = assertions.front()->getIssuer();
83 policy.setIssuer(issuer);
84 if (log.isDebugEnabled()) {
85 auto_ptr_char iname(issuer);
86 log.debug("response from (%s)", iname.get());
89 if (policy.getIssuerMetadata()) {
90 log.debug("metadata for issuer already set, leaving in place");
94 if (policy.getMetadataProvider() && policy.getRole()) {
95 log.debug("searching metadata for response issuer...");
97 MetadataProvider::Criteria mc(issuer, policy.getRole(), protocol);
98 pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
101 auto_ptr_char iname(issuer);
102 log.warn("no metadata found, can't establish identity of issuer (%s)", iname.get());
105 else if (!entity.second) {
106 log.warn("unable to find compatible role (%s) in metadata", policy.getRole()->toString().c_str());
109 policy.setIssuerMetadata(entity.second);