2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML1MessageDecoder.cpp
20 * Base class for SAML 1.x MessageDecoders.
24 #include "binding/SecurityPolicy.h"
25 #include "saml1/binding/SAML1MessageDecoder.h"
26 #include "saml1/core/Assertions.h"
27 #include "saml1/core/Protocols.h"
28 #include "saml2/metadata/Metadata.h"
29 #include "saml2/metadata/MetadataProvider.h"
31 #include <xmltooling/logging.h>
33 using namespace opensaml::saml2md;
34 using namespace opensaml::saml1p;
35 using namespace opensaml::saml1;
36 using namespace opensaml;
37 using namespace xmltooling::logging;
38 using namespace xmltooling;
41 SAML1MessageDecoder::SAML1MessageDecoder()
45 SAML1MessageDecoder::~SAML1MessageDecoder()
49 const XMLCh* SAML1MessageDecoder::getProtocolFamily() const
51 return samlconstants::SAML11_PROTOCOL_ENUM;
54 void SAML1MessageDecoder::extractMessageDetails(
55 const XMLObject& message, const GenericRequest& req, const XMLCh* protocol, SecurityPolicy& policy
58 // Only handle SAML 1.x protocol messages.
59 const xmltooling::QName& q = message.getElementQName();
60 if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1P_NS))
63 Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML1");
65 const Request* request=nullptr;
66 const Response* response=nullptr;
67 if (XMLString::equals(q.getLocalPart(), Request::LOCAL_NAME))
68 request = dynamic_cast<const Request*>(&message);
69 if (!request && XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME))
70 response = dynamic_cast<const Response*>(&message);
72 if (!request && !response) {
73 log.warn("decoder cannot extract details from non-SAML 1.x protocol message");
77 const RootObject* root = request ? static_cast<const RootObject*>(request) : static_cast<const RootObject*>(response);
79 // Extract message details.
80 policy.setMessageID(root->getID());
81 policy.setIssueInstant(root->getIssueInstantEpoch());
84 log.warn("issuer identity not extracted, only responses with assertions carry issuer information in standard SAML 1.x");
88 log.debug("extracting issuer from SAML 1.x Response");
89 const vector<saml1::Assertion*>& assertions = response->getAssertions();
90 if (assertions.empty()) {
91 log.warn("issuer identity not extracted from response (no assertions were present)");
95 const XMLCh* issuer = assertions.front()->getIssuer();
96 policy.setIssuer(issuer);
97 if (log.isDebugEnabled()) {
98 auto_ptr_char iname(issuer);
99 log.debug("response from (%s)", iname.get());
102 if (policy.getIssuerMetadata()) {
103 log.debug("metadata for issuer already set, leaving in place");
107 if (policy.getMetadataProvider() && policy.getRole()) {
108 log.debug("searching metadata for response issuer...");
109 MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria();
110 mc.entityID_unicode = issuer;
111 mc.role = policy.getRole();
112 mc.protocol = protocol;
113 pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
116 auto_ptr_char iname(issuer);
117 log.warn("no metadata found, can't establish identity of issuer (%s)", iname.get());
120 else if (!entity.second) {
121 log.warn("unable to find compatible role (%s) in metadata", policy.getRole()->toString().c_str());
124 policy.setIssuerMetadata(entity.second);