MAKE_NONCOPYABLE(ArtifactResolver);\r
protected:\r
ArtifactResolver() {}\r
+ \r
+ /** Flag controlling schema validation. */\r
+ bool m_validate;\r
+\r
public:\r
virtual ~ArtifactResolver() {}\r
+\r
+ /**\r
+ * Controls schema validation of incoming XML messages.\r
+ * This is separate from other forms of programmatic validation of objects,\r
+ * but can detect a much wider range of syntax errors. \r
+ * \r
+ * @param validate true iff the resolver should use a validating XML parser\r
+ */\r
+ void setValidating(bool validate=true) {\r
+ m_validate = validate;\r
+ }\r
\r
/**\r
* Resolves one or more SAML 1.x artifacts into a response containing a set of\r
* resolved Assertions. The caller is responsible for the resulting Response. \r
* \r
+ * @param authenticated output flag set to true iff the resolution channel was authenticated\r
* @param artifacts one or more SAML 1.x artifacts\r
* @param idpDescriptor reference to IdP role of artifact issuer\r
* @param trustEngine optional pointer to X509TrustEngine supplied to MessageDecoder\r
* @return the corresponding SAML Assertions wrapped in a Response.\r
*/\r
virtual saml1p::Response* resolve(\r
- const std::vector<const SAMLArtifact*>& artifacts,\r
+ bool& authenticated,\r
+ const std::vector<SAMLArtifact*>& artifacts,\r
const saml2md::IDPSSODescriptor& idpDescriptor,\r
const X509TrustEngine* trustEngine=NULL\r
) const=0;\r
* Resolves a SAML 2.0 artifact into the corresponding SAML protocol message.\r
* The caller is responsible for the resulting XMLObject.\r
* \r
+ * @param authenticated output flag set to true iff the resolution channel was authenticated\r
* @param artifact reference to a SAML 2.0 artifact\r
* @param ssoDescriptor reference to SSO role of artifact issuer (may be SP or IdP)\r
* @param trustEngine optional pointer to X509TrustEngine supplied to MessageDecoder\r
* @return the corresponding SAML protocol message or NULL\r
*/\r
virtual xmltooling::XMLObject* resolve(\r
+ bool& authenticated,\r
const saml2p::SAML2Artifact& artifact,\r
const saml2md::SSODescriptorType& ssoDescriptor,\r
const X509TrustEngine* trustEngine=NULL\r
*/\r
void setArtifactResolver(ArtifactResolver* artifactResolver) {\r
m_artifactResolver = artifactResolver;\r
+ if (m_artifactResolver)\r
+ m_artifactResolver->setValidating(m_validate);\r
}\r
\r
/**\r
*/\r
void setValidating(bool validate=true) {\r
m_validate = validate;\r
+ if (m_artifactResolver)\r
+ m_artifactResolver->setValidating(m_validate);\r
}\r
\r
/**\r
* \r
* @param relayState RelayState/TARGET value accompanying message\r
* @param issuer role descriptor of issuing party\r
- * @param issuerTrusted will be true iff the message was authenticated (signed or obtained via secure backchannel)\r
+ * @param issuerTrusted output flag set to true iff the message was authenticated\r
+ * (signed or obtained via secure backchannel)\r
* @param httpRequest reference to interface for accessing HTTP message to decode\r
* @param metadataProvider optional MetadataProvider instance to authenticate the message\r
* @param role optional, identifies the role (generally IdP or SP) of the peer who issued the message \r
- * @param trustEngine optional X509TrustEngine to authenticate the message\r
+ * @param trustEngine optional TrustEngine to authenticate the message\r
* @return the decoded message, or NULL if the decoder did not recognize the request content\r
*/\r
virtual xmltooling::XMLObject* decode(\r
const HTTPRequest& httpRequest,\r
const saml2md::MetadataProvider* metadataProvider=NULL,\r
const xmltooling::QName* role=NULL,\r
- const X509TrustEngine* trustEngine=NULL\r
+ const TrustEngine* trustEngine=NULL\r
) const=0;\r
\r
protected:\r
MessageDecoder() : m_artifactResolver(NULL), m_validate(false) {}\r
\r
/** Pointer to an ArtifactResolver implementation. */\r
- const ArtifactResolver* m_artifactResolver;\r
+ ArtifactResolver* m_artifactResolver;\r
\r
/** Flag controlling schema validation. */\r
bool m_validate;\r