#include "saml2/metadata/Metadata.h"
#include "saml2/metadata/MetadataProvider.h"
-#include <log4cpp/Category.hh>
#include <xercesc/util/Base64.hpp>
+#include <xmltooling/logging.h>
#include <xmltooling/io/HTTPRequest.h>
#include <xmltooling/util/NDC.h>
#include <xmltooling/validation/ValidatorSuite.h>
using namespace opensaml::saml1p;
using namespace opensaml::saml1;
using namespace opensaml;
+using namespace xmltooling::logging;
using namespace xmltooling;
-using namespace log4cpp;
using namespace std;
namespace opensaml {
SchemaValidators.validate(xmlObject.get());
// Run through the policy.
- policy.evaluate(*response, &genericRequest);
+ pair<bool,int> minor = response->getMinorVersion();
+ policy.evaluate(
+ *response,
+ &genericRequest,
+ (minor.first && minor.second==0) ? samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM
+ );
// Check recipient URL.
auto_ptr_char recipient(response->getRecipient());
const char* recipient2 = httpRequest->getRequestURL();
+ const char* delim = strchr(recipient2, '?');
if (!recipient.get() || !*(recipient.get())) {
log.error("response missing Recipient attribute");
throw BindingException("SAML response did not contain Recipient attribute identifying intended destination.");
}
- else if (!recipient2 || !*recipient2 || strcmp(recipient.get(),recipient2)) {
- log.error("POST targeted at (%s), but delivered to (%s)", recipient.get(), recipient2 ? recipient2 : "none");
+ else if ((delim && strncmp(recipient.get(), recipient2, delim - recipient2)) || (!delim && strcmp(recipient.get(),recipient2))) {
+ log.error("POST targeted at (%s), but delivered to (%s)", recipient.get(), recipient2);
throw BindingException("SAML message delivered with POST to incorrect server URL.");
}
projects / shibboleth / cpp-opensaml.git / blobdiff