X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fprofile%2FBrowserSSOProfileValidator.h;fp=saml%2Fsaml2%2Fprofile%2FBrowserSSOProfileValidator.h;h=1a8a0c35ad98733c652b77cc8b7c8af8a8e70326;hp=0000000000000000000000000000000000000000;hb=1358ecc315370a4dc0c02b941195919ca2bbd4c3;hpb=e8646ec3300a6946eaf50059cefdd72ef9d52249 diff --git a/saml/saml2/profile/BrowserSSOProfileValidator.h b/saml/saml2/profile/BrowserSSOProfileValidator.h new file mode 100644 index 0000000..1a8a0c3 --- /dev/null +++ b/saml/saml2/profile/BrowserSSOProfileValidator.h @@ -0,0 +1,85 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file saml/saml2/profile/BrowserSSOProfileValidator.h + * + * SAML 2.0 Browser SSO Profile Assertion Validator + */ + +#ifndef __saml2_ssoval_h__ +#define __saml2_ssoval_h__ + +#include + +namespace opensaml { + + namespace saml2 { + + /** + * SAML 2.0 Browser SSO Profile Assertion Validator + * + *

In addition to standard core requirements for validity, SSO assertions + * MUST have NotBefore/NotOnOrAfter attributes and each subject statement + * MUST be confirmable via bearer method. + */ + class SAML_API BrowserSSOProfileValidator : public AssertionValidator + { + public: + /** + * Constructor + * + * @param audiences set of audience values representing recipient + * @param ts timestamp to evaluate assertion conditions, or 0 to bypass check + * @param destination server location to which assertion was delivered, or 0 to bypass check + * @param requestID ID of request that resulted in assertion, or NULL if unsolicited + */ + BrowserSSOProfileValidator( + const std::vector& audiences, + time_t ts=0, + const XMLCh* destination=NULL, + const XMLCh* requestID=NULL + ) : AssertionValidator(audiences, ts), m_destination(destination), m_requestID(requestID) { + } + virtual ~BrowserSSOProfileValidator() {} + + void validateAssertion(const Assertion& assertion) const; + + /** + * Return address information from the confirmed bearer SubjectConfirmation, if any. + * + * @return address information + */ + const char* getAddress() const { + return m_address.c_str(); + } + + protected: + /** Server location to which assertion was delivered. */ + const XMLCh* m_destination; + + /** ID of request that resulted in assertions. */ + const XMLCh* m_requestID; + + private: + /** Address in confirmed bearer SubjectConfirmationData. */ + mutable std::string m_address; + }; + + }; +}; + +#endif /* __saml2_ssoval_h__ */