/* Version number of package */
#define VERSION "2.0"
-/* Define if you wish to disable XML-Security-dependent features. */
-/* #undef XMLTOOLING_NO_XMLSEC */
-
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
namespace saml2p {
class SAML_API SAML2Artifact;
};
+ namespace saml2md {
+ class SAML_API EntityDescriptor;
+ };
/**
* Interface to SAML protocol binding message encoders.
* @param relyingParty the party that will recieve the artifact
* @return a SAML 1.x artifact with a random assertion handle
*/
- virtual SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const=0;
+ virtual SAMLArtifact* generateSAML1Artifact(const saml2md::EntityDescriptor* relyingParty) const=0;
/**
* Generate a SAML 2.0 artifact suitable for consumption by the relying party.
* @param relyingParty the party that will recieve the artifact
* @return a SAML 2.0 artifact with a random message handle
*/
- virtual saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const=0;
+ virtual saml2p::SAML2Artifact* generateSAML2Artifact(const saml2md::EntityDescriptor* relyingParty) const=0;
};
/**
* @param genericResponse reference to interface for sending transport response
* @param xmlObject XML message to encode
* @param destination destination URL for message
- * @param recipientID optional entityID of message recipient
+ * @param recipient optional message recipient
* @param relayState optional RelayState value to accompany message
* @param credential optional Credential to supply signing key
* @param signatureAlg optional signature algorithm identifier
xmltooling::GenericResponse& genericResponse,
xmltooling::XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const saml2md::EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const xmltooling::Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
#include "binding/SAMLArtifact.h"
#include "saml1/core/Assertions.h"
#include "saml1/core/Protocols.h"
+#include "saml2/metadata/Metadata.h"
#include <log4cpp/Category.hh>
#include <xmltooling/XMLToolingConfig.h>
using namespace opensaml::saml1;
using namespace opensaml::saml1p;
+using namespace opensaml::saml2md;
using namespace opensaml;
using namespace xmlsignature;
using namespace xmltooling;
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID,
+ const EntityDescriptor* recipient,
const char* relayState,
const Credential* credential,
const XMLCh* signatureAlg,
// Obtain a fresh artifact.
if (!m_artifactGenerator)
throw BindingException("SAML 1.x Artifact Encoder requires an ArtifactGenerator instance.");
- log.debug("obtaining new artifact for relying party (%s)", recipientID ? recipientID : "unknown");
- auto_ptr<SAMLArtifact> artifact(m_artifactGenerator->generateSAML1Artifact(recipientID));
+ auto_ptr_char recipientID(recipient ? recipient->getEntityID() : NULL);
+ log.debug("obtaining new artifact for relying party (%s)", recipientID.get() ? recipientID.get() : "unknown");
+ auto_ptr<SAMLArtifact> artifact(m_artifactGenerator->generateSAML1Artifact(recipient));
// Store the assertion. Last step in storage will be to delete the XML.
log.debug("storing artifact and content in map");
- mapper->storeContent(xmlObject, artifact.get(), recipientID);
+ mapper->storeContent(xmlObject, artifact.get(), recipientID.get());
// Generate redirect.
string loc = destination;
#include <xmltooling/util/TemplateEngine.h>
using namespace opensaml::saml1p;
+using namespace opensaml::saml2md;
using namespace opensaml;
using namespace xmlsignature;
using namespace xmltooling;
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID,
+ const EntityDescriptor* recipient,
const char* relayState,
const Credential* credential,
const XMLCh* signatureAlg,
#include <xmltooling/soap/SOAP.h>
using namespace opensaml::saml1p;
+using namespace opensaml::saml2md;
using namespace opensaml;
using namespace xmlsignature;
using namespace soap11;
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID,
+ const EntityDescriptor* recipient,
const char* relayState,
const Credential* credential,
const XMLCh* signatureAlg,
#include "binding/MessageEncoder.h"
#include "saml2/binding/SAML2Artifact.h"
#include "saml2/core/Protocols.h"
+#include "saml2/metadata/Metadata.h"
#include <fstream>
#include <sstream>
#include <xmltooling/util/URLEncoder.h>
using namespace opensaml::saml2p;
+using namespace opensaml::saml2md;
using namespace opensaml;
using namespace xmlsignature;
using namespace xmltooling;
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID,
+ const EntityDescriptor* recipient,
const char* relayState,
const Credential* credential,
const XMLCh* signatureAlg,
// Obtain a fresh artifact.
if (!m_artifactGenerator)
throw BindingException("SAML 2.0 HTTP-Artifact Encoder requires an ArtifactGenerator instance.");
- log.debug("obtaining new artifact for relying party (%s)", recipientID ? recipientID : "unknown");
- auto_ptr<SAMLArtifact> artifact(m_artifactGenerator->generateSAML2Artifact(recipientID));
+ auto_ptr_char recipientID(recipient ? recipient->getEntityID() : NULL);
+ log.debug("obtaining new artifact for relying party (%s)", recipientID.get() ? recipientID.get() : "unknown");
+ auto_ptr<SAMLArtifact> artifact(m_artifactGenerator->generateSAML2Artifact(recipient));
if (credential) {
// Signature based on native XML signing.
// Store the message. Last step in storage will be to delete the XML.
log.debug("storing artifact and content in map");
- mapper->storeContent(xmlObject, artifact.get(), recipientID);
+ mapper->storeContent(xmlObject, artifact.get(), recipientID.get());
if (m_template.empty()) {
// Generate redirect.
#include <xmltooling/util/TemplateEngine.h>
using namespace opensaml::saml2p;
+using namespace opensaml::saml2md;
using namespace opensaml;
using namespace xmlsignature;
using namespace xmltooling;
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID,
+ const EntityDescriptor* recipient,
const char* relayState,
const Credential* credential,
const XMLCh* signatureAlg,
#include <xmltooling/util/URLEncoder.h>
using namespace opensaml::saml2p;
+using namespace opensaml::saml2md;
using namespace opensaml;
using namespace xmlsignature;
using namespace xmltooling;
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID,
+ const EntityDescriptor* recipient,
const char* relayState,
const Credential* credential,
const XMLCh* signatureAlg,
#include <xmltooling/soap/SOAP.h>
using namespace opensaml::saml2p;
+using namespace opensaml::saml2md;
using namespace opensaml;
using namespace xmlsignature;
using namespace soap11;
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID=NULL,
+ const EntityDescriptor* recipient=NULL,
const char* relayState=NULL,
const Credential* credential=NULL,
const XMLCh* signatureAlg=NULL,
GenericResponse& genericResponse,
XMLObject* xmlObject,
const char* destination,
- const char* recipientID,
+ const EntityDescriptor* recipient,
const char* relayState,
const Credential* credential,
const XMLCh* signatureAlg,
SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)\r
);\r
encoder->setArtifactGenerator(this);\r
- encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",cred);\r
+ Locker locker(m_metadata);\r
+ encoder->encode(\r
+ *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",cred\r
+ );\r
toSend.release();\r
\r
// Decode message.\r
SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)\r
);\r
decoder->setArtifactResolver(this);\r
- Locker locker(m_metadata);\r
auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));\r
\r
// Test the results.\r
}\r
}\r
\r
- SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const {\r
+ SAMLArtifact* generateSAML1Artifact(const EntityDescriptor* relyingParty) const {\r
return new SAMLArtifactType0001(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/"));\r
}\r
\r
- saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const {\r
+ saml2p::SAML2Artifact* generateSAML2Artifact(const EntityDescriptor* relyingParty) const {\r
throw BindingException("Not implemented.");\r
}\r
\r
);
janitor.release();
- CredentialCriteria cc;\r
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);\r
- Locker clocker(m_creds);\r
- const Credential* cred = m_creds->resolve(&cc);\r
- TSM_ASSERT("Retrieved credential was null", cred!=NULL);\r
+ CredentialCriteria cc;
+ cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ Locker clocker(m_creds);
+ const Credential* cred = m_creds->resolve(&cc);
+ TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Freshen timestamp and ID.
toSend->setIssueInstant(time(NULL));
samlconstants::SAML1_PROFILE_BROWSER_POST, encoder_config->getDocumentElement()
)
);
- encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",cred);
+
+ Locker locker(m_metadata);
+ encoder->encode(
+ *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",cred
+ );
toSend.release();
// Decode message.
auto_ptr<MessageDecoder> decoder(
SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_POST, NULL)
);
- Locker locker(m_metadata);
auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
// Test the results.
SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_ARTIFACT, NULL)\r
);\r
encoder->setArtifactGenerator(this);\r
- encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",cred);\r
+ Locker locker(m_metadata);
+ encoder->encode(
+ *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",cred
+ );
toSend.release();\r
\r
// Decode message.\r
SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_ARTIFACT, NULL)\r
);\r
decoder->setArtifactResolver(this);\r
- Locker locker(m_metadata);\r
auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));\r
\r
// Test the results.\r
}\r
}\r
\r
- SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const {\r
+ SAMLArtifact* generateSAML1Artifact(const EntityDescriptor* relyingParty) const {\r
throw BindingException("Not implemented.");\r
}\r
\r
- saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const {\r
+ saml2p::SAML2Artifact* generateSAML2Artifact(const EntityDescriptor* relyingParty) const {\r
return new SAML2ArtifactType0004(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/"),1);\r
}\r
\r
);
janitor.release();
- CredentialCriteria cc;\r
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);\r
- Locker clocker(m_creds);\r
- const Credential* cred = m_creds->resolve(&cc);\r
- TSM_ASSERT("Retrieved credential was null", cred!=NULL);\r
+ CredentialCriteria cc;
+ cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ Locker clocker(m_creds);
+ const Credential* cred = m_creds->resolve(&cc);
+ TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Freshen timestamp and ID.
toSend->setIssueInstant(time(NULL));
samlconstants::SAML20_BINDING_HTTP_POST, encoder_config->getDocumentElement()
)
);
- encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",cred);
+ Locker locker(m_metadata);
+ encoder->encode(
+ *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",cred
+ );
toSend.release();
// Decode message.
auto_ptr<MessageDecoder> decoder(
SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_POST, NULL)
);
- Locker locker(m_metadata);
auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
// Test the results.
);
janitor.release();
- CredentialCriteria cc;\r
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);\r
- Locker clocker(m_creds);\r
- const Credential* cred = m_creds->resolve(&cc);\r
- TSM_ASSERT("Retrieved credential was null", cred!=NULL);\r
+ CredentialCriteria cc;
+ cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ Locker clocker(m_creds);
+ const Credential* cred = m_creds->resolve(&cc);
+ TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Freshen timestamp and ID.
toSend->setIssueInstant(time(NULL));
samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, encoder_config->getDocumentElement()
)
);
- encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",cred);
+ Locker locker(m_metadata);
+ encoder->encode(
+ *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",cred
+ );
toSend.release();
// Decode message.
auto_ptr<MessageDecoder> decoder(
SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, NULL)
);
- Locker locker(m_metadata);
auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
// Test the results.
);
janitor.release();
- CredentialCriteria cc;\r
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);\r
- Locker clocker(m_creds);\r
- const Credential* cred = m_creds->resolve(&cc);\r
- TSM_ASSERT("Retrieved credential was null", cred!=NULL);\r
+ CredentialCriteria cc;
+ cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ Locker clocker(m_creds);
+ const Credential* cred = m_creds->resolve(&cc);
+ TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Freshen timestamp and ID.
toSend->setIssueInstant(time(NULL));
auto_ptr<MessageEncoder> encoder(
SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_REDIRECT, NULL)
);
- encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",cred);
+ Locker locker(m_metadata);
+ encoder->encode(
+ *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",cred
+ );
toSend.release();
// Decode message.
auto_ptr<MessageDecoder> decoder(
SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_REDIRECT, NULL)
);
- Locker locker(m_metadata);
auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
// Test the results.