From 6ab457e2f63d1e0698d0ece6b171043f601b3677 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Mon, 9 Oct 2006 04:15:00 +0000 Subject: [PATCH] 1.x Artifact decoder, unit test. --- saml/binding/MessageDecoder.h | 34 ++++- saml/binding/impl/MessageDecoder.cpp | 2 +- saml/saml.vcproj | 8 ++ saml/saml1/binding/SAML1ArtifactDecoder.h | 51 +++++++ saml/saml1/binding/SAML1POSTDecoder.h | 2 +- saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp | 172 +++++++++++++++++++++++ saml/saml1/binding/impl/SAML1POSTDecoder.cpp | 6 +- saml/saml2/binding/SAML2POSTDecoder.h | 2 +- saml/saml2/binding/impl/SAML2POSTDecoder.cpp | 6 +- samltest/ArtifactMapTest.h | 7 +- samltest/data/saml1/binding/SAML1Assertion.xml | 6 + samltest/saml1/binding/SAML1ArtifactTest.h | 142 +++++++++++++++++++ samltest/samltest.h | 2 + samltest/samltest.vcproj | 26 ++++ 14 files changed, 446 insertions(+), 20 deletions(-) create mode 100644 saml/saml1/binding/SAML1ArtifactDecoder.h create mode 100644 saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp create mode 100644 samltest/data/saml1/binding/SAML1Assertion.xml create mode 100644 samltest/saml1/binding/SAML1ArtifactTest.h diff --git a/saml/binding/MessageDecoder.h b/saml/binding/MessageDecoder.h index 609273f..0cfdbba 100644 --- a/saml/binding/MessageDecoder.h +++ b/saml/binding/MessageDecoder.h @@ -127,20 +127,37 @@ namespace opensaml { MAKE_NONCOPYABLE(ArtifactResolver); protected: ArtifactResolver() {} + + /** Flag controlling schema validation. */ + bool m_validate; + public: virtual ~ArtifactResolver() {} + + /** + * Controls schema validation of incoming XML messages. + * This is separate from other forms of programmatic validation of objects, + * but can detect a much wider range of syntax errors. + * + * @param validate true iff the resolver should use a validating XML parser + */ + void setValidating(bool validate=true) { + m_validate = validate; + } /** * Resolves one or more SAML 1.x artifacts into a response containing a set of * resolved Assertions. The caller is responsible for the resulting Response. * + * @param authenticated output flag set to true iff the resolution channel was authenticated * @param artifacts one or more SAML 1.x artifacts * @param idpDescriptor reference to IdP role of artifact issuer * @param trustEngine optional pointer to X509TrustEngine supplied to MessageDecoder * @return the corresponding SAML Assertions wrapped in a Response. */ virtual saml1p::Response* resolve( - const std::vector& artifacts, + bool& authenticated, + const std::vector& artifacts, const saml2md::IDPSSODescriptor& idpDescriptor, const X509TrustEngine* trustEngine=NULL ) const=0; @@ -149,12 +166,14 @@ namespace opensaml { * Resolves a SAML 2.0 artifact into the corresponding SAML protocol message. * The caller is responsible for the resulting XMLObject. * + * @param authenticated output flag set to true iff the resolution channel was authenticated * @param artifact reference to a SAML 2.0 artifact * @param ssoDescriptor reference to SSO role of artifact issuer (may be SP or IdP) * @param trustEngine optional pointer to X509TrustEngine supplied to MessageDecoder * @return the corresponding SAML protocol message or NULL */ virtual xmltooling::XMLObject* resolve( + bool& authenticated, const saml2p::SAML2Artifact& artifact, const saml2md::SSODescriptorType& ssoDescriptor, const X509TrustEngine* trustEngine=NULL @@ -170,6 +189,8 @@ namespace opensaml { */ void setArtifactResolver(ArtifactResolver* artifactResolver) { m_artifactResolver = artifactResolver; + if (m_artifactResolver) + m_artifactResolver->setValidating(m_validate); } /** @@ -181,6 +202,8 @@ namespace opensaml { */ void setValidating(bool validate=true) { m_validate = validate; + if (m_artifactResolver) + m_artifactResolver->setValidating(m_validate); } /** @@ -198,11 +221,12 @@ namespace opensaml { * * @param relayState RelayState/TARGET value accompanying message * @param issuer role descriptor of issuing party - * @param issuerTrusted will be true iff the message was authenticated (signed or obtained via secure backchannel) + * @param issuerTrusted output flag set to true iff the message was authenticated + * (signed or obtained via secure backchannel) * @param httpRequest reference to interface for accessing HTTP message to decode * @param metadataProvider optional MetadataProvider instance to authenticate the message * @param role optional, identifies the role (generally IdP or SP) of the peer who issued the message - * @param trustEngine optional X509TrustEngine to authenticate the message + * @param trustEngine optional TrustEngine to authenticate the message * @return the decoded message, or NULL if the decoder did not recognize the request content */ virtual xmltooling::XMLObject* decode( @@ -212,14 +236,14 @@ namespace opensaml { const HTTPRequest& httpRequest, const saml2md::MetadataProvider* metadataProvider=NULL, const xmltooling::QName* role=NULL, - const X509TrustEngine* trustEngine=NULL + const TrustEngine* trustEngine=NULL ) const=0; protected: MessageDecoder() : m_artifactResolver(NULL), m_validate(false) {} /** Pointer to an ArtifactResolver implementation. */ - const ArtifactResolver* m_artifactResolver; + ArtifactResolver* m_artifactResolver; /** Flag controlling schema validation. */ bool m_validate; diff --git a/saml/binding/impl/MessageDecoder.cpp b/saml/binding/impl/MessageDecoder.cpp index e867ddb..14a7d19 100644 --- a/saml/binding/impl/MessageDecoder.cpp +++ b/saml/binding/impl/MessageDecoder.cpp @@ -41,7 +41,7 @@ namespace opensaml { void SAML_API opensaml::registerMessageDecoders() { SAMLConfig& conf=SAMLConfig::getConfig(); - //conf.MessageDecoderManager.registerFactory(SAML1_ARTIFACT_DECODER, saml1p::SAML1ArtifactDecoderFactory); + conf.MessageDecoderManager.registerFactory(SAML1_ARTIFACT_DECODER, saml1p::SAML1ArtifactDecoderFactory); conf.MessageDecoderManager.registerFactory(SAML1_POST_DECODER, saml1p::SAML1POSTDecoderFactory); //conf.MessageDecoderManager.registerFactory(SAML2_ARTIFACT_DECODER, saml2p::SAML2ArtifactDecoderFactory); conf.MessageDecoderManager.registerFactory(SAML2_POST_DECODER, saml2p::SAML2POSTDecoderFactory); diff --git a/saml/saml.vcproj b/saml/saml.vcproj index 135d2c9..1fe2f1c 100644 --- a/saml/saml.vcproj +++ b/saml/saml.vcproj @@ -235,6 +235,10 @@ Name="impl" > + + @@ -530,6 +534,10 @@ Name="binding" > + + diff --git a/saml/saml1/binding/SAML1ArtifactDecoder.h b/saml/saml1/binding/SAML1ArtifactDecoder.h new file mode 100644 index 0000000..7e2da54 --- /dev/null +++ b/saml/saml1/binding/SAML1ArtifactDecoder.h @@ -0,0 +1,51 @@ +/* + * Copyright 2001-2006 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file saml/saml1/binding/SAML1ArtifactDecoder.h + * + * SAML 1.x Artifact binding/profile message decoder + */ + +#include +#include + + +namespace opensaml { + namespace saml1p { + + /** + * SAML 1.x Artifact binding/profile message decoder + */ + class SAML_API SAML1ArtifactDecoder : public MessageDecoder + { + public: + SAML1ArtifactDecoder(const DOMElement* e); + virtual ~SAML1ArtifactDecoder(); + + Response* decode( + std::string& relayState, + const saml2md::RoleDescriptor*& issuer, + bool& issuerTrusted, + const HTTPRequest& httpRequest, + const saml2md::MetadataProvider* metadataProvider=NULL, + const xmltooling::QName* role=NULL, + const TrustEngine* trustEngine=NULL + ) const; + }; + + }; +}; diff --git a/saml/saml1/binding/SAML1POSTDecoder.h b/saml/saml1/binding/SAML1POSTDecoder.h index 464a17b..0ce6524 100644 --- a/saml/saml1/binding/SAML1POSTDecoder.h +++ b/saml/saml1/binding/SAML1POSTDecoder.h @@ -43,7 +43,7 @@ namespace opensaml { const HTTPRequest& httpRequest, const saml2md::MetadataProvider* metadataProvider=NULL, const xmltooling::QName* role=NULL, - const X509TrustEngine* trustEngine=NULL + const TrustEngine* trustEngine=NULL ) const; }; diff --git a/saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp b/saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp new file mode 100644 index 0000000..2d1b23c --- /dev/null +++ b/saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp @@ -0,0 +1,172 @@ +/* + * Copyright 2001-2006 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * SAML1ArtifactDecoder.cpp + * + * SAML 1.x Artifact binding/profile message decoder + */ + +#include "internal.h" +#include "exceptions.h" +#include "saml/binding/SAMLArtifact.h" +#include "saml/binding/ReplayCache.h" +#include "saml1/binding/SAML1ArtifactDecoder.h" +#include "saml2/metadata/Metadata.h" +#include "saml2/metadata/MetadataProvider.h" +#include "security/X509TrustEngine.h" + +#include +#include + +using namespace opensaml::saml2md; +using namespace opensaml::saml1p; +using namespace opensaml::saml1; +using namespace opensaml; +using namespace xmlsignature; +using namespace xmltooling; +using namespace log4cpp; +using namespace std; + +namespace opensaml { + namespace saml1p { + MessageDecoder* SAML_DLLLOCAL SAML1ArtifactDecoderFactory(const DOMElement* const & e) + { + return new SAML1ArtifactDecoder(e); + } + }; +}; + +SAML1ArtifactDecoder::SAML1ArtifactDecoder(const DOMElement* e) {} + +SAML1ArtifactDecoder::~SAML1ArtifactDecoder() {} + +Response* SAML1ArtifactDecoder::decode( + string& relayState, + const RoleDescriptor*& issuer, + bool& issuerTrusted, + const HTTPRequest& httpRequest, + const MetadataProvider* metadataProvider, + const QName* role, + const opensaml::TrustEngine* trustEngine + ) const +{ +#ifdef _DEBUG + xmltooling::NDC ndc("decode"); +#endif + Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML1Artifact"); + + log.debug("validating input"); + if (strcmp(httpRequest.getMethod(),"GET")) + return NULL; + vector SAMLart; + const char* TARGET = httpRequest.getParameter("TARGET"); + if (httpRequest.getParameters("SAMLart", SAMLart)==0 || !TARGET) + return NULL; + relayState = TARGET; + + if (!m_artifactResolver || !metadataProvider) + throw BindingException("Artifact binding requires ArtifactResolver and MetadataProvider implementations be supplied."); + + // Import the artifacts. + vector artifacts; + for (vector::const_iterator raw=SAMLart.begin(); raw!=SAMLart.end(); ++raw) { + try { + log.debug("processing encoded artifact (%s)", *raw); + + // Check replay. + ReplayCache* replayCache = SAMLConfig::getConfig().getReplayCache(); + if (replayCache) { + if (!replayCache->check("SAML1Artifact", *raw, time(NULL) + (2*XMLToolingConfig::getConfig().clock_skew_secs))) { + log.error("replay detected of artifact (%s)", *raw); + throw BindingException("Rejecting replayed artifact ($1).", params(1,*raw)); + } + } + else + log.warn("replay cache was not provided, this is a serious security risk!"); + + artifacts.push_back(SAMLArtifact::parse(*raw)); + } + catch (ArtifactException&) { + log.error("error parsing artifact (%s)", *raw); + for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); + throw; + } + catch (XMLToolingException&) { + for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); + throw; + } + } + + issuer = NULL; + issuerTrusted = false; + log.debug("attempting to determine source of artifact(s)..."); + const EntityDescriptor* provider=metadataProvider->getEntityDescriptor(artifacts.front()); + if (!provider) { + log.error( + "metadata lookup failed, unable to determine issuer of artifact (0x%s)", + SAMLArtifact::toHex(artifacts.front()->getBytes()).c_str() + ); + for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); + throw BindingException("Metadata lookup failed, unable to determine artifact issuer"); + } + + if (log.isDebugEnabled()) { + auto_ptr_char issuer(provider->getEntityID()); + log.debug("lookup succeeded, artifact issued by (%s)", issuer.get()); + } + + log.debug("attempting to find artifact issuing role..."); + issuer=provider->getRoleDescriptor(*role, SAMLConstants::SAML11_PROTOCOL_ENUM); + if (!issuer) + issuer=provider->getRoleDescriptor(*role, SAMLConstants::SAML10_PROTOCOL_ENUM); + if (!issuer || !dynamic_cast(issuer)) { + log.error("unable to find compatible SAML role (%s) in metadata", role->toString().c_str()); + for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); + BindingException ex("Unable to find compatible metadata role for artifact issuer."); + annotateException(&ex,provider); // throws it + } + + try { + auto_ptr response( + m_artifactResolver->resolve( + issuerTrusted, + artifacts, + dynamic_cast(*issuer), + dynamic_cast(trustEngine) + ) + ); + + if (trustEngine && response->getSignature()) { + issuerTrusted = trustEngine->validate(*(response->getSignature()), *issuer, metadataProvider->getKeyResolver()); + if (!issuerTrusted) { + log.error("unable to verify signature on message with supplied trust engine"); + throw BindingException("Message signature failed verification."); + } + } + else if (!issuerTrusted) { + log.warn("unable to verify integrity of the message, leaving untrusted"); + } + + for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); + return response.release(); + } + catch (XMLToolingException& ex) { + for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); + annotateException(&ex,issuer,false); + throw; + } +} diff --git a/saml/saml1/binding/impl/SAML1POSTDecoder.cpp b/saml/saml1/binding/impl/SAML1POSTDecoder.cpp index 83f893c..de0deaa 100644 --- a/saml/saml1/binding/impl/SAML1POSTDecoder.cpp +++ b/saml/saml1/binding/impl/SAML1POSTDecoder.cpp @@ -17,7 +17,7 @@ /** * SAML1POSTDecoder.cpp * - * SAML 1.x POST binding/profile message encoder + * SAML 1.x POST binding/profile message decoder */ #include "internal.h" @@ -61,7 +61,7 @@ Response* SAML1POSTDecoder::decode( const HTTPRequest& httpRequest, const MetadataProvider* metadataProvider, const QName* role, - const X509TrustEngine* trustEngine + const opensaml::TrustEngine* trustEngine ) const { #ifdef _DEBUG @@ -153,7 +153,7 @@ Response* SAML1POSTDecoder::decode( ); if (issuer) { if (trustEngine && response->getSignature()) { - issuerTrusted = static_cast(trustEngine)->validate( + issuerTrusted = trustEngine->validate( *(response->getSignature()), *issuer, metadataProvider->getKeyResolver() ); if (!issuerTrusted) { diff --git a/saml/saml2/binding/SAML2POSTDecoder.h b/saml/saml2/binding/SAML2POSTDecoder.h index 4e49c2b..19cc520 100644 --- a/saml/saml2/binding/SAML2POSTDecoder.h +++ b/saml/saml2/binding/SAML2POSTDecoder.h @@ -41,7 +41,7 @@ namespace opensaml { const HTTPRequest& httpRequest, const saml2md::MetadataProvider* metadataProvider=NULL, const xmltooling::QName* role=NULL, - const X509TrustEngine* trustEngine=NULL + const TrustEngine* trustEngine=NULL ) const; }; diff --git a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp index bf7b55d..7fedc01 100644 --- a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp +++ b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp @@ -62,7 +62,7 @@ XMLObject* SAML2POSTDecoder::decode( const HTTPRequest& httpRequest, const MetadataProvider* metadataProvider, const QName* role, - const X509TrustEngine* trustEngine + const opensaml::TrustEngine* trustEngine ) const { #ifdef _DEBUG @@ -182,9 +182,7 @@ XMLObject* SAML2POSTDecoder::decode( issuer=provider->getRoleDescriptor(*role, SAMLConstants::SAML20P_NS); if (issuer) { if (trustEngine && signature) { - issuerTrusted = static_cast(trustEngine)->validate( - *signature, *issuer, metadataProvider->getKeyResolver() - ); + issuerTrusted = trustEngine->validate(*signature, *issuer, metadataProvider->getKeyResolver()); if (!issuerTrusted) { log.error("unable to verify signature on message with supplied trust engine"); throw BindingException("Message signature failed verification."); diff --git a/samltest/ArtifactMapTest.h b/samltest/ArtifactMapTest.h index 994fa31..8f2aa30 100644 --- a/samltest/ArtifactMapTest.h +++ b/samltest/ArtifactMapTest.h @@ -29,23 +29,20 @@ class ArtifactMapTest : public CxxTest::TestSuite public: string providerIdStr; string handle; - ArtifactMap* artifactMap; void setUp() { if (handle.empty()) { providerIdStr = "https://idp.org/SAML"; SAMLConfig::getConfig().generateRandomBytes(handle,SAML2ArtifactType0004::HANDLE_LENGTH); } - artifactMap = new ArtifactMap(); } void tearDown() { - delete artifactMap; - artifactMap=NULL; } void testArtifactMap(void) { auto_ptr response(ResponseBuilder::buildResponse()); SAML2ArtifactType0004 artifact(SAMLConfig::getConfig().hashSHA1(providerIdStr.c_str()),666,handle); - + + ArtifactMap* artifactMap = SAMLConfig::getConfig().getArtifactMap(); artifactMap->storeContent(response.get(), &artifact, providerIdStr.c_str()); response.release(); diff --git a/samltest/data/saml1/binding/SAML1Assertion.xml b/samltest/data/saml1/binding/SAML1Assertion.xml new file mode 100644 index 0000000..93167ef --- /dev/null +++ b/samltest/data/saml1/binding/SAML1Assertion.xml @@ -0,0 +1,6 @@ + + + John Doe + + diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h new file mode 100644 index 0000000..decc34f --- /dev/null +++ b/samltest/saml1/binding/SAML1ArtifactTest.h @@ -0,0 +1,142 @@ +/* + * Copyright 2001-2005 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "binding.h" + +#include +#include +#include + +using namespace opensaml::saml1p; +using namespace opensaml::saml1; + +class SAML1ArtifactTest : public CxxTest::TestSuite, + public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver { +public: + void setUp() { + m_fields.clear(); + SAMLBindingBaseTestCase::setUp(); + } + + void tearDown() { + m_fields.clear(); + SAMLBindingBaseTestCase::tearDown(); + } + + void testSAML1Artifact() { + try { + // Read message to use from file. + string path = data_path + "saml1/binding/SAML1Assertion.xml"; + ifstream in(path.c_str()); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + XercesJanitor janitor(doc); + auto_ptr toSend( + dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) + ); + janitor.release(); + + // Encode message. + auto_ptr encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML1_ARTIFACT_ENCODER, NULL)); + encoder->setArtifactGenerator(this); + encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state",m_creds); + toSend.release(); + + // Decode message. + string relayState; + const RoleDescriptor* issuer=NULL; + bool trusted=false; + QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + auto_ptr decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML1_ARTIFACT_DECODER, NULL)); + decoder->setArtifactResolver(this); + Locker locker(m_metadata); + auto_ptr response( + dynamic_cast( + decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust) + ) + ); + + // Test the results. + TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state"); + TSM_ASSERT("SAML Response not decoded successfully.", response.get()); + TSM_ASSERT("Message was not verified.", issuer && trusted); + auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); + TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); + TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); + + // Trigger a replay. + TSM_ASSERT_THROWS("Did not catch the replay.", + decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust), + BindingException); + } + catch (XMLToolingException& ex) { + TS_TRACE(ex.what()); + throw; + } + } + + const char* getMethod() const { + return "GET"; + } + + const char* getRequestURL() const { + return "https://sp.example.org/SAML/Artifact"; + } + + const char* getQueryString() const { + return NULL; + } + + SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const { + return new SAMLArtifactType0001(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/")); + } + + saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const { + throw BindingException("Not implemented."); + } + + Response* resolve( + bool& authenticated, + const vector& artifacts, + const IDPSSODescriptor& idpDescriptor, + const X509TrustEngine* trustEngine=NULL + ) const { + TSM_ASSERT_EQUALS("Too many artifacts.", artifacts.size(), 1); + XMLObject* xmlObject = + SAMLConfig::getConfig().getArtifactMap()->retrieveContent(artifacts.front(), "https://sp.example.org/"); + Assertion* assertion = dynamic_cast(xmlObject); + TSM_ASSERT("Not an assertion.", assertion!=NULL); + auto_ptr response(ResponseBuilder::buildResponse()); + response->getAssertions().push_back(assertion); + Status* status = StatusBuilder::buildStatus(); + response->setStatus(status); + StatusCode* sc = StatusCodeBuilder::buildStatusCode(); + status->setStatusCode(sc); + sc->setValue(&StatusCode::SUCCESS); + response->marshall(); + SchemaValidators.validate(response.get()); + authenticated = true; + return response.release(); + } + + XMLObject* resolve( + bool& authenticated, + const saml2p::SAML2Artifact& artifact, + const SSODescriptorType& ssoDescriptor, + const X509TrustEngine* trustEngine=NULL + ) const { + throw BindingException("Not implemented."); + } +}; diff --git a/samltest/samltest.h b/samltest/samltest.h index 938f1e8..741a9e0 100644 --- a/samltest/samltest.h +++ b/samltest/samltest.h @@ -16,6 +16,7 @@ #include "internal.h" #include +#include #include #include @@ -33,6 +34,7 @@ public: if (!SAMLConfig::getConfig().init()) return false; SAMLConfig::getConfig().setReplayCache(new ReplayCache()); + SAMLConfig::getConfig().setArtifactMap(new ArtifactMap()); if (getenv("SAMLTEST_DATA")) data_path=std::string(getenv("SAMLTEST_DATA")) + "/"; diff --git a/samltest/samltest.vcproj b/samltest/samltest.vcproj index b282259..7f6e2c8 100644 --- a/samltest/samltest.vcproj +++ b/samltest/samltest.vcproj @@ -257,6 +257,10 @@ Name="binding" > + + @@ -931,6 +935,28 @@ Name="bnding" > + + + + + + + +