2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file shibsp/SessionCache.h
20 * Caches and manages user sessions
23 #ifndef __shibsp_sessioncache_h__
24 #define __shibsp_sessioncache_h__
26 #include <shibsp/base.h>
27 #include <saml/saml1/core/Assertions.h>
28 #include <saml/saml2/metadata/Metadata.h>
29 #include <xmltooling/Lockable.h>
33 class SHIBSP_API Application;
34 class SHIBSP_API Attribute;
36 class SHIBSP_API Session : public virtual xmltooling::Lockable
38 MAKE_NONCOPYABLE(Session);
44 * Returns the address of the client associated with the session.
46 * @return the client's network address
48 virtual const char* getClientAddress() const=0;
51 * Returns the entityID of the IdP that initiated the session.
53 * @return the IdP's entityID
55 virtual const char* getEntityID() const=0;
58 * Returns the timestamp on the authentication event at the IdP.
60 * @return the authentication timestamp
62 virtual time_t getAuthnInstant() const=0;
65 * Returns the set of resolved attributes associated with the session.
67 * @return an immutable array of attributes
69 virtual const std::vector<const Attribute*>& getAttributes() const=0;
72 * Adds additional attributes to the session.
74 * @param attributes reference to an array of Attributes to cache (will be freed by cache)
76 virtual void addAttributes(const std::vector<Attribute*>& attributes)=0;
79 * Returns the identifiers of the assertion(s) cached by the session.
81 * <p>The SSO assertion is guaranteed to be first in the set.
83 * @return an immutable array of AssertionID values
85 virtual const std::vector<const char*>& getAssertionIDs() const=0;
88 * Returns an assertion cached by the session.
90 * @param id identifier of the assertion to retrieve
91 * @return pointer to assertion, or NULL
93 virtual const opensaml::RootObject* getAssertion(const char* id) const=0;
96 * Stores an assertion in the session.
98 * @param assertion pointer to an assertion to cache (will be freed by cache)
100 virtual void addAssertion(opensaml::RootObject* assertion)=0;
103 class SHIBSP_API SAML1Session : public virtual Session
107 virtual ~SAML1Session() {}
111 * Returns the NameIdentifier associated with a SAML 1.x session.
113 * @return reference to a SAML 1.x NameIdentifier
115 virtual const opensaml::saml1::NameIdentifier& getNameIdentifier() const=0;
118 * Returns a URI containing the AuthenticationMethod.
120 * @return a URI identifying the authentication method
122 virtual const char* getAuthenticationMethod() const=0;
126 class SHIBSP_API SAML2Session : public virtual Session
130 virtual ~SAML2Session() {}
134 * Returns the NameID associated with a SAML 2.0 session.
136 * @return reference to a SAML 2.0 NameID
138 virtual const opensaml::saml2::NameID& getNameID() const=0;
141 * Returns the SessionIndex provided with the session.
143 * @return the SessionIndex from the original SSO assertion, if any
145 virtual const char* getSessionIndex() const=0;
148 * Returns a URI containing an AuthnContextClassRef provided with the session.
150 * @return a URI identifying the authentication context class
152 virtual const char* getAuthnContextClassRef() const=0;
155 * Returns a URI containing an AuthnContextDeclRef provided with the session.
157 * @return a URI identifying the authentication context declaration
159 virtual const char* getAuthnContextDeclRef() const=0;
164 * Creates and manages user sessions
166 * The cache abstracts a persistent (meaning across requests) cache of
167 * instances of the Session interface. Creation of new entries and entry
168 * lookup are confined to this interface to enable the implementation to
169 * remote and/or optimize calls by implementing custom versions of the
170 * Session interface as required.
172 class SHIBSP_API SessionCache
174 MAKE_NONCOPYABLE(SessionCache);
180 * <p>The following XML content is supported to configure the cache:
182 * <dt>cacheTimeout</dt>
183 * <dd>attribute containing maximum lifetime in seconds for sessions in cache</dd>
184 * <dt>cleanupInterval</dt>
185 * <dd>attribute containing interval in seconds between attempts to purge expired sessions</dd>
186 * <dt>strictValidity</dt>
187 * <dd>boolean attribute indicating whether to honor SessionNotOnOrAfter information</dd>
188 * <dt>writeThrough</dt>
189 * <dd>boolean attribute indicating that every access to a session should update persistent storage</dd>
192 * @param e root of DOM tree to configure the cache
194 SessionCache(const DOMElement* e);
197 virtual ~SessionCache() {}
200 * Inserts a new session into the cache.
202 * <p>The SSO token remains owned by the caller and must be copied by the
203 * cache. Any Attributes supplied become the property of the cache.
205 * @param application reference to Application that owns the Session
206 * @param client_addr network address of client
207 * @param ssoToken reference to SSO assertion initiating the session
208 * @param issuer issuing metadata role of assertion issuer, if known
209 * @param attributes optional set of resolved Attributes to cache with session
210 * @return pointer to newly created (and locked) Session
212 virtual Session* insert(
213 const Application& application,
214 const char* client_addr,
215 const opensaml::RootObject& ssoToken,
216 const opensaml::saml2md::RoleDescriptor* issuer=NULL,
217 const std::vector<Attribute*>* attributes=NULL
221 * Locates an existing session.
223 * @param key session key
224 * @param application reference to Application that owns the Session
225 * @param client_addr network address of client (if known)
226 * @return pointer to locked Session, or NULL
228 virtual Session* find(const char* key, const Application& application, const char* client_addr)=0;
231 * Deletes an existing session.
233 * @param key session key
234 * @param application reference to Application that owns the Session
235 * @param client_addr network address of client (if known)
237 virtual void remove(const char* key, const Application& application, const char* client_addr)=0;
240 /** Remoting-aware SessionCache implementation backed by a StorageService. */
241 #define STORAGESERVICE_SESSION_CACHE "edu.internet2.middleware.shibboleth.sp.provider.StorageServiceSessionCache"
244 * Registers SessionCache classes into the runtime.
246 void SHIBSP_API registerSessionCaches();
249 #endif /* __shibsp_sessioncache_h__ */