2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * SessionInitiator.cpp
24 * Pluggable runtime functionality that handles initiating sessions.
28 #include "exceptions.h"
29 #include "SPRequest.h"
30 #include "handler/SessionInitiator.h"
32 using namespace shibsp;
33 using namespace xmltooling;
37 # include <saml/saml2/metadata/Metadata.h>
38 using namespace opensaml::saml2md;
42 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory ChainingSessionInitiatorFactory;
43 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory Shib1SessionInitiatorFactory;
44 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory SAML2SessionInitiatorFactory;
45 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory WAYFSessionInitiatorFactory;
46 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory SAMLDSSessionInitiatorFactory;
47 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory TransformSessionInitiatorFactory;
48 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory FormSessionInitiatorFactory;
49 SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory CookieSessionInitiatorFactory;
52 map<string,string> SessionInitiator::m_remapper;
54 void SHIBSP_API shibsp::registerSessionInitiators()
56 SPConfig& conf=SPConfig::getConfig();
57 conf.SessionInitiatorManager.registerFactory(CHAINING_SESSION_INITIATOR, ChainingSessionInitiatorFactory);
58 conf.SessionInitiatorManager.registerFactory(SHIB1_SESSION_INITIATOR, Shib1SessionInitiatorFactory);
59 conf.SessionInitiatorManager.registerFactory(SAML2_SESSION_INITIATOR, SAML2SessionInitiatorFactory);
60 conf.SessionInitiatorManager.registerFactory(WAYF_SESSION_INITIATOR, WAYFSessionInitiatorFactory);
61 conf.SessionInitiatorManager.registerFactory(SAMLDS_SESSION_INITIATOR, SAMLDSSessionInitiatorFactory);
62 conf.SessionInitiatorManager.registerFactory(TRANSFORM_SESSION_INITIATOR, TransformSessionInitiatorFactory);
63 conf.SessionInitiatorManager.registerFactory(FORM_SESSION_INITIATOR, FormSessionInitiatorFactory);
64 conf.SessionInitiatorManager.registerFactory(COOKIE_SESSION_INITIATOR, CookieSessionInitiatorFactory);
66 SessionInitiator::m_remapper["defaultACSIndex"] = "acsIndex";
69 SessionInitiator::SessionInitiator()
73 SessionInitiator::~SessionInitiator()
78 const char* SessionInitiator::getType() const
80 return "SessionInitiator";
83 void SessionInitiator::generateMetadata(SPSSODescriptor& role, const char* handlerURL) const
85 // In case any plugins were directly calling this before, we stub it out.
88 void SessionInitiator::doGenerateMetadata(SPSSODescriptor& role, const char* handlerURL) const
92 const char* loc = getString("Location").second;
93 string hurl(handlerURL);
97 auto_ptr_XMLCh widen(hurl.c_str());
99 RequestInitiator* ep = RequestInitiatorBuilder::buildRequestInitiator();
100 ep->setLocation(widen.get());
101 ep->setBinding(samlconstants::SP_REQUEST_INIT_NS);
102 Extensions* ext = role.getExtensions();
104 ext = ExtensionsBuilder::buildExtensions();
105 role.setExtensions(ext);
107 ext->getUnknownXMLObjects().push_back(ep);
111 const set<string>& SessionInitiator::getSupportedOptions() const
113 return m_supportedOptions;
116 bool SessionInitiator::checkCompatibility(SPRequest& request, bool isHandler) const
118 bool isPassive = false;
120 const char* flag = request.getParameter("isPassive");
122 isPassive = (*flag=='1' || *flag=='t');
125 pair<bool,bool> flagprop = getBool("isPassive");
126 isPassive = (flagprop.first && flagprop.second);
130 // It doesn't really make sense to use isPassive with automated sessions, but...
131 pair<bool,bool> flagprop = request.getRequestSettings().first->getBool("isPassive");
133 flagprop = getBool("isPassive");
134 isPassive = (flagprop.first && flagprop.second);
137 // Check for support of isPassive if it's used.
138 if (isPassive && getSupportedOptions().count("isPassive") == 0) {
140 log(SPRequest::SPInfo, "handler does not support isPassive option");
143 throw ConfigurationException("Unsupported option (isPassive) supplied to SessionInitiator.");
149 pair<bool,long> SessionInitiator::run(SPRequest& request, bool isHandler) const
151 cleanRelayState(request.getApplication(), request, request);
153 const char* entityID = nullptr;
154 pair<bool,const char*> param = getString("entityIDParam");
156 entityID = request.getParameter(param.first ? param.second : "entityID");
157 if (!param.first && (!entityID || !*entityID))
158 entityID=request.getParameter("providerId");
160 if (!entityID || !*entityID) {
161 param = request.getRequestSettings().first->getString("entityID");
163 entityID = param.second;
165 if (!entityID || !*entityID)
166 entityID = getString("entityID").second;
168 string copy(entityID ? entityID : "");
171 return run(request, copy, isHandler);
173 catch (exception& ex) {
174 // If it's a handler operation, and isPassive is used or returnOnError is set, we trap the error.
176 bool returnOnError = false;
177 const char* flag = request.getParameter("isPassive");
178 if (flag && (*flag == 't' || *flag == '1')) {
179 returnOnError = true;
182 pair<bool,bool> flagprop = getBool("isPassive");
183 if (flagprop.first && flagprop.second) {
184 returnOnError = true;
187 flag = request.getParameter("returnOnError");
189 returnOnError = (*flag=='1' || *flag=='t');
192 flagprop = getBool("returnOnError");
193 returnOnError = (flagprop.first && flagprop.second);
199 // Log it and attempt to recover relay state so we can get back.
200 log(SPRequest::SPError, ex.what());
201 log(SPRequest::SPInfo, "trapping SessionInitiator error condition and returning to target location");
202 flag = request.getParameter("target");
203 string target(flag ? flag : "");
204 recoverRelayState(request.getApplication(), request, request, target, false);
205 return make_pair(true, request.sendRedirect(target.c_str()));
214 AuthnRequestEvent* SessionInitiator::newAuthnRequestEvent(const Application& application, const xmltooling::HTTPRequest* request) const
216 if (!SPConfig::getConfig().isEnabled(SPConfig::Logging))
219 auto_ptr<TransactionLog::Event> event(SPConfig::getConfig().EventManager.newPlugin(AUTHNREQUEST_EVENT, nullptr));
220 AuthnRequestEvent* ar_event = dynamic_cast<AuthnRequestEvent*>(event.get());
222 ar_event->m_request = request;
223 ar_event->m_app = &application;
228 Category::getInstance(SHIBSP_LOGCAT ".SessionInitiator").warn("unable to audit event, log event object was of an incorrect type");
231 catch (exception& ex) {
232 Category::getInstance(SHIBSP_LOGCAT ".SessionInitiator").warn("exception auditing event: %s", ex.what());