#include "util/SPConstants.h"
#include <boost/bind.hpp>
-#include <boost/scoped_ptr.hpp>
#include <boost/shared_ptr.hpp>
#include <boost/algorithm/string.hpp>
#include <boost/iterator/indirect_iterator.hpp>
d.clear();
}
+ void extractAttributes(const Application&, const char*, const char*, const NameIdentifier&, ptr_vector<Attribute>&) const;
+ void extractAttributes(const Application&, const char*, const char*, const NameID&, ptr_vector<Attribute>&) const;
+ void extractAttributes(const Application&, const GenericRequest*, const char*, const char*, const saml1::Attribute&, ptr_vector<Attribute>&) const;
+ void extractAttributes(const Application&, const GenericRequest*, const char*, const char*, const saml2::Attribute&, ptr_vector<Attribute>&) const;
+ void extractAttributes(const Application&, const GenericRequest*, const char*, const char*, const saml1::AttributeStatement&, ptr_vector<Attribute>&) const;
+ void extractAttributes(const Application&, const GenericRequest*, const char*, const char*, const saml2::AttributeStatement&, ptr_vector<Attribute>&) const;
void extractAttributes(
- const Application& application,
- const char* assertingParty,
- const char* relyingParty,
- const NameIdentifier& nameid,
- ptr_vector<Attribute>& attributes
- ) const;
- void extractAttributes(
- const Application& application,
- const char* assertingParty,
- const char* relyingParty,
- const NameID& nameid,
- ptr_vector<Attribute>& attributes
- ) const;
- void extractAttributes(
- const Application& application,
- const char* assertingParty,
- const char* relyingParty,
- const saml1::Attribute& attr,
- ptr_vector<Attribute>& attributes
- ) const;
- void extractAttributes(
- const Application& application,
- const char* assertingParty,
- const char* relyingParty,
- const saml2::Attribute& attr,
- ptr_vector<Attribute>& attributes
- ) const;
- void extractAttributes(
- const Application& application,
- const char* assertingParty,
- const char* relyingParty,
- const saml1::AttributeStatement& statement,
- ptr_vector<Attribute>& attributes
- ) const;
- void extractAttributes(
- const Application& application,
- const char* assertingParty,
- const char* relyingParty,
- const saml2::AttributeStatement& statement,
- ptr_vector<Attribute>& attributes
- ) const;
- void extractAttributes(
- const Application& application,
- const ObservableMetadataProvider* observable,
- const XMLCh* entityID,
- const char* relyingParty,
- const Extensions& ext,
- ptr_vector<Attribute>& attributes
+ const Application&, const GenericRequest*, const ObservableMetadataProvider*, const XMLCh*, const char*, const Extensions&, ptr_vector<Attribute>&
) const;
void getAttributeIds(vector<string>& attributes) const {
typedef map< pair<xstring,xstring>,pair< boost::shared_ptr<AttributeDecoder>,vector<string> > > attrmap_t;
attrmap_t m_attrMap;
vector<string> m_attributeIds;
- vector< tuple<xstring,xstring,bool> > m_requestedAttrs;
+ vector< boost::tuple<xstring,xstring,bool> > m_requestedAttrs;
// settings for embedded assertions in metadata
string m_policyId;
scoped_ptr<AttributeFilter> m_filter;
scoped_ptr<MetadataProvider> m_metadata;
scoped_ptr<TrustEngine> m_trust;
- bool m_entityAssertions;
+ bool m_entityAssertions,m_metaAttrCaching;
// manages caching of decoded Attributes
scoped_ptr<RWLock> m_attrLock;
class XMLExtractor : public AttributeExtractor, public ReloadableXMLFile
{
public:
- XMLExtractor(const DOMElement* e) : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".AttributeExtractor.XML")) {
+ XMLExtractor(const DOMElement* e) : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT ".AttributeExtractor.XML")) {
+ if (m_local && m_lock)
+ m_log.warn("attribute mappings are reloadable; be sure to restart web server when adding new attribute IDs");
background_load();
}
~XMLExtractor() {
shutdown();
}
+ // deprecated method
void extractAttributes(
const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
- ) const;
+ ) const {
+ extractAttributes(application, nullptr, issuer, xmlObject, attributes);
+ }
+
+ void extractAttributes(const Application&, const GenericRequest*, const RoleDescriptor*, const XMLObject&, vector<Attribute*>&) const;
void getAttributeIds(std::vector<std::string>& attributes) const {
if (m_impl)
private:
scoped_ptr<XMLExtractorImpl> m_impl;
- void extractAttributes(
- const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, ptr_vector<Attribute>& attributes
- ) const;
+ void extractAttributes(const Application&, const GenericRequest*, const RoleDescriptor*, const XMLObject&, ptr_vector<Attribute>&) const;
};
#if defined (_MSC_VER)
return new XMLExtractor(e);
}
- static const XMLCh _aliases[] = UNICODE_LITERAL_7(a,l,i,a,s,e,s);
- static const XMLCh _AttributeDecoder[] = UNICODE_LITERAL_16(A,t,t,r,i,b,u,t,e,D,e,c,o,d,e,r);
- static const XMLCh _AttributeFilter[] = UNICODE_LITERAL_15(A,t,t,r,i,b,u,t,e,F,i,l,t,e,r);
- static const XMLCh Attributes[] = UNICODE_LITERAL_10(A,t,t,r,i,b,u,t,e,s);
- static const XMLCh _id[] = UNICODE_LITERAL_2(i,d);
- static const XMLCh isRequested[] = UNICODE_LITERAL_11(i,s,R,e,q,u,e,s,t,e,d);
- static const XMLCh _MetadataProvider[] = UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);
- static const XMLCh _name[] = UNICODE_LITERAL_4(n,a,m,e);
- static const XMLCh nameFormat[] = UNICODE_LITERAL_10(n,a,m,e,F,o,r,m,a,t);
- static const XMLCh metadataPolicyId[] = UNICODE_LITERAL_16(m,e,t,a,d,a,t,a,P,o,l,i,c,y,I,d);
- static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
- static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
+ static const XMLCh _aliases[] = UNICODE_LITERAL_7(a,l,i,a,s,e,s);
+ static const XMLCh _AttributeDecoder[] = UNICODE_LITERAL_16(A,t,t,r,i,b,u,t,e,D,e,c,o,d,e,r);
+ static const XMLCh _AttributeFilter[] = UNICODE_LITERAL_15(A,t,t,r,i,b,u,t,e,F,i,l,t,e,r);
+ static const XMLCh Attributes[] = UNICODE_LITERAL_10(A,t,t,r,i,b,u,t,e,s);
+ static const XMLCh _id[] = UNICODE_LITERAL_2(i,d);
+ static const XMLCh isRequested[] = UNICODE_LITERAL_11(i,s,R,e,q,u,e,s,t,e,d);
+ static const XMLCh _MetadataProvider[] = UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);
+ static const XMLCh metadataAttributeCaching[] = UNICODE_LITERAL_24(m,e,t,a,d,a,t,a,A,t,t,r,i,b,u,t,e,C,a,c,h,i,n,g);
+ static const XMLCh metadataPolicyId[] = UNICODE_LITERAL_16(m,e,t,a,d,a,t,a,P,o,l,i,c,y,I,d);
+ static const XMLCh _name[] = UNICODE_LITERAL_4(n,a,m,e);
+ static const XMLCh nameFormat[] = UNICODE_LITERAL_10(n,a,m,e,F,o,r,m,a,t);
+ static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
+ static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
};
XMLExtractorImpl::XMLExtractorImpl(const DOMElement* e, Category& log)
: m_log(log),
m_document(nullptr),
m_policyId(XMLHelper::getAttrString(e, nullptr, metadataPolicyId)),
- m_entityAssertions(true)
+ m_entityAssertions(true),
+ m_metaAttrCaching(XMLHelper::getAttrBool(e, true, metadataAttributeCaching))
{
#ifdef _DEBUG
xmltooling::NDC ndc("XMLExtractorImpl");
format = &chNull; // ignore default Format/Namespace values
// Fetch/create the map entry and see if it's a duplicate rule.
- pair< boost::shared_ptr<AttributeDecoder>,vector<string> >& decl = m_attrMap[pair<xstring,xstring>(name,format)];
+ // Trim the format, or the name only if the format is the default (URI).
+ pair<xstring,xstring> entryKey;
+ if (*format == chNull) {
+ auto_ptr_XMLCh copyName(name);
+ entryKey.first = copyName.get();
+ } else {
+ entryKey.first = name;
+ auto_ptr_XMLCh copyFormat(format);
+ entryKey.second = copyFormat.get();
+ }
+ pair< boost::shared_ptr<AttributeDecoder>,vector<string> >& decl = m_attrMap[entryKey];
if (decl.first) {
m_log.warn("skipping duplicate Attribute mapping (same name and nameFormat)");
child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, saml1::Attribute::LOCAL_NAME);
}
if (m_log.isInfoEnabled()) {
- auto_ptr_char n(name);
- auto_ptr_char f(format);
+ auto_ptr_char n(entryKey.first.c_str());
+ auto_ptr_char f(entryKey.second.c_str());
m_log.info("creating mapping for Attribute %s%s%s", n.get(), *f.get() ? ", Format/Namespace:" : "", f.get());
}
// Check for isRequired/isRequested.
bool requested = XMLHelper::getAttrBool(child, false, isRequested);
bool required = XMLHelper::getAttrBool(child, false, RequestedAttribute::ISREQUIRED_ATTRIB_NAME);
- if (required || requested)
- m_requestedAttrs.push_back(tuple<xstring,xstring,bool>(name,format,required));
+ if (required || requested) {
+ m_requestedAttrs.push_back(boost::tuple<xstring,xstring,bool>(entryKey.first, entryKey.second, required));
+ }
name = child->getAttributeNS(nullptr, _aliases);
if (name && *name) {
+ m_log.warn("attribute mapping rule (%s) uses deprecated aliases feature, consider revising", id.get());
auto_ptr_char aliases(name);
string dup(aliases.get());
set<string> new_aliases;
m_log.warn("skipping alias, REMOTE_USER is a reserved name");
new_aliases.erase(ru);
}
+ decl.second.insert(decl.second.end(), new_aliases.begin(), new_aliases.end());
m_attributeIds.insert(m_attributeIds.end(), new_aliases.begin(), new_aliases.end());
}
child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, saml1::Attribute::LOCAL_NAME);
}
- m_attrLock.reset(RWLock::create());
+ if (m_metaAttrCaching)
+ m_attrLock.reset(RWLock::create());
}
void XMLExtractorImpl::generateMetadata(SPSSODescriptor& role) const
static const XMLCh english[] = UNICODE_LITERAL_2(e,n);
sn->setLang(english);
- for (vector< tuple<xstring,xstring,bool> >::const_iterator i = m_requestedAttrs.begin(); i != m_requestedAttrs.end(); ++i) {
+ for (vector< boost::tuple<xstring,xstring,bool> >::const_iterator i = m_requestedAttrs.begin(); i != m_requestedAttrs.end(); ++i) {
RequestedAttribute* req = RequestedAttributeBuilder::buildRequestedAttribute();
svc->getRequestedAttributes().push_back(req);
req->setName(i->get<0>().c_str());
format = NameIdentifier::UNSPECIFIED;
attrmap_t::const_iterator rule;
if ((rule = m_attrMap.find(pair<xstring,xstring>(format,xstring()))) != m_attrMap.end()) {
- auto_ptr<Attribute> a(rule->second.first->decode(rule->second.second, &nameid, assertingParty, relyingParty));
+ auto_ptr<Attribute> a(rule->second.first->decode(nullptr, rule->second.second, &nameid, assertingParty, relyingParty));
if (a.get()) {
attributes.push_back(a.get());
a.release();
format = NameID::UNSPECIFIED;
attrmap_t::const_iterator rule;
if ((rule = m_attrMap.find(pair<xstring,xstring>(format,xstring()))) != m_attrMap.end()) {
- auto_ptr<Attribute> a(rule->second.first->decode(rule->second.second, &nameid, assertingParty, relyingParty));
+ auto_ptr<Attribute> a(rule->second.first->decode(nullptr, rule->second.second, &nameid, assertingParty, relyingParty));
if (a.get()) {
attributes.push_back(a.get());
a.release();
void XMLExtractorImpl::extractAttributes(
const Application& application,
+ const GenericRequest* request,
const char* assertingParty,
const char* relyingParty,
const saml1::Attribute& attr,
format = &chNull;
attrmap_t::const_iterator rule;
if ((rule = m_attrMap.find(pair<xstring,xstring>(name,format))) != m_attrMap.end()) {
- auto_ptr<Attribute> a(rule->second.first->decode(rule->second.second, &attr, assertingParty, relyingParty));
+ auto_ptr<Attribute> a(rule->second.first->decode(request, rule->second.second, &attr, assertingParty, relyingParty));
if (a.get()) {
attributes.push_back(a.get());
a.release();
void XMLExtractorImpl::extractAttributes(
const Application& application,
+ const GenericRequest* request,
const char* assertingParty,
const char* relyingParty,
const saml2::Attribute& attr,
format = &chNull;
attrmap_t::const_iterator rule;
if ((rule = m_attrMap.find(pair<xstring,xstring>(name,format))) != m_attrMap.end()) {
- auto_ptr<Attribute> a(rule->second.first->decode(rule->second.second, &attr, assertingParty, relyingParty));
+ auto_ptr<Attribute> a(rule->second.first->decode(request, rule->second.second, &attr, assertingParty, relyingParty));
if (a.get()) {
attributes.push_back(a.get());
a.release();
else if (XMLString::equals(format, saml2::Attribute::UNSPECIFIED)) {
// As a fallback, if the format is "unspecified", null out the value and re-map.
if ((rule = m_attrMap.find(pair<xstring,xstring>(name,xstring()))) != m_attrMap.end()) {
- auto_ptr<Attribute> a(rule->second.first->decode(rule->second.second, &attr, assertingParty, relyingParty));
+ auto_ptr<Attribute> a(rule->second.first->decode(request, rule->second.second, &attr, assertingParty, relyingParty));
if (a.get()) {
attributes.push_back(a.get());
a.release();
void XMLExtractorImpl::extractAttributes(
const Application& application,
+ const GenericRequest* request,
const char* assertingParty,
const char* relyingParty,
const saml1::AttributeStatement& statement,
) const
{
static void (XMLExtractorImpl::* extract)(
- const Application&, const char*, const char*, const saml1::Attribute&, ptr_vector<Attribute>&
+ const Application&, const GenericRequest*, const char*, const char*, const saml1::Attribute&, ptr_vector<Attribute>&
) const = &XMLExtractorImpl::extractAttributes;
for_each(
make_indirect_iterator(statement.getAttributes().begin()), make_indirect_iterator(statement.getAttributes().end()),
- boost::bind(extract, this, boost::cref(application), assertingParty, relyingParty, _1, boost::ref(attributes))
+ boost::bind(extract, this, boost::cref(application), request, assertingParty, relyingParty, _1, boost::ref(attributes))
);
}
void XMLExtractorImpl::extractAttributes(
const Application& application,
+ const GenericRequest* request,
const char* assertingParty,
const char* relyingParty,
const saml2::AttributeStatement& statement,
) const
{
static void (XMLExtractorImpl::* extract)(
- const Application&, const char*, const char*, const saml2::Attribute&, ptr_vector<Attribute>&
+ const Application&, const GenericRequest*, const char*, const char*, const saml2::Attribute&, ptr_vector<Attribute>&
) const = &XMLExtractorImpl::extractAttributes;
for_each(
make_indirect_iterator(statement.getAttributes().begin()), make_indirect_iterator(statement.getAttributes().end()),
- boost::bind(extract, this, boost::cref(application), assertingParty, relyingParty, _1, boost::ref(attributes))
+ boost::bind(extract, this, boost::cref(application), request, assertingParty, relyingParty, _1, boost::ref(attributes))
);
}
void XMLExtractorImpl::extractAttributes(
const Application& application,
+ const GenericRequest* request,
const ObservableMetadataProvider* observable,
const XMLCh* entityID,
const char* relyingParty,
map<const ObservableMetadataProvider*,decoded_t>::iterator cacheEntry;
// Check for cached result.
- if (observable) {
+ if (observable && m_metaAttrCaching) {
m_attrLock->rdlock();
cacheEntry = m_decodedMap.find(observable);
if (cacheEntry == m_decodedMap.end()) {
// Extract attributes into holding area with no asserting party set.
static void (XMLExtractorImpl::* extractV2Attr)(
- const Application&, const char*, const char*, const saml2::Attribute&, ptr_vector<Attribute>&
+ const Application&, const GenericRequest*, const char*, const char*, const saml2::Attribute&, ptr_vector<Attribute>&
) const = &XMLExtractorImpl::extractAttributes;
for_each(
make_indirect_iterator(container->getAttributes().begin()), make_indirect_iterator(container->getAttributes().end()),
- boost::bind(extractV2Attr, this, boost::ref(application), (const char*)nullptr, relyingParty, _1, boost::ref(holding))
+ boost::bind(extractV2Attr, this, boost::ref(application), request, (const char*)nullptr, relyingParty, _1, boost::ref(holding))
);
if (entityID && m_entityAssertions) {
const_cast<const saml2::AttributeStatement*>(tokencopy->getAttributeStatements().front())->getAttributes();
for_each(
make_indirect_iterator(attrs2.begin()), make_indirect_iterator(attrs2.end()),
- boost::bind(extractV2Attr, this, boost::ref(application), inlineAssertingParty.get(), relyingParty, _1, boost::ref(holding2))
+ boost::bind(extractV2Attr, this, boost::ref(application), request, inlineAssertingParty.get(), relyingParty, _1, boost::ref(holding2))
);
// Now we locally filter the attributes so that the actual issuer can be properly set.
}
void XMLExtractor::extractAttributes(
- const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
+ const Application& application, const GenericRequest* request, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
) const
{
if (!m_impl)
return;
ptr_vector<Attribute> holding;
- extractAttributes(application, issuer, xmlObject, holding);
+ extractAttributes(application, request, issuer, xmlObject, holding);
// Transfer ownership from the ptr_vector to the unsafe vector for API compatibility.
// Any throws should leave each container in a consistent state. The holding container
}
void XMLExtractor::extractAttributes(
- const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, ptr_vector<Attribute>& attributes
+ const Application& application, const GenericRequest* request, const RoleDescriptor* issuer, const XMLObject& xmlObject, ptr_vector<Attribute>& attributes
) const
{
static void (XMLExtractor::* extractEncrypted)(
- const Application&, const RoleDescriptor*, const XMLObject&, ptr_vector<Attribute>&
+ const Application&, const GenericRequest*, const RoleDescriptor*, const XMLObject&, ptr_vector<Attribute>&
) const = &XMLExtractor::extractAttributes;
static void (XMLExtractorImpl::* extractV1Statement)(
- const Application&, const char*, const char*, const saml1::AttributeStatement&, ptr_vector<Attribute>&
+ const Application&, const GenericRequest*, const char*, const char*, const saml1::AttributeStatement&, ptr_vector<Attribute>&
) const = &XMLExtractorImpl::extractAttributes;
const EntityDescriptor* entity = issuer ? dynamic_cast<const EntityDescriptor*>(issuer->getParent()) : nullptr;
const saml2::AttributeStatement* statement2 = dynamic_cast<const saml2::AttributeStatement*>(&xmlObject);
if (statement2) {
auto_ptr_char assertingParty(entity ? entity->getEntityID() : nullptr);
- m_impl->extractAttributes(application, assertingParty.get(), relyingParty, *statement2, attributes);
+ m_impl->extractAttributes(application, request, assertingParty.get(), relyingParty, *statement2, attributes);
// Handle EncryptedAttributes inline so we have access to the role descriptor.
const vector<saml2::EncryptedAttribute*>& encattrs = statement2->getEncryptedAttributes();
for_each(
make_indirect_iterator(encattrs.begin()), make_indirect_iterator(encattrs.end()),
- boost::bind(extractEncrypted, this, boost::ref(application), issuer, _1, boost::ref(attributes))
+ boost::bind(extractEncrypted, this, boost::ref(application), request, issuer, _1, boost::ref(attributes))
);
return;
}
const saml1::AttributeStatement* statement1 = dynamic_cast<const saml1::AttributeStatement*>(&xmlObject);
if (statement1) {
auto_ptr_char assertingParty(entity ? entity->getEntityID() : nullptr);
- m_impl->extractAttributes(application, assertingParty.get(), relyingParty, *statement1, attributes);
+ m_impl->extractAttributes(application, request, assertingParty.get(), relyingParty, *statement1, attributes);
return;
}
const vector<saml2::AttributeStatement*>& statements = token2->getAttributeStatements();
for (indirect_iterator<vector<saml2::AttributeStatement*>::const_iterator> s = make_indirect_iterator(statements.begin());
s != make_indirect_iterator(statements.end()); ++s) {
- m_impl->extractAttributes(application, assertingParty.get(), relyingParty, *s, attributes);
+ m_impl->extractAttributes(application, request, assertingParty.get(), relyingParty, *s, attributes);
// Handle EncryptedAttributes inline so we have access to the role descriptor.
const vector<saml2::EncryptedAttribute*>& encattrs = const_cast<const saml2::AttributeStatement&>(*s).getEncryptedAttributes();
for_each(
make_indirect_iterator(encattrs.begin()), make_indirect_iterator(encattrs.end()),
- boost::bind(extractEncrypted, this, boost::ref(application), issuer, _1, boost::ref(attributes))
+ boost::bind(extractEncrypted, this, boost::ref(application), request, issuer, _1, boost::ref(attributes))
);
}
return;
auto_ptr_char assertingParty(entity ? entity->getEntityID() : nullptr);
const vector<saml1::AttributeStatement*>& statements = token1->getAttributeStatements();
for_each(make_indirect_iterator(statements.begin()), make_indirect_iterator(statements.end()),
- boost::bind(extractV1Statement, m_impl.get(), boost::ref(application), assertingParty.get(), relyingParty, _1, boost::ref(attributes))
+ boost::bind(extractV1Statement, m_impl.get(), boost::ref(application), request, assertingParty.get(), relyingParty, _1, boost::ref(attributes))
);
return;
}
if (ext) {
m_impl->extractAttributes(
application,
+ request,
dynamic_cast<const ObservableMetadataProvider*>(application.getMetadataProvider(false)),
entityToExtract->getEntityID(),
relyingParty,
if (ext) {
m_impl->extractAttributes(
application,
+ request,
dynamic_cast<const ObservableMetadataProvider*>(application.getMetadataProvider(false)),
nullptr, // not an entity, so inline assertions won't be processed
relyingParty,
auto_ptr_char assertingParty(entity ? entity->getEntityID() : nullptr);
const saml2::Attribute* attr2 = dynamic_cast<const saml2::Attribute*>(&xmlObject);
if (attr2)
- return m_impl->extractAttributes(application, assertingParty.get(), relyingParty, *attr2, attributes);
+ return m_impl->extractAttributes(application, request, assertingParty.get(), relyingParty, *attr2, attributes);
const saml1::Attribute* attr1 = dynamic_cast<const saml1::Attribute*>(&xmlObject);
if (attr1)
- return m_impl->extractAttributes(application, assertingParty.get(), relyingParty, *attr1, attributes);
+ return m_impl->extractAttributes(application, request, assertingParty.get(), relyingParty, *attr1, attributes);
throw AttributeExtractionException("Unable to extract attributes, unknown object type.");
}
scoped_ptr<XMLObject> decrypted(encattr->decrypt(*cr, recipient, &mcc));
if (m_log.isDebugEnabled())
m_log.debugStream() << "decrypted Attribute: " << *decrypted << logging::eol;
- return extractAttributes(application, issuer, *decrypted, attributes);
+ return extractAttributes(application, request, issuer, *decrypted, attributes);
}
else {
scoped_ptr<XMLObject> decrypted(encattr->decrypt(*cr, recipient));
if (m_log.isDebugEnabled())
m_log.debugStream() << "decrypted Attribute: " << *decrypted << logging::eol;
- return extractAttributes(application, issuer, *decrypted, attributes);
+ return extractAttributes(application, request, issuer, *decrypted, attributes);
}
}
catch (std::exception& ex) {
- m_log.error("caught exception decrypting Attribute: %s", ex.what());
+ m_log.error("failed to decrypt Attribute: %s", ex.what());
return;
}
}