return samlconstants::SAML20P_NS;
}
+#ifndef SHIBSP_LITE
+ void generateMetadata(saml2md::SPSSODescriptor& role, const char* handlerURL) const {
+ doGenerateMetadata(role, handlerURL);
+ }
+#endif
+
private:
pair<bool,long> doRequest(
const Application& application,
#pragma warning( pop )
#endif
+ class SHIBSP_DLLLOCAL SessionInitiatorNodeFilter : public DOMNodeFilter
+ {
+ public:
+#ifdef SHIBSP_XERCESC_SHORT_ACCEPTNODE
+ short
+#else
+ FilterAction
+#endif
+ acceptNode(const DOMNode* node) const {
+ return FILTER_REJECT;
+ }
+ };
+
+ static SHIBSP_DLLLOCAL SessionInitiatorNodeFilter g_SINFilter;
+
SessionInitiator* SHIBSP_DLLLOCAL SAML2SessionInitiatorFactory(const pair<const DOMElement*,const char*>& p)
{
return new SAML2SessionInitiator(p.first, p.second);
};
SAML2SessionInitiator::SAML2SessionInitiator(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.SAML2"), nullptr, &m_remapper), m_appId(appId),
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT ".SessionInitiator.SAML2"), &g_SINFilter, &m_remapper), m_appId(appId),
m_paosNS(samlconstants::PAOS_NS), m_ecpNS(samlconstants::SAML20ECP_NS), m_paosBinding(samlconstants::SAML20_BINDING_PAOS)
#ifdef SHIBSP_LITE
,m_ecp(false)
pair<bool,const char*> outgoing = getString("outgoingBindings");
if (outgoing.first) {
dupBindings = outgoing.second;
+ trim(dupBindings);
}
else {
// No override, so we'll install a default binding precedence.
if (authnContextClassRef) {
reqContext->getAuthnContextDeclRefs().clear();
string dup(authnContextClassRef);
+ trim(dup);
vector<string> contexts;
split(contexts, dup, is_space(), algorithm::token_compress_on);
for (vector<string>::const_iterator ac = contexts.begin(); ac != contexts.end(); ++ac) {
}
pair<bool,bool> requestDelegation = getBool("requestDelegation");
- if (requestDelegation.first && requestDelegation.second && entity.first) {
- // Request delegation by including the IdP as an Audience.
- // Also specify the expected session lifetime as the bound on the assertion lifetime.
- const PropertySet* sessionProps = app.getPropertySet("Sessions");
- pair<bool,unsigned int> lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair<bool,unsigned int>(true,28800);
- if (!lifetime.first || lifetime.second == 0)
- lifetime.second = 28800;
- if (!req->getConditions())
- req->setConditions(ConditionsBuilder::buildConditions());
- req->getConditions()->setNotOnOrAfter(time(nullptr) + lifetime.second + 300);
- AudienceRestriction* audrest = AudienceRestrictionBuilder::buildAudienceRestriction();
- req->getConditions()->getConditions().push_back(audrest);
- Audience* aud = AudienceBuilder::buildAudience();
- audrest->getAudiences().push_back(aud);
- aud->setAudienceURI(entity.first->getEntityID());
+ if (requestDelegation.first && requestDelegation.second) {
+ if (entity.first) {
+ // Request delegation by including the IdP as an Audience.
+ // Also specify the expected session lifetime as the bound on the assertion lifetime.
+ const PropertySet* sessionProps = app.getPropertySet("Sessions");
+ pair<bool,unsigned int> lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair<bool,unsigned int>(true,28800);
+ if (!lifetime.first || lifetime.second == 0)
+ lifetime.second = 28800;
+ if (!req->getConditions())
+ req->setConditions(ConditionsBuilder::buildConditions());
+ req->getConditions()->setNotOnOrAfter(time(nullptr) + lifetime.second + 300);
+ AudienceRestriction* audrest = AudienceRestrictionBuilder::buildAudienceRestriction();
+ req->getConditions()->getConditions().push_back(audrest);
+ Audience* aud = AudienceBuilder::buildAudience();
+ audrest->getAudiences().push_back(aud);
+ aud->setAudienceURI(entity.first->getEntityID());
+ }
+ else {
+ m_log.warn("requestDelegation set, but IdP unknown at request time");
+ }
}
if (ECP && entityID) {
}
}
- req->setID(SAMLConfig::getConfig().generateIdentifier());
+ XMLCh* genid = SAMLConfig::getConfig().generateIdentifier();
+ req->setID(genid);
+ XMLString::release(&genid);
req->setIssueInstant(time(nullptr));
scoped_ptr<AuthnRequestEvent> ar_event(newAuthnRequestEvent(app, httpRequest));