--- /dev/null
+## $Id$
+
+AUTOMAKE_OPTIONS = foreign
+
+SUBDIRS = schemas shib eduPerson test
--- /dev/null
+dnl $Id$
+
+AC_PREREQ([2.50])
+AC_INIT([shibboleth], [0.1], [mace-shib-users@internet2.edu], [shibboleth])
+AM_CONFIG_HEADER(config.h)
+AM_INIT_AUTOMAKE
+
+sinclude(acx_pthread.m4)
+
+AC_PROG_CC([gcc3 gcc cc])
+AC_PROG_CXX([g++3 g++ c++ CC])
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+
+AC_LANG(C++)
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_TYPE_SIZE_T
+AC_STRUCT_TM
+
+# Checks for library functions.
+AC_FUNC_STRFTIME
+AC_CHECK_FUNCS([strchr strdup strstr gmtime_r])
+AC_CHECK_HEADERS([dlfcn.h])
+
+# C++ requirements
+AC_CXX_REQUIRE_STL
+AC_CXX_NAMESPACES
+
+# checks for pthreads
+ACX_PTHREAD([enable_threads="pthread"],[enable_threads="no"])
+if test $enable_threads != "pthread"; then
+ AC_MSG_ERROR([unable to find pthreads, currently this is required])
+else
+ AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.])
+ LIBS="$PTHREAD_LIBS $LIBS"
+ CFLAGS="$PTHREAD_CFLAGS $CFLAGS"
+ CXXFLAGS="$PTHREAD_CFLAGS $CXXFLAGS"
+fi
+
+AC_ARG_WITH(xerces,
+ AC_HELP_STRING([--with-xerces=PATH], [where xerces-c is installed]),
+ [if test x_$with_xerces != x_/usr; then
+ LDFLAGS="-L${with_xerces}/lib $LDFLAGS"
+ CPPFLAGS="-I${with_xerces}/include $CPPFLAGS"
+ fi])
+
+
+AC_ARG_WITH(openssl,
+ AC_HELP_STRING([--with-openssl=PATH], [where openssl is installed]),
+ [if test x_$with_openssl != x_/usr; then
+ LDFLAGS="-L${with_openssl}/lib $LDFLAGS"
+ CPPFLAGS="-I${with_openssl}/include $CPPFLAGS"
+ fi])
+
+AC_ARG_WITH(log4cpp,
+ AC_HELP_STRING([--with-log4cpp=PATH], [where log4cpp is installed]),
+ [if test x_$with_log4cpp != x_/usr; then
+ LDFLAGS="-L${with_log4cpp}/lib $LDFLAGS"
+ CPPFLAGS="-I${with_log4cpp}/include $CPPFLAGS"
+ fi])
+
+AC_ARG_WITH(saml,
+ AC_HELP_STRING([--with-saml=PATH], [where saml is installed]),
+ [if test x_$with_saml != x_/usr; then
+ LDFLAGS="-L${with_saml}/lib $LDFLAGS"
+ CPPFLAGS="-I${with_saml}/include $CPPFLAGS"
+ fi])
+
+AC_CHECK_HEADER([xercesc/dom/DOM.hpp],,
+ AC_MSG_ERROR([unable to find xerces header files]))
+saved_LIBS="$LIBS"
+LIBS="-lxerces-c $LIBS"
+AC_TRY_LINK(
+ [#include <xercesc/util/PlatformUtils.hpp>],
+ [XMLPlatformUtils::Initialize()],
+ [AC_DEFINE(HAVE_LIBXERCESC,1,[Define if Xerces-C library was found])],
+ [AC_MSG_ERROR([unable to link with Xerces])
+ LIBS="$saved_LIBS"
+ ])
+
+AC_CHECK_HEADER([openssl/ssl.h],,
+ AC_MSG_ERROR([unable to find openssl header files]))
+AC_CHECK_LIB([crypto], [ERR_load_CRYPTO_strings],,
+ AC_MSG_ERROR([unable to link with openssl libraries]))
+AC_CHECK_LIB([ssl], [SSL_library_init],,
+ AC_MSG_ERROR([unable to link with openssl libraries]))
+
+AC_CHECK_HEADER([log4cpp/Category.hh],,
+ AC_MSG_ERROR([unable to find log4cpp header files]))
+
+AC_CHECK_HEADER([saml/saml.h],,
+ AC_MSG_ERROR([unable to find saml header files]))
+
+saved_LIBS="$LIBS"
+LIBS="-llog4cpp $LIBS"
+AC_TRY_LINK(
+ [#include <log4cpp/Category.hh>],
+ [log4cpp::Category::getInstance("foo")],
+ [AC_DEFINE(HAVE_LIBLOG4CPP,1,[Define if log4cpp library was found])],
+ [AC_MSG_ERROR([unable to link with log4cpp])
+ LIBS="$saved_LIBS"
+ ])
+
+saved_LIBS="$LIBS"
+LIBS="-lsaml $LIBS"
+AC_TRY_LINK(
+ [#include <saml/saml.h>],
+ [saml::SAMLConfig::getConfig()],
+ [AC_DEFINE(HAVE_SAML,1,[Define if saml library was found])],
+ [AC_MSG_ERROR([unable to link with saml])
+ LIBS="$saved_LIBS"
+ ])
+
+# output makefiles
+AC_OUTPUT(Makefile shib/Makefile schemas/Makefile eduPerson/Makefile test/Makefile)
+
--- /dev/null
+## $Id$
+
+AUTOMAKE_OPTIONS = foreign
+
+lib_LTLIBRARIES = libeduPerson.la
+
+pkginclude_HEADERS = eduPerson.h
+
+libeduPerson_la_SOURCES = \
+ eduPerson.cpp \
+ Constants.cpp \
+ AffiliationAttribute.cpp \
+ EPPNAttribute.cpp \
+ EntitlementAttribute.cpp \
+ PrimaryAffiliationAttribute.cpp \
+ ScopedAttribute.cpp
+
+# this is different from the project version
+# http://sources.redhat.com/autobook/autobook/autobook_91.html
+libeduPerson_la_LDFLAGS = -version-info 1:0:0
+
--- /dev/null
+/*
+ * The Shibboleth License, Version 1.
+ * Copyright (c) 2002
+ * University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ *
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ *
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+/* eduPerson.h - Shibboleth eduPerson attribute extensions
+
+ Scott Cantor
+ 6/4/02
+
+ $History:$
+*/
+
+#ifndef __eduPerson_h__
+#define __eduPerson_h__
+
+#include <saml/saml.h>
+
+#ifdef WIN32
+# ifndef EDUPERSON_EXPORTS
+# define EDUPERSON_EXPORTS __declspec(dllimport)
+# endif
+#else
+# define EDUPERSON_EXPORTS
+#endif
+
+namespace eduPerson
+{
+ class EDUPERSON_EXPORTS ScopedAttribute : public saml::SAMLAttribute
+ {
+ public:
+ ScopedAttribute(const XMLCh* name, const XMLCh* ns, const XMLCh* defaultScope, const saml::QName* type=NULL,
+ long lifetime=0, const saml::Iterator<const XMLCh*>& scopes=saml::Iterator<const XMLCh*>(),
+ const saml::Iterator<const XMLCh*>& values=saml::Iterator<const XMLCh*>());
+ ScopedAttribute(DOMElement* e);
+ virtual ~ScopedAttribute();
+
+ virtual DOMNode* toDOM(DOMDocument* doc=NULL, bool xmlns=true) const;
+ virtual saml::SAMLObject* clone() const;
+
+ virtual saml::Iterator<saml::xstring> getValues() const;
+ virtual saml::Iterator<std::string> getSingleByteValues() const;
+
+ static const XMLCh Scope[];
+
+ protected:
+ virtual bool accept(DOMElement* e) const;
+ virtual bool addValue(DOMElement* e);
+
+ saml::xstring m_defaultScope;
+ std::vector<saml::xstring> m_scopes;
+ mutable std::vector<saml::xstring> m_scopedValues;
+ };
+
+ class EDUPERSON_EXPORTS EPPNAttribute : public ScopedAttribute
+ {
+ public:
+ EPPNAttribute(const XMLCh* defaultScope, long lifetime=0, const XMLCh* scope=NULL, const XMLCh* value=NULL);
+ EPPNAttribute(DOMElement* e);
+ virtual ~EPPNAttribute();
+
+ virtual void addValues(DOMElement* e);
+ virtual saml::SAMLObject* clone() const;
+ };
+
+ class EDUPERSON_EXPORTS AffiliationAttribute : public ScopedAttribute
+ {
+ public:
+ AffiliationAttribute(const XMLCh* defaultScope, long lifetime=0,
+ const saml::Iterator<const XMLCh*>& scopes=saml::Iterator<const XMLCh*>(),
+ const saml::Iterator<const XMLCh*>& values=saml::Iterator<const XMLCh*>());
+ AffiliationAttribute(DOMElement* e);
+ virtual ~AffiliationAttribute();
+
+ virtual void addValues(DOMElement* e);
+ virtual saml::SAMLObject* clone() const;
+ };
+
+ class EDUPERSON_EXPORTS PrimaryAffiliationAttribute : public ScopedAttribute
+ {
+ public:
+ PrimaryAffiliationAttribute(const XMLCh* defaultScope, long lifetime=0, const XMLCh* scope=NULL, const XMLCh* value=NULL);
+ PrimaryAffiliationAttribute(DOMElement* e);
+ virtual ~PrimaryAffiliationAttribute();
+
+ virtual void addValues(DOMElement* e);
+ virtual saml::SAMLObject* clone() const;
+ };
+
+ class EDUPERSON_EXPORTS EntitlementAttribute : public saml::SAMLAttribute
+ {
+ public:
+ EntitlementAttribute(long lifetime=0, const saml::Iterator<const XMLCh*>& values=saml::Iterator<const XMLCh*>());
+ EntitlementAttribute(DOMElement* e);
+ virtual ~EntitlementAttribute();
+
+ virtual void addValues(DOMElement* e);
+ virtual saml::SAMLObject* clone() const;
+ };
+
+ struct EDUPERSON_EXPORTS XML
+ {
+ static const XMLCh EDUPERSON_NS[];
+ static const XMLCh EDUPERSON_SCHEMA_ID[];
+ };
+
+ struct EDUPERSON_EXPORTS Constants
+ {
+ static const XMLCh EDUPERSON_PRINCIPAL_NAME[];
+ static const XMLCh EDUPERSON_AFFILIATION[];
+ static const XMLCh EDUPERSON_PRIMARY_AFFILIATION[];
+ static const XMLCh EDUPERSON_ENTITLEMENT[];
+
+ static const XMLCh EDUPERSON_PRINCIPAL_NAME_TYPE[];
+ static const XMLCh EDUPERSON_AFFILIATION_TYPE[];
+ };
+}
+
+#endif
--- /dev/null
+## $Id$
+
+AUTOMAKE_OPTIONS = foreign
+
+pkgsysconfdir = $(sysconfdir)/@PACKAGE@
+pkgsysconf_DATA = \
+ cs-sstc-schema-assertion-01.xsd \
+ cs-sstc-schema-protocol-01.xsd \
+ soap-envelope.xsd \
+ xmldsig-core-schema.xsd \
+ xmldsig-filter2.xsd \
+ xml.xsd \
+ eduPerson.xsd \
+ shibboleth.xsd \
+ wayfconfig.xsd
--- /dev/null
+## $Id$
+
+AUTOMAKE_OPTIONS = foreign
+
+lib_LTLIBRARIES = libshib.la
+
+pkginclude_HEADERS = shib.h
+
+libshib_la_SOURCES = \
+ ClubShibPOSTProfile.cpp \
+ Constants.cpp \
+ SAMLBindingFactory.cpp \
+ ShibConfig.cpp \
+ ShibPOSTProfile.cpp \
+ ShibPOSTProfileFactory.cpp \
+ XML.cpp \
+ XMLOriginSiteMapper.cpp
+
+# this is different from the project version
+# http://sources.redhat.com/autobook/autobook/autobook_91.html
+libshib_la_LDFLAGS = -version-info 1:0:0
+
--- /dev/null
+/*
+ * The Shibboleth License, Version 1.
+ * Copyright (c) 2002
+ * University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ *
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ *
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+/* shib.h - Shibboleth header file
+
+ Scott Cantor
+ 6/4/02
+
+ $History:$
+*/
+
+#ifndef __shib_h__
+#define __shib_h__
+
+#include <saml/saml.h>
+
+#define SHIB_LOGCAT "Shibboleth"
+
+#ifdef WIN32
+# ifndef SHIB_EXPORTS
+# define SHIB_EXPORTS __declspec(dllimport)
+# endif
+#else
+# define SHIB_EXPORTS
+#endif
+
+namespace shibboleth
+{
+ #define DECLARE_SHIB_EXCEPTION(name,base) \
+ class SHIB_EXPORTS name : public saml::base \
+ { \
+ public: \
+ name(const char* msg) : saml::base(msg) {} \
+ name(const std::string& msg) : saml::base(msg) {} \
+ name(const saml::Iterator<saml::QName>& codes, const char* msg) : saml::base(codes,msg) {} \
+ name(const saml::Iterator<saml::QName>& codes, const std::string& msg) : saml::base(codes, msg) {} \
+ name(const saml::QName& code, const char* msg) : saml::base(code,msg) {} \
+ name(const saml::QName& code, const std::string& msg) : saml::base(code, msg) {} \
+ name(DOMElement* e) : saml::base(e) {} \
+ name(std::istream& in) : saml::base(in) {} \
+ virtual ~name() throw () {} \
+ }
+
+ DECLARE_SHIB_EXCEPTION(UnsupportedProtocolException,SAMLException);
+ DECLARE_SHIB_EXCEPTION(OriginSiteMapperException,SAMLException);
+
+ struct SHIB_EXPORTS IOriginSiteMapper
+ {
+ virtual saml::Iterator<saml::xstring> getHandleServiceNames(const XMLCh* originSite)=0;
+ virtual saml::Key* getHandleServiceKey(const XMLCh* handleService)=0;
+ virtual saml::Iterator<saml::xstring> getSecurityDomains(const XMLCh* originSite)=0;
+ virtual saml::Iterator<saml::X509Certificate*> getTrustedRoots()=0;
+ };
+
+ class SHIB_EXPORTS XMLOriginSiteMapper : public IOriginSiteMapper
+ {
+ public:
+ XMLOriginSiteMapper(const char* registryURI,
+ const saml::Iterator<saml::X509Certificate*>& roots,
+ saml::Key* verifyKey=NULL);
+ ~XMLOriginSiteMapper();
+
+ virtual saml::Iterator<saml::xstring> getHandleServiceNames(const XMLCh* originSite);
+ virtual saml::Key* getHandleServiceKey(const XMLCh* handleService);
+ virtual saml::Iterator<saml::xstring> getSecurityDomains(const XMLCh* originSite);
+ virtual saml::Iterator<saml::X509Certificate*> getTrustedRoots();
+
+ private:
+ struct OriginSite
+ {
+ std::vector<saml::xstring> m_handleServices;
+ std::vector<saml::xstring> m_domains;
+ };
+
+ std::vector<saml::X509Certificate*> m_roots;
+ std::map<saml::xstring,OriginSite*> m_sites;
+ std::map<saml::xstring,saml::Key*> m_hsKeys;
+ };
+
+ class SHIB_EXPORTS ShibPOSTProfile
+ {
+ public:
+ ShibPOSTProfile(const saml::Iterator<const XMLCh*>& policies, const XMLCh* receiver, int ttlSeconds);
+ ShibPOSTProfile(const saml::Iterator<const XMLCh*>& policies, const XMLCh* issuer);
+ virtual ~ShibPOSTProfile();
+
+ virtual saml::SAMLAssertion* getSSOAssertion(const saml::SAMLResponse& r);
+ virtual saml::SAMLAuthenticationStatement* getSSOStatement(const saml::SAMLAssertion& a);
+ virtual saml::SAMLResponse* accept(const XMLByte* buf);
+ virtual saml::SAMLResponse* prepare(const XMLCh* recipient,
+ const XMLCh* name,
+ const XMLCh* nameQualifier,
+ const XMLCh* subjectIP,
+ const XMLCh* authMethod,
+ time_t authInstant,
+ const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings,
+ const saml::Key& responseKey, const saml::X509Certificate* responseCert=NULL,
+ const saml::Key* assertionKey=NULL, const saml::X509Certificate* assertionCert=NULL);
+ virtual bool checkReplayCache(const saml::SAMLAssertion& a);
+
+ protected:
+ virtual bool verifySignature(const saml::SAMLSignedObject& obj, const XMLCh* signerName,
+ const saml::Iterator<saml::X509Certificate*>& roots, const saml::Key* knownKey);
+
+ saml::SAMLSignedObject::sigs_t m_algorithm;
+ std::vector<const XMLCh*> m_policies;
+ XMLCh* m_issuer;
+ XMLCh* m_receiver;
+ int m_ttlSeconds;
+
+ private:
+ ShibPOSTProfile(const ShibPOSTProfile&) {}
+ ShibPOSTProfile& operator=(const ShibPOSTProfile&) {return *this;}
+ };
+
+ class SHIB_EXPORTS ClubShibPOSTProfile : public ShibPOSTProfile
+ {
+ public:
+ ClubShibPOSTProfile(const saml::Iterator<const XMLCh*>& policies, const XMLCh* receiver, int ttlSeconds);
+ ClubShibPOSTProfile(const saml::Iterator<const XMLCh*>& policies, const XMLCh* issuer);
+ virtual ~ClubShibPOSTProfile();
+
+ virtual saml::SAMLResponse* prepare(const XMLCh* recipient,
+ const XMLCh* name,
+ const XMLCh* nameQualifier,
+ const XMLCh* subjectIP,
+ const XMLCh* authMethod,
+ time_t authInstant,
+ const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings,
+ const saml::Key& responseKey, const saml::X509Certificate* responseCert=NULL,
+ const saml::Key* assertionKey=NULL, const saml::X509Certificate* assertionCert=NULL);
+
+ protected:
+ virtual bool verifySignature(const saml::SAMLSignedObject& obj, const XMLCh* signerName,
+ const saml::Iterator<saml::X509Certificate*>& roots, const saml::Key* knownKey);
+ };
+
+ class SHIB_EXPORTS ShibPOSTProfileFactory
+ {
+ public:
+ static ShibPOSTProfile* getInstance(const saml::Iterator<const XMLCh*>& policies, const XMLCh* receiver, int ttlSeconds);
+ static ShibPOSTProfile* getInstance(const saml::Iterator<const XMLCh*>& policies, const XMLCh* issuer);
+ };
+
+ class SHIB_EXPORTS ShibConfig
+ {
+ public:
+ // global per-process setup and shutdown of Shibboleth runtime
+ virtual bool init();
+ virtual void term();
+
+ // enables runtime and clients to access configuration
+ static ShibConfig& getConfig();
+
+ /* start of external configuration */
+ IOriginSiteMapper* origin_mapper;
+ /* end of external configuration */
+ };
+
+ struct SHIB_EXPORTS Constants
+ {
+ static const XMLCh POLICY_CLUBSHIB[];
+ static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
+ };
+
+ class SHIB_EXPORTS XML
+ {
+ public:
+ // URI constants
+ static const XMLCh SHIB_NS[];
+ static const XMLCh SHIB_SCHEMA_ID[];
+
+ struct SHIB_EXPORTS Literals
+ {
+ // Shibboleth vocabulary
+ static const XMLCh Domain[];
+ static const XMLCh HandleService[];
+ static const XMLCh InvalidHandle[];
+ static const XMLCh Name[];
+ static const XMLCh OriginSite[];
+ static const XMLCh Sites[];
+
+ // XML vocabulary
+ static const XMLCh xmlns_shib[];
+ };
+ };
+
+
+ class SHIB_EXPORTS SAMLBindingFactory
+ {
+ public:
+ static saml::SAMLBinding* getInstance(const XMLCh* protocol=saml::SAMLBinding::SAML_SOAP_HTTPS);
+ };
+}
+
+#endif