-<?xml version="1.0" encoding="UTF-8"?><?fileVersion 4.0.0?><cproject>\r
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>\r
+<?fileVersion 4.0.0?>\r
+\r
+<cproject>\r
<storageModule moduleId="org.eclipse.cdt.core.settings">\r
<cconfiguration id="converted.config.1630818620">\r
\r
<storageModule moduleId="org.eclipse.cdt.core.language.mapping"/>\r
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>\r
\r
+\r
+<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>\r
+\r
<storageModule moduleId="org.eclipse.cdt.core.pathentry">\r
+<pathentry include="C:/log4shib-1.0/include" kind="inc" path="" system="true"/>\r
+<pathentry include="C:/xerces-c_2_8_0-x86-windows-vc_8_0/include" kind="inc" path="" system="true"/>\r
+<pathentry base-path="cpp-xmltooling" include="" kind="inc" path="" system="true"/>\r
+<pathentry base-path="cpp-opensaml2" include="" kind="inc" path="" system="true"/>\r
+<pathentry base-path="cpp-sp" include="shibsp" kind="inc" path="" system="true"/>\r
+<pathentry base-path="cpp-sp" include="" kind="inc" path="" system="true"/>\r
<pathentry kind="out" path=""/>\r
<pathentry excluding="util/|impl/|security/|metadata/|remoting/|remoting/impl/|attribute/|binding/|binding/impl/|attribute/resolver/|attribute/resolver/impl/|handler/|handler/impl/|attribute/filtering/|attribute/filtering/impl/|lite/" kind="src" path="shibsp"/>\r
<pathentry excluding="resolver/|resolver/impl/|filtering/|filtering/impl/" kind="src" path="shibsp/attribute"/>\r
#ifndef SHIBSP_LITE
# include <shibsp/attribute/resolver/ResolutionContext.h>
+# include <shibsp/metadata/MetadataProviderCriteria.h>
# include <saml/SAMLConfig.h>
# include <saml/saml1/core/Assertions.h>
# include <saml/saml1/profile/AssertionValidator.h>
// Use metadata to invoke the SSO service directly.
MetadataProvider* m=app.getMetadataProvider();
Locker locker(m);
- MetadataProvider::Criteria mc(entityID, &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get());
+ MetadataProviderCriteria mc(app, entityID, &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get());
pair<const EntityDescriptor*,const RoleDescriptor*> entity=m->getEntityDescriptor(mc);
if (!entity.first) {
m_log.warn("unable to locate metadata for provider (%s)", entityID);
// With a session in hand, we can create a request message, if we can find a compatible endpoint.
MetadataProvider* m=application.getMetadataProvider();
Locker metadataLocker(m);
- MetadataProvider::Criteria mc(session->getEntityID(), &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get());
+ MetadataProviderCriteria mc(application, session->getEntityID(), &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get());
pair<const EntityDescriptor*,const RoleDescriptor*> entity=m->getEntityDescriptor(mc);
if (!entity.first) {
throw MetadataException(
virtual const PropertySet* getRelyingParty(const opensaml::saml2md::EntityDescriptor* provider) const=0;
/**
+ * Returns configuration properties governing security interactions with a named peer.
+ *
+ * @param entityID a peer name
+ * @return the applicable PropertySet
+ */
+ virtual const PropertySet* getRelyingParty(const XMLCh* entityID) const=0;
+
+ /**
* Returns any additional audience values associated with this Application.
*
* @return additional audience values associated with the Application, or NULL
lite/SAMLConstants.h
mdinclude_HEADERS = \
- metadata/MetadataExt.h
+ metadata/MetadataExt.h \
+ metadata/MetadataProviderCriteria.h
reminclude_HEADERS = \
remoting/ddf.h \
attribute/resolver/impl/XMLAttributeExtractor.cpp \
binding/impl/ArtifactResolver.cpp \
binding/impl/SOAPClient.cpp \
+ metadata/DynamicMetadataProvider.cpp \
metadata/MetadataExtImpl.cpp \
metadata/MetadataExtSchemaValidators.cpp \
security/PKIXTrustEngine.cpp \
#include "attribute/resolver/AttributeResolver.h"
#include "attribute/resolver/ResolutionContext.h"
#include "binding/SOAPClient.h"
+#include "metadata/MetadataProviderCriteria.h"
#include "util/SPConstants.h"
#include <saml/exceptions.h>
m_metadata = m_app.getMetadataProvider(false);
if (m_metadata) {
m_metadata->lock();
- return m_entity = m_metadata->getEntityDescriptor(MetadataProvider::Criteria(m_session->getEntityID())).first;
+ return m_entity = m_metadata->getEntityDescriptor(MetadataProviderCriteria(m_app, m_session->getEntityID())).first;
}
}
return NULL;
/*
* Copyright 2001-2007 Internet2
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
/**
* AssertionConsumerService.cpp
- *
- * Base class for handlers that create sessions by consuming SSO protocol responses.
+ *
+ * Base class for handlers that create sessions by consuming SSO protocol responses.
*/
#include "internal.h"
# include "attribute/resolver/AttributeExtractor.h"
# include "attribute/resolver/AttributeResolver.h"
# include "attribute/resolver/ResolutionContext.h"
+# include "metadata/MetadataProviderCriteria.h"
# include "security/SecurityPolicy.h"
# include <saml/SAMLConfig.h>
# include <saml/saml1/core/Assertions.h>
{
string relayState;
SPConfig& conf = SPConfig::getConfig();
-
+
if (conf.isEnabled(SPConfig::OutOfProcess)) {
// When out of process, we run natively and directly process the message.
return processMessage(request.getApplication(), request, request);
m_log.error("couldn't find application (%s) for new session", aid ? aid : "(missing)");
throw ConfigurationException("Unable to locate application for new session, deleted?");
}
-
+
// Unpack the request.
auto_ptr<HTTPRequest> req(getRequest(in));
pair<bool,const char*> policyId = getString("policyId", m_configNS.get()); // namespace-qualified if inside handler element
if (!policyId.first)
policyId = application.getString("policyId"); // unqualified in Application(s) element
-
+
// Access policy properties.
const PropertySet* settings = application.getServiceProvider().getPolicySettings(policyId.second);
pair<bool,bool> validate = settings->getBool("validate");
// Create the policy.
shibsp::SecurityPolicy policy(application, &m_role, validate.first && validate.second);
-
+
string relayState;
try {
implementProtocol(application, httpRequest, httpResponse, policy, settings, *msg.get());
auto_ptr_char issuer(policy.getIssuer() ? policy.getIssuer()->getName() : NULL);
-
+
// History cookie.
if (issuer.get() && *issuer.get())
maintainHistory(application, httpRequest, httpResponse, issuer.get());
{
if (!issuedTo || !*issuedTo)
return;
-
+
const PropertySet* props=application.getPropertySet("Sessions");
pair<bool,bool> checkAddress = props ? props->getBool("checkAddress") : make_pair(false,true);
if (!checkAddress.first)
}
}
}
-
+
try {
AttributeResolver* resolver = application.getAttributeResolver();
if (resolver) {
catch (exception& ex) {
m_log.error("attribute resolution failed: %s", ex.what());
}
-
+
if (!resolvedAttributes.empty()) {
// Attach global prefix if needed.
pair<bool,const char*> prefix = application.getString("attributePrefix");
return;
}
m_log.debug("searching metadata for assertion issuer...");
- MetadataProvider::Criteria mc(policy.getIssuer()->getName(), &IDPSSODescriptor::ELEMENT_QNAME, protocol);
- pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
+ pair<const EntityDescriptor*,const RoleDescriptor*> entity;
+ shibsp::SecurityPolicy* sppol = dynamic_cast<shibsp::SecurityPolicy*>(&policy);
+ if (sppol) {
+ MetadataProviderCriteria mc(sppol->getApplication(), policy.getIssuer()->getName(), &IDPSSODescriptor::ELEMENT_QNAME, protocol);
+ entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
+ }
+ else {
+ MetadataProvider::Criteria mc(policy.getIssuer()->getName(), &IDPSSODescriptor::ELEMENT_QNAME, protocol);
+ entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
+ }
if (!entity.first) {
auto_ptr_char iname(policy.getIssuer()->getName());
m_log.warn("no metadata found, can't establish identity of issuer (%s)", iname.get());
#include "handler/AbstractHandler.h"
#include "handler/RemotedHandler.h"
+#ifndef SHIBSP_LITE
+# include "metadata/MetadataProviderCriteria.h"
+#endif
+
#include <xercesc/framework/LocalFileInputSource.hpp>
#include <xercesc/framework/Wrapper4InputSource.hpp>
if (entityID) {
MetadataProvider* m=application.getMetadataProvider();
Locker locker(m);
- MetadataProvider::Criteria mc(entityID);
+ MetadataProviderCriteria mc(application, entityID);
relyingParty = application.getRelyingParty(m->getEntityDescriptor(mc).first);
}
else {
- relyingParty = application.getRelyingParty(NULL);
+ relyingParty = &application;
}
EntityDescriptor* entity;
#ifndef SHIBSP_LITE
# include "SessionCacheEx.h"
# include "security/SecurityPolicy.h"
+# include "metadata/MetadataProviderCriteria.h"
# include "util/TemplateParameters.h"
# include <fstream>
# include <saml/SAMLConfig.h>
// We need metadata to issue a response.
MetadataProvider* m = application.getMetadataProvider();
Locker metadataLocker(m);
- MetadataProvider::Criteria mc(request.getParameter("entityID"), &IDPSSODescriptor::ELEMENT_QNAME, samlconstants::SAML20P_NS);
+ MetadataProviderCriteria mc(application, request.getParameter("entityID"), &IDPSSODescriptor::ELEMENT_QNAME, samlconstants::SAML20P_NS);
pair<const EntityDescriptor*,const RoleDescriptor*> entity = m->getEntityDescriptor(mc);
if (!entity.first) {
throw MetadataException(
#ifndef SHIBSP_LITE
# include "binding/SOAPClient.h"
+# include "metadata/MetadataProviderCriteria.h"
# include <saml/SAMLConfig.h>
# include <saml/saml2/core/Protocols.h>
# include <saml/saml2/binding/SAML2SOAPClient.h>
// With a session in hand, we can create a LogoutRequest message, if we can find a compatible endpoint.
MetadataProvider* m = application.getMetadataProvider();
Locker metadataLocker(m);
- MetadataProvider::Criteria mc(session->getEntityID(), &IDPSSODescriptor::ELEMENT_QNAME, samlconstants::SAML20P_NS);
+ MetadataProviderCriteria mc(application, session->getEntityID(), &IDPSSODescriptor::ELEMENT_QNAME, samlconstants::SAML20P_NS);
pair<const EntityDescriptor*,const RoleDescriptor*> entity = m->getEntityDescriptor(mc);
if (!entity.first) {
throw MetadataException(
#include "util/SPConstants.h"
#ifndef SHIBSP_LITE
+# include "metadata/MetadataProviderCriteria.h"
# include <saml/SAMLConfig.h>
# include <saml/saml2/core/Protocols.h>
# include <saml/saml2/metadata/EndpointManager.h>
}
else {
// Use metadata to locate the IdP's SSO service.
- MetadataProvider::Criteria mc(entityID, &IDPSSODescriptor::ELEMENT_QNAME, samlconstants::SAML20P_NS);
+ MetadataProviderCriteria mc(app, entityID, &IDPSSODescriptor::ELEMENT_QNAME, samlconstants::SAML20P_NS);
entity=m->getEntityDescriptor(mc);
if (!entity.first) {
m_log.warn("unable to locate metadata for provider (%s)", entityID);
#include "util/SPConstants.h"
#ifndef SHIBSP_LITE
+# include "metadata/MetadataProviderCriteria.h"
# include <saml/saml2/metadata/Metadata.h>
# include <saml/saml2/metadata/EndpointManager.h>
#endif
// Use metadata to invoke the SSO service directly.
MetadataProvider* m=app.getMetadataProvider();
Locker locker(m);
- MetadataProvider::Criteria mc(entityID, &IDPSSODescriptor::ELEMENT_QNAME, shibspconstants::SHIB1_PROTOCOL_ENUM);
+ MetadataProviderCriteria mc(app, entityID, &IDPSSODescriptor::ELEMENT_QNAME, shibspconstants::SHIB1_PROTOCOL_ENUM);
pair<const EntityDescriptor*,const RoleDescriptor*> entity = m->getEntityDescriptor(mc);
if (!entity.first) {
m_log.warn("unable to locate metadata for provider (%s)", entityID);
using namespace shibsp;
#ifndef SHIBSP_LITE
# include "SessionCache.h"
+# include "metadata/MetadataProviderCriteria.h"
# include <saml/version.h>
using namespace opensaml::saml2md;
using namespace opensaml;
if (param) {
MetadataProvider* m = application.getMetadataProvider();
Locker mlock(m);
- relyingParty = application.getRelyingParty(m->getEntityDescriptor(MetadataProvider::Criteria(param)).first);
+ relyingParty = application.getRelyingParty(m->getEntityDescriptor(MetadataProviderCriteria(application, param)).first);
}
else {
- relyingParty = application.getRelyingParty(NULL);
+ relyingParty = &application;
}
s << "<Application id='" << application.getId() << "' entityID='" << relyingParty->getString("entityID").second << "'/>";
#include "util/SPConstants.h"
#ifndef SHIBSP_LITE
+# include "metadata/MetadataProviderCriteria.h"
# include <saml/saml2/metadata/Metadata.h>
#endif
#include <xmltooling/XMLToolingConfig.h>
MetadataProvider* m=application.getMetadataProvider();
Locker locker(m);
- MetadataProvider::Criteria mc(entityID.c_str(), &IDPSSODescriptor::ELEMENT_QNAME);
+ MetadataProviderCriteria mc(application, entityID.c_str(), &IDPSSODescriptor::ELEMENT_QNAME);
pair<const EntityDescriptor*,const RoleDescriptor*> entity;
if (!m_alwaysRun) {
// First check the original value, it might be valid already.
return (!m_credResolver && m_base) ? m_base->getCredentialResolver() : m_credResolver;
}
const PropertySet* getRelyingParty(const EntityDescriptor* provider) const;
+ const PropertySet* getRelyingParty(const XMLCh* entityID) const;
const vector<const XMLCh*>* getAudiences() const {
return (m_audiences.empty() && m_base) ? m_base->getAudiences() : &m_audiences;
}
return this;
}
+const PropertySet* XMLApplication::getRelyingParty(const XMLCh* entityID) const
+{
+ if (!entityID)
+ return this;
+
+#ifdef HAVE_GOOD_STL
+ map<xstring,PropertySet*>::const_iterator i=m_partyMap.find(entityID);
+ if (i!=m_partyMap.end())
+ return i->second;
+#else
+ map<const XMLCh*,PropertySet*>::const_iterator i=m_partyMap.begin();
+ for (; i!=m_partyMap.end(); i++) {
+ if (XMLString::equals(i->first,entityID))
+ return i->second;
+ }
+#endif
+ return this;
+}
+
#endif
string XMLApplication::getNotificationURL(const char* resource, bool front, unsigned int index) const
if (m_appmap.count(iapp->getId()))
log.crit("found conf:ApplicationOverride element with duplicate id attribute (%s), skipping it", iapp->getId());
else {
- const char* iappid=iapp->getId();\r
- m_appmap[iappid]=iapp.release();\r
+ const char* iappid=iapp->getId();
+ m_appmap[iappid]=iapp.release();
}
child = XMLHelper::getNextSiblingElement(child,ApplicationOverride);
--- /dev/null
+/*
+ * Copyright 2001-2008 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * DynamicMetadataProvider.cpp
+ *
+ * Advanced implementation of a dynamic caching MetadataProvider.
+ */
+
+#include "internal.h"
+#include "exceptions.h"
+#include "ServiceProvider.h"
+#include "metadata/MetadataProviderCriteria.h"
+
+#include <saml/version.h>
+#include <saml/binding/SAMLArtifact.h>
+#include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/DynamicMetadataProvider.h>
+
+#include <xmltooling/logging.h>
+#include <xmltooling/util/NDC.h>
+#include <xmltooling/security/Credential.h>
+#include <xmltooling/security/CredentialCriteria.h>
+#include <xmltooling/security/CredentialResolver.h>
+#include <xmltooling/security/X509TrustEngine.h>
+#include <xmltooling/soap/HTTPSOAPTransport.h>
+#include <xmltooling/util/XMLHelper.h>
+
+#include <xercesc/framework/Wrapper4InputSource.hpp>
+#include <xercesc/util/XMLUniDefs.hpp>
+
+using namespace shibsp;
+using namespace opensaml;
+using namespace xmltooling::logging;
+using namespace xmltooling;
+using namespace std;
+
+namespace shibsp {
+ class SAML_DLLLOCAL DummyCredentialResolver : public CredentialResolver
+ {
+ public:
+ DummyCredentialResolver() {}
+ ~DummyCredentialResolver() {}
+
+ Lockable* lock() {return this;}
+ void unlock() {}
+
+ const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;}
+ vector<const Credential*>::size_type resolve(
+ vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+ ) const {return 0;}
+ };
+
+ class SHIBSP_DLLLOCAL DynamicMetadataProvider : public saml2md::DynamicMetadataProvider
+ {
+ public:
+ DynamicMetadataProvider(const xercesc::DOMElement* e=NULL);
+
+ virtual ~DynamicMetadataProvider() {
+ delete m_trust;
+ }
+
+ protected:
+ saml2md::EntityDescriptor* resolve(const saml2md::MetadataProvider::Criteria& criteria) const;
+
+ private:
+ bool m_verifyHost,m_ignoreTransport;
+ X509TrustEngine* m_trust;
+ };
+
+
+ saml2md::MetadataProvider* SHIBSP_DLLLOCAL DynamicMetadataProviderFactory(const DOMElement* const & e)
+ {
+ return new DynamicMetadataProvider(e);
+ }
+
+ static const XMLCh ignoreTransport[] = UNICODE_LITERAL_15(i,g,n,o,r,e,T,r,a,n,s,p,o,r,t);
+ static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
+ static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
+ static const XMLCh verifyHost[] = UNICODE_LITERAL_10(v,e,r,i,f,y,H,o,s,t);
+};
+
+DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
+ : saml2md::DynamicMetadataProvider(e), m_verifyHost(true), m_ignoreTransport(false), m_trust(NULL)
+{
+ const XMLCh* flag = e ? e->getAttributeNS(NULL, verifyHost) : NULL;
+ if (flag && (*flag == chLatin_f || *flag == chDigit_0))
+ m_verifyHost = false;
+ flag = e ? e->getAttributeNS(NULL, ignoreTransport) : NULL;
+ if (flag && (*flag == chLatin_t || *flag == chDigit_1)) {
+ m_ignoreTransport = true;
+ return;
+ }
+
+ e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL;
+ auto_ptr_char t2(e ? e->getAttributeNS(NULL,type) : NULL);
+ if (t2.get()) {
+ TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t2.get(),e);
+ if (!(m_trust = dynamic_cast<X509TrustEngine*>(trust))) {
+ delete trust;
+ throw ConfigurationException("DynamicMetadataProvider requires an X509TrustEngine plugin.");
+ }
+ return;
+ }
+
+ throw ConfigurationException("DynamicMetadataProvider requires an X509TrustEngine plugin unless ignoreTransport is true.");
+}
+
+saml2md::EntityDescriptor* DynamicMetadataProvider::resolve(const saml2md::MetadataProvider::Criteria& criteria) const
+{
+#ifdef _DEBUG
+ xmltooling::NDC("resolve");
+#endif
+ Category& log=Category::getInstance(SHIBSP_LOGCAT".MetadataProvider.Dynamic");
+
+ string name;
+ if (criteria.entityID_ascii)
+ name = criteria.entityID_ascii;
+ else if (criteria.entityID_unicode) {
+ auto_ptr_char temp(criteria.entityID_unicode);
+ name = temp.get();
+ }
+ else if (criteria.artifact)
+ name = criteria.artifact->getSource();
+
+ // Establish networking properties based on calling application.
+ const MetadataProviderCriteria* mpc = dynamic_cast<const MetadataProviderCriteria*>(&criteria);
+ if (!mpc)
+ throw saml2md::MetadataException("Dynamic MetadataProvider requires Shibboleth-aware lookup criteria, check calling code.");
+ const PropertySet* relyingParty;
+ if (criteria.entityID_unicode)
+ relyingParty = mpc->application.getRelyingParty(criteria.entityID_unicode);
+ else {
+ auto_ptr_XMLCh temp2(name.c_str());
+ relyingParty = mpc->application.getRelyingParty(temp2.get());
+ }
+
+ // Prepare a transport object addressed appropriately.
+ SOAPTransport::Address addr(relyingParty->getString("entityID").second, name.c_str(), name.c_str());
+ const char* pch = strchr(addr.m_endpoint,':');
+ if (!pch)
+ throw IOException("entityID was not a URL.");
+ string scheme(addr.m_endpoint, pch-addr.m_endpoint);
+ SOAPTransport* transport=NULL;
+ try {
+ transport = XMLToolingConfig::getConfig().SOAPTransportManager.newPlugin(scheme.c_str(), addr);
+ }
+ catch (exception& ex) {
+ log.error("exception while building transport object to resolve URL: %s", ex.what());
+ throw IOException("Unable to resolve entityID with a known transport protocol.");
+ }
+ auto_ptr<SOAPTransport> transportwrapper(transport);
+
+ // Apply properties as directed.
+ transport->setVerifyHost(m_verifyHost);
+ DummyCredentialResolver dcr;
+ if (m_trust && !transport->setTrustEngine(m_trust, &dcr))
+ throw IOException("Unable to install X509TrustEngine into metadata resolver.");
+
+ Locker credlocker(NULL, false);
+ CredentialResolver* credResolver = NULL;
+ pair<bool,const char*> authType=relyingParty->getString("authType");
+ if (!authType.first || !strcmp(authType.second,"TLS")) {
+ credResolver = mpc->application.getCredentialResolver();
+ if (credResolver)
+ credlocker.assign(credResolver);
+ if (credResolver) {
+ CredentialCriteria cc;
+ cc.setUsage(Credential::TLS_CREDENTIAL);
+ authType = relyingParty->getString("keyName");
+ if (authType.first)
+ cc.getKeyNames().insert(authType.second);
+ const Credential* cred = credResolver->resolve(&cc);
+ cc.getKeyNames().clear();
+ if (cred) {
+ if (!transport->setCredential(cred))
+ log.error("failed to load Credential into metadata resolver");
+ }
+ else {
+ log.error("no TLS credential supplied");
+ }
+ }
+ else {
+ log.error("no CredentialResolver available for TLS");
+ }
+ }
+ else {
+ SOAPTransport::transport_auth_t type=SOAPTransport::transport_auth_none;
+ pair<bool,const char*> username=relyingParty->getString("authUsername");
+ pair<bool,const char*> password=relyingParty->getString("authPassword");
+ if (!username.first || !password.first)
+ log.error("transport authType (%s) specified but authUsername or authPassword was missing", authType.second);
+ else if (!strcmp(authType.second,"basic"))
+ type = SOAPTransport::transport_auth_basic;
+ else if (!strcmp(authType.second,"digest"))
+ type = SOAPTransport::transport_auth_digest;
+ else if (!strcmp(authType.second,"ntlm"))
+ type = SOAPTransport::transport_auth_ntlm;
+ else if (!strcmp(authType.second,"gss"))
+ type = SOAPTransport::transport_auth_gss;
+ else if (strcmp(authType.second,"none"))
+ log.error("unknown authType (%s) specified for RelyingParty", authType.second);
+ if (type > SOAPTransport::transport_auth_none) {
+ if (transport->setAuth(type,username.second,password.second))
+ log.debug("configured for transport authentication (method=%s, username=%s)", authType.second, username.second);
+ else
+ log.error("failed to configure transport authentication (method=%s)", authType.second);
+ }
+ }
+
+ pair<bool,unsigned int> timeout = relyingParty->getUnsignedInt("connectTimeout");
+ transport->setConnectTimeout(timeout.first ? timeout.second : 10);
+ timeout = relyingParty->getUnsignedInt("timeout");
+ transport->setTimeout(timeout.first ? timeout.second : 20);
+ mpc->application.getServiceProvider().setTransportOptions(*transport);
+
+ HTTPSOAPTransport* http = dynamic_cast<HTTPSOAPTransport*>(transport);
+ if (http) {
+ pair<bool,bool> flag = relyingParty->getBool("chunkedEncoding");
+ http->useChunkedEncoding(flag.first && flag.second);
+ http->setRequestHeader("Xerces-C", XERCES_FULLVERSIONDOT);
+ http->setRequestHeader("XML-Security-C", XSEC_FULLVERSIONDOT);
+ http->setRequestHeader("OpenSAML-C", OPENSAML_FULLVERSIONDOT);
+ http->setRequestHeader("User-Agent", PACKAGE_NAME);
+ http->setRequestHeader(PACKAGE_NAME, PACKAGE_VERSION);
+ }
+
+ try {
+ // Use an empty stream to trigger a body-less "GET" operation.
+ istringstream dummy;
+ transport->send(dummy);
+ istream& msg = transport->receive();
+
+ DOMDocument* doc=NULL;
+ StreamInputSource src(msg, "DynamicMetadataProvider");
+ Wrapper4InputSource dsrc(&src,false);
+ if (m_validate)
+ doc=XMLToolingConfig::getConfig().getValidatingParser().parse(dsrc);
+ else
+ doc=XMLToolingConfig::getConfig().getParser().parse(dsrc);
+
+ // Wrap the document for now.
+ XercesJanitor<DOMDocument> docjanitor(doc);
+
+ // Unmarshall objects, binding the document.
+ auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
+ docjanitor.release();
+
+ // Make sure it's metadata.
+ saml2md::EntityDescriptor* entity = dynamic_cast<saml2md::EntityDescriptor*>(xmlObject.get());
+ if (!entity) {
+ throw saml2md::MetadataException(
+ "Root of metadata instance not recognized: $1", params(1,xmlObject->getElementQName().toString().c_str())
+ );
+ }
+ xmlObject.release();
+ return entity;
+ }
+ catch (XMLException& e) {
+ auto_ptr_char msg(e.getMessage());
+ log.error("Xerces error while resolving entityID (%s): %s", name.c_str(), msg.get());
+ throw saml2md::MetadataException(msg.get());
+ }
+}
#include "exceptions.h"
#include "metadata/MetadataExt.h"
+#include <saml/SAMLConfig.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
#include <xmltooling/validation/ValidatorSuite.h>
using namespace shibsp;
+using namespace opensaml::saml2md;
using namespace xmltooling;
using namespace std;
BEGIN_XMLOBJECTVALIDATOR(SHIBSP_DLLLOCAL,KeyAuthority);
XMLOBJECTVALIDATOR_NONEMPTY(KeyAuthority,KeyInfo);
END_XMLOBJECTVALIDATOR;
+
+ SHIBSP_DLLLOCAL PluginManager<MetadataProvider,string,const DOMElement*>::Factory DynamicMetadataProviderFactory;
};
#define REGISTER_ELEMENT(cname) \
QName q;
REGISTER_ELEMENT(Scope);
REGISTER_ELEMENT(KeyAuthority);
+
+ opensaml::SAMLConfig::getConfig().MetadataProviderManager.registerFactory(DYNAMIC_METADATA_PROVIDER, DynamicMetadataProviderFactory);
}
--- /dev/null
+/*
+ * Copyright 2001-2008 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file shibsp/metadata/MetadataProviderCriteria.h
+ *
+ * Extended criteria for metadata lookup for Shibboleth-aware metadata providers.
+ */
+
+#ifndef __shibsp_metaprovcrit_h__
+#define __shibsp_metaprovcrit_h__
+
+#include <shibsp/Application.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
+
+namespace shibsp {
+
+ /**
+ * Extended criteria for metadata lookup for Shibboleth-aware metadata providers.
+ */
+ struct SHIBSP_API MetadataProviderCriteria : public opensaml::saml2md::MetadataProvider::Criteria
+ {
+ /**
+ * Constructor.
+ *
+ * @param app application performing the lookup
+ * @param id entityID to lookup
+ * @param q element/type of role, if any
+ * @param prot protocol support constant, if any
+ * @param valid true iff stale metadata should be ignored
+ */
+ MetadataProviderCriteria(const Application& app, const XMLCh* id, const xmltooling::QName* q=NULL, const XMLCh* prot=NULL, bool valid=true)
+ : opensaml::saml2md::MetadataProvider::Criteria(id, q, prot, valid), application(app) {
+ }
+
+ /**
+ * Constructor.
+ *
+ * @param app application performing the lookup
+ * @param id entityID to lookup
+ * @param q element/type of role, if any
+ * @param prot protocol support constant, if any
+ * @param valid true iff stale metadata should be ignored
+ */
+ MetadataProviderCriteria(const Application& app, const char* id, const xmltooling::QName* q=NULL, const XMLCh* prot=NULL, bool valid=true)
+ : opensaml::saml2md::MetadataProvider::Criteria(id, q, prot, valid), application(app) {
+ }
+
+ /**
+ * Constructor.
+ *
+ * @param app application performing the lookup
+ * @param a artifact to lookup
+ * @param q element/type of role, if any
+ * @param prot protocol support constant, if any
+ * @param valid true iff stale metadata should be ignored
+ */
+ MetadataProviderCriteria(const Application& app, const opensaml::SAMLArtifact* a, const xmltooling::QName* q=NULL, const XMLCh* prot=NULL, bool valid=true)
+ : opensaml::saml2md::MetadataProvider::Criteria(a, q, prot, valid), application(app) {
+ }
+
+ /** Controls whether stale metadata is ignored. */
+ const Application& application;
+ };
+};
+
+#endif /* __shibsp_metaprovcrit_h__ */
<Tool\r
Name="VCLinkerTool"\r
AdditionalDependencies="log4shib1D.lib xerces-c_2D.lib xmltooling-lite1D.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0D.dll"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1D.dll"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories="..\..\cpp-xmltooling\$(ConfigurationName)"\r
GenerateDebugInformation="true"\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ProjectName)-$(ConfigurationName)"\r
+ Name="Debug|x64"\r
+ OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"\r
+ IntermediateDirectory="$(PlatformName)\$(ProjectName)-$(ConfigurationName)"\r
ConfigurationType="2"\r
CharacterSet="1"\r
- WholeProgramOptimization="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
/>\r
<Tool\r
Name="VCMIDLTool"\r
+ TargetEnvironment="3"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
+ Optimization="0"\r
AdditionalIncludeDirectories=".;..;..\..\cpp-xmltooling"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;WANT_TCP_SHAR;SHIBSP_LITE"\r
- RuntimeLibrary="2"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;WANT_TCP_SHAR;SHIBSP_LITE"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ BrowseInformation="1"\r
WarningLevel="3"\r
Detect64BitPortabilityProblems="true"\r
DebugInformationFormat="3"\r
/>\r
<Tool\r
Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_UNICODE;UNICODE;SHIBSP_LITE"\r
+ PreprocessorDefinitions="_UNICODE;UNICODE;SHIBSP_LITE;_DEBUG"\r
/>\r
<Tool\r
Name="VCPreLinkEventTool"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="log4shib1.lib xerces-c_2.lib xmltooling-lite1.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0.dll"\r
- LinkIncremental="1"\r
- AdditionalLibraryDirectories="..\..\cpp-xmltooling\$(ConfigurationName)"\r
+ AdditionalDependencies="log4shib1D.lib xerces-c_2D.lib xmltooling-lite1D.lib wsock32.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1D.dll"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories="..\..\cpp-xmltooling\$(PlatformName)\$(ConfigurationName)"\r
+ GenerateDebugInformation="true"\r
SubSystem="2"\r
- OptimizeReferences="2"\r
- EnableCOMDATFolding="2"\r
- ImportLibrary="$(TargetDir)$(ProjectName)1.lib"\r
- TargetMachine="1"\r
+ ImportLibrary="$(TargetDir)$(ProjectName)1D.lib"\r
+ TargetMachine="17"\r
/>\r
<Tool\r
Name="VCALinkTool"\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Debug|x64"\r
- OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ProjectName)-$(ConfigurationName)"\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ProjectName)-$(ConfigurationName)"\r
ConfigurationType="2"\r
CharacterSet="1"\r
+ WholeProgramOptimization="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
/>\r
<Tool\r
Name="VCMIDLTool"\r
- TargetEnvironment="3"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- Optimization="0"\r
AdditionalIncludeDirectories=".;..;..\..\cpp-xmltooling"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;WANT_TCP_SHAR;SHIBSP_LITE"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- BrowseInformation="1"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;WANT_TCP_SHAR;SHIBSP_LITE"\r
+ RuntimeLibrary="2"\r
WarningLevel="3"\r
Detect64BitPortabilityProblems="true"\r
DebugInformationFormat="3"\r
/>\r
<Tool\r
Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_UNICODE;UNICODE;SHIBSP_LITE;_DEBUG"\r
+ PreprocessorDefinitions="_UNICODE;UNICODE;SHIBSP_LITE"\r
/>\r
<Tool\r
Name="VCPreLinkEventTool"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="log4shib1D.lib xerces-c_2D.lib xmltooling-lite1D.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0D.dll"\r
- LinkIncremental="2"\r
- AdditionalLibraryDirectories="..\..\cpp-xmltooling\$(PlatformName)\$(ConfigurationName)"\r
- GenerateDebugInformation="true"\r
+ AdditionalDependencies="log4shib1.lib xerces-c_2.lib xmltooling-lite1.lib wsock32.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1.dll"\r
+ LinkIncremental="1"\r
+ AdditionalLibraryDirectories="..\..\cpp-xmltooling\$(ConfigurationName)"\r
SubSystem="2"\r
- ImportLibrary="$(TargetDir)$(ProjectName)1D.lib"\r
- TargetMachine="17"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ ImportLibrary="$(TargetDir)$(ProjectName)1.lib"\r
+ TargetMachine="1"\r
/>\r
<Tool\r
Name="VCALinkTool"\r
<Tool\r
Name="VCLinkerTool"\r
AdditionalDependencies="log4shib1.lib xerces-c_2.lib xmltooling-lite1.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0.dll"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1.dll"\r
LinkIncremental="1"\r
AdditionalLibraryDirectories="..\..\cpp-xmltooling\$(PlatformName)\$(ConfigurationName)"\r
GenerateDebugInformation="true"\r
>\r
</File>\r
<File\r
+ RelativePath=".\ApplicationAwarePlugin.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\base.h"\r
>\r
</File>\r
<Tool\r
Name="VCLinkerTool"\r
AdditionalDependencies="log4shib1D.lib xerces-c_2D.lib xsec_1D.lib saml2D.lib xmltooling1D.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0D.dll"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1D.dll"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories="..\..\cpp-opensaml2\$(ConfigurationName);..\..\cpp-xmltooling\$(ConfigurationName)"\r
GenerateDebugInformation="true"\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
+ Name="Debug|x64"\r
+ OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"\r
+ IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
ConfigurationType="2"\r
CharacterSet="1"\r
- WholeProgramOptimization="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
/>\r
<Tool\r
Name="VCMIDLTool"\r
+ TargetEnvironment="3"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
+ Optimization="0"\r
AdditionalIncludeDirectories=".;..;"..\..\cpp-opensaml2";"..\..\cpp-xmltooling""\r
- PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;WANT_TCP_SHAR"\r
- RuntimeLibrary="2"\r
+ PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;WANT_TCP_SHAR"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ BrowseInformation="1"\r
WarningLevel="3"\r
Detect64BitPortabilityProblems="true"\r
DebugInformationFormat="3"\r
/>\r
<Tool\r
Name="VCResourceCompilerTool"\r
+ PreprocessorDefinitions="_UNICODE;UNICODE;_DEBUG"\r
/>\r
<Tool\r
Name="VCPreLinkEventTool"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="log4shib1.lib xerces-c_2.lib xsec_1.lib saml2.lib xmltooling1.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0.dll"\r
- LinkIncremental="1"\r
- AdditionalLibraryDirectories="..\..\cpp-opensaml2\$(ConfigurationName);..\..\cpp-xmltooling\$(ConfigurationName)"\r
+ AdditionalDependencies="log4shib1D.lib xerces-c_2D.lib xsec_1D.lib saml2D.lib xmltooling1D.lib wsock32.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1D.dll"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories="..\..\cpp-opensaml2\$(PlatformName)\$(ConfigurationName);..\..\cpp-xmltooling\$(PlatformName)\$(ConfigurationName)"\r
+ GenerateDebugInformation="true"\r
SubSystem="2"\r
- OptimizeReferences="2"\r
- EnableCOMDATFolding="2"\r
- ImportLibrary="$(TargetDir)$(ProjectName)1.lib"\r
- TargetMachine="1"\r
+ ImportLibrary="$(TargetDir)$(ProjectName)1D.lib"\r
+ TargetMachine="17"\r
/>\r
<Tool\r
Name="VCALinkTool"\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Debug|x64"\r
- OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ Name="Release|Win32"\r
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
ConfigurationType="2"\r
CharacterSet="1"\r
+ WholeProgramOptimization="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
/>\r
<Tool\r
Name="VCMIDLTool"\r
- TargetEnvironment="3"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- Optimization="0"\r
AdditionalIncludeDirectories=".;..;"..\..\cpp-opensaml2";"..\..\cpp-xmltooling""\r
- PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;WANT_TCP_SHAR"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- BrowseInformation="1"\r
+ PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;WANT_TCP_SHAR"\r
+ RuntimeLibrary="2"\r
WarningLevel="3"\r
Detect64BitPortabilityProblems="true"\r
DebugInformationFormat="3"\r
/>\r
<Tool\r
Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_UNICODE;UNICODE;_DEBUG"\r
/>\r
<Tool\r
Name="VCPreLinkEventTool"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="log4shib1D.lib xerces-c_2D.lib xsec_1D.lib saml2D.lib xmltooling1D.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0D.dll"\r
- LinkIncremental="2"\r
- AdditionalLibraryDirectories="..\..\cpp-opensaml2\$(PlatformName)\$(ConfigurationName);..\..\cpp-xmltooling\$(PlatformName)\$(ConfigurationName)"\r
- GenerateDebugInformation="true"\r
+ AdditionalDependencies="log4shib1.lib xerces-c_2.lib xsec_1.lib saml2.lib xmltooling1.lib wsock32.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1.dll"\r
+ LinkIncremental="1"\r
+ AdditionalLibraryDirectories="..\..\cpp-opensaml2\$(ConfigurationName);..\..\cpp-xmltooling\$(ConfigurationName)"\r
SubSystem="2"\r
- ImportLibrary="$(TargetDir)$(ProjectName)1D.lib"\r
- TargetMachine="17"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ ImportLibrary="$(TargetDir)$(ProjectName)1.lib"\r
+ TargetMachine="1"\r
/>\r
<Tool\r
Name="VCALinkTool"\r
<Tool\r
Name="VCLinkerTool"\r
AdditionalDependencies="log4shib1.lib xerces-c_2.lib xsec_1.lib saml2.lib xmltooling1.lib wsock32.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)1_0.dll"\r
+ OutputFile="$(OutDir)\$(ProjectName)1_1.dll"\r
LinkIncremental="1"\r
AdditionalLibraryDirectories="..\..\cpp-opensaml2\$(PlatformName)\$(ConfigurationName);..\..\cpp-xmltooling\$(PlatformName)\$(ConfigurationName)"\r
GenerateDebugInformation="true"\r
Name="metadata"\r
>\r
<File\r
+ RelativePath=".\metadata\DynamicMetadataProvider.cpp"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\metadata\MetadataExtImpl.cpp"\r
>\r
</File>\r
>\r
</File>\r
<File\r
+ RelativePath=".\ApplicationAwarePlugin.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\base.h"\r
>\r
</File>\r
RelativePath=".\security\SecurityPolicy.h"\r
>\r
</File>\r
- <Filter\r
- Name="metadata"\r
- >\r
- <File\r
- RelativePath=".\metadata\MetadataExt.h"\r
- >\r
- </File>\r
- </Filter>\r
</Filter>\r
<Filter\r
Name="remoting"\r
>\r
</File>\r
</Filter>\r
+ <Filter\r
+ Name="metadata"\r
+ >\r
+ <File\r
+ RelativePath=".\metadata\MetadataExt.h"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\metadata\MetadataProviderCriteria.h"\r
+ >\r
+ </File>\r
+ </Filter>\r
</Filter>\r
<Filter\r
Name="Resource Files"\r
#include <shibsp/exceptions.h>\r
#include <shibsp/SPConfig.h>\r
#include <shibsp/ServiceProvider.h>\r
+#include <shibsp/metadata/MetadataProviderCriteria.h>\r
#include <shibsp/util/SPConstants.h>\r
#include <saml/saml2/metadata/Metadata.h>\r
#include <xmltooling/logging.h>\r
XMLToolingConfig::getConfig().log_config(getenv("SHIBSP_LOGGING") ? getenv("SHIBSP_LOGGING") : SHIBSP_LOGGING);\r
\r
SPConfig& conf=SPConfig::getConfig();\r
- conf.setFeatures(SPConfig::Metadata | SPConfig::OutOfProcess);\r
+ conf.setFeatures(SPConfig::Metadata | SPConfig::Trust | SPConfig::OutOfProcess | SPConfig::Credentials);\r
if (!conf.init(path))\r
return -1;\r
\r
}\r
\r
app->getMetadataProvider()->lock();\r
- MetadataProvider::Criteria mc(entityID, NULL, NULL, strict);\r
+ MetadataProviderCriteria mc(*app, entityID, NULL, NULL, strict);\r
if (rname) {\r
const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;\r
auto_ptr_XMLCh n(rname);\r
#include <shibsp/attribute/Attribute.h>
#include <shibsp/attribute/resolver/ResolutionContext.h>
#include <shibsp/handler/AssertionConsumerService.h>
+#include <shibsp/metadata/MetadataProviderCriteria.h>
#include <shibsp/util/SPConstants.h>
#include <saml/saml1/core/Assertions.h>
MetadataProvider* m=app->getMetadataProvider();
xmltooling::Locker mlocker(m);
- MetadataProvider::Criteria mc(i_param, &IDPSSODescriptor::ELEMENT_QNAME, protocol);
+ MetadataProviderCriteria mc(*app, i_param, &IDPSSODescriptor::ELEMENT_QNAME, protocol);
pair<const EntityDescriptor*,const RoleDescriptor*> site=m->getEntityDescriptor(mc);
if (!site.first)
throw MetadataException("Unable to locate metadata for IdP ($1).", params(1,i_param));
MetadataProvider* m=app->getMetadataProvider();
xmltooling::Locker mlocker(m);
- MetadataProvider::Criteria mc(issuer, &IDPSSODescriptor::ELEMENT_QNAME, protocol);
+ MetadataProviderCriteria mc(*app, issuer, &IDPSSODescriptor::ELEMENT_QNAME, protocol);
pair<const EntityDescriptor*,const RoleDescriptor*> site=m->getEntityDescriptor(mc);
if (!site.first) {
auto_ptr_char temp(issuer);