Merge relying party properties into Application element.
</RequestMapper>
<!--
- The Applications section is where most of Shibboleth's SAML bits are defined.
- Resource requests are mapped in the Local section into an applicationId that
+ The Applications element is where most of Shibboleth's SAML bits are defined.
+ Resource requests are mapped by the RequestMapper to an applicationId that
points into to this section.
-->
<Applications id="default" policyId="default" entityID="https://sp.example.org/shibboleth"
- homeURL="https://sp.example.org/index.html" REMOTE_USER="eppn persistent-id targeted-id"
+ homeURL="https://sp.example.org/index.html"
+ REMOTE_USER="eppn persistent-id targeted-id"
localLogout="@-PKGSYSCONFDIR-@/localLogout.html"
- globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html">
+ globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html
+ authType="TLS"
+ artifactEndpointIndex="1"
+ signing="false"
+ encryption="false"
+ requireConfidentiality="true"
+ requireTransportAuth="true"
+ signedAssertions="false"
+ chunkedEncoding="false"
+ connectTimeout="15" timeout="30"
+ >
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
- <!-- Configure handling of outgoing messages and SOAP authentication. -->
- <DefaultRelyingParty authType="TLS"
- artifactEndpointIndex="1"
- signing="false"
- encryption="false"
- requireConfidentiality="true"
- requireTransportAuth="true"
- signedAssertions="false"
- chunkedEncoding="false"
- connectTimeout="15" timeout="30"
- >
- <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
- <!-- <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/> -->
- </DefaultRelyingParty>
+ <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
+ <!-- <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/> -->
<!-- Chains together all your metadata sources. -->
<MetadataProvider type="Chaining">
<sequence>\r
<element ref="conf:Sessions"/>\r
<element ref="conf:Errors" minOccurs="0"/>\r
- <element ref="conf:DefaultRelyingParty"/>\r
+ <element ref="conf:RelyingParty" minOccurs="0" maxOccurs="unbounded"/>\r
<element ref="conf:Notify" minOccurs="0" maxOccurs="unbounded"/>\r
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>\r
<element name="MetadataProvider" type="conf:PluggableType"/>\r
<attribute name="entityID" type="anyURI" use="required"/>\r
<attribute name="policyId" type="conf:string" use="required"/>\r
<attributeGroup ref="conf:ApplicationGroup"/>\r
+ <attributeGroup ref="conf:RelyingPartyGroup"/>\r
<anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
<sequence>\r
<element ref="conf:Sessions" minOccurs="0"/>\r
<element ref="conf:Errors" minOccurs="0"/>\r
- <element ref="conf:DefaultRelyingParty" minOccurs="0"/>\r
+ <element ref="conf:RelyingParty" minOccurs="0" maxOccurs="unbounded"/>\r
<element ref="conf:Notify" minOccurs="0" maxOccurs="unbounded"/>\r
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>\r
<element name="MetadataProvider" type="conf:PluggableType" minOccurs="0"/>\r
<attribute name="entityID" type="anyURI"/>\r
<attribute name="policyId" type="conf:string"/>\r
<attributeGroup ref="conf:ApplicationGroup"/>\r
+ <attributeGroup ref="conf:RelyingPartyGroup"/>\r
<anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
<attribute name="localLogout" type="anyURI"/>\r
<attribute name="globalLogout" type="anyURI"/>\r
</attributeGroup>\r
- \r
+\r
+ <attributeGroup name="RelyingPartyGroup">\r
+ <attribute name="authType" type="conf:string"/>\r
+ <attribute name="authUsername" type="conf:string"/>\r
+ <attribute name="authPassword" type="conf:string"/>\r
+ <attribute name="signing" type="conf:bindingBoolean"/>\r
+ <attribute name="signingAlg" type="anyURI"/>\r
+ <attribute name="digestAlg" type="anyURI"/>\r
+ <attribute name="encryption" type="conf:bindingBoolean"/>\r
+ <attribute name="encryptionAlg" type="anyURI"/>\r
+ <attribute name="keyName" type="conf:string"/>\r
+ <attribute name="artifactEndpointIndex" type="unsignedShort"/>\r
+ <attribute name="chunkedEncoding" type="boolean"/>\r
+ <attribute name="connectTimeout" type="unsignedShort"/>\r
+ <attribute name="timeout" type="unsignedShort"/>\r
+ <attribute name="requireConfidentiality" type="boolean"/>\r
+ <attribute name="requireTransportAuth" type="boolean"/>\r
+ <attribute name="signedAssertions" type="boolean"/>\r
+ </attributeGroup>\r
+ \r
<element name="Sessions">\r
<annotation>\r
<documentation>Container for specifying protocol handlers and session policy</documentation>\r
</complexType>\r
</element>\r
\r
+ <element name="RelyingParty">\r
+ <annotation>\r
+ <documentation>Container for specifying settings to use with particular peers</documentation>\r
+ </annotation>\r
+ <complexType>\r
+ <sequence/>\r
+ <attribute name="Name" type="conf:string" use="required"/>\r
+ <attributeGroup ref="conf:RelyingPartyGroup"/>\r
+ <anyAttribute namespace="##other" processContents="lax"/>\r
+ </complexType>\r
+ </element>\r
+ \r
<element name="Notify">\r
<annotation>\r
<documentation>Used to specify locations to receive application notifications</documentation>\r
</complexType>\r
</element>\r
\r
- <element name="DefaultRelyingParty">\r
- <annotation>\r
- <documentation>Container for specifying security methods to use with particular peers</documentation>\r
- </annotation>\r
- <complexType>\r
- <sequence>\r
- <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">\r
- <complexType>\r
- <sequence/>\r
- <attribute name="Name" type="conf:string" use="required"/>\r
- <attributeGroup ref="conf:RelyingPartyGroup"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- </element>\r
- </sequence>\r
- <attributeGroup ref="conf:RelyingPartyGroup"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- </element>\r
- \r
- <attributeGroup name="RelyingPartyGroup">\r
- <attribute name="authType" type="conf:string"/>\r
- <attribute name="authUsername" type="conf:string"/>\r
- <attribute name="authPassword" type="conf:string"/>\r
- <attribute name="signing" type="conf:bindingBoolean"/>\r
- <attribute name="signingAlg" type="anyURI"/>\r
- <attribute name="digestAlg" type="anyURI"/>\r
- <attribute name="encryption" type="conf:bindingBoolean"/>\r
- <attribute name="encryptionAlg" type="anyURI"/>\r
- <attribute name="keyName" type="conf:string"/>\r
- <attribute name="artifactEndpointIndex" type="unsignedShort"/>\r
- <attribute name="chunkedEncoding" type="boolean"/>\r
- <attribute name="connectTimeout" type="unsignedShort"/>\r
- <attribute name="timeout" type="unsignedShort"/>\r
- <attribute name="requireConfidentiality" type="boolean"/>\r
- <attribute name="requireTransportAuth" type="boolean"/>\r
- <attribute name="signedAssertions" type="boolean"/>\r
- </attributeGroup>\r
- \r
<element name="SecurityPolicies">\r
<annotation>\r
<documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>\r
vector<const XMLCh*> m_audiences;
// RelyingParty properties
- DOMPropertySet* m_partyDefault;
#ifdef HAVE_GOOD_STL
map<xstring,PropertySet*> m_partyMap;
#else
static const XMLCh Binding[] = UNICODE_LITERAL_7(B,i,n,d,i,n,g);
static const XMLCh Channel[]= UNICODE_LITERAL_7(C,h,a,n,n,e,l);
static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
- static const XMLCh DefaultRelyingParty[] = UNICODE_LITERAL_19(D,e,f,a,u,l,t,R,e,l,y,i,n,g,P,a,r,t,y);
static const XMLCh _Extensions[] = UNICODE_LITERAL_10(E,x,t,e,n,s,i,o,n,s);
static const XMLCh _fatal[] = UNICODE_LITERAL_5(f,a,t,a,l);
static const XMLCh _Handler[] = UNICODE_LITERAL_7(H,a,n,d,l,e,r);
#ifndef SHIBSP_LITE
m_metadata(NULL), m_trust(NULL),
m_attrExtractor(NULL), m_attrFilter(NULL), m_attrResolver(NULL),
- m_credResolver(NULL), m_partyDefault(NULL),
+ m_credResolver(NULL),
#endif
m_acsDefault(NULL), m_sessionInitDefault(NULL), m_artifactResolutionDefault(NULL)
{
}
// Finally, load relying parties.
- child = XMLHelper::getFirstChildElement(e,DefaultRelyingParty);
- if (child) {
- m_partyDefault=new DOMPropertySet();
- m_partyDefault->load(child,log,this);
- child = XMLHelper::getFirstChildElement(child,RelyingParty);
- while (child) {
- auto_ptr<DOMPropertySet> rp(new DOMPropertySet());
- rp->load(child,log,this);
- rp->setParent(m_partyDefault);
- m_partyMap[child->getAttributeNS(NULL,saml2::Attribute::NAME_ATTRIB_NAME)]=rp.release();
- child = XMLHelper::getNextSiblingElement(child,RelyingParty);
- }
+ child = XMLHelper::getFirstChildElement(e,RelyingParty);
+ while (child) {
+ auto_ptr<DOMPropertySet> rp(new DOMPropertySet());
+ rp->load(child,log,this);
+ rp->setParent(this);
+ m_partyMap[child->getAttributeNS(NULL,saml2::Attribute::NAME_ATTRIB_NAME)]=rp.release();
+ child = XMLHelper::getNextSiblingElement(child,RelyingParty);
}
#endif
for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup<Handler>());
m_handlers.clear();
#ifndef SHIBSP_LITE
- delete m_partyDefault;
- m_partyDefault = NULL;
#ifdef HAVE_GOOD_STL
for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair<xstring,PropertySet>());
#else
XMLString::equals(name,_ManageNameIDService) ||
XMLString::equals(name,_SessionInitiator) ||
XMLString::equals(name,_SingleLogoutService) ||
- XMLString::equals(name,DefaultRelyingParty) ||
XMLString::equals(name,RelyingParty) ||
XMLString::equals(name,_MetadataProvider) ||
XMLString::equals(name,_TrustEngine) ||
const PropertySet* XMLApplication::getRelyingParty(const EntityDescriptor* provider) const
{
- if (!m_partyDefault && m_base)
- return m_base->getRelyingParty(provider);
- else if (!provider)
- return m_partyDefault;
+ if (!provider)
+ return this;
#ifdef HAVE_GOOD_STL
map<xstring,PropertySet*>::const_iterator i=m_partyMap.find(provider->getEntityID());
}
}
#endif
- return m_partyDefault;
+ return this;
}
#endif