SUBDIRS = $(WANT_SUBDIRS)
DIST_SUBDIRS = doc shib schemas configs shib-target shar test \
- apache siterefresh odbc_ccache shib-mysql-ccache xmlproviders \
+ apache siterefresh odbc_ccache shib-mysql-ccache \
nsapi_shib selinux
all-local: shibboleth.spec pkginfo
# Visual Studio 2005
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "isapi_shib", "isapi_shib\isapi_shib.vcproj", "{87C25D4E-8D19-4513-B0BA-BC668BC2DEE3}"
ProjectSection(ProjectDependencies) = postProject
- {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
+ {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "isapi_shib_gui", "isapi_shib_gui\isapi_shib_gui.vcproj", "{D341DCD8-7DCD-43A2-8559-C07DAB838711}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib13", "apache\mod_shib13.vcproj", "{D243B43E-728E-4F32-BDFF-B3A897037C6D}"
ProjectSection(ProjectDependencies) = postProject
- {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
+ {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib20", "apache\mod_shib20.vcproj", "{68E9568B-476C-4289-B93C-893432378ADC}"
ProjectSection(ProjectDependencies) = postProject
- {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
+ {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nsapi_shib", "nsapi_shib\nsapi_shib.vcproj", "{1396D80A-8672-4224-9B02-95F3F4207CDB}"
ProjectSection(ProjectDependencies) = postProject
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
- {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
{E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
+ {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "posttest", "posttest\posttest.vcproj", "{16E70C47-789E-43D5-AFDF-964D386C3CB5}"
ProjectSection(ProjectDependencies) = postProject
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
- {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
{E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
+ {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shar", "shar\shar.vcproj", "{F13141B5-6C87-40BB-8D4E-5CC56EBB4C59}"
ProjectSection(ProjectDependencies) = postProject
- {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shib", "shib\shib.vcproj", "{E6CAB6C8-1D73-4410-970A-52BF9EC57810}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shibtarget", "shib-target\shibtarget.vcproj", "{84890110-2190-4AAE-9BDC-58F90DF71E4F}"
ProjectSection(ProjectDependencies) = postProject
- {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
{E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
+ {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shibtest", "shibtest\shibtest.vcproj", "{67AF22A3-C26E-40BE-B0CA-2ABEE5123763}"
ProjectSection(ProjectDependencies) = postProject
- {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
{84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
+ {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
EndProjectSection
EndProject
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testclient", "shar\testclient.vcproj", "{B3F1E899-86F9-4D3A-8026-B57D1A5B90B1}"
ProjectSection(ProjectDependencies) = postProject
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
- {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
{E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "xmlproviders", "xmlproviders\xmlproviders.vcproj", "{68E46D06-6B91-4C59-A700-78DD4D4C420B}"
- ProjectSection(ProjectDependencies) = postProject
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
- {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib22", "apache\mod_shib22.vcproj", "{B44C0852-83B8-4FB2-A86E-097C9C8256D0}"
ProjectSection(ProjectDependencies) = postProject
- {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
+ {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
+ {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
EndProjectSection
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Server Modules", "Server Modules", "{26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}"
{B3F1E899-86F9-4D3A-8026-B57D1A5B90B1}.Debug|Win32.Build.0 = Debug|Win32
{B3F1E899-86F9-4D3A-8026-B57D1A5B90B1}.Release|Win32.ActiveCfg = Release|Win32
{B3F1E899-86F9-4D3A-8026-B57D1A5B90B1}.Release|Win32.Build.0 = Release|Win32
- {68E46D06-6B91-4C59-A700-78DD4D4C420B}.Debug|Win32.ActiveCfg = Debug|Win32
- {68E46D06-6B91-4C59-A700-78DD4D4C420B}.Debug|Win32.Build.0 = Debug|Win32
- {68E46D06-6B91-4C59-A700-78DD4D4C420B}.Release|Win32.ActiveCfg = Release|Win32
- {68E46D06-6B91-4C59-A700-78DD4D4C420B}.Release|Win32.Build.0 = Release|Win32
{B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Debug|Win32.ActiveCfg = Debug|Win32
{B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Debug|Win32.Build.0 = Debug|Win32
{B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Release|Win32.ActiveCfg = Release|Win32
{1396D80A-8672-4224-9B02-95F3F4207CDB} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}
{B44C0852-83B8-4FB2-A86E-097C9C8256D0} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}
{87C25D4E-8D19-4513-B0BA-BC668BC2DEE3} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}
- {68E46D06-6B91-4C59-A700-78DD4D4C420B} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
{D341DCD8-7DCD-43A2-8559-C07DAB838711} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
{666A63A7-983F-4C19-8411-207F24305197} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
{67AF22A3-C26E-40BE-B0CA-2ABEE5123763} = {FED80230-119E-4B2F-9F53-D2660A5F022B}
WANT_SUBDIRS="doc shib schemas configs shib-target shar siterefresh test xmlproviders"
AC_CONFIG_FILES([Makefile doc/Makefile shib/Makefile schemas/Makefile \
configs/Makefile shib-target/Makefile shar/Makefile siterefresh/Makefile \
- test/Makefile xmlproviders/Makefile selinux/Makefile])
+ test/Makefile selinux/Makefile])
#
// IApplication
const char* getId() const {return getString("id").second;}
const char* getHash() const {return m_hash.c_str();}
- Iterator<IAAP*> getAAPProviders() const;
MetadataProvider* getMetadataProvider() const;
TrustEngine* getTrustEngine() const;
const vector<const XMLCh*>& getAudiences() const;
const ServiceProvider* m_sp; // this is ok because its locking scope includes us
const XMLApplication* m_base;
string m_hash;
- vector<IAAP*> m_aaps;
MetadataProvider* m_metadata;
TrustEngine* m_trust;
vector<const XMLCh*> m_audiences;
if (conf.isEnabled(SPConfig::AAP)) {
child = XMLHelper::getFirstChildElement(e,AAPProvider);
while (child) {
- xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,_type));
- log.info("building AAP provider of type %s...",type.get());
- try {
- IPlugIn* plugin=shibConf.getPlugMgr().newPlugin(type.get(),child);
- IAAP* aap=dynamic_cast<IAAP*>(plugin);
- if (aap)
- m_aaps.push_back(aap);
- else {
- delete plugin;
- log.crit("plugin was not an AAP provider");
- }
- }
- catch (exception& ex) {
- log.crit("error building AAP provider: %s", ex.what());
- }
-
+ // TODO: some kind of compatibility
child = XMLHelper::getNextSiblingElement(child,AAPProvider);
}
}
#else
for_each(m_credMap.begin(),m_credMap.end(),xmltooling::cleanup_pair<const XMLCh*,PropertySet>());
#endif
- for_each(m_aaps.begin(),m_aaps.end(),xmltooling::cleanup<IAAP>());
delete m_trust;
delete m_metadata;
return m_base->getPropertySet(name,ns);
}
-Iterator<IAAP*> XMLApplication::getAAPProviders() const
-{
- return (m_aaps.empty() && m_base) ? m_base->getAAPProviders() : m_aaps;
-}
-
MetadataProvider* XMLApplication::getMetadataProvider() const
{
return (!m_metadata && m_base) ? m_base->getMetadataProvider() : m_metadata;
struct SHIBTARGET_EXPORTS IApplication : public virtual shibsp::Application,
public virtual shibboleth::ShibBrowserProfile::ITokenValidator
{
- virtual saml::Iterator<shibboleth::IAAP*> getAAPProviders() const=0;
-
// caller is borrowing object, must use within scope of config lock
virtual const saml::SAMLBrowserProfile* getBrowserProfile() const=0;
virtual const saml::SAMLBinding* getBinding(const XMLCh* binding) const=0;
noinst_HEADERS = internal.h
libshib_la_SOURCES = \
- Metadata.cpp \
ShibConfig.cpp \
ShibBrowserProfile.cpp \
ScopedAttribute.cpp
+++ /dev/null
-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* Metadata.h - glue classes that interface to metadata providers
-
- Scott Cantor
- 9/27/02
-
- $History:$
-*/
-
-#include "internal.h"
-#include <xmltooling/util/NDC.h>
-
-using namespace shibboleth;
-using namespace opensaml::saml2md;
-using namespace saml;
-using namespace std;
-
-AAP::AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace) : m_mapper(NULL), m_rule(NULL)
-{
- aaps.reset();
- while (aaps.hasNext()) {
- m_mapper=aaps.next();
- m_mapper->lock();
- if (m_rule=m_mapper->lookup(attrName,attrNamespace)) {
- break;
- }
- m_mapper->unlock();
- m_mapper=NULL;
- }
-}
-
-AAP::AAP(const saml::Iterator<IAAP*>& aaps, const char* alias) : m_mapper(NULL), m_rule(NULL)
-{
- aaps.reset();
- while (aaps.hasNext()) {
- m_mapper=aaps.next();
- m_mapper->lock();
- if (m_rule=m_mapper->lookup(alias)) {
- break;
- }
- m_mapper->unlock();
- m_mapper=NULL;
- }
-}
-
-AAP::~AAP()
-{
- if (m_mapper) {
- m_mapper->unlock();
- m_mapper=NULL;
- }
-}
-
-void AAP::apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const RoleDescriptor* role)
-{
-#ifdef _DEBUG
- xmltooling::NDC("apply");
-#endif
- log4cpp::Category& log=log4cpp::Category::getInstance(SHIB_LOGCAT".AAP");
-
- // First check for no providers or AnyAttribute.
- if (aaps.size()==0) {
- log.info("no filters specified, accepting entire assertion");
- return;
- }
- aaps.reset();
- while (aaps.hasNext()) {
- IAAP* p=aaps.next();
- xmltooling::Locker locker(p);
- if (p->anyAttribute()) {
- log.info("any attribute enabled, accepting entire assertion");
- return;
- }
- }
-
- // Check each statement.
- const IAttributeRule* rule=NULL;
- Iterator<SAMLStatement*> statements=assertion.getStatements();
- for (unsigned int scount=0; scount < statements.size();) {
- SAMLAttributeStatement* s=dynamic_cast<SAMLAttributeStatement*>(statements[scount]);
- if (!s) {
- scount++;
- continue;
- }
-
- // Check each attribute, applying any matching rules.
- Iterator<SAMLAttribute*> attrs=s->getAttributes();
- for (unsigned long acount=0; acount < attrs.size();) {
- SAMLAttribute* a=attrs[acount];
- bool ruleFound=false;
- aaps.reset();
- while (aaps.hasNext()) {
- IAAP* i=aaps.next();
- xmltooling::Locker locker(i);
- if (rule=i->lookup(a->getName(),a->getNamespace())) {
- ruleFound=true;
- try {
- rule->apply(*a,role);
- }
- catch (SAMLException&) {
- // The attribute is now defunct.
- log.info("no values remain, removing attribute");
- s->removeAttribute(acount--);
- break;
- }
- }
- }
- if (!ruleFound) {
- if (log.isWarnEnabled()) {
- auto_ptr_char temp(a->getName());
- log.warn("no rule found for attribute (%s), filtering it out",temp.get());
- }
- s->removeAttribute(acount--);
- }
- acount++;
- }
-
- try {
- s->checkValidity();
- scount++;
- }
- catch (SAMLException&) {
- // The statement is now defunct.
- log.info("no attributes remain, removing statement");
- assertion.removeStatement(scount);
- }
- }
-
- // Now see if we trashed it irrevocably.
- assertion.checkValidity();
-}
namespace shibboleth
{
- // Attribute acceptance processing interfaces, applied to incoming attributes.
-
- struct SHIB_EXPORTS IAttributeRule
- {
- virtual const XMLCh* getName() const=0;
- virtual const XMLCh* getNamespace() const=0;
- virtual const char* getAlias() const=0;
- virtual const char* getHeader() const=0;
- virtual bool getCaseSensitive() const=0;
- virtual void apply(saml::SAMLAttribute& attribute, const opensaml::saml2md::RoleDescriptor* role=NULL) const=0;
- virtual ~IAttributeRule() {}
- };
-
- struct SHIB_EXPORTS IAAP : public virtual xmltooling::Lockable, public virtual saml::IPlugIn
- {
- virtual bool anyAttribute() const=0;
- virtual const IAttributeRule* lookup(const XMLCh* attrName, const XMLCh* attrNamespace=NULL) const=0;
- virtual const IAttributeRule* lookup(const char* alias) const=0;
- virtual saml::Iterator<const IAttributeRule*> getAttributeRules() const=0;
- virtual ~IAAP() {}
- };
-
struct SHIB_EXPORTS IAttributeFactory : public virtual saml::IPlugIn
{
virtual saml::SAMLAttribute* build(DOMElement* e) const=0;
virtual ~IAttributeFactory() {}
};
-#ifdef SHIB_INSTANTIATE
- template class SHIB_EXPORTS saml::Iterator<IAAP*>;
- template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
-#endif
-
- class SHIB_EXPORTS AAP
- {
- public:
- AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace=NULL);
- AAP(const saml::Iterator<IAAP*>& aaps, const char* alias);
- ~AAP();
- bool fail() const {return m_mapper==NULL;}
- const IAttributeRule* operator->() const {return m_rule;}
- operator const IAttributeRule*() const {return m_rule;}
-
- static void apply(
- const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const opensaml::saml2md::RoleDescriptor* role=NULL
- );
-
- private:
- AAP(const AAP&);
- void operator=(const AAP&);
- IAAP* m_mapper;
- const IAttributeRule* m_rule;
- };
-
// Subclass around the OpenSAML browser profile interface,
// incoporates additional functionality using Shib-defined APIs.
class SHIB_EXPORTS ShibBrowserProfile : virtual public saml::SAMLBrowserProfile
>
</File>
<File
- RelativePath="Metadata.cpp"
- >
- </File>
- <File
RelativePath="resource.h"
>
</File>
if (!response)
throw opensaml::BindingException("unable to successfully query for attributes");
- // Run it through the AAP. Note that we could end up with an empty response!
- Iterator<SAMLAssertion*> a=response->getAssertions();
- for (unsigned long c=0; c < a.size();) {
- try {
- shibboleth::AAP::apply(app->getAAPProviders(),*(a[c]),AA);
- c++;
- }
- catch (SAMLException&) {
- response->removeAssertion(c);
- }
- }
-
Iterator<SAMLAssertion*> i=response->getAssertions();
if (i.hasNext())
{