<pathentry kind="src" path="apache"/>
<pathentry kind="out" path=""/>
<pathentry kind="src" path="odbc-store"/>
-<pathentry excluding="util/|impl/|security/|metadata/|remoting/|remoting/impl/" kind="src" path="shibsp"/>
+<pathentry excluding="util/|impl/|security/|metadata/|remoting/|remoting/impl/|attribute/" kind="src" path="shibsp"/>
+<pathentry kind="src" path="shibsp/attribute"/>
<pathentry kind="src" path="shibsp/impl"/>
<pathentry kind="src" path="shibsp/metadata"/>
<pathentry excluding="impl/" kind="src" path="shibsp/remoting"/>
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shib", "shib\shib.vcproj", "{E6CAB6C8-1D73-4410-970A-52BF9EC57810}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shib_mysql_ccache", "shib-mysql-ccache\shib_mysql_ccache.vcproj", "{54671467-CA4D-4BA3-9A27-15ED5576143D}"
- ProjectSection(ProjectDependencies) = postProject
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
- {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shibtarget", "shib-target\shibtarget.vcproj", "{84890110-2190-4AAE-9BDC-58F90DF71E4F}"
ProjectSection(ProjectDependencies) = postProject
{81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
{E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "odbc_ccache", "odbc_ccache\odbc_ccache.vcproj", "{DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}"
- ProjectSection(ProjectDependencies) = postProject
- {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F}
- {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib22", "apache\mod_shib22.vcproj", "{B44C0852-83B8-4FB2-A86E-097C9C8256D0}"
ProjectSection(ProjectDependencies) = postProject
{E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810}
{E6CAB6C8-1D73-4410-970A-52BF9EC57810}.Debug|Win32.Build.0 = Debug|Win32
{E6CAB6C8-1D73-4410-970A-52BF9EC57810}.Release|Win32.ActiveCfg = Release|Win32
{E6CAB6C8-1D73-4410-970A-52BF9EC57810}.Release|Win32.Build.0 = Release|Win32
- {54671467-CA4D-4BA3-9A27-15ED5576143D}.Debug|Win32.ActiveCfg = Debug|Win32
- {54671467-CA4D-4BA3-9A27-15ED5576143D}.Debug|Win32.Build.0 = Debug|Win32
- {54671467-CA4D-4BA3-9A27-15ED5576143D}.Release|Win32.ActiveCfg = Release|Win32
- {54671467-CA4D-4BA3-9A27-15ED5576143D}.Release|Win32.Build.0 = Release|Win32
{84890110-2190-4AAE-9BDC-58F90DF71E4F}.Debug|Win32.ActiveCfg = Debug|Win32
{84890110-2190-4AAE-9BDC-58F90DF71E4F}.Debug|Win32.Build.0 = Debug|Win32
{84890110-2190-4AAE-9BDC-58F90DF71E4F}.Release|Win32.ActiveCfg = Release|Win32
{68E46D06-6B91-4C59-A700-78DD4D4C420B}.Debug|Win32.Build.0 = Debug|Win32
{68E46D06-6B91-4C59-A700-78DD4D4C420B}.Release|Win32.ActiveCfg = Release|Win32
{68E46D06-6B91-4C59-A700-78DD4D4C420B}.Release|Win32.Build.0 = Release|Win32
- {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Debug|Win32.ActiveCfg = Debug|Win32
- {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Debug|Win32.Build.0 = Debug|Win32
- {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Release|Win32.ActiveCfg = Release|Win32
- {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Release|Win32.Build.0 = Release|Win32
{B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Debug|Win32.ActiveCfg = Debug|Win32
{B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Debug|Win32.Build.0 = Debug|Win32
{B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Release|Win32.ActiveCfg = Release|Win32
{1396D80A-8672-4224-9B02-95F3F4207CDB} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}
{B44C0852-83B8-4FB2-A86E-097C9C8256D0} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}
{87C25D4E-8D19-4513-B0BA-BC668BC2DEE3} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}
- {54671467-CA4D-4BA3-9A27-15ED5576143D} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
{68E46D06-6B91-4C59-A700-78DD4D4C420B} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
- {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
{D341DCD8-7DCD-43A2-8559-C07DAB838711} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
{666A63A7-983F-4C19-8411-207F24305197} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}
{67AF22A3-C26E-40BE-B0CA-2ABEE5123763} = {FED80230-119E-4B2F-9F53-D2660A5F022B}
PlugManager::Factory TCPListenerFactory;
//PlugManager::Factory MemoryListenerFactory;
-PluginManager<SessionCache,const DOMElement*>::Factory MemoryCacheFactory;
PluginManager<Handler,const DOMElement*>::Factory ShibSessionInitiatorFactory;
PluginManager<Handler,const DOMElement*>::Factory SAML1POSTFactory;
PluginManager<Handler,const DOMElement*>::Factory SAML1ArtifactFactory;
conf.AssertionConsumerServiceManager.registerFactory(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT,&SAML1ArtifactFactory);
conf.SingleLogoutServiceManager.registerFactory(shibspconstants::SHIB1_LOGOUT_PROFILE_URI,&ShibLogoutFactory);
- conf.SessionCacheManager.registerFactory(MEMORY_SESSIONCACHE,&MemoryCacheFactory);
-
log.info("finished initializing");
return true;
}
{
if (XMLHelper::isNodeNamed(node,samlconstants::SAML1_NS,AttributeDesignator::LOCAL_NAME))
return FILTER_REJECT;
- else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,Attribute::LOCAL_NAME))
+ else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,opensaml::saml1::Attribute::LOCAL_NAME))
return FILTER_REJECT;
else if (XMLHelper::isNodeNamed(node,samlconstants::SAML1_NS,Audience::LOCAL_NAME))
return FILTER_REJECT;
const DOMElement* container=conf.isEnabled(SPConfig::OutOfProcess) ? SHAR : SHIRE;
child=XMLHelper::getFirstChildElement(container,MemorySessionCache);
if (child) {
- log.info("building Session Cache of type %s...",MEMORY_SESSIONCACHE);
- m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(MEMORY_SESSIONCACHE,child);
+ log.info("building Session Cache of type %s...",STORAGESERVICE_SESSION_CACHE);
+ m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE,child);
}
else {
child=XMLHelper::getFirstChildElement(container,SessionCache);
m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(type.get(),child);
}
else {
- log.info("custom SessionCache unspecified or no longer supported, building SessionCache of type %s...",MEMORY_SESSIONCACHE);
- m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(MEMORY_SESSIONCACHE,child);
+ log.info("custom SessionCache unspecified or no longer supported, building SessionCache of type %s...",STORAGESERVICE_SESSION_CACHE);
+ m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE,child);
}
}
if (fact) {
m_attrFactories.push_back(fact);
ShibConfig::getConfig().regAttributeMapping(
- child->getAttributeNS(NULL,Attribute::ATTRIBUTENAME_ATTRIB_NAME), fact
+ child->getAttributeNS(NULL,opensaml::saml1::Attribute::ATTRIBUTENAME_ATTRIB_NAME), fact
);
}
else {
>
</File>
<File
- RelativePath="shib-ccache.cpp"
- >
- </File>
- <File
RelativePath="shib-config.cpp"
>
</File>
#ifndef __shibsp_sessioncache_h__
#define __shibsp_sessioncache_h__
+#include <shibsp/base.h>
+#include <saml/saml1/core/Assertions.h>
+#include <saml/saml2/metadata/Metadata.h>
#include <xmltooling/Lockable.h>
-#include <xercesc/dom/DOM.hpp>
namespace shibsp {
class SHIBSP_API Application;
+ class SHIBSP_API Attribute;
class SHIBSP_API Session : public virtual xmltooling::Lockable
{
Session() {}
virtual ~Session() {}
public:
- /* TODO: design new interface, probably with version-specific subinterfaces
+ /**
+ * Returns the address of the client associated with the session.
+ *
+ * @return the client's network address
+ */
virtual const char* getClientAddress() const=0;
- virtual const char* getProviderId() const=0;
- virtual std::pair<const char*,const saml::SAMLSubject*> getSubject(bool xml=true, bool obj=false) const=0;
- virtual const char* getAuthnContext() const=0;
- virtual std::pair<const char*,const saml::SAMLResponse*> getTokens(bool xml=true, bool obj=false) const=0;
- virtual std::pair<const char*,const saml::SAMLResponse*> getFilteredTokens(bool xml=true, bool obj=false) const=0;
- */
+
+ /**
+ * Returns the entityID of the IdP that initiated the session.
+ *
+ * @return the IdP's entityID
+ */
+ virtual const char* getEntityID() const=0;
+
+ /**
+ * Returns the timestamp on the authentication event at the IdP.
+ *
+ * @return the authentication timestamp
+ */
+ virtual time_t getAuthnInstant() const=0;
+
+ /**
+ * Returns the set of resolved attributes associated with the session.
+ *
+ * @return an immutable array of attributes
+ */
+ virtual const std::vector<const Attribute*>& getAttributes() const=0;
+
+ /**
+ * Adds additional attributes to the session.
+ *
+ * @param attributes reference to an array of Attributes to cache (will be freed by cache)
+ */
+ virtual void addAttributes(const std::vector<Attribute*>& attributes)=0;
+
+ /**
+ * Returns the identifiers of the assertion(s) cached by the session.
+ *
+ * <p>The SSO assertion is guaranteed to be first in the set.
+ *
+ * @return an immutable array of AssertionID values
+ */
+ virtual const std::vector<const char*>& getAssertionIDs() const=0;
+
+ /**
+ * Returns an assertion cached by the session.
+ *
+ * @param id identifier of the assertion to retrieve
+ * @return pointer to assertion, or NULL
+ */
+ virtual const opensaml::RootObject* getAssertion(const char* id) const=0;
+
+ /**
+ * Stores an assertion in the session.
+ *
+ * @param assertion pointer to an assertion to cache (will be freed by cache)
+ */
+ virtual void addAssertion(opensaml::RootObject* assertion)=0;
+ };
+
+ class SHIBSP_API SAML1Session : public virtual Session
+ {
+ protected:
+ SAML1Session() {}
+ virtual ~SAML1Session() {}
+
+ public:
+ /**
+ * Returns the NameIdentifier associated with a SAML 1.x session.
+ *
+ * @return reference to a SAML 1.x NameIdentifier
+ */
+ virtual const opensaml::saml1::NameIdentifier& getNameIdentifier() const=0;
+
+ /**
+ * Returns a URI containing the AuthenticationMethod.
+ *
+ * @return a URI identifying the authentication method
+ */
+ virtual const char* getAuthenticationMethod() const=0;
+
+ };
+
+ class SHIBSP_API SAML2Session : public virtual Session
+ {
+ protected:
+ SAML2Session() {}
+ virtual ~SAML2Session() {}
+
+ public:
+ /**
+ * Returns the NameID associated with a SAML 2.0 session.
+ *
+ * @return reference to a SAML 2.0 NameID
+ */
+ virtual const opensaml::saml2::NameID& getNameID() const=0;
+
+ /**
+ * Returns the SessionIndex provided with the session.
+ *
+ * @return the SessionIndex from the original SSO assertion, if any
+ */
+ virtual const char* getSessionIndex() const=0;
+
+ /**
+ * Returns a URI containing an AuthnContextClassRef provided with the session.
+ *
+ * @return a URI identifying the authentication context class
+ */
+ virtual const char* getAuthnContextClassRef() const=0;
+
+ /**
+ * Returns a URI containing an AuthnContextDeclRef provided with the session.
+ *
+ * @return a URI identifying the authentication context declaration
+ */
+ virtual const char* getAuthnContextDeclRef() const=0;
+
};
/**
{
MAKE_NONCOPYABLE(SessionCache);
protected:
- SessionCache() {}
+
+ /**
+ * Constructor
+ *
+ * <p>The following XML content is supported to configure the cache:
+ * <dl>
+ * <dt>cacheTimeout</dt>
+ * <dd>attribute containing maximum lifetime in seconds for sessions in cache</dd>
+ * <dt>cleanupInterval</dt>
+ * <dd>attribute containing interval in seconds between attempts to purge expired sessions</dd>
+ * <dt>strictValidity</dt>
+ * <dd>boolean attribute indicating whether to honor SessionNotOnOrAfter information</dd>
+ * <dt>writeThrough</dt>
+ * <dd>boolean attribute indicating that every access to a session should update persistent storage</dd>
+ * </dl>
+ *
+ * @param e root of DOM tree to configure the cache
+ */
+ SessionCache(const DOMElement* e);
+
public:
virtual ~SessionCache() {}
+
+ /**
+ * Inserts a new session into the cache.
+ *
+ * <p>The SSO token remains owned by the caller and must be copied by the
+ * cache. Any Attributes supplied become the property of the cache.
+ *
+ * @param application reference to Application that owns the Session
+ * @param client_addr network address of client
+ * @param ssoToken reference to SSO assertion initiating the session
+ * @param issuer issuing metadata role of assertion issuer, if known
+ * @param attributes optional set of resolved Attributes to cache with session
+ * @return pointer to newly created (and locked) Session
+ */
+ virtual Session* insert(
+ const Application& application,
+ const char* client_addr,
+ const opensaml::RootObject& ssoToken,
+ const opensaml::saml2md::RoleDescriptor* issuer=NULL,
+ const std::vector<Attribute*>* attributes=NULL
+ )=0;
+
+ /**
+ * Locates an existing session.
+ *
+ * @param key session key
+ * @param application reference to Application that owns the Session
+ * @param client_addr network address of client (if known)
+ * @return pointer to locked Session, or NULL
+ */
+ virtual Session* find(const char* key, const Application& application, const char* client_addr)=0;
+
+ /**
+ * Deletes an existing session.
+ *
+ * @param key session key
+ * @param application reference to Application that owns the Session
+ * @param client_addr network address of client (if known)
+ */
+ virtual void remove(const char* key, const Application& application, const char* client_addr)=0;
};
+ /** Remoting-aware SessionCache implementation backed by a StorageService. */
+ #define STORAGESERVICE_SESSION_CACHE "edu.internet2.middleware.shibboleth.sp.provider.StorageServiceSessionCache"
+
/**
* Registers SessionCache classes into the runtime.
*/
using namespace xmltooling;\r
using namespace log4cpp;\r
using namespace std;\r
-/*\r
+\r
namespace shibsp {\r
\r
- SessionCache* SHIBSP_DLLLOCAL XMLRequestMapperFactory(const DOMElement* const & e)\r
+ SessionCache* SHIBSP_DLLLOCAL StorageServiceCacheFactory(const DOMElement* const & e)\r
{\r
- return new XMLRequestMapper(e);\r
+ return NULL;\r
}\r
\r
}\r
-*/\r
+\r
void SHIBSP_API shibsp::registerSessionCaches()\r
{\r
- //SPConfig::getConfig().SessionCacheManager.registerFactory(XML_REQUEST_MAPPER, XMLRequestMapperFactory);\r
+ SPConfig::getConfig().SessionCacheManager.registerFactory(STORAGESERVICE_SESSION_CACHE, StorageServiceCacheFactory);\r
}\r