Add global attribute prefix after filtering/resolution, to allow AJP forwarding and...

diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index 768e634..c08d2b4 100644 (file)
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -471,6 +471,7 @@
                <attribute name="REMOTE_USER" type="conf:listOfStrings"/>\r
                <attribute name="unsetHeaders" type="conf:listOfStrings"/>\r
                <attribute name="metadataAttributePrefix" type="conf:string"/>\r
+           <attribute name="attributePrefix" type="conf:string"/>\r
                <attribute name="localLogout" type="anyURI"/>\r
                <attribute name="globalLogout" type="anyURI"/>\r
        </attributeGroup>\r

diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp
index 7737f2d..9e25a2c 100644 (file)
--- a/shibsp/handler/impl/AssertionConsumerService.cpp
+++ b/shibsp/handler/impl/AssertionConsumerService.cpp
@@ -256,15 +256,15 @@ ResolutionContext* AssertionConsumerService::resolveAttributes(
     if (extractor) {
         Locker extlocker(extractor);
         if (entity) {
-            pair<bool,const char*> prefix = application.getString("metadataAttributePrefix");
-            if (prefix.first) {
+            pair<bool,const char*> mprefix = application.getString("metadataAttributePrefix");
+            if (mprefix.first) {
                 m_log.debug("extracting metadata-derived attributes...");
                 try {
                     extractor->extractAttributes(application, issuer, *entity, resolvedAttributes);
                     for (vector<Attribute*>::iterator a = resolvedAttributes.begin(); a != resolvedAttributes.end(); ++a) {
                         vector<string>& ids = (*a)->getAliases();
                         for (vector<string>::iterator id = ids.begin(); id != ids.end(); ++id)
-                            *id = prefix.second + *id;
+                            *id = mprefix.second + *id;
                     }
                 }
                 catch (exception& ex) {
@@ -338,6 +338,17 @@ ResolutionContext* AssertionConsumerService::resolveAttributes(
             // Copy over any pushed attributes.
             if (!resolvedAttributes.empty())
                 ctx->getResolvedAttributes().insert(ctx->getResolvedAttributes().end(), resolvedAttributes.begin(), resolvedAttributes.end());
+
+            // Attach global prefix if needed.
+            pair<bool,const char*> prefix = application.getString("attributePrefix");
+            if (prefix.first) {
+                for (vector<Attribute*>::iterator a = ctx->getResolvedAttributes().begin(); a != ctx->getResolvedAttributes().end(); ++a) {
+                    vector<string>& ids = (*a)->getAliases();
+                    for (vector<string>::iterator id = ids.begin(); id != ids.end(); ++id)
+                        *id = prefix.second + *id;
+                }
+            }
+
             return ctx.release();
         }
     }
@@ -345,8 +356,19 @@ ResolutionContext* AssertionConsumerService::resolveAttributes(
         m_log.error("attribute resolution failed: %s", ex.what());
     }
     
-    if (!resolvedAttributes.empty())
+    if (!resolvedAttributes.empty()) {
+        // Attach global prefix if needed.
+        pair<bool,const char*> prefix = application.getString("attributePrefix");
+        if (prefix.first) {
+            for (vector<Attribute*>::iterator a = resolvedAttributes.begin(); a != resolvedAttributes.end(); ++a) {
+                vector<string>& ids = (*a)->getAliases();
+                for (vector<string>::iterator id = ids.begin(); id != ids.end(); ++id)
+                    *id = prefix.second + *id;
+            }
+        }
+
         return new DummyContext(resolvedAttributes);
+    }
     return NULL;
 }