+void ADFSMessageRule::evaluate(const XMLObject& message, const GenericRequest* request, const XMLCh* protocol, SecurityPolicy& policy) const
+{
+ Category& log=Category::getInstance(SHIBSP_LOGCAT".SecurityPolicyRule.ADFSMessage");
+
+ if (!XMLString::equals(protocol, m_protocol.get()))
+ return;
+
+ const QName& q = message.getElementQName();
+ if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1_NS) ||
+ !XMLString::equals(q.getLocalPart(), saml1::Assertion::LOCAL_NAME))
+ return;
+
+ try {
+ const saml1::Assertion& token = dynamic_cast<const saml1::Assertion&>(message);
+ policy.setMessageID(token.getAssertionID());
+ policy.setIssueInstant(token.getIssueInstantEpoch());
+
+ log.debug("extracting issuer from message");
+
+ policy.setIssuer(token.getIssuer());
+
+ if (log.isDebugEnabled()) {
+ auto_ptr_char iname(token.getIssuer());
+ log.debug("message from (%s)", iname.get());
+ }
+
+ if (policy.getIssuerMetadata()) {
+ log.debug("metadata for issuer already set, leaving in place");
+ return;
+ }
+
+ if (policy.getMetadataProvider() && policy.getRole()) {
+ log.debug("searching metadata for message issuer...");
+ const EntityDescriptor* entity = policy.getMetadataProvider()->getEntityDescriptor(token.getIssuer());
+ if (!entity) {
+ auto_ptr_char temp(token.getIssuer());
+ log.warn("no metadata found, can't establish identity of issuer (%s)", temp.get());
+ return;
+ }
+
+ log.debug("matched message issuer against metadata, searching for applicable role...");
+ const RoleDescriptor* roledesc=entity->getRoleDescriptor(*policy.getRole(), m_protocol.get());
+ if (!roledesc) {
+ log.warn("unable to find compatible role (%s) in metadata", policy.getRole()->toString().c_str());
+ return;
+ }
+ policy.setIssuerMetadata(roledesc);
+ }
+ }
+ catch (bad_cast&) {
+ // Just trap it.
+ log.warn("caught a bad_cast while examining message");
+ }
+}
+