{
public:
ADFSSessionInitiator(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.ADFS")), m_appId(appId), m_binding(WSFED_NS) {
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.ADFS"), NULL, &m_remapper), m_appId(appId), m_binding(WSFED_NS) {
// If Location isn't set, defer address registration until the setParent call.
pair<bool,const char*> loc = getString("Location");
if (loc.first) {
if (option) {
ACS = app.getAssertionConsumerServiceByIndex(atoi(option));
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using acsIndex property");
}
option = request.getParameter("target");
// Since we're not passing by index, we need to fully compute the return URL.
if (!ACS) {
- pair<bool,unsigned int> index = getUnsignedInt("defaultACSIndex");
+ pair<bool,unsigned int> index = getUnsignedInt("acsIndex");
if (index.first) {
ACS = app.getAssertionConsumerServiceByIndex(index.second);
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid defaultACSIndex, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex property, using default ACS location");
}
if (!ACS)
ACS = app.getDefaultAssertionConsumerService();
<!-- Default example directs to a specific IdP's SSO service (favoring SAML 2 over Shib 1). -->
<SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Intranet"
relayState="cookie" entityID="https://idp.example.org/shibboleth">
- <SessionInitiator type="SAML2" defaultACSIndex="1" template="bindingTemplate.html"/>
- <SessionInitiator type="Shib1" defaultACSIndex="5"/>
+ <SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" acsIndex="5"/>
</SessionInitiator>
<!-- An example using an old-style WAYF, which means Shib 1 only unless an entityID is provided. -->
<SessionInitiator type="Chaining" Location="/WAYF" id="WAYF" relayState="cookie">
- <SessionInitiator type="SAML2" defaultACSIndex="1" template="bindingTemplate.html"/>
- <SessionInitiator type="Shib1" defaultACSIndex="5"/>
- <SessionInitiator type="WAYF" defaultACSIndex="5" URL="https://wayf.example.org/WAYF"/>
+ <SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" acsIndex="5"/>
+ <SessionInitiator type="WAYF" acsIndex="5" URL="https://wayf.example.org/WAYF"/>
</SessionInitiator>
<!-- An example supporting the new-style of discovery service. -->
<SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
- <SessionInitiator type="SAML2" defaultACSIndex="1" template="bindingTemplate.html"/>
- <SessionInitiator type="Shib1" defaultACSIndex="5"/>
+ <SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" acsIndex="5"/>
<SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS/WAYF"/>
</SessionInitiator>
elementFormDefault="qualified"\r
attributeFormDefault="unqualified"\r
blockDefault="substitution"\r
- version="2.2">\r
+ version="2.3">\r
\r
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
<import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>\r
<attribute name="template" type="anyURI"/>\r
<attribute name="postArtifact" type="boolean"/>\r
<attribute name="acsByIndex" type="boolean"/>\r
- <attribute name="defaultACSIndex" type="unsignedShort"/>\r
+ <attribute name="acsIndex" type="unsignedShort"/>\r
+ <attribute name="defaultACSIndex" type="unsignedShort"/> <!-- deprecated -->\r
<attribute name="isPassive" type="boolean"/>\r
<attribute name="forceAuthn" type="boolean"/>\r
<attribute name="authnContextClassRef" type="anyURI"/>\r
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
class SHIBSP_API SessionInitiator : public virtual Handler
{
+ friend void SHIBSP_API registerSessionInitiators();
protected:
+ /** Property remapper for configuration compatibility. */
+ static std::map<std::string,std::string> m_remapper;
+
SessionInitiator() {}
public:
};
SAML2SessionInitiator::SAML2SessionInitiator(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.SAML2")), m_appId(appId),
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.SAML2"), NULL, &m_remapper), m_appId(appId),
m_paosNS(samlconstants::PAOS_NS), m_ecpNS(samlconstants::SAML20ECP_NS), m_paosBinding(samlconstants::SAML20_BINDING_PAOS)
{
static const XMLCh ECP[] = UNICODE_LITERAL_3(E,C,P);
if (option) {
ACS = app.getAssertionConsumerServiceByIndex(atoi(option));
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using acsIndex property");
else if (ECP && !XMLString::equals(ACS->getString("Binding").second, samlconstants::SAML20_BINDING_PAOS)) {
request.log(SPRequest::SPWarn, "acsIndex in request referenced a non-PAOS ACS, using default ACS location");
ACS = NULL;
ACS = handlers.front();
}
else {
- pair<bool,unsigned int> index = getUnsignedInt("defaultACSIndex");
+ pair<bool,unsigned int> index = getUnsignedInt("acsIndex");
if (index.first) {
ACS = app.getAssertionConsumerServiceByIndex(index.second);
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid defaultACSIndex, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex property, using default ACS location");
}
if (!ACS)
ACS = app.getDefaultAssertionConsumerService();
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
SHIBSP_DLLLOCAL PluginManager< SessionInitiator,string,pair<const DOMElement*,const char*> >::Factory CookieSessionInitiatorFactory;
};
+map<string,string> SessionInitiator::m_remapper;
+
void SHIBSP_API shibsp::registerSessionInitiators()
{
SPConfig& conf=SPConfig::getConfig();
conf.SessionInitiatorManager.registerFactory(TRANSFORM_SESSION_INITIATOR, TransformSessionInitiatorFactory);
conf.SessionInitiatorManager.registerFactory(FORM_SESSION_INITIATOR, FormSessionInitiatorFactory);
conf.SessionInitiatorManager.registerFactory(COOKIE_SESSION_INITIATOR, CookieSessionInitiatorFactory);
+
+ SessionInitiator::m_remapper["defaultACSIndex"] = "acsIndex";
}
pair<bool,long> SessionInitiator::run(SPRequest& request, bool isHandler) const
{
public:
Shib1SessionInitiator(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.Shib1")), m_appId(appId) {
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.Shib1"), NULL, &m_remapper), m_appId(appId) {
// If Location isn't set, defer address registration until the setParent call.
pair<bool,const char*> loc = getString("Location");
if (loc.first) {
if (option) {
ACS = app.getAssertionConsumerServiceByIndex(atoi(option));
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using acsIndex property");
}
option = request.getParameter("target");
// Since we're not passing by index, we need to fully compute the return URL.
if (!ACS) {
- pair<bool,unsigned int> index = getUnsignedInt("defaultACSIndex");
+ pair<bool,unsigned int> index = getUnsignedInt("acsIndex");
if (index.first) {
ACS = app.getAssertionConsumerServiceByIndex(index.second);
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid defaultACSIndex, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex property, using default ACS location");
}
if (!ACS)
ACS = app.getDefaultAssertionConsumerService();
{
public:
WAYFSessionInitiator(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.WAYF")), m_url(NULL) {
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.WAYF"), NULL, &m_remapper), m_url(NULL) {
pair<bool,const char*> url = getString("URL");
if (!url.first)
throw ConfigurationException("WAYF SessionInitiator requires a URL property.");
if (option) {
ACS=app.getAssertionConsumerServiceByIndex(atoi(option));
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex specified in request, using acsIndex property");
}
option = request.getParameter("target");
// Since we're not passing by index, we need to fully compute the return URL.
if (!ACS) {
- pair<bool,unsigned int> index = getUnsignedInt("defaultACSIndex");
+ pair<bool,unsigned int> index = getUnsignedInt("acsIndex");
if (index.first) {
ACS = app.getAssertionConsumerServiceByIndex(index.second);
if (!ACS)
- request.log(SPRequest::SPWarn, "invalid defaultACSIndex, using default ACS location");
+ request.log(SPRequest::SPWarn, "invalid acsIndex property, using default ACS location");
}
if (!ACS)
ACS = app.getDefaultAssertionConsumerService();