bool forceAuthn,
const char* authnContextClassRef,
const char* authnContextComparison,
+ const char* NameIDFormat,
+ const char* SPNameQualifier,
string& relayState
) const;
string postData;
const Handler* ACS=NULL;
const char* option;
- pair<bool,const char*> acClass;
- pair<bool,const char*> acComp;
+ pair<bool,const char*> acClass, acComp, nidFormat, spQual;
bool isPassive=false,forceAuthn=false;
const Application& app=request.getApplication();
acComp.first = true;
else
acComp = getString("authnContextComparison");
+
+ if (nidFormat.second = request.getParameter("NameIDFormat"))
+ nidFormat.first = true;
+ else
+ nidFormat = getString("NameIDFormat");
+
+ if (spQual.second = request.getParameter("SPNameQualifier"))
+ spQual.first = true;
+ else
+ spQual = getString("SPNameQualifier");
}
else {
// We're running as a "virtual handler" from within the filter.
acComp = settings->getString("authnContextComparison");
if (!acComp.first)
acComp = getString("authnContextComparison");
+ nidFormat = settings->getString("NameIDFormat");
+ if (!nidFormat.first)
+ nidFormat = getString("NameIDFormat");
+ spQual = settings->getString("SPNameQualifier");
+ if (!spQual.first)
+ spQual = getString("SPNameQualifier");
}
if (ECP)
isPassive, forceAuthn,
acClass.first ? acClass.second : NULL,
acComp.first ? acComp.second : NULL,
+ nidFormat.first ? nidFormat.second : NULL,
+ spQual.first ? spQual.second : NULL,
target
);
}
isPassive, forceAuthn,
acClass.first ? acClass.second : NULL,
acComp.first ? acComp.second : NULL,
+ nidFormat.first ? nidFormat.second : NULL,
+ spQual.first ? spQual.second : NULL,
target
);
}
in.addmember("authnContextClassRef").string(acClass.second);
if (acComp.first)
in.addmember("authnContextComparison").string(acComp.second);
+ if (nidFormat.first)
+ in.addmember("NameIDFormat").string(nidFormat.second);
+ if (spQual.first)
+ in.addmember("SPNameQualifier").string(spQual.second);
if (acsByIndex.first && acsByIndex.second) {
if (ACS) {
// Determine index to use.
in["acsLocation"].string(), bind.get(),
in["isPassive"].integer()==1, in["forceAuthn"].integer()==1,
in["authnContextClassRef"].string(), in["authnContextComparison"].string(),
+ in["NameIDFormat"].string(), in["SPNameQualifier"].string(),
relayState
);
if (!ret.isstruct())
bool forceAuthn,
const char* authnContextClassRef,
const char* authnContextComparison,
+ const char* NameIDFormat,
+ const char* SPNameQualifier,
string& relayState
) const
{
req->setNameIDPolicy(namepol);
namepol->AllowCreate(true);
}
+ if (NameIDFormat && *NameIDFormat) {
+ auto_ptr_XMLCh wideform(NameIDFormat);
+ req->getNameIDPolicy()->setFormat(wideform.get());
+ }
+ if (SPNameQualifier && *SPNameQualifier) {
+ auto_ptr_XMLCh widequal(SPNameQualifier);
+ req->getNameIDPolicy()->setSPNameQualifier(widequal.get());
+ }
if (authnContextClassRef || authnContextComparison) {
RequestedAuthnContext* reqContext = req->getRequestedAuthnContext();
if (!reqContext) {