From: Scott Cantor Date: Thu, 9 Feb 2012 04:33:47 +0000 (+0000) Subject: https://issues.shibboleth.net/jira/browse/SSPCPP-421 X-Git-Tag: 2.5.0~181 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=93055c37fab444ccf216ac53debc192b4b88df44 https://issues.shibboleth.net/jira/browse/SSPCPP-421 --- diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp index 2e9e0c7..5c02bb2 100644 --- a/adfs/adfs.cpp +++ b/adfs/adfs.cpp @@ -767,6 +767,7 @@ void ADFSConsumer::implementProtocol( &httpRequest, policy.getIssuerMetadata(), m_protocol.get(), + nullptr, saml1name, saml1statement, (saml1name ? nameid.get() : saml2name), diff --git a/shibsp/Makefile.am b/shibsp/Makefile.am index f525df9..5f53b1f 100644 --- a/shibsp/Makefile.am +++ b/shibsp/Makefile.am @@ -242,16 +242,16 @@ xmldir = $(datadir)/xml paths.h: ${srcdir}/paths.h.in Makefile ${top_builddir}/config.status rm -f $@.tmp sed < ${srcdir}/$@.in > $@.tmp \ - -e 's:@-PREFIX-@:${prefix}:g' \ - -e 's:@-LIBDIR-@:${libdir}:g' \ - -e 's:@-SYSCONFDIR-@:${sysconfdir}:g' \ - -e 's:@-LOGDIR-@:${logdir}:g' \ - -e 's:@-RUNDIR-@:${rundir}:g' \ - -e 's:@-XMLDIR-@:${xmldir}:g' \ - -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ - -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ - -e 's:@-XMLTOOLINGXMLDIR-@:${XMLTOOLINGXMLDIR}:g' \ - -e 's:@-OPENSAMLXMLDIR-@:${OPENSAMLXMLDIR}:g' + -e 's:@-PREFIX-@:${prefix}:g' \ + -e 's:@-LIBDIR-@:${libdir}:g' \ + -e 's:@-SYSCONFDIR-@:${sysconfdir}:g' \ + -e 's:@-LOGDIR-@:${logdir}:g' \ + -e 's:@-RUNDIR-@:${rundir}:g' \ + -e 's:@-XMLDIR-@:${xmldir}:g' \ + -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ + -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ + -e 's:@-XMLTOOLINGXMLDIR-@:${XMLTOOLINGXMLDIR}:g' \ + -e 's:@-OPENSAMLXMLDIR-@:${OPENSAMLXMLDIR}:g' cmp -s $@ $@.tmp || mv $@.tmp $@ rm -f $@.tmp @@ -264,7 +264,7 @@ EXTRA_DIST = \ shibsp.vcxproj.filters \ shibsp-lite.vcxproj.filters \ config_pub.h.in \ - config_pub_win32.h\ + config_pub_win32.h\ paths.h.in \ resource.h \ shibsp.rc diff --git a/shibsp/attribute/resolver/impl/AssertionAttributeExtractor.cpp b/shibsp/attribute/resolver/impl/AssertionAttributeExtractor.cpp index 83e8f38..5d1f0ac 100644 --- a/shibsp/attribute/resolver/impl/AssertionAttributeExtractor.cpp +++ b/shibsp/attribute/resolver/impl/AssertionAttributeExtractor.cpp @@ -31,7 +31,7 @@ #include "attribute/resolver/AttributeExtractor.h" #include -#include +#include #include #include #include @@ -83,7 +83,8 @@ namespace shibsp { m_sessionIndex, m_sessionNotOnOrAfter, m_subjectAddress, - m_subjectDNS; + m_subjectDNS, + m_consent; }; #if defined (_MSC_VER) @@ -107,7 +108,8 @@ AssertionExtractor::AssertionExtractor(const DOMElement* e) m_sessionIndex(XMLHelper::getAttrString(e, nullptr, AuthnStatement::SESSIONINDEX_ATTRIB_NAME)), m_sessionNotOnOrAfter(XMLHelper::getAttrString(e, nullptr, AuthnStatement::SESSIONNOTONORAFTER_ATTRIB_NAME)), m_subjectAddress(XMLHelper::getAttrString(e, nullptr, saml2::SubjectLocality::ADDRESS_ATTRIB_NAME)), - m_subjectDNS(XMLHelper::getAttrString(e, nullptr, saml2::SubjectLocality::DNSNAME_ATTRIB_NAME)) + m_subjectDNS(XMLHelper::getAttrString(e, nullptr, saml2::SubjectLocality::DNSNAME_ATTRIB_NAME)), + m_consent(XMLHelper::getAttrString(e, nullptr, saml2p::StatusResponseType::CONSENT_ATTRIB_NAME)) { } @@ -115,6 +117,21 @@ void AssertionExtractor::extractAttributes( const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector& attributes ) const { + const saml2p::StatusResponseType* srt = dynamic_cast(&xmlObject); + if (srt) { + // Consent + if (!m_consent.empty() && srt->getConsent()) { + auto_ptr_char temp(srt->getConsent()); + if (temp.get() && *temp.get()) { + auto_ptr consent(new SimpleAttribute(vector(1, m_consent))); + consent->getValues().push_back(temp.get()); + attributes.push_back(consent.get()); + consent.release(); + } + } + return; + } + const saml2::Assertion* saml2assertion = dynamic_cast(&xmlObject); if (saml2assertion) { // Issuer @@ -122,7 +139,7 @@ void AssertionExtractor::extractAttributes( const Issuer* i = saml2assertion->getIssuer(); if (i && (!i->getFormat() || !*(i->getFormat()) || XMLString::equals(i->getFormat(), NameIDType::ENTITY))) { auto_ptr_char temp(i->getName()); - if (temp.get()) { + if (temp.get() && *temp.get()) { auto_ptr issuer(new SimpleAttribute(vector(1, m_issuer))); issuer->getValues().push_back(temp.get()); attributes.push_back(issuer.get()); @@ -141,184 +158,187 @@ void AssertionExtractor::extractAttributes( notonorafter.release(); } } + + return; } - else { - const AuthnStatement* saml2statement = dynamic_cast(&xmlObject); - if (saml2statement) { - // AuthnInstant - if (!m_authnInstant.empty() && saml2statement->getAuthnInstant()) { - auto_ptr_char temp(saml2statement->getAuthnInstant()->getRawData()); + + const AuthnStatement* saml2statement = dynamic_cast(&xmlObject); + if (saml2statement) { + // AuthnInstant + if (!m_authnInstant.empty() && saml2statement->getAuthnInstant()) { + auto_ptr_char temp(saml2statement->getAuthnInstant()->getRawData()); + if (temp.get()) { + auto_ptr authninstant(new SimpleAttribute(vector(1, m_authnInstant))); + authninstant->getValues().push_back(temp.get()); + attributes.push_back(authninstant.get()); + authninstant.release(); + } + } + + // SessionIndex + if (!m_sessionIndex.empty() && saml2statement->getSessionIndex() && *(saml2statement->getSessionIndex())) { + auto_ptr_char temp(saml2statement->getSessionIndex()); + if (temp.get()) { + auto_ptr sessionindex(new SimpleAttribute(vector(1, m_sessionIndex))); + sessionindex->getValues().push_back(temp.get()); + attributes.push_back(sessionindex.get()); + sessionindex.release(); + } + } + + // SessionNotOnOrAfter + if (!m_sessionNotOnOrAfter.empty() && saml2statement->getSessionNotOnOrAfter()) { + auto_ptr_char temp(saml2statement->getSessionNotOnOrAfter()->getRawData()); + if (temp.get()) { + auto_ptr sessionnotonorafter(new SimpleAttribute(vector(1, m_sessionNotOnOrAfter))); + sessionnotonorafter->getValues().push_back(temp.get()); + attributes.push_back(sessionnotonorafter.get()); + sessionnotonorafter.release(); + } + } + + if (saml2statement->getSubjectLocality()) { + const saml2::SubjectLocality* locality = saml2statement->getSubjectLocality(); + // Address + if (!m_subjectAddress.empty() && locality->getAddress() && *(locality->getAddress())) { + auto_ptr_char temp(locality->getAddress()); if (temp.get()) { - auto_ptr authninstant(new SimpleAttribute(vector(1, m_authnInstant))); - authninstant->getValues().push_back(temp.get()); - attributes.push_back(authninstant.get()); - authninstant.release(); + auto_ptr address(new SimpleAttribute(vector(1, m_subjectAddress))); + address->getValues().push_back(temp.get()); + attributes.push_back(address.get()); + address.release(); } } - // SessionIndex - if (!m_sessionIndex.empty() && saml2statement->getSessionIndex() && *(saml2statement->getSessionIndex())) { - auto_ptr_char temp(saml2statement->getSessionIndex()); + // DNSName + if (!m_subjectDNS.empty() && locality->getDNSName() && *(locality->getDNSName())) { + auto_ptr_char temp(locality->getDNSName()); if (temp.get()) { - auto_ptr sessionindex(new SimpleAttribute(vector(1, m_sessionIndex))); - sessionindex->getValues().push_back(temp.get()); - attributes.push_back(sessionindex.get()); - sessionindex.release(); + auto_ptr dns(new SimpleAttribute(vector(1, m_subjectDNS))); + dns->getValues().push_back(temp.get()); + attributes.push_back(dns.get()); + dns.release(); } } + } - // SessionNotOnOrAfter - if (!m_sessionNotOnOrAfter.empty() && saml2statement->getSessionNotOnOrAfter()) { - auto_ptr_char temp(saml2statement->getSessionNotOnOrAfter()->getRawData()); + if (saml2statement->getAuthnContext()) { + const AuthnContext* ac = saml2statement->getAuthnContext(); + // AuthnContextClassRef + if (!m_authnClass.empty() && ac->getAuthnContextClassRef() && ac->getAuthnContextClassRef()->getReference()) { + auto_ptr_char temp(ac->getAuthnContextClassRef()->getReference()); if (temp.get()) { - auto_ptr sessionnotonorafter(new SimpleAttribute(vector(1, m_sessionNotOnOrAfter))); - sessionnotonorafter->getValues().push_back(temp.get()); - attributes.push_back(sessionnotonorafter.get()); - sessionnotonorafter.release(); + auto_ptr classref(new SimpleAttribute(vector(1, m_authnClass))); + classref->getValues().push_back(temp.get()); + attributes.push_back(classref.get()); + classref.release(); } } - if (saml2statement->getSubjectLocality()) { - const saml2::SubjectLocality* locality = saml2statement->getSubjectLocality(); - // Address - if (!m_subjectAddress.empty() && locality->getAddress() && *(locality->getAddress())) { - auto_ptr_char temp(locality->getAddress()); - if (temp.get()) { - auto_ptr address(new SimpleAttribute(vector(1, m_subjectAddress))); - address->getValues().push_back(temp.get()); - attributes.push_back(address.get()); - address.release(); - } + // AuthnContextDeclRef + if (!m_authnDecl.empty() && ac->getAuthnContextDeclRef() && ac->getAuthnContextDeclRef()->getReference()) { + auto_ptr_char temp(ac->getAuthnContextDeclRef()->getReference()); + if (temp.get()) { + auto_ptr declref(new SimpleAttribute(vector(1, m_authnDecl))); + declref->getValues().push_back(temp.get()); + attributes.push_back(declref.get()); + declref.release(); } + } - // DNSName - if (!m_subjectDNS.empty() && locality->getDNSName() && *(locality->getDNSName())) { - auto_ptr_char temp(locality->getDNSName()); - if (temp.get()) { - auto_ptr dns(new SimpleAttribute(vector(1, m_subjectDNS))); - dns->getValues().push_back(temp.get()); - attributes.push_back(dns.get()); - dns.release(); - } + // AuthenticatingAuthority + if (!m_authnAuthority.empty() && !ac->getAuthenticatingAuthoritys().empty()) { + auto_ptr attr(new SimpleAttribute(vector(1, m_authnAuthority))); + const vector& authorities = ac->getAuthenticatingAuthoritys(); + for (vector::const_iterator a = authorities.begin(); a != authorities.end(); ++a) { + auto_ptr_char temp((*a)->getID()); + if (temp.get()) + attr->getValues().push_back(temp.get()); + } + if (attr->valueCount() > 0) { + attributes.push_back(attr.get()); + attr.release(); } } + } - if (saml2statement->getAuthnContext()) { - const AuthnContext* ac = saml2statement->getAuthnContext(); - // AuthnContextClassRef - if (!m_authnClass.empty() && ac->getAuthnContextClassRef() && ac->getAuthnContextClassRef()->getReference()) { - auto_ptr_char temp(ac->getAuthnContextClassRef()->getReference()); - if (temp.get()) { - auto_ptr classref(new SimpleAttribute(vector(1, m_authnClass))); - classref->getValues().push_back(temp.get()); - attributes.push_back(classref.get()); - classref.release(); - } - } + return; + } - // AuthnContextDeclRef - if (!m_authnDecl.empty() && ac->getAuthnContextDeclRef() && ac->getAuthnContextDeclRef()->getReference()) { - auto_ptr_char temp(ac->getAuthnContextDeclRef()->getReference()); - if (temp.get()) { - auto_ptr declref(new SimpleAttribute(vector(1, m_authnDecl))); - declref->getValues().push_back(temp.get()); - attributes.push_back(declref.get()); - declref.release(); - } + const saml1::Assertion* saml1assertion = dynamic_cast(&xmlObject); + if (saml1assertion) { + // Issuer + if (!m_issuer.empty()) { + if (saml1assertion->getIssuer() && *(saml1assertion->getIssuer())) { + auto_ptr_char temp(saml1assertion->getIssuer()); + if (temp.get()) { + auto_ptr issuer(new SimpleAttribute(vector(1, m_issuer))); + issuer->getValues().push_back(temp.get()); + attributes.push_back(issuer.get()); + issuer.release(); } + } + } - // AuthenticatingAuthority - if (!m_authnAuthority.empty() && !ac->getAuthenticatingAuthoritys().empty()) { - auto_ptr attr(new SimpleAttribute(vector(1, m_authnAuthority))); - const vector& authorities = ac->getAuthenticatingAuthoritys(); - for (vector::const_iterator a = authorities.begin(); a != authorities.end(); ++a) { - auto_ptr_char temp((*a)->getID()); - if (temp.get()) - attr->getValues().push_back(temp.get()); - } - if (attr->valueCount() > 0) { - attributes.push_back(attr.get()); - attr.release(); - } - } + // NotOnOrAfter + if (!m_notOnOrAfter.empty() && saml1assertion->getConditions() && saml1assertion->getConditions()->getNotOnOrAfter()) { + auto_ptr_char temp(saml1assertion->getConditions()->getNotOnOrAfter()->getRawData()); + if (temp.get()) { + auto_ptr notonorafter(new SimpleAttribute(vector(1, m_notOnOrAfter))); + notonorafter->getValues().push_back(temp.get()); + attributes.push_back(notonorafter.get()); + notonorafter.release(); + } + } + + return; + } + + const AuthenticationStatement* saml1statement = dynamic_cast(&xmlObject); + if (saml1statement) { + // AuthnInstant + if (!m_authnInstant.empty() && saml1statement->getAuthenticationInstant()) { + auto_ptr_char temp(saml1statement->getAuthenticationInstant()->getRawData()); + if (temp.get()) { + auto_ptr authninstant(new SimpleAttribute(vector(1, m_authnInstant))); + authninstant->getValues().push_back(temp.get()); + attributes.push_back(authninstant.get()); + authninstant.release(); } } - else { - const saml1::Assertion* saml1assertion = dynamic_cast(&xmlObject); - if (saml1assertion) { - // Issuer - if (!m_issuer.empty()) { - if (saml1assertion->getIssuer() && *(saml1assertion->getIssuer())) { - auto_ptr_char temp(saml1assertion->getIssuer()); - if (temp.get()) { - auto_ptr issuer(new SimpleAttribute(vector(1, m_issuer))); - issuer->getValues().push_back(temp.get()); - attributes.push_back(issuer.get()); - issuer.release(); - } - } - } - // NotOnOrAfter - if (!m_notOnOrAfter.empty() && saml1assertion->getConditions() && saml1assertion->getConditions()->getNotOnOrAfter()) { - auto_ptr_char temp(saml1assertion->getConditions()->getNotOnOrAfter()->getRawData()); - if (temp.get()) { - auto_ptr notonorafter(new SimpleAttribute(vector(1, m_notOnOrAfter))); - notonorafter->getValues().push_back(temp.get()); - attributes.push_back(notonorafter.get()); - notonorafter.release(); - } + // AuthenticationMethod + if (!m_authnClass.empty() && saml1statement->getAuthenticationMethod() && *(saml1statement->getAuthenticationMethod())) { + auto_ptr_char temp(saml1statement->getAuthenticationMethod()); + if (temp.get()) { + auto_ptr authnmethod(new SimpleAttribute(vector(1, m_authnClass))); + authnmethod->getValues().push_back(temp.get()); + attributes.push_back(authnmethod.get()); + authnmethod.release(); + } + } + + if (saml1statement->getSubjectLocality()) { + const saml1::SubjectLocality* locality = saml1statement->getSubjectLocality(); + // IPAddress + if (!m_subjectAddress.empty() && locality->getIPAddress() && *(locality->getIPAddress())) { + auto_ptr_char temp(locality->getIPAddress()); + if (temp.get()) { + auto_ptr address(new SimpleAttribute(vector(1, m_subjectAddress))); + address->getValues().push_back(temp.get()); + attributes.push_back(address.get()); + address.release(); } } - else { - const AuthenticationStatement* saml1statement = dynamic_cast(&xmlObject); - if (saml1statement) { - // AuthnInstant - if (!m_authnInstant.empty() && saml1statement->getAuthenticationInstant()) { - auto_ptr_char temp(saml1statement->getAuthenticationInstant()->getRawData()); - if (temp.get()) { - auto_ptr authninstant(new SimpleAttribute(vector(1, m_authnInstant))); - authninstant->getValues().push_back(temp.get()); - attributes.push_back(authninstant.get()); - authninstant.release(); - } - } - - // AuthenticationMethod - if (!m_authnClass.empty() && saml1statement->getAuthenticationMethod() && *(saml1statement->getAuthenticationMethod())) { - auto_ptr_char temp(saml1statement->getAuthenticationMethod()); - if (temp.get()) { - auto_ptr authnmethod(new SimpleAttribute(vector(1, m_authnClass))); - authnmethod->getValues().push_back(temp.get()); - attributes.push_back(authnmethod.get()); - authnmethod.release(); - } - } - - if (saml1statement->getSubjectLocality()) { - const saml1::SubjectLocality* locality = saml1statement->getSubjectLocality(); - // IPAddress - if (!m_subjectAddress.empty() && locality->getIPAddress() && *(locality->getIPAddress())) { - auto_ptr_char temp(locality->getIPAddress()); - if (temp.get()) { - auto_ptr address(new SimpleAttribute(vector(1, m_subjectAddress))); - address->getValues().push_back(temp.get()); - attributes.push_back(address.get()); - address.release(); - } - } - - // DNSAddress - if (!m_subjectDNS.empty() && locality->getDNSAddress() && *(locality->getDNSAddress())) { - auto_ptr_char temp(locality->getDNSAddress()); - if (temp.get()) { - auto_ptr dns(new SimpleAttribute(vector(1, m_subjectDNS))); - dns->getValues().push_back(temp.get()); - attributes.push_back(dns.get()); - dns.release(); - } - } - } + + // DNSAddress + if (!m_subjectDNS.empty() && locality->getDNSAddress() && *(locality->getDNSAddress())) { + auto_ptr_char temp(locality->getDNSAddress()); + if (temp.get()) { + auto_ptr dns(new SimpleAttribute(vector(1, m_subjectDNS))); + dns->getValues().push_back(temp.get()); + attributes.push_back(dns.get()); + dns.release(); } } } @@ -347,4 +367,6 @@ void AssertionExtractor::getAttributeIds(vector& attributes) const attributes.push_back(m_subjectAddress); if (!m_subjectDNS.empty()) attributes.push_back(m_subjectDNS); + if (!m_consent.empty()) + attributes.push_back(m_consent); } diff --git a/shibsp/handler/AssertionConsumerService.h b/shibsp/handler/AssertionConsumerService.h index 2d2ce2a..45e8309 100644 --- a/shibsp/handler/AssertionConsumerService.h +++ b/shibsp/handler/AssertionConsumerService.h @@ -209,6 +209,7 @@ namespace shibsp { * @param request request delivering message, if any * @param issuer source of SSO tokens * @param protocol SSO protocol used + * @param protmsg SSO protocol message, if any * @param v1nameid identifier of principal in SAML 1.x form, if any * @param v1statement SAML 1.x authentication statement, if any * @param nameid identifier of principal in SAML 2.0 form @@ -222,6 +223,7 @@ namespace shibsp { const xmltooling::GenericRequest* request=nullptr, const opensaml::saml2md::RoleDescriptor* issuer=nullptr, const XMLCh* protocol=nullptr, + const xmltooling::XMLObject* protmsg=nullptr, const opensaml::saml1::NameIdentifier* v1nameid=nullptr, const opensaml::saml1::AuthenticationStatement* v1statement=nullptr, const opensaml::saml2::NameID* nameid=nullptr, diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp index 2848949..5039471 100644 --- a/shibsp/handler/impl/AssertionConsumerService.cpp +++ b/shibsp/handler/impl/AssertionConsumerService.cpp @@ -416,6 +416,7 @@ ResolutionContext* AssertionConsumerService::resolveAttributes( nullptr, issuer, protocol, + nullptr, v1nameid, nullptr, nameid, @@ -431,6 +432,7 @@ ResolutionContext* AssertionConsumerService::resolveAttributes( const GenericRequest* request, const saml2md::RoleDescriptor* issuer, const XMLCh* protocol, + const xmltooling::XMLObject* protmsg, const saml1::NameIdentifier* v1nameid, const saml1::AuthenticationStatement* v1statement, const saml2::NameID* nameid, @@ -467,6 +469,15 @@ ResolutionContext* AssertionConsumerService::resolveAttributes( m_log.debug("extracting pushed attributes..."); + if (protmsg) { + try { + extractor->extractAttributes(application, request, issuer, *protmsg, resolvedAttributes); + } + catch (std::exception& ex) { + m_log.error("caught exception extracting attributes: %s", ex.what()); + } + } + if (v1nameid || nameid) { try { if (v1nameid) diff --git a/shibsp/handler/impl/AttributeCheckerHandler.cpp b/shibsp/handler/impl/AttributeCheckerHandler.cpp index da37277..cc2276a 100644 --- a/shibsp/handler/impl/AttributeCheckerHandler.cpp +++ b/shibsp/handler/impl/AttributeCheckerHandler.cpp @@ -185,7 +185,7 @@ pair AttributeCheckerHandler::run(SPRequest& request, bool isHandler) request.setResponseHeader("Expires","Wed, 01 Jan 1997 12:00:00 GMT"); request.setResponseHeader("Cache-Control","private,no-store,no-cache,max-age=0"); - ifstream infile(m_template); + ifstream infile(m_template.c_str()); if (infile) { TemplateParameters tp(nullptr, request.getApplication().getPropertySet("Errors"), session); tp.m_request = &request; diff --git a/shibsp/handler/impl/SAML1Consumer.cpp b/shibsp/handler/impl/SAML1Consumer.cpp index 94469ab..fe016b0 100644 --- a/shibsp/handler/impl/SAML1Consumer.cpp +++ b/shibsp/handler/impl/SAML1Consumer.cpp @@ -300,6 +300,7 @@ void SAML1Consumer::implementProtocol( policy.getIssuerMetadata(), (!response->getMinorVersion().first || response->getMinorVersion().second==1) ? samlconstants::SAML11_PROTOCOL_ENUM : samlconstants::SAML10_PROTOCOL_ENUM, + response, n, ssoStatement, nameid.get(), diff --git a/shibsp/handler/impl/SAML2Consumer.cpp b/shibsp/handler/impl/SAML2Consumer.cpp index 7fe023d..e5301f6 100644 --- a/shibsp/handler/impl/SAML2Consumer.cpp +++ b/shibsp/handler/impl/SAML2Consumer.cpp @@ -417,6 +417,7 @@ void SAML2Consumer::implementProtocol( &httpRequest, policy.getIssuerMetadata(), samlconstants::SAML20P_NS, + response, nullptr, nullptr, ssoName,