using namespace xmltooling;
using namespace std;
-void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint)
+void SAML1SOAPClient::sendSAML(Request* request, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
{
auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
Body* body = BodyBuilder::buildBody();
env->setBody(body);
body->getUnknownXMLObjects().push_back(request);
- m_soaper.send(*env.get(), peer, endpoint);
+ m_soaper.send(*env.get(), from, to, endpoint);
m_correlate = XMLString::replicate(request->getRequestID());
}
if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
+ m_soaper.getPolicy().reset(true);
+
+ // Extract Response details and run policy against it.
+ // We don't pull Issuer out of any assertions because some profiles may permit
+ // alternate issuers at that layer.
+ m_soaper.getPolicy().setMessageID(response->getResponseID());
+ m_soaper.getPolicy().setIssueInstant(response->getIssueInstantEpoch());
m_soaper.getPolicy().evaluate(*response);
- if (!m_soaper.getPolicy().isSecure()) {
- SecurityPolicyException ex("Security policy could not authenticate the message.");
- if (m_soaper.getPolicy().getIssuerMetadata())
- annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
- else
- ex.raise();
- }
-
// Check Status.
Status* status = response->getStatus();
if (status) {
projects / shibboleth / opensaml2.git / blobdiff