2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file shibsp/handler/AssertionConsumerService.h
20 * Base class for handlers that create sessions by consuming SSO protocol responses.
23 #ifndef __shibsp_acshandler_h__
24 #define __shibsp_acshandler_h__
26 #include <shibsp/handler/AbstractHandler.h>
27 #include <shibsp/handler/RemotedHandler.h>
31 class SAML_API Assertion;
32 class SAML_API MessageDecoder;
34 class SAML_API NameIdentifier;
37 class SAML_API NameID;
40 class SAML_API SPSSODescriptor;
47 class SHIBSP_API Attribute;
48 class SHIBSP_API ResolutionContext;
50 #if defined (_MSC_VER)
51 #pragma warning( push )
52 #pragma warning( disable : 4250 )
56 * Base class for handlers that create sessions by consuming SSO protocol responses.
58 class SHIBSP_API AssertionConsumerService : public AbstractHandler, public RemotedHandler
61 virtual ~AssertionConsumerService();
63 std::pair<bool,long> run(SPRequest& request, bool isHandler=true) const;
64 void receive(DDF& in, std::ostream& out);
70 * @param e root of DOM configuration
71 * @param appId ID of application that "owns" the handler
72 * @param log a logging object to use
73 * @param filter optional filter controls what child elements to include as nested PropertySets
74 * @param remapper optional map of property rename rules for legacy property support
76 AssertionConsumerService(
77 const xercesc::DOMElement* e,
79 xmltooling::logging::Category& log,
80 xercesc::DOMNodeFilter* filter=nullptr,
81 const std::map<std::string,std::string>* remapper=nullptr
85 * Enforce address checking requirements.
87 * @param application reference to application receiving message
88 * @param httpRequest client request that initiated session
89 * @param issuedTo address for which security assertion was issued
91 void checkAddress(const Application& application, const xmltooling::HTTPRequest& httpRequest, const char* issuedTo) const;
94 void generateMetadata(opensaml::saml2md::SPSSODescriptor& role, const char* handlerURL) const;
98 * Returns a SecurityPolicy instance to use for an incoming request.
100 * <p>Allows handlers to customize the type of policy object their policy rules might require.
101 * <p>The caller <strong>MUST</strong> lock the application's MetadataProvider for the life
102 * of the returned object.
104 * @param application reference to application receiving message
105 * @param role identifies the role (generally IdP or SP) of the policy peer
106 * @param validate true iff XML parsing should be done with validation
107 * @param policyId identifies policy rules to auto-attach, defaults to the application's set
108 * @return a new policy instance, which the caller is responsible for freeing
110 virtual opensaml::SecurityPolicy* createSecurityPolicy(
111 const Application& application, const xmltooling::QName* role, bool validate, const char* policyId
115 * Implement protocol-specific handling of the incoming decoded message.
117 * <p>The result of implementing the protocol should be an exception or
118 * modifications to the request/response objects to reflect processing
121 * @param application reference to application receiving message
122 * @param httpRequest client request that included message
123 * @param httpResponse response to client
124 * @param policy the SecurityPolicy in effect, after having evaluated the message
125 * @param reserved ignore this parameter
126 * @param xmlObject a protocol-specific message object
128 virtual void implementProtocol(
129 const Application& application,
130 const xmltooling::HTTPRequest& httpRequest,
131 xmltooling::HTTPResponse& httpResponse,
132 opensaml::SecurityPolicy& policy,
133 const PropertySet* reserved,
134 const xmltooling::XMLObject& xmlObject
138 * Extracts policy-relevant assertion details.
140 * @param assertion the incoming assertion
141 * @param protocol the protocol family in use
142 * @param policy SecurityPolicy to provide various components and track message data
144 virtual void extractMessageDetails(
145 const opensaml::Assertion& assertion, const XMLCh* protocol, opensaml::SecurityPolicy& policy
149 * Attempt SSO-initiated attribute resolution using the supplied information,
150 * including NameID and token extraction and filtering followed by
151 * secondary resolution.
153 * <p>The caller must free the returned context handle.
155 * @param application reference to application receiving message
156 * @param issuer source of SSO tokens
157 * @param protocol SSO protocol used
158 * @param v1nameid identifier of principal in SAML 1.x form, if any
159 * @param nameid identifier of principal in SAML 2.0 form
160 * @param authncontext_class method/category of authentication event, if known
161 * @param authncontext_decl specifics of authentication event, if known
162 * @param tokens available assertions, if any
164 ResolutionContext* resolveAttributes(
165 const Application& application,
166 const opensaml::saml2md::RoleDescriptor* issuer=nullptr,
167 const XMLCh* protocol=nullptr,
168 const opensaml::saml1::NameIdentifier* v1nameid=nullptr,
169 const opensaml::saml2::NameID* nameid=nullptr,
170 const XMLCh* authncontext_class=nullptr,
171 const XMLCh* authncontext_decl=nullptr,
172 const std::vector<const opensaml::Assertion*>* tokens=nullptr
176 const char* getType() const;
177 const XMLCh* getProtocolFamily() const;
180 std::pair<bool,long> processMessage(
181 const Application& application, const xmltooling::HTTPRequest& httpRequest, xmltooling::HTTPResponse& httpResponse
184 std::pair<bool,long> sendRedirect(
185 const Application& application,
186 const xmltooling::HTTPRequest& request,
187 xmltooling::HTTPResponse& response,
188 const char* entityID,
189 const char* relayState
192 void maintainHistory(
193 const Application& application, const xmltooling::HTTPRequest& request, xmltooling::HTTPResponse& response, const char* entityID
197 opensaml::MessageDecoder* m_decoder;
198 xmltooling::QName m_role;
202 #if defined (_MSC_VER)
203 #pragma warning( pop )
207 #endif /* __shibsp_acshandler_h__ */