2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAMLDSSessionInitiator.cpp
20 * SAML Discovery Service support.
24 #include "Application.h"
25 #include "exceptions.h"
26 #include "SPRequest.h"
27 #include "handler/AbstractHandler.h"
28 #include "handler/SessionInitiator.h"
30 #include <xmltooling/XMLToolingConfig.h>
31 #include <xmltooling/util/URLEncoder.h>
33 using namespace shibsp;
34 using namespace opensaml;
35 using namespace xmltooling;
36 using namespace log4cpp;
41 #if defined (_MSC_VER)
42 #pragma warning( push )
43 #pragma warning( disable : 4250 )
46 class SHIBSP_DLLLOCAL SAMLDSSessionInitiator : public SessionInitiator, public AbstractHandler
49 SAMLDSSessionInitiator(const DOMElement* e, const char* appId)
50 : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_url(NULL), m_returnParam(NULL) {
51 pair<bool,const char*> url = getString("URL");
53 throw ConfigurationException("SAMLDS SessionInitiator requires a URL property.");
55 url = getString("entityIDParam");
57 m_returnParam = url.second;
59 virtual ~SAMLDSSessionInitiator() {}
61 pair<bool,long> run(SPRequest& request, const char* entityID=NULL, bool isHandler=true) const;
65 const char* m_returnParam;
68 #if defined (_MSC_VER)
69 #pragma warning( pop )
72 SessionInitiator* SHIBSP_DLLLOCAL SAMLDSSessionInitiatorFactory(const pair<const DOMElement*,const char*>& p)
74 return new SAMLDSSessionInitiator(p.first, p.second);
79 pair<bool,long> SAMLDSSessionInitiator::run(SPRequest& request, const char* entityID, bool isHandler) const
81 // The IdP CANNOT be specified for us to run. Otherwise, we'd be redirecting to a DS
82 // anytime the IdP's metadata was wrong.
83 if (entityID && *entityID)
84 return make_pair(false,0);
88 const Application& app=request.getApplication();
91 const char* option = request.getParameter("target");
94 recoverRelayState(request, target);
96 option = request.getParameter("isPassive");
98 isPassive = !strcmp(option,"true");
101 // We're running as a "virtual handler" from within the filter.
102 // The target resource is the current one and everything else is
103 // defaulted or set by content policy.
104 target=request.getRequestURL();
105 pair<bool,bool> passopt = getBool("isPassive");
106 isPassive = passopt.first && passopt.second;
109 m_log.debug("sending request to SAMLDS (%s)", m_url);
111 // Compute the return URL. We start with a self-referential link.
112 string returnURL=request.getHandlerURL(target.c_str());
113 pair<bool,const char*> thisloc = getString("Location");
114 if (thisloc.first) returnURL += thisloc.second;
116 preserveRelayState(request, target);
119 // Now the hard part. The base assumption is to append the entire query string, if any,
120 // to the self-link. But we want to replace target with the RelayState-preserved value
121 // to hide it from the DS.
122 const char* query = request.getQueryString();
124 // See if it starts with target.
125 if (!strncmp(query, "target=", 7)) {
126 // We skip this altogether and advance the query past it to the first separator.
127 query = strchr(query, '&');
128 // If we still have more, just append it.
129 if (query && *(++query))
130 returnURL = returnURL + '?' + query;
133 // There's something in the query before target appears, so we have to find it.
134 thisloc.second = strstr(query,"&target=");
135 if (thisloc.second) {
136 // We found it, so first append everything up to it.
138 returnURL.append(query, thisloc.second - query);
139 query = thisloc.second + 8; // move up just past the equals sign.
140 thisloc.second = strchr(query, '&');
142 returnURL += thisloc.second;
145 // No target in the existing query, so just append it as is.
146 returnURL = returnURL + '?' + query;
151 // Now append the sanitized target as needed.
153 returnURL = returnURL + (returnURL.rfind('?')==string::npos ? '?' : '&') + "target=" + target;
155 else if (!target.empty()) {
156 // For a virtual handler, we just append target to the return link.
157 returnURL = returnURL + "?target=" + target;
161 const URLEncoder* urlenc = XMLToolingConfig::getConfig().getURLEncoder();
163 string req=string(m_url) + (strchr(m_url,'?') ? '&' : '?') + "entityID=" + urlenc->encode(app.getString("entityID").second) +
164 "&return=" + urlenc->encode(returnURL.c_str());
166 req = req + "&returnIDParam=" + m_returnParam;
168 req += "&isPassive=true";
170 return make_pair(true, request.sendRedirect(req.c_str()));