/*
- * Copyright 2001-2007 Internet2
- *
+ * Copyright 2001-2010 Internet2
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
/**
* @file shibsp/attribute/resolver/AttributeResolver.h
- *
- * The service that resolves the attributes for a particular subject.
+ *
+ * A service that transforms or resolves additional attributes for a
+ * particular subject.
*/
#ifndef __shibsp_resolver_h__
#include <shibsp/base.h>
-#include <saml/Assertion.h>
-#include <saml/saml2/metadata/Metadata.h>
+#include <string>
+#include <vector>
#include <xmltooling/Lockable.h>
+namespace opensaml {
+ class SAML_API Assertion;
+ namespace saml2 {
+ class SAML_API NameID;
+ };
+ namespace saml2md {
+ class SAML_API EntityDescriptor;
+ };
+};
+
namespace shibsp {
class SHIBSP_API Application;
{
MAKE_NONCOPYABLE(AttributeResolver);
protected:
- AttributeResolver() {}
+ AttributeResolver();
public:
- virtual ~AttributeResolver() {}
+ virtual ~AttributeResolver();
/**
* Creates a ResolutionContext based on session bootstrap material.
- *
+ *
* <p>This enables resolution to occur ahead of session creation so that
* Attributes can be supplied while creating the session.
- *
+ *
* @param application reference to Application that owns the eventual Session
- * @param client_addr network address of client
* @param issuer issuing metadata of assertion issuer, if known
- * @param nameid principal identifier, normalized to SAML 2
- * @param tokens assertions initiating the session, if any
+ * @param protocol protocol used to establish Session
+ * @param nameid principal identifier, normalized to SAML 2, if any
+ * @param authncontext_class method/category of authentication event, if known
+ * @param authncontext_decl specifics of authentication event, if known
+ * @param tokens assertions initiating the Session, if any
+ * @param attributes array of previously resolved attributes, if any
* @return newly created ResolutionContext, owned by caller
*/
virtual ResolutionContext* createResolutionContext(
const Application& application,
- const char* client_addr,
const opensaml::saml2md::EntityDescriptor* issuer,
- const opensaml::saml2::NameID& nameid,
- const std::vector<const opensaml::Assertion*>* tokens=NULL
+ const XMLCh* protocol,
+ const opensaml::saml2::NameID* nameid=nullptr,
+ const XMLCh* authncontext_class=nullptr,
+ const XMLCh* authncontext_decl=nullptr,
+ const std::vector<const opensaml::Assertion*>* tokens=nullptr,
+ const std::vector<Attribute*>* attributes=nullptr
) const=0;
/**
* Creates a ResolutionContext for an existing Session.
- *
+ *
* @param application reference to Application that owns the Session
* @param session reference to Session
* @return newly created ResolutionContext, owned by caller
*/
virtual ResolutionContext* createResolutionContext(const Application& application, const Session& session) const=0;
-
+
/**
- * Gets the attributes for a given subject and returns them in the supplied context.
- *
+ * Resolves attributes for a given subject and returns them in the supplied context.
+ *
* @param ctx resolution context to use to resolve attributes
- * @param attributes list of attributes to resolve or NULL to resolve all attributes
- *
+ *
* @throws AttributeResolutionException thrown if there is a problem resolving the attributes for the subject
*/
- virtual void resolveAttributes(ResolutionContext& ctx, const std::vector<const char*>* attributes=NULL) const=0;
+ virtual void resolveAttributes(ResolutionContext& ctx) const=0;
+
+ /**
+ * Populates an array with the set of Attribute IDs that might be generated.
+ *
+ * @param attributes array to populate
+ */
+ virtual void getAttributeIds(std::vector<std::string>& attributes) const=0;
};
#if defined (_MSC_VER)
*/
void SHIBSP_API registerAttributeResolvers();
- /** AttributeResolver based on a simple mapping of SAML information. */
- #define SIMPLE_ATTRIBUTE_RESOLVER "Simple"
+ /** AttributeResolver based on SAML queries to an IdP during SSO. */
+ #define QUERY_ATTRIBUTE_RESOLVER "Query"
+
+ /** AttributeResolver based on free-standing SAML queries to additional AAs. */
+ #define SIMPLEAGGREGATION_ATTRIBUTE_RESOLVER "SimpleAggregation"
+
+ /** AttributeResolver based on chaining together other resolvers. */
+ #define CHAINING_ATTRIBUTE_RESOLVER "Chaining"
};
#endif /* __shibsp_resolver_h__ */