const Application& application,
const EntityDescriptor* issuer,
const XMLCh* protocol,
- const NameID* nameid,
+ const NameID* nameid=NULL,
const XMLCh* authncontext_class=NULL,
const XMLCh* authncontext_decl=NULL,
const vector<const opensaml::Assertion*>* tokens=NULL,
const Application& application,
const EntityDescriptor* issuer,
const XMLCh* protocol,
- const NameID* nameid,
+ const NameID* nameid=NULL,
const XMLCh* authncontext_class=NULL,
const XMLCh* authncontext_decl=NULL,
const vector<const opensaml::Assertion*>* tokens=NULL,
};
-void SHIBSP_API shibsp::registerAttributeResolvers()
-{
- SPConfig::getConfig().AttributeResolverManager.registerFactory(QUERY_ATTRIBUTE_RESOLVER, QueryResolverFactory);
-}
-
QueryResolver::QueryResolver(const DOMElement* e) : m_log(Category::getInstance(SHIBSP_LOGCAT".AttributeResolver"))
{
#ifdef _DEBUG
}
const Application& application = ctx.getApplication();
+ const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor());
shibsp::SecurityPolicy policy(application);
MetadataCredentialCriteria mcc(*AA);
shibsp::SOAPClient soaper(policy);
saml1p::Response* response=NULL;
const vector<AttributeService*>& endpoints=AA->getAttributeServices();
for (vector<AttributeService*>::const_iterator ep=endpoints.begin(); !response && ep!=endpoints.end(); ++ep) {
+ if (!XMLString::equals((*ep)->getBinding(),binding.get()))
+ continue;
+ auto_ptr_char loc((*ep)->getLocation());
try {
- if (!XMLString::equals((*ep)->getBinding(),binding.get()))
- continue;
- auto_ptr_char loc((*ep)->getLocation());
- auto_ptr_XMLCh issuer(application.getString("entityID").second);
NameIdentifier* nameid = NameIdentifierBuilder::buildNameIdentifier();
nameid->setName(ctx.getNameID()->getName());
nameid->setFormat(ctx.getNameID()->getFormat());
subject->setNameIdentifier(nameid);
saml1p::AttributeQuery* query = saml1p::AttributeQueryBuilder::buildAttributeQuery();
query->setSubject(subject);
- query->setResource(issuer.get());
+ query->setResource(relyingParty->getXMLString("entityID").second);
for (vector<AttributeDesignator*>::const_iterator ad = m_SAML1Designators.begin(); ad!=m_SAML1Designators.end(); ++ad)
query->getAttributeDesignators().push_back((*ad)->cloneAttributeDesignator());
Request* request = RequestBuilder::buildRequest();
response = client.receiveSAML();
}
catch (exception& ex) {
- m_log.error("exception making SAML query: %s", ex.what());
+ m_log.error("exception during SAML query to %s: %s", loc.get(), ex.what());
soaper.reset();
}
}
auto_ptr<saml1p::Response> wrapper(response);
saml1::Assertion* newtoken = assertions.front();
- pair<bool,bool> signedAssertions = application.getRelyingParty(ctx.getEntityDescriptor())->getBool("signedAssertions");
+ pair<bool,bool> signedAssertions = relyingParty->getBool("requireSignedAssertions");
if (!newtoken->getSignature() && signedAssertions.first && signedAssertions.second) {
m_log.error("assertion unsigned, rejecting it based on signedAssertions policy");
return true;
throw SecurityPolicyException("Security of SAML 1.x query result not established.");
// Lastly, check it over.
- saml1::AssertionValidator tokval(application.getAudiences(), time(NULL));
+ saml1::AssertionValidator tokval(relyingParty->getXMLString("entityID").second, application.getAudiences(), time(NULL));
tokval.validateAssertion(*newtoken);
}
catch (exception& ex) {
shibsp::SOAPClient soaper(policy);
const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor());
- pair<bool,bool> signedAssertions = relyingParty->getBool("signedAssertions");
+ pair<bool,bool> signedAssertions = relyingParty->getBool("requireSignedAssertions");
pair<bool,const char*> encryption = relyingParty->getString("encryption");
auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP);
saml2p::StatusResponseType* srt=NULL;
const vector<AttributeService*>& endpoints=AA->getAttributeServices();
for (vector<AttributeService*>::const_iterator ep=endpoints.begin(); !srt && ep!=endpoints.end(); ++ep) {
+ if (!XMLString::equals((*ep)->getBinding(),binding.get()))
+ continue;
+ auto_ptr_char loc((*ep)->getLocation());
try {
- if (!XMLString::equals((*ep)->getBinding(),binding.get()))
- continue;
- auto_ptr_char loc((*ep)->getLocation());
- auto_ptr_XMLCh issuer(application.getString("entityID").second);
-
auto_ptr<saml2::Subject> subject(saml2::SubjectBuilder::buildSubject());
// Encrypt the NameID?
saml2p::AttributeQuery* query = saml2p::AttributeQueryBuilder::buildAttributeQuery();
query->setSubject(subject.release());
Issuer* iss = IssuerBuilder::buildIssuer();
- iss->setName(issuer.get());
+ iss->setName(relyingParty->getXMLString("entityID").second);
query->setIssuer(iss);
for (vector<saml2::Attribute*>::const_iterator ad = m_SAML2Designators.begin(); ad!=m_SAML2Designators.end(); ++ad)
query->getAttributes().push_back((*ad)->cloneAttribute());
srt = client.receiveSAML();
}
catch (exception& ex) {
- m_log.error("exception making SAML query: %s", ex.what());
+ m_log.error("exception during SAML query to %s: %s", loc.get(), ex.what());
soaper.reset();
}
}
throw SecurityPolicyException("Security of SAML 2.0 query result not established.");
// Lastly, check it over.
- saml2::AssertionValidator tokval(application.getAudiences(), time(NULL));
+ saml2::AssertionValidator tokval(relyingParty->getXMLString("entityID").second, application.getAudiences(), time(NULL));
tokval.validateAssertion(*newtoken);
}
catch (exception& ex) {
projects / shibboleth / sp.git / blobdiff