if (m_entity)
return m_entity;
if (m_session && m_session->getEntityID()) {
- m_metadata = m_app.getMetadataProvider();
+ m_metadata = m_app.getMetadataProvider(false);
if (m_metadata) {
m_metadata->lock();
- return m_entity = m_metadata->getEntityDescriptor(m_session->getEntityID());
+ return m_entity = m_metadata->getEntityDescriptor(MetadataProvider::Criteria(m_session->getEntityID())).first;
}
}
return NULL;
};
-void SHIBSP_API shibsp::registerAttributeResolvers()
-{
- SPConfig::getConfig().AttributeResolverManager.registerFactory(QUERY_ATTRIBUTE_RESOLVER, QueryResolverFactory);
-}
-
QueryResolver::QueryResolver(const DOMElement* e) : m_log(Category::getInstance(SHIBSP_LOGCAT".AttributeResolver"))
{
#ifdef _DEBUG
#endif
int version = XMLString::equals(ctx.getProtocol(), samlconstants::SAML11_PROTOCOL_ENUM) ? 1 : 0;
- const AttributeAuthorityDescriptor* AA = ctx.getEntityDescriptor()->getAttributeAuthorityDescriptor(ctx.getProtocol());
+ const AttributeAuthorityDescriptor* AA =
+ find_if(ctx.getEntityDescriptor()->getAttributeAuthorityDescriptors(), isValidForProtocol(ctx.getProtocol()));
if (!AA) {
m_log.warn("no SAML 1.%d AttributeAuthority role found in metadata", version);
return false;
}
const Application& application = ctx.getApplication();
+ const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor());
shibsp::SecurityPolicy policy(application);
MetadataCredentialCriteria mcc(*AA);
shibsp::SOAPClient soaper(policy);
- const PropertySet* policySettings =
- application.getServiceProvider().getPolicySettings(application.getString("policyId").second);
- pair<bool,bool> signedAssertions = policySettings->getBool("signedAssertions");
auto_ptr_XMLCh binding(samlconstants::SAML1_BINDING_SOAP);
saml1p::Response* response=NULL;
if (!XMLString::equals((*ep)->getBinding(),binding.get()))
continue;
auto_ptr_char loc((*ep)->getLocation());
- auto_ptr_XMLCh issuer(application.getString("entityID").second);
NameIdentifier* nameid = NameIdentifierBuilder::buildNameIdentifier();
nameid->setName(ctx.getNameID()->getName());
nameid->setFormat(ctx.getNameID()->getFormat());
subject->setNameIdentifier(nameid);
saml1p::AttributeQuery* query = saml1p::AttributeQueryBuilder::buildAttributeQuery();
query->setSubject(subject);
- query->setResource(issuer.get());
+ query->setResource(relyingParty->getXMLString("entityID").second);
for (vector<AttributeDesignator*>::const_iterator ad = m_SAML1Designators.begin(); ad!=m_SAML1Designators.end(); ++ad)
query->getAttributeDesignators().push_back((*ad)->cloneAttributeDesignator());
Request* request = RequestBuilder::buildRequest();
auto_ptr<saml1p::Response> wrapper(response);
saml1::Assertion* newtoken = assertions.front();
+ pair<bool,bool> signedAssertions = relyingParty->getBool("requireSignedAssertions");
if (!newtoken->getSignature() && signedAssertions.first && signedAssertions.second) {
m_log.error("assertion unsigned, rejecting it based on signedAssertions policy");
return true;
throw SecurityPolicyException("Security of SAML 1.x query result not established.");
// Lastly, check it over.
- saml1::AssertionValidator tokval(application.getAudiences(), time(NULL));
+ saml1::AssertionValidator tokval(relyingParty->getXMLString("entityID").second, application.getAudiences(), time(NULL));
tokval.validateAssertion(*newtoken);
}
catch (exception& ex) {
xmltooling::NDC ndc("query");
#endif
- const AttributeAuthorityDescriptor* AA = ctx.getEntityDescriptor()->getAttributeAuthorityDescriptor(samlconstants::SAML20P_NS);
+ const AttributeAuthorityDescriptor* AA =
+ find_if(ctx.getEntityDescriptor()->getAttributeAuthorityDescriptors(), isValidForProtocol(samlconstants::SAML20P_NS));
if (!AA) {
m_log.warn("no SAML 2 AttributeAuthority role found in metadata");
return false;
shibsp::SecurityPolicy policy(application);
MetadataCredentialCriteria mcc(*AA);
shibsp::SOAPClient soaper(policy);
- const PropertySet* policySettings = application.getServiceProvider().getPolicySettings(application.getString("policyId").second);
- pair<bool,bool> signedAssertions = policySettings->getBool("signedAssertions");
const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor());
+ pair<bool,bool> signedAssertions = relyingParty->getBool("requireSignedAssertions");
pair<bool,const char*> encryption = relyingParty->getString("encryption");
auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP);
if (!XMLString::equals((*ep)->getBinding(),binding.get()))
continue;
auto_ptr_char loc((*ep)->getLocation());
- auto_ptr_XMLCh issuer(application.getString("entityID").second);
-
auto_ptr<saml2::Subject> subject(saml2::SubjectBuilder::buildSubject());
// Encrypt the NameID?
saml2p::AttributeQuery* query = saml2p::AttributeQueryBuilder::buildAttributeQuery();
query->setSubject(subject.release());
Issuer* iss = IssuerBuilder::buildIssuer();
- iss->setName(issuer.get());
+ iss->setName(relyingParty->getXMLString("entityID").second);
query->setIssuer(iss);
for (vector<saml2::Attribute*>::const_iterator ad = m_SAML2Designators.begin(); ad!=m_SAML2Designators.end(); ++ad)
query->getAttributes().push_back((*ad)->cloneAttribute());
throw SecurityPolicyException("Security of SAML 2.0 query result not established.");
// Lastly, check it over.
- saml2::AssertionValidator tokval(application.getAudiences(), time(NULL));
+ saml2::AssertionValidator tokval(relyingParty->getXMLString("entityID").second, application.getAudiences(), time(NULL));
tokval.validateAssertion(*newtoken);
}
catch (exception& ex) {