Change audience handling and validators to separate out entityID.

[shibboleth/sp.git] / shibsp / binding / impl / ArtifactResolver.cpp

diff --git a/shibsp/binding/impl/ArtifactResolver.cpp b/shibsp/binding/impl/ArtifactResolver.cpp
index 33863d4..332549f 100644 (file)
--- a/shibsp/binding/impl/ArtifactResolver.cpp
+++ b/shibsp/binding/impl/ArtifactResolver.cpp
@@ -51,7 +51,8 @@ saml1p::Response* ArtifactResolver::resolve(
     ) const
 {
     MetadataCredentialCriteria mcc(idpDescriptor);
-    shibsp::SOAPClient soaper(dynamic_cast<shibsp::SecurityPolicy&>(policy));
+    shibsp::SecurityPolicy& sppolicy = dynamic_cast<shibsp::SecurityPolicy&>(policy);
+    shibsp::SOAPClient soaper(sppolicy);
 
     bool foundEndpoint = false;
     auto_ptr_XMLCh binding(samlconstants::SAML1_BINDING_SOAP);
@@ -73,7 +74,7 @@ saml1p::Response* ArtifactResolver::resolve(
             }
 
             SAML1SOAPClient client(soaper, false);
-            client.sendSAML(request, mcc, loc.get());
+            client.sendSAML(request, sppolicy.getApplication().getId(), mcc, loc.get());
             response = client.receiveSAML();
         }
         catch (exception& ex) {
@@ -92,6 +93,8 @@ saml1p::Response* ArtifactResolver::resolve(
         throw BindingException("Identity provider returned a SAML error in response to artifact(s).");
     }
 
+    // The SOAP client handles policy evaluation against the SOAP and Response layer,
+    // but no security checking is done here.
     return response;
 }
 
@@ -115,18 +118,17 @@ ArtifactResponse* ArtifactResolver::resolve(
                 continue;
             foundEndpoint = true;
             auto_ptr_char loc((*ep)->getLocation());
-            auto_ptr_XMLCh issuer(sppolicy.getApplication().getString("entityID").second);
             ArtifactResolve* request = ArtifactResolveBuilder::buildArtifactResolve();
             Issuer* iss = IssuerBuilder::buildIssuer();
             request->setIssuer(iss);
-            iss->setName(issuer.get());
+            iss->setName(sppolicy.getApplication().getRelyingParty(dynamic_cast<EntityDescriptor*>(ssoDescriptor.getParent()))->getXMLString("entityID").second);
             auto_ptr_XMLCh artbuf(artifact.encode().c_str());
             Artifact* a = ArtifactBuilder::buildArtifact();
             a->setArtifact(artbuf.get());
             request->setArtifact(a);
 
             SAML2SOAPClient client(soaper, false);
-            client.sendSAML(request, mcc, loc.get());
+            client.sendSAML(request, sppolicy.getApplication().getId(), mcc, loc.get());
             StatusResponseType* srt = client.receiveSAML();
             if (!(response = dynamic_cast<ArtifactResponse*>(srt))) {
                 delete srt;
@@ -149,5 +151,8 @@ ArtifactResponse* ArtifactResolver::resolve(
         BindingException ex("Identity provider returned a SAML error in response to artifact.");
         annotateException(&ex, &ssoDescriptor, response->getStatus());  // rethrow
     }
+
+    // The SOAP client handles policy evaluation against the SOAP and Response layer,
+    // but no security checking is done here.
     return response;
 }