projects / shibboleth / sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add sslIndex option to override ACS index in metadata generation.
[shibboleth/sp.git] / shibsp / handler / impl / AssertionConsumerService.cpp
diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp
index bb0f4d6..f4863cd 100644 (file)
--- a/shibsp/handler/impl/AssertionConsumerService.cpp
+++ b/shibsp/handler/impl/AssertionConsumerService.cpp
@@ -179,6 +179,9 @@ pair<bool,long> AssertionConsumerService::processMessage(
 
 void AssertionConsumerService::checkAddress(const Application& application, const HTTPRequest& httpRequest, const char* issuedTo) const
 {
+    if (!issuedTo || !*issuedTo)
+        return;
+    
     const PropertySet* props=application.getPropertySet("Sessions");
     pair<bool,bool> checkAddress = props ? props->getBool("checkAddress") : make_pair(false,true);
     if (!checkAddress.first)
@@ -209,7 +212,16 @@ void AssertionConsumerService::generateMetadata(SPSSODescriptor& role, const cha
     saml2md::AssertionConsumerService* ep = saml2md::AssertionConsumerServiceBuilder::buildAssertionConsumerService();
     ep->setLocation(widen.get());
     ep->setBinding(getXMLString("Binding").second);
-    ep->setIndex(getXMLString("index").second);
+    if (!strncmp(handlerURL, "https", 5)) {
+       pair<bool,const XMLCh*> index = getXMLString("sslIndex", shibspconstants::ASCII_SHIB2SPCONFIG_NS);
+       if (index.first)
+               ep->setIndex(index.second);
+       else
+               ep->setIndex(getXMLString("index").second);
+    }
+    else {
+       ep->setIndex(getXMLString("index").second);
+    }
     role.getAssertionConsumerServices().push_back(ep);
 }
 
@@ -393,6 +405,10 @@ void AssertionConsumerService::extractMessageDetails(const Assertion& assertion,
     }
 
     if (policy.getIssuer() && !policy.getIssuerMetadata() && policy.getMetadataProvider()) {
+        if (policy.getIssuer()->getFormat() && !XMLString::equals(policy.getIssuer()->getFormat(), saml2::NameIDType::ENTITY)) {
+            m_log.warn("non-system entity issuer, skipping metadata lookup");
+            return;
+        }
         m_log.debug("searching metadata for assertion issuer...");
         MetadataProvider::Criteria mc(policy.getIssuer()->getName(), &IDPSSODescriptor::ELEMENT_QNAME, protocol);
         pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
Shibboleth SP