istringstream pstr(pending);
pstr >> pendobj;
// IdP.SP.index contains logout expiration, if any.
- DDF deadmenwalking = pendobj[issuer ? entity_id.get() : "_shibnull"][application.getString("entityID").second];
+ DDF deadmenwalking = pendobj[issuer ? entity_id.get() : "_shibnull"][application.getRelyingParty(issuer)->getString("entityID").second];
const char* logexpstr = deadmenwalking[session_index ? index.get() : "_shibnull"].string();
if (!logexpstr && session_index) // we tried an exact session match, now try for NULL
logexpstr = deadmenwalking["_shibnull"].string();
if (session) {
Locker locker(session, false);
if (XMLString::equals(session->getEntityID(), entityID.get()) && session->getNameID() &&
- stronglyMatches(issuer->getEntityID(), application.getXMLString("entityID").second, nameid, *session->getNameID())) {
+ stronglyMatches(issuer->getEntityID(), application.getRelyingParty(issuer)->getXMLString("entityID").second, nameid, *session->getNameID())) {
return (!indexes || indexes->empty() || (session->getSessionIndex() ? (indexes->count(session->getSessionIndex())>0) : false));
}
}
}
// Structure is keyed by the IdP and SP, with a member per session index containing the expiration.
- DDF root = obj.addmember(issuer ? entityID.get() : "_shibnull").addmember(application.getString("entityID").second);
+ DDF root = obj.addmember(issuer ? entityID.get() : "_shibnull").addmember(application.getRelyingParty(issuer)->getString("entityID").second);
if (indexes) {
for (set<string>::const_iterator x = indexes->begin(); x!=indexes->end(); ++x)
root.addmember(x->c_str()).string(timebuf);
// Same issuer?
if (XMLString::equals(session->getEntityID(), entityID.get())) {
// Same NameID?
- if (stronglyMatches(issuer->getEntityID(), application.getXMLString("entityID").second, nameid, *session->getNameID())) {
+ if (stronglyMatches(issuer->getEntityID(), application.getRelyingParty(issuer)->getXMLString("entityID").second, nameid, *session->getNameID())) {
sessionsKilled.push_back(key.string());
key.destroy();
}
if (timeout && *timeout > 0 && now - lastAccess >= *timeout) {
m_log.info("session timed out (ID: %s)", key);
remove(application, key);
- RetryableProfileException ex("Your session has expired, and you must re-authenticate.");
const char* eid = obj["entity_id"].string();
if (!eid) {
obj.destroy();
- throw ex;
+ throw RetryableProfileException("Your session has expired, and you must re-authenticate.");
}
string eid2(eid);
obj.destroy();
- MetadataProvider* m=application.getMetadataProvider();
- Locker locker(m);
- annotateException(&ex,m->getEntityDescriptor(MetadataProvider::Criteria(eid2.c_str(),NULL,NULL,false)).first); // throws it
+ throw RetryableProfileException("Your session has expired, and you must re-authenticate.", namedparams(1, "entityID", eid2.c_str()));
}
if (timeout) {