ap_table_unset(r->headers_in,"Shib-Origin-Site");
ap_table_unset(r->headers_in,"Shib-Authentication-Method");
if (sso_statement) {
- auto_ptr_char os(sso_statement->getSubject()->getNameQualifier());
+ auto_ptr_char os(sso_statement->getSubject()->getNameIdentifier()->getNameQualifier());
auto_ptr_char am(sso_statement->getAuthMethod());
ap_table_set(r->headers_in,"Shib-Origin-Site", os.get());
ap_table_set(r->headers_in,"Shib-Authentication-Method", am.get());
// Export the SAML AuthnMethod and the origin site name.
if (sso_statement) {
- auto_ptr_char os(sso_statement->getSubject()->getNameQualifier());
+ auto_ptr_char os(sso_statement->getSubject()->getNameIdentifier()->getNameQualifier());
auto_ptr_char am(sso_statement->getAuthMethod());
pn->SetHeader(pfc,"Shib-Origin-Site:", const_cast<char*>(os.get()));
pn->SetHeader(pfc,"Shib-Authentication-Method:", const_cast<char*>(am.get()));
mutable time_t m_lastAccess;
time_t m_lastRetry;
- const SAMLSubject* m_subject;
+ const SAMLNameIdentifier* m_nameid;
SAMLAuthenticationStatement* p_auth;
SAMLResponse* m_response;
InternalCCache *m_cache;
m_application_id=application->getId();
- m_subject = s->getSubject();
- auto_ptr_char h(m_subject->getName());
- auto_ptr_char d(m_subject->getNameQualifier());
+ m_nameid = s->getSubject()->getNameIdentifier();
+ auto_ptr_char h(m_nameid->getName());
+ auto_ptr_char d(m_nameid->getNameQualifier());
m_handle = h.get();
m_originSite = d.get();
if (r) {
// Run pushed data through the AAP. Note that we could end up with an empty response!
Metadata m(application->getMetadataProviders());
- const IProvider* site=m.lookup(m_subject->getNameQualifier());
+ const IProvider* site=m.lookup(m_nameid->getNameQualifier());
if (!site)
throw MetadataException("unable to locate origin site's metadata during attribute acceptance processing");
Iterator<SAMLAssertion*> assertions=r->getAssertions();
// Try this request. The binding wrapper class handles most of the details.
Metadata m(application->getMetadataProviders());
- const IProvider* site=m.lookup(m_subject->getNameQualifier());
+ const IProvider* site=m.lookup(m_nameid->getNameQualifier());
if (!site) {
log->error("unable to locate origin site's metadata during attribute query");
throw ShibTargetException(SHIBRPC_INTERNAL_ERROR,"Unable to locate origin site's metadata during attribute query.");
try {
// Build a SAML Request....
SAMLAttributeQuery* q=new SAMLAttributeQuery(
- static_cast<SAMLSubject*>(m_subject->clone()),providerID.second,application->getAttributeDesignators().clone()
+ new SAMLSubject(static_cast<SAMLNameIdentifier*>(m_nameid->clone())),
+ providerID.second,
+ application->getAttributeDesignators().clone()
);
auto_ptr<SAMLRequest> req(new SAMLRequest(EMPTY(QName),q));
throw ShibTargetException(SHIBRPC_NO_SESSION,"Unable to locate application for session, deleted?");
Metadata m(app->getMetadataProviders());
- const IProvider* origin=m.lookup(entry->getStatement()->getSubject()->getNameQualifier());
+ const IProvider* origin=m.lookup(entry->getStatement()->getSubject()->getNameIdentifier()->getNameQualifier());
// Verify the address is the same
if (argp->checkIPAddress) {
throw ShibTargetException(SHIBRPC_NO_SESSION,"Unable to locate application for session, deleted?");
Metadata m(app->getMetadataProviders());
- const IProvider* origin=m.lookup(entry->getStatement()->getSubject()->getNameQualifier());
+ const IProvider* origin=m.lookup(entry->getStatement()->getSubject()->getNameIdentifier()->getNameQualifier());
try {
try {
Iterator<SAMLStatement*> is=a->getStatements();
while (is.hasNext()) {
SAMLAuthenticationStatement* as=dynamic_cast<SAMLAuthenticationStatement*>(is.next());
- if (as && as->getSubject()->getNameQualifier())
- return as->getSubject()->getNameQualifier();
+ if (as && as->getSubject()->getNameIdentifier()->getNameQualifier())
+ return as->getSubject()->getNameIdentifier()->getNameQualifier();
}
}
return ret;
}
else {
// Might be a down-level origin.
- provider=m.lookup(sso->getSubject()->getNameQualifier());
+ provider=m.lookup(sso->getSubject()->getNameIdentifier()->getNameQualifier());
if (provider) {
if (pproviderId)
- *pproviderId=XMLString::replicate(sso->getSubject()->getNameQualifier());
+ *pproviderId=XMLString::replicate(sso->getSubject()->getNameIdentifier()->getNameQualifier());
log.debug("matched subject name qualifier against metadata");
}
}
// No metadata at all.
if (!provider) {
auto_ptr_char issuer(assertion->getIssuer());
- auto_ptr_char nq(sso->getSubject()->getNameQualifier());
+ auto_ptr_char nq(sso->getSubject()->getNameIdentifier()->getNameQualifier());
log.error("assertion issuer not found in metadata (Issuer='%s', NameQualifier='%s'",
issuer.get(), (nq.get() ? nq.get() : "null"));
throw MetadataException("ShibPOSTProfile::accept() metadata lookup failed, unable to process assertion");
}
auto_ptr_char issuer(assertion->getIssuer());
- auto_ptr_char nq(sso->getSubject()->getNameQualifier());
+ auto_ptr_char nq(sso->getSubject()->getNameIdentifier()->getNameQualifier());
log.error("metadata for assertion issuer indicates no SAML 1.x identity provider role (Issuer='%s', NameQualifier='%s'",
issuer.get(), (nq.get() ? nq.get() : "null"));
throw MetadataException("ShibPOSTProfile::accept() metadata lookup failed, issuer not registered as SAML identity provider");
new SAMLRequest(
EMPTY(saml::QName),
new SAMLAttributeQuery(
- new SAMLSubject(handle.get(),domain.get(),format.get()),
+ new SAMLSubject(new SAMLNameIdentifier(handle.get(),domain.get(),format.get())),
resource.get(),
app->getAttributeDesignators().clone()
)
SAMLAttributeStatement* s=dynamic_cast<SAMLAttributeStatement*>(j.next());
if (s)
{
- const SAMLSubject* sub=s->getSubject();
+ const SAMLNameIdentifier* sub=s->getSubject()->getNameIdentifier();
cout << "Format: "; xmlout(cout,sub->getFormat()); cout << endl;
cout << "Domain: "; xmlout(cout,sub->getNameQualifier()); cout << endl;
cout << "Handle: "; xmlout(cout,sub->getName()); cout << endl;
Iterator<SAMLStatement*> statements=assertion->getStatements();
while (!provider && statements.hasNext()) {
SAMLSubjectStatement* statement=dynamic_cast<SAMLSubjectStatement*>(statements.next());
- if (statement && statement->getSubject()->getNameQualifier())
- provider=metadata.lookup(statement->getSubject()->getNameQualifier());
+ if (statement && statement->getSubject()->getNameIdentifier()->getNameQualifier())
+ provider=metadata.lookup(statement->getSubject()->getNameIdentifier()->getNameQualifier());
}
}
}
Iterator<SAMLStatement*> statements=dynamic_cast<const SAMLAssertion&>(token).getStatements();
while (!provider && statements.hasNext()) {
SAMLSubjectStatement* statement=dynamic_cast<SAMLSubjectStatement*>(statements.next());
- if (statement && statement->getSubject()->getNameQualifier())
- provider=metadata.lookup(statement->getSubject()->getNameQualifier());
+ if (statement && statement->getSubject()->getNameIdentifier()->getNameQualifier())
+ provider=metadata.lookup(statement->getSubject()->getNameIdentifier()->getNameQualifier());
}
}
}