styleSheet="/shibboleth-sp/main.css"/>
<!-- Configure handling of outgoing messages and SOAP authentication. -->
- <DefaultRelyingParty authType="TLS" artifactEndpointIndex="1"
- signRequests="front" encryptRequests="front" signResponses="true" encryptResponses="true">
+ <DefaultRelyingParty authType="TLS" artifactEndpointIndex="1" signing="front" encryption="front">
<!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
<!--
<RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>
<attribute name="authType" type="conf:string"/>\r
<attribute name="authUsername" type="conf:string"/>\r
<attribute name="authPassword" type="conf:string"/>\r
- <attribute name="signRequests" type="conf:bindingBoolean"/>\r
- <attribute name="signResponses" type="conf:bindingBoolean"/>\r
- <attribute name="signatureAlg" type="anyURI"/>\r
+ <attribute name="signing" type="conf:bindingBoolean"/>\r
+ <attribute name="signingAlg" type="anyURI"/>\r
<attribute name="digestAlg" type="anyURI"/>\r
- <attribute name="encryptRequests" type="conf:bindingBoolean"/>\r
- <attribute name="encryptResponses" type="conf:bindingBoolean"/>\r
+ <attribute name="encryption" type="conf:bindingBoolean"/>\r
<attribute name="encryptionAlg" type="anyURI"/>\r
<attribute name="keyName" type="conf:string"/>\r
<attribute name="artifactEndpointIndex" type="unsignedShort"/>\r
{
// Check for message signing requirements.
m_relyingParty = m_app.getRelyingParty(dynamic_cast<const EntityDescriptor*>(peer.getRole().getParent()));
- pair<bool,const char*> flag = m_relyingParty->getString("signRequests");
+ pair<bool,const char*> flag = m_relyingParty->getString("signing");
if (flag.first && (!strcmp(flag.second, "true") || !strcmp(flag.second, "back"))) {
m_credResolver=m_app.getCredentialResolver();
if (m_credResolver) {
pair<bool,const char*> keyName = m_relyingParty->getString("keyName");
if (keyName.first)
peer.getKeyNames().insert(keyName.second);
- pair<bool,const XMLCh*> sigalg = m_relyingParty->getXMLString("signatureAlg");
+ pair<bool,const XMLCh*> sigalg = m_relyingParty->getXMLString("signingAlg");
if (sigalg.first)
peer.setXMLAlgorithm(sigalg.second);
const Credential* cred = m_credResolver->resolve(&peer);
* @param role recipient of message, if known
* @param application the Application sending the message
* @param httpResponse channel for sending message
- * @param signingOption name of property to lookup controlling signing
- * @param signIfPossible true iff signing should be attempted regardless of property
+ * @param signIfPossible true iff signing should be attempted regardless of "signing" property
* @return the result of sending the message using the encoder
*/
long sendMessage(
const opensaml::saml2md::RoleDescriptor* role,
const Application& application,
xmltooling::HTTPResponse& httpResponse,
- const char* signingOption,
bool signIfPossible=false
) const;
#endif
const saml2md::RoleDescriptor* role,
const Application& application,
HTTPResponse& httpResponse,
- const char* signingOption,
bool signIfPossible
) const
{
const EntityDescriptor* entity = role ? dynamic_cast<const EntityDescriptor*>(role->getParent()) : NULL;
const PropertySet* relyingParty = application.getRelyingParty(entity);
- pair<bool,const char*> flag = signIfPossible ? make_pair(true,"true") : relyingParty->getString(signingOption);
+ pair<bool,const char*> flag = signIfPossible ? make_pair(true,"true") : relyingParty->getString("signing");
if (role && flag.first &&
(!strcmp(flag.second, "true") ||
(encoder.isUserAgentPresent() && !strcmp(flag.second, "front")) ||
pair<bool,const char*> keyName = relyingParty->getString("keyName");
if (keyName.first)
mcc.getKeyNames().insert(keyName.second);
- pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signatureAlg");
+ pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signingAlg");
if (sigalg.first)
mcc.setXMLAlgorithm(sigalg.second);
const Credential* cred = credResolver->resolve(&mcc);
auto_ptr_char dest(logout->getDestination());
- long ret = sendMessage(*encoder, logout.get(), relayState, dest.get(), role, application, httpResponse, "signResponses");
+ long ret = sendMessage(*encoder, logout.get(), relayState, dest.get(), role, application, httpResponse);
logout.release(); // freed by encoder
return make_pair(true,ret);
}
msg->setDestination(ep->getLocation());
auto_ptr_char dest(ep->getLocation());
- ret.second = sendMessage(*encoder, msg.get(), NULL, dest.get(), role, application, response, "signRequests");
+ ret.second = sendMessage(*encoder, msg.get(), NULL, dest.get(), role, application, response);
ret.first = true;
msg.release(); // freed by encoder
}
const NameID* nameid = session.getNameID();
const PropertySet* relyingParty = application.getRelyingParty(dynamic_cast<EntityDescriptor*>(role.getParent()));
- pair<bool,const char*> flag = relyingParty->getString("encryptRequests");
+ pair<bool,const char*> flag = relyingParty->getString("encryption");
if (flag.first &&
(!strcmp(flag.second, "true") || (encoder && !strcmp(flag.second, "front")) || (!encoder && !strcmp(flag.second, "back")))) {
auto_ptr<EncryptedID> encrypted(EncryptedIDBuilder::buildEncryptedID());
if (!encoder) {
// No encoder being used, so sign for SOAP client manually.
- flag = relyingParty->getString("signRequests");
+ flag = relyingParty->getString("signing");
if (flag.first && (!strcmp(flag.second, "true") || !strcmp(flag.second, "back"))) {
CredentialResolver* credResolver=application.getCredentialResolver();
if (credResolver) {
pair<bool,const char*> keyName = relyingParty->getString("keyName");
if (keyName.first)
mcc.getKeyNames().insert(keyName.second);
- pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signatureAlg");
+ pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signingAlg");
if (sigalg.first)
mcc.setXMLAlgorithm(sigalg.second);
const Credential* cred = credResolver->resolve(&mcc);
if (cred) {
xmlsignature::Signature* sig = xmlsignature::SignatureBuilder::buildSignature();
msg->setSignature(sig);
- pair<bool, const XMLCh*> alg = relyingParty->getXMLString("signatureAlg");
- if (alg.first)
- sig->setSignatureAlgorithm(alg.second);
- alg = relyingParty->getXMLString("digestAlg");
- if (alg.first) {
+ if (sigalg.first)
+ sig->setSignatureAlgorithm(sigalg.second);
+ sigalg = relyingParty->getXMLString("digestAlg");
+ if (sigalg.first) {
ContentReference* cr = dynamic_cast<ContentReference*>(sig->getContentReference());
if (cr)
- cr->setDigestAlgorithm(alg.second);
+ cr->setDigestAlgorithm(sigalg.second);
}
// Sign response while marshalling.
auto_ptr_char dest(ep->getLocation());
long ret = sendMessage(
- *encoder, req.get(), relayState.c_str(), dest.get(), role, app, httpResponse, "signRequests", role->WantAuthnRequestsSigned()
+ *encoder, req.get(), relayState.c_str(), dest.get(), role, app, httpResponse, role->WantAuthnRequestsSigned()
);
req.release(); // freed by encoder
return make_pair(true,ret);