#include "attribute/resolver/AttributeResolver.h"
#include "attribute/resolver/ResolutionContext.h"
#include "handler/AssertionConsumerService.h"
+#include "security/SecurityPolicy.h"
#include "util/SPConstants.h"
#include <saml/SAMLConfig.h>
Locker metadataLocker(application.getMetadataProvider());
// Create the policy.
- SecurityPolicy policy(
- application.getServiceProvider().getPolicyRules(policyId.second),
- application.getMetadataProvider(),
- &m_role,
- application.getTrustEngine(),
- validate.first && validate.second
- );
+ shibsp::SecurityPolicy policy(application, &m_role, validate.first && validate.second);
// Decode the message and process it in a protocol-specific way.
auto_ptr<XMLObject> msg(m_decoder->decode(relayState, httpRequest, policy));
if (isHandler) {
option=request.getParameter("acsIndex");
- if (option)
+ if (option) {
ACS = app.getAssertionConsumerServiceByIndex(atoi(option));
+ if (!ACS)
+ throw ConfigurationException("AssertionConsumerService with index ($1) not found, check configuration.", params(1,option));
+ }
option = request.getParameter("target");
if (option)
target = option;
- if (!acsByIndex.first || !acsByIndex.second) {
+ if (acsByIndex.first && !acsByIndex.second) {
// Since we're passing the ACS by value, we need to compute the return URL,
// so we'll need the target resource for real.
recoverRelayState(request.getApplication(), request, target, false);
SPConfig& conf = SPConfig::getConfig();
if (conf.isEnabled(SPConfig::OutOfProcess)) {
- if (acsByIndex.first && acsByIndex.second) {
+ if (!acsByIndex.first || acsByIndex.second) {
// Pass by Index. This also allows for defaulting it entirely and sending nothing.
if (isHandler) {
// We may already have RelayState set if we looped back here,
in.addmember("authnContextClassRef").string(acClass.second);
if (acComp.first)
in.addmember("authnContextComparison").string(acComp.second);
- if (acsByIndex.first && acsByIndex.second) {
+ if (!acsByIndex.first || acsByIndex.second) {
if (ACS)
in.addmember("acsIndex").string(ACS->getString("index").second);
}
}
req->setDestination(ep->getLocation());
- if (acsIndex)
+ if (acsIndex && *acsIndex)
req->setAssertionConsumerServiceIndex(acsIndex);
if (acsLocation) {
auto_ptr_XMLCh wideloc(acsLocation);
req->setAssertionConsumerServiceURL(wideloc.get());
}
- if (acsBinding)
+ if (acsBinding && *acsBinding)
req->setProtocolBinding(acsBinding);
if (isPassive)
req->IsPassive(isPassive);