pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
void getAll(map<string,const char*>& properties) const;
- const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:2.0:native:sp:config") const;
+ const PropertySet* getPropertySet(const char* name, const char* ns=shibspconstants::ASCII_SHIB2SPCONFIG_NS) const;
const xercesc::DOMElement* getElement() const;
private:
pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
void getAll(map<string,const char*>& properties) const;
- const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:2.0:native:sp:config") const;
+ const PropertySet* getPropertySet(const char* name, const char* ns=shibspconstants::ASCII_SHIB2SPCONFIG_NS) const;
const xercesc::DOMElement* getElement() const;
private:
saml2md::AssertionConsumerService* ep = saml2md::AssertionConsumerServiceBuilder::buildAssertionConsumerService();
ep->setLocation(widen.get());
ep->setBinding(getXMLString("Binding").second);
- ep->setIndex(getXMLString("index").second);
+ if (!strncmp(handlerURL, "https", 5)) {
+ pair<bool,const XMLCh*> index = getXMLString("sslIndex", shibspconstants::ASCII_SHIB2SPCONFIG_NS);
+ if (index.first)
+ ep->setIndex(index.second);
+ else
+ ep->setIndex(getXMLString("index").second);
+ }
+ else {
+ ep->setIndex(getXMLString("index").second);
+ }
role.getAssertionConsumerServices().push_back(ep);
}
// To invoke the request builder, the key requirement is to figure out how
// to express the ACS, by index or value, and if by value, where.
-
+ // We have to compute the handlerURL no matter what, because we may need to
+ // flip the index to an SSL-version.
+ string ACSloc=request.getHandlerURL(target.c_str());
+
SPConfig& conf = SPConfig::getConfig();
if (conf.isEnabled(SPConfig::OutOfProcess)) {
- if (!acsByIndex.first || acsByIndex.second) {
+ if (!acsByIndex.first || acsByIndex.second) {
// Pass by Index.
if (isHandler) {
// We may already have RelayState set if we looped back here,
if (option)
target = option;
}
+
+ // Determine index to use.
+ pair<bool,const XMLCh*> ix = pair<bool,const XMLCh*>(false,NULL);
+ if (ACS) {
+ if (!strncmp(ACSloc.c_str(), "https", 5)) {
+ ix = ACS->getXMLString("sslIndex", shibspconstants::ASCII_SHIB2SPCONFIG_NS);
+ if (!ix.first)
+ ix = ACS->getXMLString("index");
+ }
+ else {
+ ix = ACS->getXMLString("index");
+ }
+ }
+
return doRequest(
app, request, entityID.c_str(),
- ACS ? ACS->getXMLString("index").second : NULL, NULL, NULL,
+ ix.second, NULL, NULL,
isPassive, forceAuthn,
acClass.first ? acClass.second : NULL,
acComp.first ? acComp.second : NULL,
// Since we're not passing by index, we need to fully compute the return URL and binding.
// Compute the ACS URL. We add the ACS location to the base handlerURL.
- string ACSloc=request.getHandlerURL(target.c_str());
pair<bool,const char*> loc=ACS ? ACS->getString("Location") : pair<bool,const char*>(false,NULL);
if (loc.first) ACSloc+=loc.second;
if (acComp.first)
in.addmember("authnContextComparison").string(acComp.second);
if (!acsByIndex.first || acsByIndex.second) {
- if (ACS)
- in.addmember("acsIndex").string(ACS->getString("index").second);
+ if (ACS) {
+ // Determine index to use.
+ pair<bool,const char*> ix = pair<bool,const char*>(false,NULL);
+ if (!strncmp(ACSloc.c_str(), "https", 5)) {
+ ix = ACS->getString("sslIndex", shibspconstants::ASCII_SHIB2SPCONFIG_NS);
+ if (!ix.first)
+ ix = ACS->getString("index");
+ }
+ else {
+ ix = ACS->getString("index");
+ }
+ in.addmember("acsIndex").string(ix.second);
+ }
}
else {
// Since we're not passing by index, we need to fully compute the return URL and binding.
// Compute the ACS URL. We add the ACS location to the base handlerURL.
- string ACSloc=request.getHandlerURL(target.c_str());
pair<bool,const char*> loc=ACS ? ACS->getString("Location") : pair<bool,const char*>(false,NULL);
if (loc.first) ACSloc+=loc.second;
in.addmember("acsLocation").string(ACSloc.c_str());
std::pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
std::pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
void getAll(std::map<std::string,const char*>& properties) const;
- const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:2.0:native:sp:config") const;
+ const PropertySet* getPropertySet(const char* name, const char* ns=shibspconstants::ASCII_SHIB2SPCONFIG_NS) const;
const xercesc::DOMElement* getElement() const {
return m_root;
#ifndef __shibsp_propset_h__
#define __shibsp_propset_h__
-#include <shibsp/base.h>
+#include <shibsp/util/SPConstants.h>
#include <map>
#include <xercesc/dom/DOM.hpp>
* @param ns nested property set namespace, or NULL
* @return the nested property set, or NULL
*/
- virtual const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:2.0:native:sp:config") const=0;
+ virtual const PropertySet* getPropertySet(const char* name, const char* ns=shibspconstants::ASCII_SHIB2SPCONFIG_NS) const=0;
/**
* Returns a DOM element representing the property container, if any.
const char shibspconstants::SHIB1_SESSIONINIT_PROFILE_URI[] = "urn:mace:shibboleth:sp:1.3:SessionInit";\r
\r
const char shibspconstants::SHIB1_LOGOUT_PROFILE_URI[] = "urn:mace:shibboleth:sp:1.3:Logout";\r
+\r
+const char shibspconstants::ASCII_SHIB2SPCONFIG_NS[] = "urn:mace:shibboleth:2.0:native:sp:config";\r
/** Shibboleth 1.3 Local Logout binding/profile ("urn:mace:shibboleth:sp:1.3:Logout") */
extern SHIBSP_API const char SHIB1_LOGOUT_PROFILE_URI[];
+
+ /** Shibboleth 2.0 SP configuration namespace ("urn:mace:shibboleth:2.0:native:sp:config") */
+ extern SHIBSP_API const char ASCII_SHIB2SPCONFIG_NS[];
};
#endif /* __shibsp_constants_h__ */