REMOTE_USER="eppn persistent-id targeted-id"
localLogout="@-PKGSYSCONFDIR-@/localLogout.html"
globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html"
- authType="TLS"
- artifactEndpointIndex="1"
- signing="false"
- encryption="false"
- requireConfidentiality="true"
- requireTransportAuth="true"
- signedAssertions="false"
- chunkedEncoding="false"
- connectTimeout="15" timeout="30"
>
<!--
<attribute name="timeout" type="unsignedShort"/>\r
<attribute name="requireConfidentiality" type="boolean"/>\r
<attribute name="requireTransportAuth" type="boolean"/>\r
- <attribute name="signedAssertions" type="boolean"/>\r
+ <attribute name="requireSignedAssertions" type="boolean"/>\r
</attributeGroup>\r
\r
<element name="Sessions">\r
auto_ptr<saml1p::Response> wrapper(response);
saml1::Assertion* newtoken = assertions.front();
- pair<bool,bool> signedAssertions = relyingParty->getBool("signedAssertions");
+ pair<bool,bool> signedAssertions = relyingParty->getBool("requireSignedAssertions");
if (!newtoken->getSignature() && signedAssertions.first && signedAssertions.second) {
m_log.error("assertion unsigned, rejecting it based on signedAssertions policy");
return true;
shibsp::SOAPClient soaper(policy);
const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor());
- pair<bool,bool> signedAssertions = relyingParty->getBool("signedAssertions");
+ pair<bool,bool> signedAssertions = relyingParty->getBool("requireSignedAssertions");
pair<bool,const char*> encryption = relyingParty->getString("encryption");
auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP);
prop = relyingParty->getString("signing");
if (prop.first && (!strcmp(prop.second,"true") || !strcmp(prop.second,"front")))
role->AuthnRequestsSigned(true);
- pair<bool,bool> flagprop = relyingParty->getBool("signedAssertions");
+ pair<bool,bool> flagprop = relyingParty->getBool("requireSignedAssertions");
if (flagprop.first && flagprop.second)
role->WantAssertionsSigned(true);
// With this flag on, we ignore any unsigned assertions.
const EntityDescriptor* entity = policy.getIssuerMetadata() ? dynamic_cast<const EntityDescriptor*>(policy.getIssuerMetadata()->getParent()) : NULL;
- pair<bool,bool> flag = application.getRelyingParty(entity)->getBool("signedAssertions");
+ pair<bool,bool> flag = application.getRelyingParty(entity)->getBool("requireSignedAssertions");
// authnskew allows rejection of SSO if AuthnInstant is too old.
const PropertySet* sessionProps = application.getPropertySet("Sessions");
pair<bool,bool> flag = make_pair(false,false);
if (alreadySecured && policy.getIssuerMetadata()) {
entity = dynamic_cast<const EntityDescriptor*>(policy.getIssuerMetadata()->getParent());
- flag = application.getRelyingParty(entity)->getBool("signedAssertions");
+ flag = application.getRelyingParty(entity)->getBool("requireSignedAssertions");
}
time_t now = time(NULL);
// If we hadn't established Issuer yet, redo the signedAssertions check.
if (!entity && policy.getIssuerMetadata()) {
entity = dynamic_cast<const EntityDescriptor*>(policy.getIssuerMetadata()->getParent());
- flag = application.getRelyingParty(entity)->getBool("signedAssertions");
+ flag = application.getRelyingParty(entity)->getBool("requireSignedAssertions");
if (!(*a)->getSignature() && flag.first && flag.second)
throw SecurityPolicyException("The incoming assertion was unsigned, violating local security policy.");
}
projects / shibboleth / sp.git / commitdiff