return false;
}
- shibsp::SecurityPolicy policy(ctx.getApplication());
+ const Application& application = ctx.getApplication();
+ shibsp::SecurityPolicy policy(application);
MetadataCredentialCriteria mcc(*AA);
shibsp::SOAPClient soaper(policy);
const PropertySet* policySettings =
- ctx.getApplication().getServiceProvider().getPolicySettings(ctx.getApplication().getString("policyId").second);
+ application.getServiceProvider().getPolicySettings(application.getString("policyId").second);
pair<bool,bool> signedAssertions = policySettings->getBool("signedAssertions");
auto_ptr_XMLCh binding(samlconstants::SAML1_BINDING_SOAP);
if (!XMLString::equals((*ep)->getBinding(),binding.get()))
continue;
auto_ptr_char loc((*ep)->getLocation());
- auto_ptr_XMLCh issuer(ctx.getApplication().getString("entityID").second);
+ auto_ptr_XMLCh issuer(application.getString("entityID").second);
NameIdentifier* nameid = NameIdentifierBuilder::buildNameIdentifier();
nameid->setName(ctx.getNameID()->getName());
nameid->setFormat(ctx.getNameID()->getFormat());
request->setMinorVersion(version);
SAML1SOAPClient client(soaper, false);
- client.sendSAML(request, mcc, loc.get());
+ client.sendSAML(request, application.getId(), mcc, loc.get());
response = client.receiveSAML();
}
catch (exception& ex) {
policy.evaluate(*newtoken);
if (!policy.isSecure())
throw SecurityPolicyException("Security of SAML 1.x query result not established.");
- saml1::AssertionValidator tokval(ctx.getApplication().getAudiences(), time(NULL));
+ saml1::AssertionValidator tokval(application.getAudiences(), time(NULL));
tokval.validateAssertion(*newtoken);
}
catch (exception& ex) {
// Finally, extract and filter the result.
try {
- AttributeExtractor* extractor = ctx.getApplication().getAttributeExtractor();
+ AttributeExtractor* extractor = application.getAttributeExtractor();
if (extractor) {
Locker extlocker(extractor);
- extractor->extractAttributes(ctx.getApplication(), AA, *newtoken, ctx.getResolvedAttributes());
+ extractor->extractAttributes(application, AA, *newtoken, ctx.getResolvedAttributes());
}
- AttributeFilter* filter = ctx.getApplication().getAttributeFilter();
+ AttributeFilter* filter = application.getAttributeFilter();
if (filter) {
- BasicFilteringContext fc(ctx.getApplication(), ctx.getResolvedAttributes(), AA, ctx.getClassRef(), ctx.getDeclRef());
+ BasicFilteringContext fc(application, ctx.getResolvedAttributes(), AA, ctx.getClassRef(), ctx.getDeclRef());
Locker filtlocker(filter);
filter->filterAttributes(fc, ctx.getResolvedAttributes());
}
return false;
}
- shibsp::SecurityPolicy policy(ctx.getApplication());
+ const Application& application = ctx.getApplication();
+ shibsp::SecurityPolicy policy(application);
MetadataCredentialCriteria mcc(*AA);
shibsp::SOAPClient soaper(policy);
- const PropertySet* policySettings =
- ctx.getApplication().getServiceProvider().getPolicySettings(ctx.getApplication().getString("policyId").second);
+ const PropertySet* policySettings = application.getServiceProvider().getPolicySettings(application.getString("policyId").second);
pair<bool,bool> signedAssertions = policySettings->getBool("signedAssertions");
- const PropertySet* relyingParty = ctx.getApplication().getRelyingParty(ctx.getEntityDescriptor());
+ const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor());
pair<bool,const char*> encryption = relyingParty->getString("encryption");
auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP);
if (!XMLString::equals((*ep)->getBinding(),binding.get()))
continue;
auto_ptr_char loc((*ep)->getLocation());
- auto_ptr_XMLCh issuer(ctx.getApplication().getString("entityID").second);
+ auto_ptr_XMLCh issuer(application.getString("entityID").second);
auto_ptr<saml2::Subject> subject(saml2::SubjectBuilder::buildSubject());
MetadataCredentialCriteria mcc(*AA);
encrypted->encrypt(
*ctx.getNameID(),
- *(ctx.getApplication().getMetadataProvider()),
+ *(application.getMetadataProvider()),
mcc,
false,
relyingParty->getXMLString("encryptionAlg").second
query->getAttributes().push_back((*ad)->cloneAttribute());
SAML2SOAPClient client(soaper, false);
- client.sendSAML(query, mcc, loc.get());
+ client.sendSAML(query, application.getId(), mcc, loc.get());
srt = client.receiveSAML();
}
catch (exception& ex) {
policy.evaluate(*newtoken);
if (!policy.isSecure())
throw SecurityPolicyException("Security of SAML 2.0 query result not established.");
- saml2::AssertionValidator tokval(ctx.getApplication().getAudiences(), time(NULL));
+ saml2::AssertionValidator tokval(application.getAudiences(), time(NULL));
tokval.validateAssertion(*newtoken);
}
catch (exception& ex) {
// Finally, extract and filter the result.
try {
- AttributeExtractor* extractor = ctx.getApplication().getAttributeExtractor();
+ AttributeExtractor* extractor = application.getAttributeExtractor();
if (extractor) {
Locker extlocker(extractor);
- extractor->extractAttributes(ctx.getApplication(), AA, *newtoken, ctx.getResolvedAttributes());
+ extractor->extractAttributes(application, AA, *newtoken, ctx.getResolvedAttributes());
}
- AttributeFilter* filter = ctx.getApplication().getAttributeFilter();
+ AttributeFilter* filter = application.getAttributeFilter();
if (filter) {
- BasicFilteringContext fc(ctx.getApplication(), ctx.getResolvedAttributes(), AA, ctx.getClassRef(), ctx.getDeclRef());
+ BasicFilteringContext fc(application, ctx.getResolvedAttributes(), AA, ctx.getClassRef(), ctx.getDeclRef());
Locker filtlocker(filter);
filter->filterAttributes(fc, ctx.getResolvedAttributes());
}
) const
{
MetadataCredentialCriteria mcc(idpDescriptor);
- shibsp::SOAPClient soaper(dynamic_cast<shibsp::SecurityPolicy&>(policy));
+ shibsp::SecurityPolicy& sppolicy = dynamic_cast<shibsp::SecurityPolicy&>(policy);
+ shibsp::SOAPClient soaper(sppolicy);
bool foundEndpoint = false;
auto_ptr_XMLCh binding(samlconstants::SAML1_BINDING_SOAP);
}
SAML1SOAPClient client(soaper, false);
- client.sendSAML(request, mcc, loc.get());
+ client.sendSAML(request, sppolicy.getApplication().getId(), mcc, loc.get());
response = client.receiveSAML();
}
catch (exception& ex) {
continue;
foundEndpoint = true;
auto_ptr_char loc((*ep)->getLocation());
- auto_ptr_XMLCh issuer(sppolicy.getApplication().getString("entityID").second);
ArtifactResolve* request = ArtifactResolveBuilder::buildArtifactResolve();
Issuer* iss = IssuerBuilder::buildIssuer();
request->setIssuer(iss);
- iss->setName(issuer.get());
+ iss->setName(sppolicy.getApplication().getXMLString("entityID").second);
auto_ptr_XMLCh artbuf(artifact.encode().c_str());
Artifact* a = ArtifactBuilder::buildArtifact();
a->setArtifact(artbuf.get());
request->setArtifact(a);
SAML2SOAPClient client(soaper, false);
- client.sendSAML(request, mcc, loc.get());
+ client.sendSAML(request, sppolicy.getApplication().getId(), mcc, loc.get());
StatusResponseType* srt = client.receiveSAML();
if (!(response = dynamic_cast<ArtifactResponse*>(srt))) {
delete srt;
setValidating(validate.first && validate.second);
}
-void SOAPClient::send(const soap11::Envelope& env, MetadataCredentialCriteria& peer, const char* endpoint)
+void SOAPClient::send(const soap11::Envelope& env, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
{
// Check for message signing requirements.
- m_relyingParty = m_app.getRelyingParty(dynamic_cast<const EntityDescriptor*>(peer.getRole().getParent()));
+ m_relyingParty = m_app.getRelyingParty(dynamic_cast<const EntityDescriptor*>(to.getRole().getParent()));
pair<bool,const char*> flag = m_relyingParty->getString("signing");
if (flag.first && (!strcmp(flag.second, "true") || !strcmp(flag.second, "back"))) {
m_credResolver=m_app.getCredentialResolver();
if (m_credResolver) {
m_credResolver->lock();
// Fill in criteria to use.
- peer.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ to.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
pair<bool,const char*> keyName = m_relyingParty->getString("keyName");
if (keyName.first)
- peer.getKeyNames().insert(keyName.second);
+ to.getKeyNames().insert(keyName.second);
pair<bool,const XMLCh*> sigalg = m_relyingParty->getXMLString("signingAlg");
if (sigalg.first)
- peer.setXMLAlgorithm(sigalg.second);
- const Credential* cred = m_credResolver->resolve(&peer);
+ to.setXMLAlgorithm(sigalg.second);
+ const Credential* cred = m_credResolver->resolve(&to);
// Reset criteria back.
- peer.setKeyAlgorithm(NULL);
- peer.setKeySize(0);
+ to.setKeyAlgorithm(NULL);
+ to.setKeySize(0);
if (cred) {
// Check for message.
}
}
- opensaml::SOAPClient::send(env, peer, endpoint);
+ opensaml::SOAPClient::send(env, from, to, endpoint);
}
void SOAPClient::prepareTransport(SOAPTransport& transport)