From b22d0e89f3992535781f8cb5846a874e141bd349 Mon Sep 17 00:00:00 2001
From: cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Date: Wed, 16 Jan 2008 17:33:30 +0000
Subject: [PATCH] Eliminate DefaultRelyingParty element. Merge relying party
 properties into Application element.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2689 cb58f699-b61c-0410-a6fe-9272a202ed29
---
 configs/shibboleth2.xml.in                  | 35 +++++++------
 schemas/shibboleth-2.0-native-sp-config.xsd | 78 +++++++++++++----------------
 shibsp/impl/XMLServiceProvider.cpp          | 34 ++++---------
 3 files changed, 64 insertions(+), 83 deletions(-)

diff --git a/configs/shibboleth2.xml.in b/configs/shibboleth2.xml.in
index 3bd41eb..2f7034f 100644
--- a/configs/shibboleth2.xml.in
+++ b/configs/shibboleth2.xml.in
@@ -73,14 +73,25 @@
     </RequestMapper>
 
     <!--
-    The Applications section is where most of Shibboleth's SAML bits are defined.
-    Resource requests are mapped in the Local section into an applicationId that
+    The Applications element is where most of Shibboleth's SAML bits are defined.
+    Resource requests are mapped by the RequestMapper to an applicationId that
     points into to this section.
     -->
     <Applications id="default" policyId="default" entityID="https://sp.example.org/shibboleth"
-        homeURL="https://sp.example.org/index.html" REMOTE_USER="eppn persistent-id targeted-id"
+        homeURL="https://sp.example.org/index.html"
+        REMOTE_USER="eppn persistent-id targeted-id"
         localLogout="@-PKGSYSCONFDIR-@/localLogout.html"
-        globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html">
+        globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html
+        authType="TLS"
+        artifactEndpointIndex="1"
+        signing="false"
+        encryption="false"
+        requireConfidentiality="true"
+        requireTransportAuth="true"
+        signedAssertions="false"
+        chunkedEncoding="false"
+        connectTimeout="15" timeout="30"
+        >
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
@@ -200,20 +211,8 @@
             logoLocation="/shibboleth-sp/logo.jpg"
             styleSheet="/shibboleth-sp/main.css"/>
         
-        <!-- Configure handling of outgoing messages and SOAP authentication. -->
-        <DefaultRelyingParty authType="TLS"
-            artifactEndpointIndex="1"
-            signing="false"
-            encryption="false"
-            requireConfidentiality="true"
-            requireTransportAuth="true"
-            signedAssertions="false"
-            chunkedEncoding="false"
-            connectTimeout="15" timeout="30"
-            >
-            <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
-            <!-- <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/> -->
-        </DefaultRelyingParty>
+        <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
+        <!-- <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/> -->
 
         <!-- Chains together all your metadata sources. -->
         <MetadataProvider type="Chaining">
diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index 353b582..d192e46 100644
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -434,7 +434,7 @@
 			<sequence>
 				<element ref="conf:Sessions"/>
 				<element ref="conf:Errors" minOccurs="0"/>
-				<element ref="conf:DefaultRelyingParty"/>
+				<element ref="conf:RelyingParty" minOccurs="0" maxOccurs="unbounded"/>
 				<element ref="conf:Notify" minOccurs="0" maxOccurs="unbounded"/>
 				<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
                 <element name="MetadataProvider" type="conf:PluggableType"/>
@@ -449,6 +449,7 @@
 			<attribute name="entityID" type="anyURI" use="required"/>
 			<attribute name="policyId" type="conf:string" use="required"/>
 			<attributeGroup ref="conf:ApplicationGroup"/>
+		    <attributeGroup ref="conf:RelyingPartyGroup"/>
 			<anyAttribute namespace="##other" processContents="lax"/>
 		</complexType>
 	</element>
@@ -461,7 +462,7 @@
 			<sequence>
 				<element ref="conf:Sessions" minOccurs="0"/>
 				<element ref="conf:Errors" minOccurs="0"/>
-				<element ref="conf:DefaultRelyingParty" minOccurs="0"/>
+				<element ref="conf:RelyingParty" minOccurs="0" maxOccurs="unbounded"/>
 				<element ref="conf:Notify" minOccurs="0" maxOccurs="unbounded"/>
 				<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
 				<element name="MetadataProvider" type="conf:PluggableType" minOccurs="0"/>
@@ -475,6 +476,7 @@
 			<attribute name="entityID" type="anyURI"/>
 			<attribute name="policyId" type="conf:string"/>
 			<attributeGroup ref="conf:ApplicationGroup"/>
+		    <attributeGroup ref="conf:RelyingPartyGroup"/>
 			<anyAttribute namespace="##other" processContents="lax"/>
 		</complexType>
 	</element>
@@ -488,7 +490,26 @@
 		<attribute name="localLogout" type="anyURI"/>
 		<attribute name="globalLogout" type="anyURI"/>
 	</attributeGroup>
-		
+
+    <attributeGroup name="RelyingPartyGroup">
+        <attribute name="authType" type="conf:string"/>
+        <attribute name="authUsername" type="conf:string"/>
+        <attribute name="authPassword" type="conf:string"/>
+        <attribute name="signing" type="conf:bindingBoolean"/>
+        <attribute name="signingAlg" type="anyURI"/>
+        <attribute name="digestAlg" type="anyURI"/>
+        <attribute name="encryption" type="conf:bindingBoolean"/>
+        <attribute name="encryptionAlg" type="anyURI"/>
+        <attribute name="keyName" type="conf:string"/>
+        <attribute name="artifactEndpointIndex" type="unsignedShort"/>
+        <attribute name="chunkedEncoding" type="boolean"/>
+        <attribute name="connectTimeout" type="unsignedShort"/>
+        <attribute name="timeout" type="unsignedShort"/>
+        <attribute name="requireConfidentiality" type="boolean"/>
+        <attribute name="requireTransportAuth" type="boolean"/>
+        <attribute name="signedAssertions" type="boolean"/>
+    </attributeGroup>
+    
 	<element name="Sessions">
 		<annotation>
 			<documentation>Container for specifying protocol handlers and session policy</documentation>
@@ -612,6 +633,18 @@
 		</complexType>
 	</element>
 
+    <element name="RelyingParty">
+        <annotation>
+            <documentation>Container for specifying settings to use with particular peers</documentation>
+        </annotation>
+        <complexType>
+            <sequence/>
+            <attribute name="Name" type="conf:string" use="required"/>
+            <attributeGroup ref="conf:RelyingPartyGroup"/>
+            <anyAttribute namespace="##other" processContents="lax"/>
+        </complexType>
+    </element>
+    
 	<element name="Notify">
 		<annotation>
 			<documentation>Used to specify locations to receive application notifications</documentation>
@@ -631,45 +664,6 @@
 		</complexType>
 	</element>
 	
-	<element name="DefaultRelyingParty">
-		<annotation>
-			<documentation>Container for specifying security methods to use with particular peers</documentation>
-		</annotation>
-		<complexType>
-			<sequence>
-				<element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
-					<complexType>
-						<sequence/>
-						<attribute name="Name" type="conf:string" use="required"/>
-						<attributeGroup ref="conf:RelyingPartyGroup"/>
-						<anyAttribute namespace="##other" processContents="lax"/>
-					</complexType>
-				</element>
-			</sequence>
-			<attributeGroup ref="conf:RelyingPartyGroup"/>
-	        <anyAttribute namespace="##other" processContents="lax"/>
-		</complexType>
-	</element>
-	
-	<attributeGroup name="RelyingPartyGroup">
-		<attribute name="authType" type="conf:string"/>
-		<attribute name="authUsername" type="conf:string"/>
-		<attribute name="authPassword" type="conf:string"/>
-		<attribute name="signing" type="conf:bindingBoolean"/>
-		<attribute name="signingAlg" type="anyURI"/>
-		<attribute name="digestAlg" type="anyURI"/>
-		<attribute name="encryption" type="conf:bindingBoolean"/>
-		<attribute name="encryptionAlg" type="anyURI"/>
-		<attribute name="keyName" type="conf:string"/>
-		<attribute name="artifactEndpointIndex" type="unsignedShort"/>
-        <attribute name="chunkedEncoding" type="boolean"/>
-        <attribute name="connectTimeout" type="unsignedShort"/>
-        <attribute name="timeout" type="unsignedShort"/>
-        <attribute name="requireConfidentiality" type="boolean"/>
-        <attribute name="requireTransportAuth" type="boolean"/>
-        <attribute name="signedAssertions" type="boolean"/>
-	</attributeGroup>
-	
 	<element name="SecurityPolicies">
 		<annotation>
 			<documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp
index 4f790ec..ee06184 100644
--- a/shibsp/impl/XMLServiceProvider.cpp
+++ b/shibsp/impl/XMLServiceProvider.cpp
@@ -172,7 +172,6 @@ namespace {
         vector<const XMLCh*> m_audiences;
 
         // RelyingParty properties
-        DOMPropertySet* m_partyDefault;
 #ifdef HAVE_GOOD_STL
         map<xstring,PropertySet*> m_partyMap;
 #else
@@ -394,7 +393,6 @@ namespace {
     static const XMLCh Binding[] =              UNICODE_LITERAL_7(B,i,n,d,i,n,g);
     static const XMLCh Channel[]=               UNICODE_LITERAL_7(C,h,a,n,n,e,l);
     static const XMLCh _CredentialResolver[] =  UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
-    static const XMLCh DefaultRelyingParty[] =  UNICODE_LITERAL_19(D,e,f,a,u,l,t,R,e,l,y,i,n,g,P,a,r,t,y);
     static const XMLCh _Extensions[] =          UNICODE_LITERAL_10(E,x,t,e,n,s,i,o,n,s);
     static const XMLCh _fatal[] =               UNICODE_LITERAL_5(f,a,t,a,l);
     static const XMLCh _Handler[] =             UNICODE_LITERAL_7(H,a,n,d,l,e,r);
@@ -455,7 +453,7 @@ XMLApplication::XMLApplication(
 #ifndef SHIBSP_LITE
         m_metadata(NULL), m_trust(NULL),
         m_attrExtractor(NULL), m_attrFilter(NULL), m_attrResolver(NULL),
-        m_credResolver(NULL), m_partyDefault(NULL),
+        m_credResolver(NULL),
 #endif
         m_acsDefault(NULL), m_sessionInitDefault(NULL), m_artifactResolutionDefault(NULL)
 {
@@ -862,18 +860,13 @@ XMLApplication::XMLApplication(
         }
 
         // Finally, load relying parties.
-        child = XMLHelper::getFirstChildElement(e,DefaultRelyingParty);
-        if (child) {
-            m_partyDefault=new DOMPropertySet();
-            m_partyDefault->load(child,log,this);
-            child = XMLHelper::getFirstChildElement(child,RelyingParty);
-            while (child) {
-                auto_ptr<DOMPropertySet> rp(new DOMPropertySet());
-                rp->load(child,log,this);
-                rp->setParent(m_partyDefault);
-                m_partyMap[child->getAttributeNS(NULL,saml2::Attribute::NAME_ATTRIB_NAME)]=rp.release();
-                child = XMLHelper::getNextSiblingElement(child,RelyingParty);
-            }
+        child = XMLHelper::getFirstChildElement(e,RelyingParty);
+        while (child) {
+            auto_ptr<DOMPropertySet> rp(new DOMPropertySet());
+            rp->load(child,log,this);
+            rp->setParent(this);
+            m_partyMap[child->getAttributeNS(NULL,saml2::Attribute::NAME_ATTRIB_NAME)]=rp.release();
+            child = XMLHelper::getNextSiblingElement(child,RelyingParty);
         }
 #endif
 
@@ -910,8 +903,6 @@ void XMLApplication::cleanup()
     for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup<Handler>());
     m_handlers.clear();
 #ifndef SHIBSP_LITE
-    delete m_partyDefault;
-    m_partyDefault = NULL;
 #ifdef HAVE_GOOD_STL
     for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair<xstring,PropertySet>());
 #else
@@ -946,7 +937,6 @@ short XMLApplication::acceptNode(const DOMNode* node) const
         XMLString::equals(name,_ManageNameIDService) ||
         XMLString::equals(name,_SessionInitiator) ||
         XMLString::equals(name,_SingleLogoutService) ||
-        XMLString::equals(name,DefaultRelyingParty) ||
         XMLString::equals(name,RelyingParty) ||
         XMLString::equals(name,_MetadataProvider) ||
         XMLString::equals(name,_TrustEngine) ||
@@ -963,10 +953,8 @@ short XMLApplication::acceptNode(const DOMNode* node) const
 
 const PropertySet* XMLApplication::getRelyingParty(const EntityDescriptor* provider) const
 {
-    if (!m_partyDefault && m_base)
-        return m_base->getRelyingParty(provider);
-    else if (!provider)
-        return m_partyDefault;
+    if (!provider)
+        return this;
         
 #ifdef HAVE_GOOD_STL
     map<xstring,PropertySet*>::const_iterator i=m_partyMap.find(provider->getEntityID());
@@ -994,7 +982,7 @@ const PropertySet* XMLApplication::getRelyingParty(const EntityDescriptor* provi
         }
     }
 #endif
-    return m_partyDefault;
+    return this;
 }
 
 #endif
-- 
2.1.4