Public Member Functions | |
SSCache (const xercesc::DOMElement *e, bool deprecationSupport) | |
void | receive (DDF &in, std::ostream &out) |
Remoted classes implement this method to process incoming messages. | |
void | insert (std::string &sessionID, const Application &app, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, time_t expires, const opensaml::saml2md::EntityDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const XMLCh *authn_instant=nullptr, const XMLCh *session_index=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr, const std::vector< Attribute * > *attributes=nullptr) |
Inserts a new session into the cache and binds the session to the outgoing client response. | |
std::vector< std::string > ::size_type | logout (const Application &app, const opensaml::saml2md::EntityDescriptor *issuer, const opensaml::saml2::NameID &nameid, const std::set< std::string > *indexes, time_t expires, std::vector< std::string > &sessions) |
Returns active sessions that match particular parameters and records the logout to prevent race conditions. | |
bool | matches (const Application &app, xmltooling::HTTPRequest &request, const opensaml::saml2md::EntityDescriptor *issuer, const opensaml::saml2::NameID &nameid, const std::set< std::string > *indexes) |
Determines whether the Session bound to a client request matches a set of input criteria. | |
std::string | active (const Application &app, const xmltooling::HTTPRequest &request) |
Returns the ID of the session bound to the specified client request, if possible. | |
Session * | find (const Application &app, xmltooling::HTTPRequest &request, const char *client_addr=nullptr, time_t *timeout=nullptr) |
Locates an existing session bound to a request. | |
void | remove (const Application &app, const xmltooling::HTTPRequest &request, xmltooling::HTTPResponse *response=nullptr, time_t revocationExp=0) |
Deletes an existing session bound to a request. | |
Session * | find (const Application &app, const char *key) |
Locates an existing session by ID. | |
void | remove (const Application &app, const char *key, time_t revocationExp=0) |
Deletes an existing session. | |
void | test () |
Executes a test of the cache's general health. | |
unsigned long | getCacheTimeout (const Application &app) const |
Friends | |
class | StoredSession |
std::string shibsp::SSCache::active | ( | const Application & | application, | |
const xmltooling::HTTPRequest & | request | |||
) | [virtual] |
Returns the ID of the session bound to the specified client request, if possible.
application | reference to Application that owns the Session | |
request | request from client containing session, or a reference to it |
Implements shibsp::SessionCache.
Session* shibsp::SSCache::find | ( | const Application & | application, | |
const char * | key | |||
) | [inline, virtual] |
Locates an existing session by ID.
application | reference to Application that owns the Session | |
key | session key |
Implements shibsp::SessionCache.
Session* shibsp::SSCache::find | ( | const Application & | application, | |
xmltooling::HTTPRequest & | request, | |||
const char * | client_addr = nullptr , |
|||
time_t * | timeout = nullptr | |||
) | [virtual] |
Locates an existing session bound to a request.
If the client address is supplied, then a check will be performed against the address recorded in the record.
If a bound session is found to have expired, be invalid, etc., and if the request can be used to "clear" the session from subsequent client requests, then it may be cleared.
application | reference to Application that owns the Session | |
request | request from client bound to session | |
client_addr | network address of client (if known) | |
timeout | inactivity timeout to enforce (0 for none, nullptr to bypass check/update of last access) |
Implements shibsp::SessionCache.
void shibsp::SSCache::insert | ( | std::string & | sessionID, | |
const Application & | application, | |||
const xmltooling::HTTPRequest & | httpRequest, | |||
xmltooling::HTTPResponse & | httpResponse, | |||
time_t | expires, | |||
const opensaml::saml2md::EntityDescriptor * | issuer = nullptr , |
|||
const XMLCh * | protocol = nullptr , |
|||
const opensaml::saml2::NameID * | nameid = nullptr , |
|||
const XMLCh * | authn_instant = nullptr , |
|||
const XMLCh * | session_index = nullptr , |
|||
const XMLCh * | authncontext_class = nullptr , |
|||
const XMLCh * | authncontext_decl = nullptr , |
|||
const std::vector< const opensaml::Assertion * > * | tokens = nullptr , |
|||
const std::vector< Attribute * > * | attributes = nullptr | |||
) | [virtual] |
Inserts a new session into the cache and binds the session to the outgoing client response.
The newly created session ID is placed into the first parameter.
The SSO tokens and Attributes remain owned by the caller and are copied by the cache.
sessionID | reference to string to capture newly inserted session ID | |
application | reference to Application that owns the Session | |
httpRequest | request that initiated session | |
httpResponse | current response to client | |
expires | expiration time of session | |
issuer | issuing metadata of assertion issuer, if known | |
protocol | protocol family used to initiate the session | |
nameid | principal identifier, normalized to SAML 2, if any | |
authn_instant | UTC timestamp of authentication at IdP, if known | |
session_index | index of session between principal and IdP, if any | |
authncontext_class | method/category of authentication event, if known | |
authncontext_decl | specifics of authentication event, if known | |
tokens | assertions to cache with session, if any | |
attributes | optional array of resolved Attributes to cache with session |
Implements shibsp::SessionCache.
std::vector<std::string>::size_type shibsp::SSCache::logout | ( | const Application & | application, | |
const opensaml::saml2md::EntityDescriptor * | issuer, | |||
const opensaml::saml2::NameID & | nameid, | |||
const std::set< std::string > * | indexes, | |||
time_t | expires, | |||
std::vector< std::string > & | sessions | |||
) | [inline, virtual] |
Returns active sessions that match particular parameters and records the logout to prevent race conditions.
On exit, the mapping between these sessions and the associated information MAY be removed by the cache, so subsequent calls to this method may not return anything.
Until logout expiration, any attempt to create a session with the same parameters will be blocked by the cache.
application | reference to Application that owns the session(s) | |
issuer | source of session(s) | |
nameid | name identifier associated with the session(s) to terminate | |
indexes | indexes of sessions, or nullptr for all sessions associated with other parameters | |
expires | logout expiration | |
sessions | on exit, contains the IDs of the matching sessions found |
Implements shibsp::SessionCache.
bool shibsp::SSCache::matches | ( | const Application & | application, | |
xmltooling::HTTPRequest & | request, | |||
const opensaml::saml2md::EntityDescriptor * | issuer, | |||
const opensaml::saml2::NameID & | nameid, | |||
const std::set< std::string > * | indexes | |||
) | [virtual] |
Determines whether the Session bound to a client request matches a set of input criteria.
application | reference to Application that owns the Session | |
request | request in which to locate Session | |
issuer | required source of session(s) | |
nameid | required name identifier | |
indexes | session indexes |
Implements shibsp::SessionCache.
void shibsp::SSCache::receive | ( | DDF & | in, | |
std::ostream & | out | |||
) | [virtual] |
Remoted classes implement this method to process incoming messages.
Implements shibsp::Remoted.
void shibsp::SSCache::remove | ( | const Application & | application, | |
const char * | key, | |||
time_t | revocationExp = 0 | |||
) | [virtual] |
Deletes an existing session.
Revocation may be supported by some implementations.
application | reference to Application that owns the Session | |
key | session key | |
revocationExp | optional indicator for length of time to track revocation of this session |
Implements shibsp::SessionCache.
void shibsp::SSCache::remove | ( | const Application & | application, | |
const xmltooling::HTTPRequest & | request, | |||
xmltooling::HTTPResponse * | response = nullptr , |
|||
time_t | revocationExp = 0 | |||
) | [virtual] |
Deletes an existing session bound to a request.
Revocation may be supported by some implementations.
application | reference to Application that owns the Session | |
request | request from client containing session, or a reference to it | |
response | optional response to client enabling removal of session or reference | |
revocationExp | optional indicator for length of time to track revocation of this session |
Implements shibsp::SessionCache.