Base class for handlers that create sessions by consuming SSO protocol responses. More...
#include <shibsp/handler/AssertionConsumerService.h>
Public Member Functions | |
std::pair< bool, long > | run (SPRequest &request, bool isHandler=true) const |
Executes handler functionality as an incoming request. | |
void | receive (DDF &in, std::ostream &out) |
Remoted classes implement this method to process incoming messages. | |
const char * | getType () const |
Returns the "type" of the Handler plugin. | |
const XMLCh * | getProtocolFamily () const |
Returns an identifier for the protocol family associated with the handler, if any. | |
const char * | getEventType () const |
Get the type of event, as input to error handling in response to errors raised by this handler. | |
Protected Member Functions | |
AssertionConsumerService (const xercesc::DOMElement *e, const char *appId, xmltooling::logging::Category &log, xercesc::DOMNodeFilter *filter=nullptr, const Remapper *remapper=nullptr, bool deprecationSupport=true) | |
Constructor. | |
void | checkAddress (const Application &application, const xmltooling::HTTPRequest &httpRequest, const char *issuedTo) const |
Enforce address checking requirements. | |
virtual std::pair< bool, long > | finalizeResponse (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, std::string &relayState) const |
Complete the client's transition back to the expected resource. | |
void | generateMetadata (opensaml::saml2md::SPSSODescriptor &role, const char *handlerURL) const |
Generates and/or modifies metadata reflecting the Handler. | |
virtual const char * | getProfile () const |
Returns a profile identifier to inject into the SecurityPolicy created by the base class. | |
virtual void | implementProtocol (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, opensaml::SecurityPolicy &policy, const PropertySet *reserved, const xmltooling::XMLObject &xmlObject) const =0 |
Implement protocol-specific handling of the incoming decoded message. | |
virtual void | extractMessageDetails (const opensaml::Assertion &assertion, const XMLCh *protocol, opensaml::SecurityPolicy &policy) const |
Extracts policy-relevant assertion details. | |
ResolutionContext * | resolveAttributes (const Application &application, const xmltooling::GenericRequest *request=nullptr, const opensaml::saml2md::RoleDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const xmltooling::XMLObject *protmsg=nullptr, const opensaml::saml1::NameIdentifier *v1nameid=nullptr, const opensaml::saml1::AuthenticationStatement *v1statement=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const opensaml::saml2::AuthnStatement *statement=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr) const |
Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution. | |
virtual LoginEvent * | newLoginEvent (const Application &application, const xmltooling::HTTPRequest &request) const |
Creates a new LoginEvent for the event log. |
Base class for handlers that create sessions by consuming SSO protocol responses.
shibsp::AssertionConsumerService::AssertionConsumerService | ( | const xercesc::DOMElement * | e, | |
const char * | appId, | |||
xmltooling::logging::Category & | log, | |||
xercesc::DOMNodeFilter * | filter = nullptr , |
|||
const Remapper * | remapper = nullptr , |
|||
bool | deprecationSupport = true | |||
) | [protected] |
Constructor.
e | root of DOM configuration | |
appId | ID of application that "owns" the handler | |
log | a logging object to use | |
filter | optional filter controls what child elements to include as nested PropertySets | |
remapper | optional property rename mapper for legacy property support | |
deprecationSupport | true iff deprecated settings and features should be supported |
void shibsp::AssertionConsumerService::checkAddress | ( | const Application & | application, | |
const xmltooling::HTTPRequest & | httpRequest, | |||
const char * | issuedTo | |||
) | const [protected] |
Enforce address checking requirements.
application | reference to application receiving message | |
httpRequest | client request that initiated session | |
issuedTo | address for which security assertion was issued |
virtual void shibsp::AssertionConsumerService::extractMessageDetails | ( | const opensaml::Assertion & | assertion, | |
const XMLCh * | protocol, | |||
opensaml::SecurityPolicy & | policy | |||
) | const [protected, virtual] |
Extracts policy-relevant assertion details.
assertion | the incoming assertion | |
protocol | the protocol family in use | |
policy | SecurityPolicy to provide various components and track message data |
virtual std::pair<bool,long> shibsp::AssertionConsumerService::finalizeResponse | ( | const Application & | application, | |
const xmltooling::HTTPRequest & | httpRequest, | |||
xmltooling::HTTPResponse & | httpResponse, | |||
std::string & | relayState | |||
) | const [protected, virtual] |
Complete the client's transition back to the expected resource.
application | reference to application receiving message | |
httpRequest | client request that included message | |
httpResponse | response to client | |
relayState | relay state token |
void shibsp::AssertionConsumerService::generateMetadata | ( | opensaml::saml2md::SPSSODescriptor & | role, | |
const char * | handlerURL | |||
) | const [protected, virtual] |
Generates and/or modifies metadata reflecting the Handler.
The default implementation does nothing.
role | metadata role to decorate | |
handlerURL | base location of handler's endpoint |
Reimplemented from shibsp::Handler.
const char* shibsp::AssertionConsumerService::getEventType | ( | ) | const [virtual] |
Get the type of event, as input to error handling in response to errors raised by this handler.
Reimplemented from shibsp::Handler.
virtual const char* shibsp::AssertionConsumerService::getProfile | ( | ) | const [protected, virtual] |
Returns a profile identifier to inject into the SecurityPolicy created by the base class.
const XMLCh* shibsp::AssertionConsumerService::getProtocolFamily | ( | ) | const [virtual] |
Returns an identifier for the protocol family associated with the handler, if any.
Reimplemented from shibsp::Handler.
const char* shibsp::AssertionConsumerService::getType | ( | ) | const [virtual] |
Returns the "type" of the Handler plugin.
Reimplemented from shibsp::Handler.
virtual void shibsp::AssertionConsumerService::implementProtocol | ( | const Application & | application, | |
const xmltooling::HTTPRequest & | httpRequest, | |||
xmltooling::HTTPResponse & | httpResponse, | |||
opensaml::SecurityPolicy & | policy, | |||
const PropertySet * | reserved, | |||
const xmltooling::XMLObject & | xmlObject | |||
) | const [protected, pure virtual] |
Implement protocol-specific handling of the incoming decoded message.
The result of implementing the protocol should be an exception or modifications to the request/response objects to reflect processing of the message.
application | reference to application receiving message | |
httpRequest | client request that included message | |
httpResponse | response to client | |
policy | the SecurityPolicy in effect, after having evaluated the message | |
reserved | ignore this parameter | |
xmlObject | a protocol-specific message object |
virtual LoginEvent* shibsp::AssertionConsumerService::newLoginEvent | ( | const Application & | application, | |
const xmltooling::HTTPRequest & | request | |||
) | const [protected, virtual] |
Creates a new LoginEvent for the event log.
application | the Application associated with the event | |
request | the HTTP client request associated with the event |
void shibsp::AssertionConsumerService::receive | ( | DDF & | in, | |
std::ostream & | out | |||
) | [virtual] |
Remoted classes implement this method to process incoming messages.
Implements shibsp::Remoted.
ResolutionContext* shibsp::AssertionConsumerService::resolveAttributes | ( | const Application & | application, | |
const xmltooling::GenericRequest * | request = nullptr , |
|||
const opensaml::saml2md::RoleDescriptor * | issuer = nullptr , |
|||
const XMLCh * | protocol = nullptr , |
|||
const xmltooling::XMLObject * | protmsg = nullptr , |
|||
const opensaml::saml1::NameIdentifier * | v1nameid = nullptr , |
|||
const opensaml::saml1::AuthenticationStatement * | v1statement = nullptr , |
|||
const opensaml::saml2::NameID * | nameid = nullptr , |
|||
const opensaml::saml2::AuthnStatement * | statement = nullptr , |
|||
const XMLCh * | authncontext_class = nullptr , |
|||
const XMLCh * | authncontext_decl = nullptr , |
|||
const std::vector< const opensaml::Assertion * > * | tokens = nullptr | |||
) | const [protected] |
Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.
The caller must free the returned context handle.
application | reference to application receiving message | |
request | request delivering message, if any | |
issuer | source of SSO tokens | |
protocol | SSO protocol used | |
protmsg | SSO protocol message, if any | |
v1nameid | identifier of principal in SAML 1.x form, if any | |
v1statement | SAML 1.x authentication statement, if any | |
nameid | identifier of principal in SAML 2.0 form | |
statement | SAML 2.0 authentication statement, if any | |
authncontext_class | method/category of authentication event, if known | |
authncontext_decl | specifics of authentication event, if known | |
tokens | available assertions, if any |
std::pair<bool,long> shibsp::AssertionConsumerService::run | ( | SPRequest & | request, | |
bool | isHandler = true | |||
) | const [virtual] |
Executes handler functionality as an incoming request.
Handlers can be run either directly by incoming web requests or indirectly/implicitly during other SP processing.
request | SP request context | |
isHandler | true iff executing in the context of a direct handler invocation |
Implements shibsp::Handler.