shibsp::SSCache Class Reference

Inheritance diagram for shibsp::SSCache:
shibsp::SessionCache shibsp::Remoted

List of all members.

Public Member Functions

 SSCache (const xercesc::DOMElement *e, bool deprecationSupport)
void receive (DDF &in, std::ostream &out)
 Remoted classes implement this method to process incoming messages.
void insert (std::string &sessionID, const Application &app, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, time_t expires, const opensaml::saml2md::EntityDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const XMLCh *authn_instant=nullptr, const XMLCh *session_index=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr, const std::vector< Attribute * > *attributes=nullptr)
 Inserts a new session into the cache and binds the session to the outgoing client response.
std::vector< std::string >
::size_type 
logout (const Application &app, const opensaml::saml2md::EntityDescriptor *issuer, const opensaml::saml2::NameID &nameid, const std::set< std::string > *indexes, time_t expires, std::vector< std::string > &sessions)
 Returns active sessions that match particular parameters and records the logout to prevent race conditions.
bool matches (const Application &app, xmltooling::HTTPRequest &request, const opensaml::saml2md::EntityDescriptor *issuer, const opensaml::saml2::NameID &nameid, const std::set< std::string > *indexes)
 Determines whether the Session bound to a client request matches a set of input criteria.
std::string active (const Application &app, const xmltooling::HTTPRequest &request)
 Returns the ID of the session bound to the specified client request, if possible.
Sessionfind (const Application &app, xmltooling::HTTPRequest &request, const char *client_addr=nullptr, time_t *timeout=nullptr)
 Locates an existing session bound to a request.
void remove (const Application &app, const xmltooling::HTTPRequest &request, xmltooling::HTTPResponse *response=nullptr, time_t revocationExp=0)
 Deletes an existing session bound to a request.
Sessionfind (const Application &app, const char *key)
 Locates an existing session by ID.
void remove (const Application &app, const char *key, time_t revocationExp=0)
 Deletes an existing session.
void test ()
 Executes a test of the cache's general health.
unsigned long getCacheTimeout (const Application &app) const

Friends

class StoredSession

Member Function Documentation

std::string shibsp::SSCache::active ( const Application application,
const xmltooling::HTTPRequest &  request 
) [virtual]

Returns the ID of the session bound to the specified client request, if possible.

Parameters:
application reference to Application that owns the Session
request request from client containing session, or a reference to it
Returns:
ID of session, if any known, or an empty string

Implements shibsp::SessionCache.

Session* shibsp::SSCache::find ( const Application application,
const char *  key 
) [inline, virtual]

Locates an existing session by ID.

Parameters:
application reference to Application that owns the Session
key session key
Returns:
pointer to locked Session, or nullptr

Implements shibsp::SessionCache.

Session* shibsp::SSCache::find ( const Application application,
xmltooling::HTTPRequest &  request,
const char *  client_addr = nullptr,
time_t *  timeout = nullptr 
) [virtual]

Locates an existing session bound to a request.

If the client address is supplied, then a check will be performed against the address recorded in the record.

If a bound session is found to have expired, be invalid, etc., and if the request can be used to "clear" the session from subsequent client requests, then it may be cleared.

Parameters:
application reference to Application that owns the Session
request request from client bound to session
client_addr network address of client (if known)
timeout inactivity timeout to enforce (0 for none, nullptr to bypass check/update of last access)
Returns:
pointer to locked Session, or nullptr

Implements shibsp::SessionCache.

void shibsp::SSCache::insert ( std::string &  sessionID,
const Application application,
const xmltooling::HTTPRequest &  httpRequest,
xmltooling::HTTPResponse &  httpResponse,
time_t  expires,
const opensaml::saml2md::EntityDescriptor *  issuer = nullptr,
const XMLCh *  protocol = nullptr,
const opensaml::saml2::NameID *  nameid = nullptr,
const XMLCh *  authn_instant = nullptr,
const XMLCh *  session_index = nullptr,
const XMLCh *  authncontext_class = nullptr,
const XMLCh *  authncontext_decl = nullptr,
const std::vector< const opensaml::Assertion * > *  tokens = nullptr,
const std::vector< Attribute * > *  attributes = nullptr 
) [virtual]

Inserts a new session into the cache and binds the session to the outgoing client response.

The newly created session ID is placed into the first parameter.

The SSO tokens and Attributes remain owned by the caller and are copied by the cache.

Parameters:
sessionID reference to string to capture newly inserted session ID
application reference to Application that owns the Session
httpRequest request that initiated session
httpResponse current response to client
expires expiration time of session
issuer issuing metadata of assertion issuer, if known
protocol protocol family used to initiate the session
nameid principal identifier, normalized to SAML 2, if any
authn_instant UTC timestamp of authentication at IdP, if known
session_index index of session between principal and IdP, if any
authncontext_class method/category of authentication event, if known
authncontext_decl specifics of authentication event, if known
tokens assertions to cache with session, if any
attributes optional array of resolved Attributes to cache with session

Implements shibsp::SessionCache.

std::vector<std::string>::size_type shibsp::SSCache::logout ( const Application application,
const opensaml::saml2md::EntityDescriptor *  issuer,
const opensaml::saml2::NameID &  nameid,
const std::set< std::string > *  indexes,
time_t  expires,
std::vector< std::string > &  sessions 
) [inline, virtual]

Returns active sessions that match particular parameters and records the logout to prevent race conditions.

On exit, the mapping between these sessions and the associated information MAY be removed by the cache, so subsequent calls to this method may not return anything.

Until logout expiration, any attempt to create a session with the same parameters will be blocked by the cache.

Parameters:
application reference to Application that owns the session(s)
issuer source of session(s)
nameid name identifier associated with the session(s) to terminate
indexes indexes of sessions, or nullptr for all sessions associated with other parameters
expires logout expiration
sessions on exit, contains the IDs of the matching sessions found

Implements shibsp::SessionCache.

bool shibsp::SSCache::matches ( const Application application,
xmltooling::HTTPRequest &  request,
const opensaml::saml2md::EntityDescriptor *  issuer,
const opensaml::saml2::NameID &  nameid,
const std::set< std::string > *  indexes 
) [virtual]

Determines whether the Session bound to a client request matches a set of input criteria.

Parameters:
application reference to Application that owns the Session
request request in which to locate Session
issuer required source of session(s)
nameid required name identifier
indexes session indexes
Returns:
true iff the Session exists and matches the input criteria

Implements shibsp::SessionCache.

void shibsp::SSCache::receive ( DDF in,
std::ostream &  out 
) [virtual]

Remoted classes implement this method to process incoming messages.

Parameters:
in incoming DDF message
out stream to write outgoing DDF message to

Implements shibsp::Remoted.

void shibsp::SSCache::remove ( const Application application,
const char *  key,
time_t  revocationExp = 0 
) [virtual]

Deletes an existing session.

Revocation may be supported by some implementations.

Parameters:
application reference to Application that owns the Session
key session key
revocationExp optional indicator for length of time to track revocation of this session

Implements shibsp::SessionCache.

void shibsp::SSCache::remove ( const Application application,
const xmltooling::HTTPRequest &  request,
xmltooling::HTTPResponse *  response = nullptr,
time_t  revocationExp = 0 
) [virtual]

Deletes an existing session bound to a request.

Revocation may be supported by some implementations.

Parameters:
application reference to Application that owns the Session
request request from client containing session, or a reference to it
response optional response to client enabling removal of session or reference
revocationExp optional indicator for length of time to track revocation of this session

Implements shibsp::SessionCache.


The documentation for this class was generated from the following file:

Generated on 15 Dec 2020 for shibboleth-3.2.0 by  doxygen 1.6.1