Base class for handlers that create sessions by consuming SSO protocol responses. More...
#include <shibsp/handler/AssertionConsumerService.h>
Inheritance diagram for shibsp::AssertionConsumerService:
Collaboration diagram for shibsp::AssertionConsumerService:
Public Member Functions | |
| std::pair< bool, long > | run (SPRequest &request, bool isHandler=true) const |
| void | receive (DDF &in, std::ostream &out) |
| Remoted classes implement this method to process incoming messages. | |
| const char * | getType () const |
| const XMLCh * | getProtocolFamily () const |
Protected Member Functions | |
| AssertionConsumerService (const xercesc::DOMElement *e, const char *appId, xmltooling::logging::Category &log, xercesc::DOMNodeFilter *filter=nullptr, const std::map< std::string, std::string > *remapper=nullptr) | |
| Constructor. | |
| void | checkAddress (const Application &application, const xmltooling::HTTPRequest &httpRequest, const char *issuedTo) const |
| Enforce address checking requirements. | |
| void | generateMetadata (opensaml::saml2md::SPSSODescriptor &role, const char *handlerURL) const |
| virtual opensaml::SecurityPolicy * | createSecurityPolicy (const Application &application, const xmltooling::QName *role, bool validate, const char *policyId) const |
| virtual void | implementProtocol (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, opensaml::SecurityPolicy &policy, const PropertySet *reserved, const xmltooling::XMLObject &xmlObject) const =0 |
| Implement protocol-specific handling of the incoming decoded message. | |
| virtual void | extractMessageDetails (const opensaml::Assertion &assertion, const XMLCh *protocol, opensaml::SecurityPolicy &policy) const |
| Extracts policy-relevant assertion details. | |
| ResolutionContext * | resolveAttributes (const Application &application, const opensaml::saml2md::RoleDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const opensaml::saml1::NameIdentifier *v1nameid=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr) const |
| Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution. | |
Detailed Description
Base class for handlers that create sessions by consuming SSO protocol responses.
Constructor & Destructor Documentation
| shibsp::AssertionConsumerService::AssertionConsumerService | ( | const xercesc::DOMElement * | e, | |
| const char * | appId, | |||
| xmltooling::logging::Category & | log, | |||
| xercesc::DOMNodeFilter * | filter = nullptr, |
|||
| const std::map< std::string, std::string > * | remapper = nullptr | |||
| ) | [protected] |
Constructor.
- Parameters:
-
e root of DOM configuration appId ID of application that "owns" the handler log a logging object to use filter optional filter controls what child elements to include as nested PropertySets remapper optional map of property rename rules for legacy property support
Member Function Documentation
| void shibsp::AssertionConsumerService::checkAddress | ( | const Application & | application, | |
| const xmltooling::HTTPRequest & | httpRequest, | |||
| const char * | issuedTo | |||
| ) | const [protected] |
Enforce address checking requirements.
- Parameters:
-
application reference to application receiving message httpRequest client request that initiated session issuedTo address for which security assertion was issued
| virtual opensaml::SecurityPolicy* shibsp::AssertionConsumerService::createSecurityPolicy | ( | const Application & | application, | |
| const xmltooling::QName * | role, | |||
| bool | validate, | |||
| const char * | policyId | |||
| ) | const [protected, virtual] |
- Deprecated:
- Returns a SecurityPolicy instance to use for an incoming request.
Allows handlers to customize the type of policy object their policy rules might require.
The caller MUST lock the application's MetadataProvider for the life of the returned object.
- Parameters:
-
application reference to application receiving message role identifies the role (generally IdP or SP) of the policy peer validate true iff XML parsing should be done with validation policyId identifies policy rules to auto-attach, defaults to the application's set
- Returns:
- a new policy instance, which the caller is responsible for freeing
| virtual void shibsp::AssertionConsumerService::extractMessageDetails | ( | const opensaml::Assertion & | assertion, | |
| const XMLCh * | protocol, | |||
| opensaml::SecurityPolicy & | policy | |||
| ) | const [protected, virtual] |
Extracts policy-relevant assertion details.
- Parameters:
-
assertion the incoming assertion protocol the protocol family in use policy SecurityPolicy to provide various components and track message data
| virtual void shibsp::AssertionConsumerService::implementProtocol | ( | const Application & | application, | |
| const xmltooling::HTTPRequest & | httpRequest, | |||
| xmltooling::HTTPResponse & | httpResponse, | |||
| opensaml::SecurityPolicy & | policy, | |||
| const PropertySet * | reserved, | |||
| const xmltooling::XMLObject & | xmlObject | |||
| ) | const [protected, pure virtual] |
Implement protocol-specific handling of the incoming decoded message.
The result of implementing the protocol should be an exception or modifications to the request/response objects to reflect processing of the message.
- Parameters:
-
application reference to application receiving message httpRequest client request that included message httpResponse response to client policy the SecurityPolicy in effect, after having evaluated the message reserved ignore this parameter xmlObject a protocol-specific message object
| void shibsp::AssertionConsumerService::receive | ( | DDF & | in, | |
| std::ostream & | out | |||
| ) | [virtual] |
Remoted classes implement this method to process incoming messages.
Implements shibsp::Remoted.
| ResolutionContext* shibsp::AssertionConsumerService::resolveAttributes | ( | const Application & | application, | |
| const opensaml::saml2md::RoleDescriptor * | issuer = nullptr, |
|||
| const XMLCh * | protocol = nullptr, |
|||
| const opensaml::saml1::NameIdentifier * | v1nameid = nullptr, |
|||
| const opensaml::saml2::NameID * | nameid = nullptr, |
|||
| const XMLCh * | authncontext_class = nullptr, |
|||
| const XMLCh * | authncontext_decl = nullptr, |
|||
| const std::vector< const opensaml::Assertion * > * | tokens = nullptr | |||
| ) | const [protected] |
Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.
The caller must free the returned context handle.
- Parameters:
-
application reference to application receiving message issuer source of SSO tokens protocol SSO protocol used v1nameid identifier of principal in SAML 1.x form, if any nameid identifier of principal in SAML 2.0 form authncontext_class method/category of authentication event, if known authncontext_decl specifics of authentication event, if known tokens available assertions, if any
The documentation for this class was generated from the following file:
- shibsp/handler/AssertionConsumerService.h
