shibsp::AssertionConsumerService Class Reference

Base class for handlers that create sessions by consuming SSO protocol responses. More...

#include <shibsp/handler/AssertionConsumerService.h>

Inheritance diagram for shibsp::AssertionConsumerService:
shibsp::AbstractHandler shibsp::RemotedHandler shibsp::Handler shibsp::DOMPropertySet shibsp::Handler shibsp::Remoted shibsp::PropertySet shibsp::PropertySet shibsp::PropertySet

List of all members.

Public Member Functions

std::pair< bool, long > run (SPRequest &request, bool isHandler=true) const
 Executes handler functionality as an incoming request.
void receive (DDF &in, std::ostream &out)
 Remoted classes implement this method to process incoming messages.
const char * getType () const
 Returns the "type" of the Handler plugin.
const XMLCh * getProtocolFamily () const
 Returns an identifier for the protocol family associated with the handler, if any.
const char * getEventType () const
 Get the type of event, as input to error handling in response to errors raised by this handler.

Protected Member Functions

 AssertionConsumerService (const xercesc::DOMElement *e, const char *appId, xmltooling::logging::Category &log, xercesc::DOMNodeFilter *filter=nullptr, const std::map< std::string, std::string > *remapper=nullptr)
 Constructor.
void checkAddress (const Application &application, const xmltooling::HTTPRequest &httpRequest, const char *issuedTo) const
 Enforce address checking requirements.
virtual std::pair< bool, long > finalizeResponse (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, std::string &relayState) const
 Complete the client's transition back to the expected resource.
void generateMetadata (opensaml::saml2md::SPSSODescriptor &role, const char *handlerURL) const
 Generates and/or modifies metadata reflecting the Handler.
virtual opensaml::SecurityPolicy * createSecurityPolicy (const Application &application, const xmltooling::QName *role, bool validate, const char *policyId) const
virtual void implementProtocol (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, opensaml::SecurityPolicy &policy, const PropertySet *reserved, const xmltooling::XMLObject &xmlObject) const =0
 Implement protocol-specific handling of the incoming decoded message.
virtual void extractMessageDetails (const opensaml::Assertion &assertion, const XMLCh *protocol, opensaml::SecurityPolicy &policy) const
 Extracts policy-relevant assertion details.
ResolutionContextresolveAttributes (const Application &application, const opensaml::saml2md::RoleDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const opensaml::saml1::NameIdentifier *v1nameid=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr) const
ResolutionContextresolveAttributes (const Application &application, const xmltooling::GenericRequest *request=nullptr, const opensaml::saml2md::RoleDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const xmltooling::XMLObject *protmsg=nullptr, const opensaml::saml1::NameIdentifier *v1nameid=nullptr, const opensaml::saml1::AuthenticationStatement *v1statement=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const opensaml::saml2::AuthnStatement *statement=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr) const
 Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.
virtual LoginEventnewLoginEvent (const Application &application, const xmltooling::HTTPRequest &request) const
 Creates a new LoginEvent for the event log.

Detailed Description

Base class for handlers that create sessions by consuming SSO protocol responses.


Constructor & Destructor Documentation

shibsp::AssertionConsumerService::AssertionConsumerService ( const xercesc::DOMElement *  e,
const char *  appId,
xmltooling::logging::Category &  log,
xercesc::DOMNodeFilter *  filter = nullptr,
const std::map< std::string, std::string > *  remapper = nullptr 
) [protected]

Constructor.

Parameters:
e root of DOM configuration
appId ID of application that "owns" the handler
log a logging object to use
filter optional filter controls what child elements to include as nested PropertySets
remapper optional map of property rename rules for legacy property support

Member Function Documentation

void shibsp::AssertionConsumerService::checkAddress ( const Application application,
const xmltooling::HTTPRequest &  httpRequest,
const char *  issuedTo 
) const [protected]

Enforce address checking requirements.

Parameters:
application reference to application receiving message
httpRequest client request that initiated session
issuedTo address for which security assertion was issued
virtual opensaml::SecurityPolicy* shibsp::AssertionConsumerService::createSecurityPolicy ( const Application application,
const xmltooling::QName *  role,
bool  validate,
const char *  policyId 
) const [protected, virtual]
Deprecated:
Returns a SecurityPolicy instance to use for an incoming request.

Allows handlers to customize the type of policy object their policy rules might require.

The caller MUST lock the application's MetadataProvider for the life of the returned object.

Parameters:
application reference to application receiving message
role identifies the role (generally IdP or SP) of the policy peer
validate true iff XML parsing should be done with validation
policyId identifies policy rules to auto-attach, defaults to the application's set
Returns:
a new policy instance, which the caller is responsible for freeing
virtual void shibsp::AssertionConsumerService::extractMessageDetails ( const opensaml::Assertion &  assertion,
const XMLCh *  protocol,
opensaml::SecurityPolicy &  policy 
) const [protected, virtual]

Extracts policy-relevant assertion details.

Parameters:
assertion the incoming assertion
protocol the protocol family in use
policy SecurityPolicy to provide various components and track message data
virtual std::pair<bool,long> shibsp::AssertionConsumerService::finalizeResponse ( const Application application,
const xmltooling::HTTPRequest &  httpRequest,
xmltooling::HTTPResponse &  httpResponse,
std::string &  relayState 
) const [protected, virtual]

Complete the client's transition back to the expected resource.

Parameters:
application reference to application receiving message
httpRequest client request that included message
httpResponse response to client
relayState relay state token
void shibsp::AssertionConsumerService::generateMetadata ( opensaml::saml2md::SPSSODescriptor &  role,
const char *  handlerURL 
) const [protected, virtual]

Generates and/or modifies metadata reflecting the Handler.

The default implementation does nothing.

Parameters:
role metadata role to decorate
handlerURL base location of handler's endpoint

Reimplemented from shibsp::Handler.

const char* shibsp::AssertionConsumerService::getEventType (  )  const [virtual]

Get the type of event, as input to error handling in response to errors raised by this handler.

Returns:
an event type for error handling

Reimplemented from shibsp::Handler.

const XMLCh* shibsp::AssertionConsumerService::getProtocolFamily (  )  const [virtual]

Returns an identifier for the protocol family associated with the handler, if any.

Returns:
a protocol identifier, or nullptr

Reimplemented from shibsp::Handler.

const char* shibsp::AssertionConsumerService::getType (  )  const [virtual]

Returns the "type" of the Handler plugin.

Returns:
a Handler type

Reimplemented from shibsp::Handler.

virtual void shibsp::AssertionConsumerService::implementProtocol ( const Application application,
const xmltooling::HTTPRequest &  httpRequest,
xmltooling::HTTPResponse &  httpResponse,
opensaml::SecurityPolicy &  policy,
const PropertySet reserved,
const xmltooling::XMLObject &  xmlObject 
) const [protected, pure virtual]

Implement protocol-specific handling of the incoming decoded message.

The result of implementing the protocol should be an exception or modifications to the request/response objects to reflect processing of the message.

Parameters:
application reference to application receiving message
httpRequest client request that included message
httpResponse response to client
policy the SecurityPolicy in effect, after having evaluated the message
reserved ignore this parameter
xmlObject a protocol-specific message object
virtual LoginEvent* shibsp::AssertionConsumerService::newLoginEvent ( const Application application,
const xmltooling::HTTPRequest &  request 
) const [protected, virtual]

Creates a new LoginEvent for the event log.

Parameters:
application the Application associated with the event
request the HTTP client request associated with the event
Returns:
a fresh LoginEvent, prepopulated by the input parameters, or nullptr if an error occurs
void shibsp::AssertionConsumerService::receive ( DDF in,
std::ostream &  out 
) [virtual]

Remoted classes implement this method to process incoming messages.

Parameters:
in incoming DDF message
out stream to write outgoing DDF message to

Implements shibsp::Remoted.

ResolutionContext* shibsp::AssertionConsumerService::resolveAttributes ( const Application application,
const xmltooling::GenericRequest *  request = nullptr,
const opensaml::saml2md::RoleDescriptor *  issuer = nullptr,
const XMLCh *  protocol = nullptr,
const xmltooling::XMLObject *  protmsg = nullptr,
const opensaml::saml1::NameIdentifier *  v1nameid = nullptr,
const opensaml::saml1::AuthenticationStatement *  v1statement = nullptr,
const opensaml::saml2::NameID *  nameid = nullptr,
const opensaml::saml2::AuthnStatement *  statement = nullptr,
const XMLCh *  authncontext_class = nullptr,
const XMLCh *  authncontext_decl = nullptr,
const std::vector< const opensaml::Assertion * > *  tokens = nullptr 
) const [protected]

Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.

The caller must free the returned context handle.

Parameters:
application reference to application receiving message
request request delivering message, if any
issuer source of SSO tokens
protocol SSO protocol used
protmsg SSO protocol message, if any
v1nameid identifier of principal in SAML 1.x form, if any
v1statement SAML 1.x authentication statement, if any
nameid identifier of principal in SAML 2.0 form
statement SAML 2.0 authentication statement, if any
authncontext_class method/category of authentication event, if known
authncontext_decl specifics of authentication event, if known
tokens available assertions, if any
ResolutionContext* shibsp::AssertionConsumerService::resolveAttributes ( const Application application,
const opensaml::saml2md::RoleDescriptor *  issuer = nullptr,
const XMLCh *  protocol = nullptr,
const opensaml::saml1::NameIdentifier *  v1nameid = nullptr,
const opensaml::saml2::NameID *  nameid = nullptr,
const XMLCh *  authncontext_class = nullptr,
const XMLCh *  authncontext_decl = nullptr,
const std::vector< const opensaml::Assertion * > *  tokens = nullptr 
) const [protected]
Deprecated:
Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.

The caller must free the returned context handle.

Parameters:
application reference to application receiving message
issuer source of SSO tokens
protocol SSO protocol used
v1nameid identifier of principal in SAML 1.x form, if any
nameid identifier of principal in SAML 2.0 form
authncontext_class method/category of authentication event, if known
authncontext_decl specifics of authentication event, if known
tokens available assertions, if any
std::pair<bool,long> shibsp::AssertionConsumerService::run ( SPRequest request,
bool  isHandler = true 
) const [virtual]

Executes handler functionality as an incoming request.

Handlers can be run either directly by incoming web requests or indirectly/implicitly during other SP processing.

Parameters:
request SP request context
isHandler true iff executing in the context of a direct handler invocation
Returns:
a pair containing a "request completed" indicator and a server-specific response code

Implements shibsp::Handler.


The documentation for this class was generated from the following file:

Generated on 15 Nov 2017 for shibboleth-2.6.1 by  doxygen 1.6.1