SAML 2.0 assertion namespace. More...
Classes | |
class | EncryptableObject |
Marker interface for SAML types that can be encrypted. More... | |
class | RootObject |
SAML 2.0 assertion or protocol message. More... | |
class | NameIDTypeBuilder |
Builder for NameIDType objects. More... | |
class | ConditionBuilder |
Builder for Condition extension objects. More... | |
class | DelegationRestrictionTypeBuilder |
Builder for DelegationRestrictionType objects. More... | |
class | KeyInfoConfirmationDataTypeBuilder |
Builder for KeyInfoConfirmationDataType objects. More... | |
class | StatementBuilder |
Builder for Statement extension objects. More... | |
class | AssertionValidator |
class | BrowserSSOProfileValidator |
class | SAML2AssertionPolicy |
Policy subclass to track SAML 2.0 Assertion SubjectConfirmation. More... | |
Functions | |
DECL_XMLOBJECT_SIMPLE (, AssertionIDRef, AssertionID, SAML 2.0 AssertionIDRef element) | |
DECL_XMLOBJECT_SIMPLE (, AssertionURIRef, AssertionURI, SAML 2.0 AssertionURIRef element) | |
DECL_XMLOBJECT_SIMPLE (, Audience, AudienceURI, SAML 2.0 Audience element) | |
DECL_XMLOBJECT_SIMPLE (, AuthnContextClassRef, Reference, SAML 2.0 AuthnContextClassRef element) | |
DECL_XMLOBJECT_SIMPLE (, AuthnContextDeclRef, Reference, SAML 2.0 AuthnContextDeclRef element) | |
DECL_XMLOBJECT_SIMPLE (, AuthenticatingAuthority, ID, SAML 2.0 AuthenticatingAuthority element) | |
BEGIN_XMLOBJECT (, EncryptedElementType, xmltooling::XMLObject, SAML 2.0 EncryptedElementType type) | |
DECL_TYPED_FOREIGN_CHILD (EncryptedData, xmlencryption) | |
DECL_TYPED_FOREIGN_CHILDREN (EncryptedKey, xmlencryption) | |
virtual void | encrypt (const EncryptableObject &xmlObject, const saml2md::MetadataProvider &metadataProvider, saml2md::MetadataCredentialCriteria &criteria, bool compact=false, const XMLCh *algorithm=nullptr) |
Encrypts an object to a single recipient using this object as a container. | |
virtual void | encrypt (const EncryptableObject &xmlObject, const std::vector< std::pair< const saml2md::MetadataProvider *, saml2md::MetadataCredentialCriteria * > > &recipients, bool compact=false, const XMLCh *algorithm=nullptr) |
Encrypts an object to multiple recipients using this object as a container. | |
virtual xmltooling::XMLObject * | decrypt (const xmltooling::CredentialResolver &credResolver, const XMLCh *recipient, xmltooling::CredentialCriteria *criteria=nullptr, bool requireAuthenticatedCipher=false) const |
Decrypts the element using the supplied CredentialResolver. | |
BEGIN_XMLOBJECT (, EncryptedID, EncryptedElementType, SAML 2.0 EncryptedID element) | |
BEGIN_XMLOBJECT (, BaseID, EncryptableObject, SAML 2.0 BaseID abstract element) | |
DECL_STRING_ATTRIB (NameQualifier, NAMEQUALIFIER) | |
DECL_STRING_ATTRIB (SPNameQualifier, SPNAMEQUALIFIER) | |
BEGIN_XMLOBJECT (, NameIDType, xmltooling::XMLObject, SAML 2.0 NameIDType type) | |
DECL_STRING_ATTRIB (Format, FORMAT) | |
DECL_STRING_ATTRIB (SPProvidedID, SPPROVIDEDID) | |
DECL_SIMPLE_CONTENT (Name) | |
BEGIN_XMLOBJECT2 (, NameID, NameIDType, EncryptableObject, SAML 2.0 NameID element) | |
BEGIN_XMLOBJECT (, Issuer, NameIDType, SAML 2.0 Issuer element) | |
BEGIN_XMLOBJECT (, Condition, xmltooling::XMLObject, SAML 2.0 Condition element) | |
BEGIN_XMLOBJECT (, AudienceRestriction, Condition, SAML 2.0 AudienceRestriction element) | |
DECL_TYPED_CHILDREN (Audience) | |
BEGIN_XMLOBJECT (, OneTimeUse, Condition, SAML 2.0 OneTimeUse element) | |
BEGIN_XMLOBJECT (, ProxyRestriction, Condition, SAML 2.0 ProxyRestriction element) | |
DECL_INTEGER_ATTRIB (Count, COUNT) | |
BEGIN_XMLOBJECT (, Delegate, xmltooling::XMLObject, SAML 2.0 Delegation Restriction Condition Delegate element) | |
DECL_STRING_ATTRIB (ConfirmationMethod, CONFIRMATIONMETHOD) | |
DECL_DATETIME_ATTRIB (DelegationInstant, DELEGATIONINSTANT) | |
DECL_TYPED_CHILD (BaseID) | |
DECL_TYPED_CHILD (NameID) | |
DECL_TYPED_CHILD (EncryptedID) | |
BEGIN_XMLOBJECT (, DelegationRestrictionType, Condition, SAML 2.0 Delegation Restriction Condition type) | |
DECL_TYPED_CHILDREN (Delegate) | |
BEGIN_XMLOBJECT (, Conditions, xmltooling::XMLObject, SAML 2.0 Conditions element) | |
DECL_DATETIME_ATTRIB (NotBefore, NOTBEFORE) | |
DECL_DATETIME_ATTRIB (NotOnOrAfter, NOTONORAFTER) | |
DECL_TYPED_CHILDREN (AudienceRestriction) | |
DECL_TYPED_CHILDREN (OneTimeUse) | |
DECL_TYPED_CHILDREN (ProxyRestriction) | |
DECL_TYPED_CHILDREN (Condition) | |
BEGIN_XMLOBJECT (, SubjectConfirmationDataType, xmltooling::XMLObject, SAML 2.0 SubjectConfirmationDataType base type) | |
DECL_STRING_ATTRIB (Recipient, RECIPIENT) | |
DECL_STRING_ATTRIB (InResponseTo, INRESPONSETO) | |
DECL_STRING_ATTRIB (Address, ADDRESS) | |
BEGIN_XMLOBJECT2 (, SubjectConfirmationData, SubjectConfirmationDataType, xmltooling::ElementProxy, SAML 2.0 SubjectConfirmationData element) | |
DECL_SIMPLE_CONTENT (Data) | |
BEGIN_XMLOBJECT2 (, KeyInfoConfirmationDataType, SubjectConfirmationDataType, xmltooling::AttributeExtensibleXMLObject, SAML 2.0 KeyInfoConfirmationDataType type) | |
DECL_TYPED_FOREIGN_CHILDREN (KeyInfo, xmlsignature) | |
BEGIN_XMLOBJECT (, SubjectConfirmation, xmltooling::XMLObject, SAML 2.0 SubjectConfirmation element) | |
DECL_STRING_ATTRIB (Method, METHOD) | |
DECL_XMLOBJECT_CHILD (SubjectConfirmationData) | |
BEGIN_XMLOBJECT (, Subject, xmltooling::XMLObject, SAML 2.0 Subject element) | |
DECL_TYPED_CHILDREN (SubjectConfirmation) | |
BEGIN_XMLOBJECT (, Statement, xmltooling::XMLObject, SAML 2.0 Statement element) | |
BEGIN_XMLOBJECT (, SubjectLocality, xmltooling::XMLObject, SAML 2.0 SubjectLocality element) | |
DECL_STRING_ATTRIB (DNSName, DNSNAME) | |
BEGIN_XMLOBJECT (, AuthnContextDecl, xmltooling::ElementProxy, SAML 2.0 AuthnContextDecl element) | |
BEGIN_XMLOBJECT (, AuthnContext, xmltooling::XMLObject, SAML 2.0 AuthnContext element) | |
DECL_TYPED_CHILD (AuthnContextClassRef) | |
DECL_XMLOBJECT_CHILD (AuthnContextDecl) | |
DECL_TYPED_CHILD (AuthnContextDeclRef) | |
DECL_TYPED_CHILDREN (AuthenticatingAuthority) | |
BEGIN_XMLOBJECT (, AuthnStatement, Statement, SAML 2.0 AuthnStatement element) | |
DECL_DATETIME_ATTRIB (AuthnInstant, AUTHNINSTANT) | |
DECL_STRING_ATTRIB (SessionIndex, SESSIONINDEX) | |
DECL_DATETIME_ATTRIB (SessionNotOnOrAfter, SESSIONNOTONORAFTER) | |
DECL_TYPED_CHILD (SubjectLocality) | |
DECL_TYPED_CHILD (AuthnContext) | |
BEGIN_XMLOBJECT (, Action, xmltooling::XMLObject, SAML 2.0 Action element) | |
DECL_STRING_ATTRIB (Namespace, NAMESPACE) | |
DECL_SIMPLE_CONTENT (Action) | |
BEGIN_XMLOBJECT (, Evidence, xmltooling::XMLObject, SAML 2.0 Evidence element) | |
DECL_TYPED_CHILDREN (AssertionIDRef) | |
DECL_TYPED_CHILDREN (AssertionURIRef) | |
DECL_TYPED_CHILDREN (Assertion) | |
DECL_TYPED_CHILDREN (EncryptedAssertion) | |
BEGIN_XMLOBJECT (, AuthzDecisionStatement, Statement, SAML 2.0 AuthzDecisionStatement element) | |
DECL_STRING_ATTRIB (Resource, RESOURCE) | |
DECL_STRING_ATTRIB (Decision, DECISION) | |
DECL_TYPED_CHILDREN (Action) | |
DECL_TYPED_CHILD (Evidence) | |
BEGIN_XMLOBJECT (, AttributeValue, xmltooling::ElementProxy, SAML 2.0 AttributeValue element) | |
BEGIN_XMLOBJECT2 (, Attribute, xmltooling::AttributeExtensibleXMLObject, EncryptableObject, SAML 2.0 Attribute element) | |
DECL_STRING_ATTRIB (Name, NAME) | |
DECL_STRING_ATTRIB (NameFormat, NAMEFORMAT) | |
DECL_STRING_ATTRIB (FriendlyName, FRIENDLYNAME) | |
DECL_XMLOBJECT_CHILDREN (AttributeValue) | |
BEGIN_XMLOBJECT (, EncryptedAttribute, EncryptedElementType, SAML 2.0 EncryptedAttribute element) | |
BEGIN_XMLOBJECT (, AttributeStatement, Statement, SAML 2.0 AttributeStatement element) | |
DECL_TYPED_CHILDREN (Attribute) | |
DECL_TYPED_CHILDREN (EncryptedAttribute) | |
BEGIN_XMLOBJECT (, EncryptedAssertion, EncryptedElementType, SAML 2.0 EncryptedAssertion element) | |
BEGIN_XMLOBJECT (, Advice, xmltooling::ElementExtensibleXMLObject, SAML 2.0 Advice element) | |
BEGIN_XMLOBJECT3 (, Assertion, saml2::RootObject, opensaml::Assertion, EncryptableObject, SAML 2.0 Assertion element) | |
DECL_INHERITED_STRING_ATTRIB (Version, VER) | |
DECL_INHERITED_STRING_ATTRIB (ID, ID) | |
DECL_INHERITED_DATETIME_ATTRIB (IssueInstant, ISSUEINSTANT) | |
DECL_INHERITED_TYPED_CHILD (Issuer) | |
DECL_TYPED_CHILD (Subject) | |
DECL_TYPED_CHILD (Conditions) | |
DECL_TYPED_CHILD (Advice) | |
DECL_TYPED_CHILDREN (Statement) | |
DECL_TYPED_CHILDREN (AuthnStatement) | |
DECL_TYPED_CHILDREN (AttributeStatement) | |
DECL_TYPED_CHILDREN (AuthzDecisionStatement) | |
DECL_XMLOBJECTBUILDER (, Action, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Advice, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Assertion, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AssertionIDRef, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AssertionURIRef, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Attribute, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AttributeStatement, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AttributeValue, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Audience, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AudienceRestriction, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AuthenticatingAuthority, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AuthnContext, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AuthnContextClassRef, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AuthnContextDecl, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AuthnContextDeclRef, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AuthnStatement, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, AuthzDecisionStatement, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Conditions, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, EncryptedAssertion, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, EncryptedAttribute, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, EncryptedID, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Evidence, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Issuer, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, NameID, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, OneTimeUse, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, ProxyRestriction, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Subject, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, SubjectConfirmation, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, SubjectConfirmationData, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, SubjectLocality, samlconstants::SAML20_NS, samlconstants::SAML20_PREFIX) | |
DECL_XMLOBJECTBUILDER (, Delegate, samlconstants::SAML20_DELEGATION_CONDITION_NS, samlconstants::SAML20_DELEGATION_CONDITION_PREFIX) | |
void | registerAssertionClasses () |
Registers builders and validators for SAML 2.0 Assertion classes into the runtime. | |
Variables | |
static const XMLCh | TYPE_NAME [] |
EncryptedElementType local name. | |
END_XMLOBJECT | |
static const XMLCh | UNSPECIFIED [] |
Unspecified name format ID. | |
static const XMLCh | EMAIL [] |
Email address name format ID. | |
static const XMLCh | X509_SUBJECT [] |
X.509 subject name format ID. | |
static const XMLCh | WIN_DOMAIN_QUALIFIED [] |
Windows domain qualified name format ID. | |
static const XMLCh | KERBEROS [] |
Kerberos principal name format ID. | |
static const XMLCh | ENTITY [] |
Entity identifier name format ID. | |
static const XMLCh | PERSISTENT [] |
Persistent identifier name format ID. | |
static const XMLCh | TRANSIENT [] |
Transient identifier name format ID. | |
static const XMLCh | BEARER [] |
Bearer confirmation method. | |
static const XMLCh | HOLDER_KEY [] |
Holder of key confirmation method. | |
static const XMLCh | SENDER_VOUCHES [] |
Sender vouches confirmation method. | |
static const XMLCh | RWEDC_NEG_ACTION_NAMESPACE [] |
Read/Write/Execute/Delete/Control Action Namespace. | |
static const XMLCh | RWEDC_ACTION_NAMESPACE [] |
Read/Write/Execute/Delete/Control with Negation Action Namespace. | |
static const XMLCh | GHPP_ACTION_NAMESPACE [] |
Get/Head/Put/Post Action Namespace. | |
static const XMLCh | UNIX_ACTION_NAMESPACE [] |
UNIX File Permissions Action Namespace. | |
static const XMLCh | DECISION_PERMIT [] |
Permit Decision. | |
static const XMLCh | DECISION_DENY [] |
Deny Decision. | |
static const XMLCh | DECISION_INDETERMINATE [] |
Indeterminate Decision. | |
static const XMLCh | URI_REFERENCE [] |
URI reference attribute name format ID. | |
static const XMLCh | BASIC [] |
Basic attribute name format ID. |
SAML 2.0 assertion namespace.
virtual xmltooling::XMLObject* opensaml::saml2::decrypt | ( | const xmltooling::CredentialResolver & | credResolver, | |
const XMLCh * | recipient, | |||
xmltooling::CredentialCriteria * | criteria = nullptr , |
|||
bool | requireAuthenticatedCipher = false | |||
) | const [virtual] |
Decrypts the element using the supplied CredentialResolver.
The object returned will be unmarshalled around the decrypted DOM element in a new Document owned by the object.
The final boolean parameter is used to enforce a requirement for an authenticated cipher suite such as AES-GCM or similar. These ciphers include an HMAC or equivalent step that prevents tampering. Newer applications should set this parameter to true unless the ciphertext has been independently authenticated, and even in such a case, it is rarely possible to prevent chosen ciphertext attacks by trusted signers.
credResolver | locked resolver supplying decryption keys | |
recipient | identifier naming the recipient (the entity performing the decryption) | |
criteria | optional external criteria to use with resolver | |
requireAuthenticatedCipher | true iff the bulk data encryption algorithm must be an authenticated cipher |
virtual void opensaml::saml2::encrypt | ( | const EncryptableObject & | xmlObject, | |
const std::vector< std::pair< const saml2md::MetadataProvider *, saml2md::MetadataCredentialCriteria * > > & | recipients, | |||
bool | compact = false , |
|||
const XMLCh * | algorithm = nullptr | |||
) | [virtual] |
Encrypts an object to multiple recipients using this object as a container.
xmlObject | object to encrypt | |
recipients | pairs containing a locked MetadataProvider to supply encryption keys, and a metadata-based CredentialCriteria to use | |
compact | true iff compact KeyInfo should be used | |
algorithm | optionally specifies data encryption algorithm if none can be determined from metadata |
virtual void opensaml::saml2::encrypt | ( | const EncryptableObject & | xmlObject, | |
const saml2md::MetadataProvider & | metadataProvider, | |||
saml2md::MetadataCredentialCriteria & | criteria, | |||
bool | compact = false , |
|||
const XMLCh * | algorithm = nullptr | |||
) | [virtual] |
Encrypts an object to a single recipient using this object as a container.
xmlObject | object to encrypt | |
metadataProvider | a locked MetadataProvider to supply encryption keys | |
criteria | metadata-based CredentialCriteria to use | |
compact | true iff compact KeyInfo should be used | |
algorithm | optionally specifies data encryption algorithm if none can be determined from metadata |
static const XMLCh opensaml::saml2::TYPE_NAME [static] |
EncryptedElementType local name.
AssertionType local name.
AdviceType local name.
AttributeStatementType local name.
AttributeType local name.
AuthzDecisionStatementType local name.
EvidenceType local name.
ActionType local name.
AuthnStatementType local name.
AuthnContextType local name.
SubjectLocalityType local name.
SubjectType local name.
SubjectConfirmationType local name.
KeyInfoConfirmationDataType local name.
ConditionsType local name.
DelegationRestrictionType local name.
DelegateType local name.
ProxyRestrictionType local name.
OneTimeUseType local name.
AudienceRestrictionType local name.
NameIDType local name.
static const XMLCh opensaml::saml2::UNSPECIFIED [static] |
Unspecified name format ID.
Unspecified attribute name format ID.