shibsp::AssertionConsumerService Class Reference
Base class for handlers that create sessions by consuming SSO protocol responses. More...
#include <shibsp/handler/AssertionConsumerService.h>
Inheritance diagram for shibsp::AssertionConsumerService:
Collaboration diagram for shibsp::AssertionConsumerService:
Public Member Functions | |
| std::pair< bool, long > | run (SPRequest &request, bool isHandler=true) const |
| Executes handler functionality as an incoming request. | |
| void | receive (DDF &in, std::ostream &out) |
| Remoted classes implement this method to process incoming messages. | |
| const char * | getType () const |
| Returns the "type" of the Handler plugin. | |
| const XMLCh * | getProtocolFamily () const |
| Returns an identifier for the protocol family associated with the handler, if any. | |
Protected Member Functions | |
| AssertionConsumerService (const xercesc::DOMElement *e, const char *appId, xmltooling::logging::Category &log, xercesc::DOMNodeFilter *filter=nullptr, const std::map< std::string, std::string > *remapper=nullptr) | |
| Constructor. | |
| void | checkAddress (const Application &application, const xmltooling::HTTPRequest &httpRequest, const char *issuedTo) const |
| Enforce address checking requirements. | |
| void | generateMetadata (opensaml::saml2md::SPSSODescriptor &role, const char *handlerURL) const |
| Generates and/or modifies metadata reflecting the Handler. | |
| virtual opensaml::SecurityPolicy * | createSecurityPolicy (const Application &application, const xmltooling::QName *role, bool validate, const char *policyId) const |
| virtual void | implementProtocol (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, opensaml::SecurityPolicy &policy, const PropertySet *reserved, const xmltooling::XMLObject &xmlObject) const =0 |
| Implement protocol-specific handling of the incoming decoded message. | |
| virtual void | extractMessageDetails (const opensaml::Assertion &assertion, const XMLCh *protocol, opensaml::SecurityPolicy &policy) const |
| Extracts policy-relevant assertion details. | |
| ResolutionContext * | resolveAttributes (const Application &application, const opensaml::saml2md::RoleDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const opensaml::saml1::NameIdentifier *v1nameid=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr) const |
| Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution. | |
Detailed Description
Base class for handlers that create sessions by consuming SSO protocol responses.
Constructor & Destructor Documentation
| shibsp::AssertionConsumerService::AssertionConsumerService | ( | const xercesc::DOMElement * | e, |
| const char * | appId, | ||
| xmltooling::logging::Category & | log, | ||
| xercesc::DOMNodeFilter * | filter = nullptr, |
||
| const std::map< std::string, std::string > * | remapper = nullptr |
||
| ) | [protected] |
Constructor.
- Parameters:
-
e root of DOM configuration appId ID of application that "owns" the handler log a logging object to use filter optional filter controls what child elements to include as nested PropertySets remapper optional map of property rename rules for legacy property support
Member Function Documentation
| void shibsp::AssertionConsumerService::checkAddress | ( | const Application & | application, |
| const xmltooling::HTTPRequest & | httpRequest, | ||
| const char * | issuedTo | ||
| ) | const [protected] |
Enforce address checking requirements.
- Parameters:
-
application reference to application receiving message httpRequest client request that initiated session issuedTo address for which security assertion was issued
| virtual opensaml::SecurityPolicy* shibsp::AssertionConsumerService::createSecurityPolicy | ( | const Application & | application, |
| const xmltooling::QName * | role, | ||
| bool | validate, | ||
| const char * | policyId | ||
| ) | const [protected, virtual] |
- Deprecated:
- Returns a SecurityPolicy instance to use for an incoming request.
Allows handlers to customize the type of policy object their policy rules might require.
The caller MUST lock the application's MetadataProvider for the life of the returned object.
- Parameters:
-
application reference to application receiving message role identifies the role (generally IdP or SP) of the policy peer validate true iff XML parsing should be done with validation policyId identifies policy rules to auto-attach, defaults to the application's set
- Returns:
- a new policy instance, which the caller is responsible for freeing
| virtual void shibsp::AssertionConsumerService::extractMessageDetails | ( | const opensaml::Assertion & | assertion, |
| const XMLCh * | protocol, | ||
| opensaml::SecurityPolicy & | policy | ||
| ) | const [protected, virtual] |
Extracts policy-relevant assertion details.
- Parameters:
-
assertion the incoming assertion protocol the protocol family in use policy SecurityPolicy to provide various components and track message data
| void shibsp::AssertionConsumerService::generateMetadata | ( | opensaml::saml2md::SPSSODescriptor & | role, |
| const char * | handlerURL | ||
| ) | const [protected, virtual] |
Generates and/or modifies metadata reflecting the Handler.
The default implementation does nothing.
- Parameters:
-
role metadata role to decorate handlerURL base location of handler's endpoint
Reimplemented from shibsp::Handler.
| const XMLCh* shibsp::AssertionConsumerService::getProtocolFamily | ( | ) | const [virtual] |
Returns an identifier for the protocol family associated with the handler, if any.
- Returns:
- a protocol identifier, or nullptr
Reimplemented from shibsp::Handler.
| const char* shibsp::AssertionConsumerService::getType | ( | ) | const [virtual] |
Returns the "type" of the Handler plugin.
- Returns:
- a Handler type
Reimplemented from shibsp::Handler.
| virtual void shibsp::AssertionConsumerService::implementProtocol | ( | const Application & | application, |
| const xmltooling::HTTPRequest & | httpRequest, | ||
| xmltooling::HTTPResponse & | httpResponse, | ||
| opensaml::SecurityPolicy & | policy, | ||
| const PropertySet * | reserved, | ||
| const xmltooling::XMLObject & | xmlObject | ||
| ) | const [protected, pure virtual] |
Implement protocol-specific handling of the incoming decoded message.
The result of implementing the protocol should be an exception or modifications to the request/response objects to reflect processing of the message.
- Parameters:
-
application reference to application receiving message httpRequest client request that included message httpResponse response to client policy the SecurityPolicy in effect, after having evaluated the message reserved ignore this parameter xmlObject a protocol-specific message object
| void shibsp::AssertionConsumerService::receive | ( | DDF & | in, |
| std::ostream & | out | ||
| ) | [virtual] |
Remoted classes implement this method to process incoming messages.
Implements shibsp::Remoted.
| ResolutionContext* shibsp::AssertionConsumerService::resolveAttributes | ( | const Application & | application, |
| const opensaml::saml2md::RoleDescriptor * | issuer = nullptr, |
||
| const XMLCh * | protocol = nullptr, |
||
| const opensaml::saml1::NameIdentifier * | v1nameid = nullptr, |
||
| const opensaml::saml2::NameID * | nameid = nullptr, |
||
| const XMLCh * | authncontext_class = nullptr, |
||
| const XMLCh * | authncontext_decl = nullptr, |
||
| const std::vector< const opensaml::Assertion * > * | tokens = nullptr |
||
| ) | const [protected] |
Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.
The caller must free the returned context handle.
- Parameters:
-
application reference to application receiving message issuer source of SSO tokens protocol SSO protocol used v1nameid identifier of principal in SAML 1.x form, if any nameid identifier of principal in SAML 2.0 form authncontext_class method/category of authentication event, if known authncontext_decl specifics of authentication event, if known tokens available assertions, if any
| std::pair<bool,long> shibsp::AssertionConsumerService::run | ( | SPRequest & | request, |
| bool | isHandler = true |
||
| ) | const [virtual] |
Executes handler functionality as an incoming request.
Handlers can be run either directly by incoming web requests or indirectly/implicitly during other SP processing.
- Parameters:
-
request SP request context isHandler true iff executing in the context of a direct handler invocation
- Returns:
- a pair containing a "request completed" indicator and a server-specific response code
Implements shibsp::Handler.
The documentation for this class was generated from the following file:
- shibsp/handler/AssertionConsumerService.h
