shibsp::AssertionConsumerService Class Reference

Base class for handlers that create sessions by consuming SSO protocol responses. More...

#include <shibsp/handler/AssertionConsumerService.h>

Inheritance diagram for shibsp::AssertionConsumerService:

List of all members.

Public Member Functions

std::pair< bool, long > run (SPRequest &request, bool isHandler=true) const

Executes handler functionality as an incoming request.

void receive (DDF &in, std::ostream &out)

Remoted classes implement this method to process incoming messages.

const char * getType () const

Returns the "type" of the Handler plugin.

const XMLCh * getProtocolFamily () const

Returns an identifier for the protocol family associated with the handler, if any.

const char * getEventType () const

Get the type of event, as input to error handling in response to errors raised by this handler.

Protected Member Functions

AssertionConsumerService (const xercesc::DOMElement *e, const char *appId, xmltooling::logging::Category &log, xercesc::DOMNodeFilter *filter=nullptr, const Remapper *remapper=nullptr, bool deprecationSupport=true)

Constructor.

void checkAddress (const Application &application, const xmltooling::HTTPRequest &httpRequest, const char *issuedTo) const

Enforce address checking requirements.

virtual std::pair< bool, long > finalizeResponse (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, std::string &relayState) const

Complete the client's transition back to the expected resource.

void generateMetadata (opensaml::saml2md::SPSSODescriptor &role, const char *handlerURL) const

Generates and/or modifies metadata reflecting the Handler.

virtual void implementProtocol (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, opensaml::SecurityPolicy &policy, const PropertySet *reserved, const xmltooling::XMLObject &xmlObject) const =0

Implement protocol-specific handling of the incoming decoded message.

virtual void extractMessageDetails (const opensaml::Assertion &assertion, const XMLCh *protocol, opensaml::SecurityPolicy &policy) const

Extracts policy-relevant assertion details.

ResolutionContext * resolveAttributes (const Application &application, const xmltooling::GenericRequest *request=nullptr, const opensaml::saml2md::RoleDescriptor *issuer=nullptr, const XMLCh *protocol=nullptr, const xmltooling::XMLObject *protmsg=nullptr, const opensaml::saml1::NameIdentifier *v1nameid=nullptr, const opensaml::saml1::AuthenticationStatement *v1statement=nullptr, const opensaml::saml2::NameID *nameid=nullptr, const opensaml::saml2::AuthnStatement *statement=nullptr, const XMLCh *authncontext_class=nullptr, const XMLCh *authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr) const

Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.

virtual LoginEvent * newLoginEvent (const Application &application, const xmltooling::HTTPRequest &request) const

Creates a new LoginEvent for the event log.

Detailed Description

Base class for handlers that create sessions by consuming SSO protocol responses.

Constructor & Destructor Documentation

shibsp::AssertionConsumerService::AssertionConsumerService	(	const xercesc::DOMElement *	e,
		const char *	appId,
		xmltooling::logging::Category &	log,
		xercesc::DOMNodeFilter *	filter = `nullptr`,
		const Remapper *	remapper = `nullptr`,
		bool	deprecationSupport = `true`
	)			`[protected]`

Constructor.

Parameters:

	e	root of DOM configuration
	appId	ID of application that "owns" the handler
	log	a logging object to use
	filter	optional filter controls what child elements to include as nested PropertySets
	remapper	optional property rename mapper for legacy property support
	deprecationSupport	true iff deprecated settings and features should be supported

Member Function Documentation

std::pair<bool,long> shibsp::AssertionConsumerService::run	(	SPRequest &	request,
		bool	isHandler = `true`
	)			const `[virtual]`

Executes handler functionality as an incoming request.

Handlers can be run either directly by incoming web requests or indirectly/implicitly during other SP processing.

Parameters:

	request	SP request context
	isHandler	true iff executing in the context of a direct handler invocation

Returns:: a pair containing a "request completed" indicator and a server-specific response code

Implements shibsp::Handler.

void shibsp::AssertionConsumerService::receive	(	DDF &	in,
		std::ostream &	out
	)			`[virtual]`

Remoted classes implement this method to process incoming messages.

Parameters:

	in	incoming DDF message
	out	stream to write outgoing DDF message to

Implements shibsp::Remoted.

void shibsp::AssertionConsumerService::checkAddress	(	const Application &	application,
		const xmltooling::HTTPRequest &	httpRequest,
		const char *	issuedTo
	)			const `[protected]`

Enforce address checking requirements.

Parameters:

	application	reference to application receiving message
	httpRequest	client request that initiated session
	issuedTo	address for which security assertion was issued

virtual std::pair<bool,long> shibsp::AssertionConsumerService::finalizeResponse	(	const Application &	application,
		const xmltooling::HTTPRequest &	httpRequest,
		xmltooling::HTTPResponse &	httpResponse,
		std::string &	relayState
	)			const `[protected, virtual]`

Complete the client's transition back to the expected resource.

Parameters:

	application	reference to application receiving message
	httpRequest	client request that included message
	httpResponse	response to client
	relayState	relay state token

void shibsp::AssertionConsumerService::generateMetadata	(	opensaml::saml2md::SPSSODescriptor &	role,
		const char *	handlerURL
	)			const `[protected, virtual]`

Generates and/or modifies metadata reflecting the Handler.

The default implementation does nothing.

Parameters:

	role	metadata role to decorate
	handlerURL	base location of handler's endpoint

Reimplemented from shibsp::Handler.

virtual void shibsp::AssertionConsumerService::implementProtocol	(	const Application &	application,
		const xmltooling::HTTPRequest &	httpRequest,
		xmltooling::HTTPResponse &	httpResponse,
		opensaml::SecurityPolicy &	policy,
		const PropertySet *	reserved,
		const xmltooling::XMLObject &	xmlObject
	)			const `[protected, pure virtual]`

Implement protocol-specific handling of the incoming decoded message.

The result of implementing the protocol should be an exception or modifications to the request/response objects to reflect processing of the message.

Parameters:

	application	reference to application receiving message
	httpRequest	client request that included message
	httpResponse	response to client
	policy	the SecurityPolicy in effect, after having evaluated the message
	reserved	ignore this parameter
	xmlObject	a protocol-specific message object

virtual void shibsp::AssertionConsumerService::extractMessageDetails	(	const opensaml::Assertion &	assertion,
		const XMLCh *	protocol,
		opensaml::SecurityPolicy &	policy
	)			const `[protected, virtual]`

Extracts policy-relevant assertion details.

Parameters:

	assertion	the incoming assertion
	protocol	the protocol family in use
	policy	SecurityPolicy to provide various components and track message data

ResolutionContext* shibsp::AssertionConsumerService::resolveAttributes	(	const Application &	application,
		const xmltooling::GenericRequest *	request = `nullptr`,
		const opensaml::saml2md::RoleDescriptor *	issuer = `nullptr`,
		const XMLCh *	protocol = `nullptr`,
		const xmltooling::XMLObject *	protmsg = `nullptr`,
		const opensaml::saml1::NameIdentifier *	v1nameid = `nullptr`,
		const opensaml::saml1::AuthenticationStatement *	v1statement = `nullptr`,
		const opensaml::saml2::NameID *	nameid = `nullptr`,
		const opensaml::saml2::AuthnStatement *	statement = `nullptr`,
		const XMLCh *	authncontext_class = `nullptr`,
		const XMLCh *	authncontext_decl = `nullptr`,
		const std::vector< const opensaml::Assertion * > *	tokens = `nullptr`
	)			const `[protected]`

Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.

The caller must free the returned context handle.

Parameters:

	application	reference to application receiving message
	request	request delivering message, if any
	issuer	source of SSO tokens
	protocol	SSO protocol used
	protmsg	SSO protocol message, if any
	v1nameid	identifier of principal in SAML 1.x form, if any
	v1statement	SAML 1.x authentication statement, if any
	nameid	identifier of principal in SAML 2.0 form
	statement	SAML 2.0 authentication statement, if any
	authncontext_class	method/category of authentication event, if known
	authncontext_decl	specifics of authentication event, if known
	tokens	available assertions, if any

virtual LoginEvent* shibsp::AssertionConsumerService::newLoginEvent	(	const Application &	application,
		const xmltooling::HTTPRequest &	request
	)			const `[protected, virtual]`

Creates a new LoginEvent for the event log.

Parameters:

	application	the Application associated with the event
	request	the HTTP client request associated with the event

Returns:: a fresh LoginEvent, prepopulated by the input parameters, or nullptr if an error occurs

const char* shibsp::AssertionConsumerService::getType ( ) const [virtual]

Returns the "type" of the Handler plugin.

Returns:: a Handler type

Reimplemented from shibsp::Handler.

const XMLCh* shibsp::AssertionConsumerService::getProtocolFamily ( ) const [virtual]

Returns an identifier for the protocol family associated with the handler, if any.

Returns:: a protocol identifier, or nullptr

Reimplemented from shibsp::Handler.

const char* shibsp::AssertionConsumerService::getEventType ( ) const [virtual]

Get the type of event, as input to error handling in response to errors raised by this handler.

Returns:: an event type for error handling

Reimplemented from shibsp::Handler.

The documentation for this class was generated from the following file:

shibsp/handler/AssertionConsumerService.h


Public Member Functions
std::pair< bool, long >	run (SPRequest &request, bool isHandler=true) const
	Executes handler functionality as an incoming request.
void	receive (DDF &in, std::ostream &out)
	Remoted classes implement this method to process incoming messages.
const char *	getType () const
	Returns the "type" of the Handler plugin.
const XMLCh *	getProtocolFamily () const
	Returns an identifier for the protocol family associated with the handler, if any.
const char *	getEventType () const
	Get the type of event, as input to error handling in response to errors raised by this handler.
Protected Member Functions
	AssertionConsumerService (const xercesc::DOMElement e, const char appId, xmltooling::logging::Category &log, xercesc::DOMNodeFilter filter=nullptr, const Remapper remapper=nullptr, bool deprecationSupport=true)
	Constructor.
void	checkAddress (const Application &application, const xmltooling::HTTPRequest &httpRequest, const char *issuedTo) const
	Enforce address checking requirements.
virtual std::pair< bool, long >	finalizeResponse (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, std::string &relayState) const
	Complete the client's transition back to the expected resource.
void	generateMetadata (opensaml::saml2md::SPSSODescriptor &role, const char *handlerURL) const
	Generates and/or modifies metadata reflecting the Handler.
virtual void	implementProtocol (const Application &application, const xmltooling::HTTPRequest &httpRequest, xmltooling::HTTPResponse &httpResponse, opensaml::SecurityPolicy &policy, const PropertySet *reserved, const xmltooling::XMLObject &xmlObject) const =0
	Implement protocol-specific handling of the incoming decoded message.
virtual void	extractMessageDetails (const opensaml::Assertion &assertion, const XMLCh *protocol, opensaml::SecurityPolicy &policy) const
	Extracts policy-relevant assertion details.
ResolutionContext *	resolveAttributes (const Application &application, const xmltooling::GenericRequest request=nullptr, const opensaml::saml2md::RoleDescriptor issuer=nullptr, const XMLCh protocol=nullptr, const xmltooling::XMLObject protmsg=nullptr, const opensaml::saml1::NameIdentifier v1nameid=nullptr, const opensaml::saml1::AuthenticationStatement v1statement=nullptr, const opensaml::saml2::NameID nameid=nullptr, const opensaml::saml2::AuthnStatement statement=nullptr, const XMLCh authncontext_class=nullptr, const XMLCh authncontext_decl=nullptr, const std::vector< const opensaml::Assertion * > *tokens=nullptr) const
	Attempt SSO-initiated attribute resolution using the supplied information, including NameID and token extraction and filtering followed by secondary resolution.
virtual LoginEvent *	newLoginEvent (const Application &application, const xmltooling::HTTPRequest &request) const
	Creates a new LoginEvent for the event log.