Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Types | Public Member Functions | Private Member Functions | Private Attributes
Arc::SAMLToken Class Reference

Class for manipulating SAML Token Profile. More...

#include <SAMLToken.h>

Collaboration diagram for Arc::SAMLToken:
Collaboration graph
[legend]

List of all members.

Public Types

enum  SAMLVersion { SAML1, SAML2 }
 Since the specfication SAMLVersion is for distinguishing two types of saml version. More...

Public Member Functions

 SAMLToken (SOAPEnvelope &soap)
 Constructor.
 SAMLToken (SOAPEnvelope &soap, const std::string &certfile, const std::string &keyfile, SAMLVersion saml_version=SAML2, XMLNode saml_assertion=XMLNode())
 Constructor.
 ~SAMLToken (void)
 Deconstructor.
 operator bool (void)
 Returns true of constructor succeeded.
bool Authenticate (const std::string &cafile, const std::string &capath)
 Check signature by using the trusted certificates It is used by relying parting after calling SAMLToken(SOAPEnvelope& soap) This method will check the SAML assertion based on the trusted certificated specified as parameter cafile or capath; and also check the signature to soap message (the signature is generated by attesting entity by signing soap body together witl SAML assertion) by using the public key inside SAML assetion.
bool Authenticate (void)
 Check signature by using the cert information in soap message.

Private Member Functions

bool Check (SOAPEnvelope &soap)
 Tells if specified SOAP header has WSSE element and SAMLToken inside the WSSE element.

Private Attributes

xmlNodePtr assertion_signature_nd
xmlNodePtr wsse_signature_nd
std::string pubkey_str
 public key string under <ds:KeyInfo/> (under <saml:Assertion/>'s <saml:Subject/>), which is used sign the soap body message: ["Subject"]["SubjectConfirmation"]["KeyInfo"]["KeyValue"]; Alternative is: ["Subject"]["SubjectConfirmation"]["KeyInfo"]["X509Data"]["X509Certificate"]
std::string x509cert_str
 dsig:X509Data> inside <saml:Assertion/>'s <ds:Signature/>, which is used to sign the assertion itself
XMLNode x509data
SAMLVersion samlversion

Detailed Description

Class for manipulating SAML Token Profile.

This class is for generating/consuming SAML Token profile. See WS-Security SAML Token Profile v1.1 (www.oasis-open.org/committees/wss) Currently this class is used by samltoken handler (will appears in src/hed/pdc/samltokensh/) It is not a must to directly called this class. If we need to use SAML Token functionality, we only need to configure the samltoken handler into service and client. Currently, only a minor part of the specification has been implemented.

About how to identify and reference security token for signing message, currently, only the "SAML Assertion Referenced from KeyInfo" (part 3.4.2 of WS-Security SAML Token Profile v1.1 specification) is supported, which means the implementation can only process SAML assertion "referenced from KeyInfo", and also can only generate SAML Token with SAML assertion "referenced from KeyInfo". More complete support need to implement.

About subject confirmation method, the implementation can process "hold-of-key" (part 3.5.1 of WS-Security SAML Token Profile v1.1 specification) subject subject confirmation method.

About SAML vertion, the implementation can process SAML assertion with SAML version 1.1 and 2.0; can only generate SAML assertion with SAML vertion 2.0.

In the SAML Token profile, for the hold-of-key subject confirmation method, there are three interaction parts: the attesting entity, the relying party and the issuing authority. In the hold-of-key subject confirmation method, it is the attesting entity's subject identity which will be inserted into the SAML assertion.

Firstly the attesting entity authenticates to issuing authority by using some authentication scheme such as WSS x509 Token profile (Alterbatively the usename/password authentication scheme or other different authentication scheme can also be used, unless the issuing authority can retrive the key from a trusted certificate server after firmly establishing the subject's identity under the username/password scheme). So then issuing authority is able to make a definitive statement (sign a SAML assertion) about an act of authentication that has already taken place.

The attesting entity gets the SAML assertion and then signs the soap message together with the assertion by using its private key (the relevant certificate has been authenticated by issuing authority, and its relevant public key has been put into SubjectConfirmation element under saml assertion by issuing authority. Only the actual owner of the saml assertion can do this, as only the subject possesses the private key paired with the public key in the assertion. This establishes an irrefutable connection between the author of the SOAP message and the assertion describing an authentication event.)

The relying party is supposed to trust the issuing authority. When it receives a message from the asserting entity, it will check the saml assertion based on its predetermined trust relationship with the SAML issuing authority, and check the signature of the soap message based on the public key in the saml assertion without directly trust relationship with attesting entity (subject owner).

Definition at line 65 of file SAMLToken.h.


Member Enumeration Documentation

Since the specfication SAMLVersion is for distinguishing two types of saml version.

It is used as the parameter of constructor.

Enumerator:
SAML1 
SAML2 

Definition at line 71 of file SAMLToken.h.


Constructor & Destructor Documentation

Arc::SAMLToken::SAMLToken ( SOAPEnvelope &  soap)

Constructor.

Parse SAML Token information from SOAP header. SAML Token related information is extracted from SOAP header and stored in class variables. And then it the SAMLToken object will be used for authentication.

Parameters:
soapThe SOAP message which contains the SAMLToken in the soap header

Definition at line 84 of file SAMLToken.cpp.

                                       : SOAPEnvelope(soap){
  if(!Check(soap)){
    return;
  }

  //if(!init_xmlsec()) return;
  assertion_signature_nd = NULL;
  wsse_signature_nd = NULL; 

  // Apply predefined namespace prefix
  NS ns;
  ns["wsse"]=WSSE_NAMESPACE;
  ns["wsse11"]=WSSE11_NAMESPACE;
  ns["wsu"]=WSU_NAMESPACE;
  header.Namespaces(ns);

  XMLNode st = header["wsse:Security"];   
  XMLNode wsse_signature = st["Signature"];
  XMLNode assertion;
  assertion = st["Assertion"];
  XMLNode assertion_signature = assertion["Signature"];
  xmlNodePtr bodyPtr = ((SAMLToken*)(&body))->node_;
  xmlDocPtr docPtr = bodyPtr->doc;
  xmlNodePtr assertionPtr = ((SAMLToken*)(&assertion))->node_;

  xmlChar* id;
  xmlAttrPtr id_attr;
  //Assertion reference
  if(samlversion == SAML1) {
    id = xmlGetProp(assertionPtr, (xmlChar *)"AssertionID");
    id_attr = NULL; id_attr = xmlHasProp(assertionPtr, (xmlChar *)"AssertionID");
    if(id_attr == NULL) std::cerr<<"Can not find AssertionID attribute from saml:Assertion"<<std::endl;
    xmlAddID(NULL, docPtr, (xmlChar *)id, id_attr);
    xmlFree(id);
  }
  else {
    id = xmlGetProp(assertionPtr, (xmlChar *)"ID");
    id_attr = NULL; id_attr = xmlHasProp(assertionPtr, (xmlChar *)"ID");
    if(id_attr == NULL) std::cerr<<"Can not find ID attribute from saml:Assertion"<<std::endl;
    xmlAddID(NULL, docPtr, (xmlChar *)id, id_attr);
    xmlFree(id);
  }

  //Signature under saml:Assertion
  assertion_signature_nd = ((SAMLToken*)(&assertion_signature))->node_;
  if(!assertion_signature_nd) { std::cerr<<"No Signature node in saml:Assertion"<<std::endl; return; }

  //Body reference
  id = xmlGetProp(bodyPtr, (xmlChar *)"Id");
  id_attr = xmlHasProp(bodyPtr, (xmlChar *)"Id");
  xmlAddID(NULL, docPtr, (xmlChar *)id, id_attr);
  xmlFree(id);
  //Signature under wsse:Security
  wsse_signature_nd = ((SAMLToken*)(&wsse_signature))->node_; 
  if(!wsse_signature_nd) { std::cerr<<"No Signature node in wsse:Security"<<std::endl; return; }

  //Get the public key from the assertion, the key has been used to sign soap body msg by the attesting entity
  //saml1
  if(samlversion == SAML1) {
    pubkey_str = (std::string)(assertion["AttributeStatement"]["Subject"]["SubjectConfirmation"]["KeyInfo"]["KeyValue"]);
  }
  //saml2
  else {
    pubkey_str = (std::string)(assertion["Subject"]["SubjectConfirmation"]["SubjectConfirmationData"]["KeyInfo"]["KeyValue"]);
    if(pubkey_str.empty())
      x509cert_str = (std::string)(assertion["Subject"]["SubjectConfirmation"]["SubjectConfirmationData"]["KeyInfo"]["X509Data"]["X509Certificate"]);
  }
  x509data = assertion_signature["KeyInfo"]["X509Data"];
} 

Here is the call graph for this function:

Arc::SAMLToken::SAMLToken ( SOAPEnvelope &  soap,
const std::string &  certfile,
const std::string &  keyfile,
SAMLVersion  saml_version = SAML2,
XMLNode  saml_assertion = XMLNode() 
)

Constructor.

Add SAML Token information into the SOAP header. Generated token contains elements SAML token and signature, and is meant to be used for authentication on the consuming side. This constructor is for a specific SAML Token profile usage, in which the attesting entity signs the SAML assertion for itself (self-sign). This usage implicitly requires that the relying party trust the attesting entity. More general (requires issuing authority) usage will be provided by other constructor. And the under-developing SAML service will be used as the issuing authority.

Parameters:
soapThe SOAP message to which the SAML Token will be inserted.
certfileThe certificate file.
keyfileThe key file which will be used to create signature.
samlversionThe SAML version, only SAML2 is supported currently.
samlassertionThe SAML assertion got from 3rd party, and used for protecting the SOAP message; If not present, then self-signed assertion will be generated.

Definition at line 215 of file SAMLToken.cpp.

                                                    : SOAPEnvelope (soap), samlversion(saml_version) {
  //if(!init_xmlsec()) return;
  if(samlversion == SAML2) {
    // Apply predefined namespace prefix
    NS ns, header_ns, assertion_ns;
    ns = envelope.Namespaces();
    ns["wsu"]=WSU_NAMESPACE;
    envelope.Namespaces(ns);
    header_ns["wsse"]=WSSE_NAMESPACE;
    header_ns["wsse11"]=WSSE11_NAMESPACE;
    header_ns["ds"]=DSIG_NAMESPACE;
    header.Namespaces(header_ns);
    assertion_ns["saml2"] = SAML2_NAMESPACE;
    // Insert the wsse:Security element
    XMLNode wsse = get_node(header,"wsse:Security");
    XMLNode assertion;

    if(!saml_assertion) { //If the SAML Assertion has not been provided, the self-signed assertion
                          //will be generated based on the keyfile
      /*****************************/
      // Generate the saml assertion
      // Currently only saml2 is created
      assertion = get_node(wsse, "saml2:Assertion");
      assertion.Namespaces(assertion_ns);
      assertion.Name("saml2:Assertion");

      std::string assertion_id = UUID();
      assertion.NewAttribute("ID") = assertion_id;

      Arc::Time t;
      std::string current_time = t.str(Arc::UTCTime);
      assertion.NewAttribute("IssueInstant") = current_time;

      Arc::Credential cred(certfile, keyfile, "", "");
      std::string dn = cred.GetDN();
      std::string rdn = Arc::convert_to_rdn(dn);
      assertion.NewAttribute("Issuer") = rdn;

      assertion.NewAttribute("Version") = std::string("2.0");
    
      XMLNode condition = get_node(assertion, "saml2:Conditions");
      Arc::Time t_start;
      std::string time_start = t_start.str(Arc::UTCTime);
      Arc::Time t_end = t_start + Arc::Period(43200);
      std::string time_end = t_end.str(Arc::UTCTime);
      condition.NewAttribute("NotBefore") = time_start;
      condition.NewAttribute("NotOnOrAfter") = time_end;
    
      XMLNode subject = get_node(assertion, "saml2:Subject");
      XMLNode nameid = get_node(subject, "saml2:NameID");
      nameid.NewAttribute("NameQualifier") = "knowarc.eu"; //
      nameid.NewAttribute("Format") = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
      nameid = rdn;
  
      XMLNode subjectconfirmation = get_node(subject, "saml2:SubjectConfirmation");
      subjectconfirmation.NewAttribute("Method") = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
      XMLNode subjectconfirmationdata = get_node(subjectconfirmation, "saml2:SubjectConfirmationData");
      XMLNode keyinfo = get_node(subjectconfirmationdata, "ds:KeyInfo");
      XMLNode keyvalue = get_node(keyinfo, "ds:KeyValue");
      //Put the pubkey as the keyvalue
      keyvalue = get_key_from_certfile(certfile.c_str()); 
  
      //Add some attribute here
      XMLNode statement = get_node(assertion, "saml2:AttributeStatement");
      XMLNode attribute = get_node(statement, "saml2:Attribute");
      attribute.NewAttribute("Name") = "email";
      attribute.NewAttribute("NameFormat") = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
      
      //Generate the signature to the assertion, it should be the attribute authority to sign the assertion
      //Add signature template 
      xmlNodePtr assertion_signature = NULL;
      xmlNodePtr assertion_reference = NULL;
      assertion_signature = xmlSecTmplSignatureCreate(NULL,
                            xmlSecTransformExclC14NId,
                            xmlSecTransformRsaSha1Id, NULL);
      //Add signature into assertion
      xmlNodePtr assertion_nd = ((SAMLToken*)(&assertion))->node_;
      xmlAddChild(assertion_nd, assertion_signature);
  
      //Add reference for signature
      xmlDocPtr docPtr = assertion_nd->doc;
      xmlChar* id = NULL;
      id =  xmlGetProp(assertion_nd, (xmlChar *)"ID");
      if(!id) { std::cerr<<"There is not Assertion ID attribute in assertion"<<std::endl; return; }

      std::string assertion_uri; assertion_uri.append("#"); assertion_uri.append((char*)id);

      assertion_reference = xmlSecTmplSignatureAddReference(assertion_signature, xmlSecTransformSha1Id,
                                              NULL, (xmlChar *)(assertion_uri.c_str()), NULL);
      xmlSecTmplReferenceAddTransform(assertion_reference, xmlSecTransformEnvelopedId);
      xmlSecTmplReferenceAddTransform(assertion_reference, xmlSecTransformExclC14NId);
  
      xmlAttrPtr id_attr = xmlHasProp(assertion_nd, (xmlChar *)"ID");
      xmlAddID(NULL, docPtr, (xmlChar *)id, id_attr);
      xmlFree(id);

      xmlNodePtr key_info = xmlSecTmplSignatureEnsureKeyInfo(assertion_signature, NULL);
      xmlSecTmplKeyInfoAddX509Data(key_info);

      //Sign the assertion
      xmlSecDSigCtx *dsigCtx = xmlSecDSigCtxCreate(NULL);
      //load private key, assuming there is no need for passphrase
      dsigCtx->signKey = xmlSecCryptoAppKeyLoad(keyfile.c_str(), xmlSecKeyDataFormatPem, NULL, NULL, NULL);
      if(dsigCtx->signKey == NULL) {
        xmlSecDSigCtxDestroy(dsigCtx);
        std::cerr<<"Can not load key"<<std::endl; return;
      }
      if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, certfile.c_str(), xmlSecKeyDataFormatPem) < 0) {
        xmlSecDSigCtxDestroy(dsigCtx);
        std::cerr<<"Can not load certificate"<<std::endl; return;     
      }
      if (xmlSecDSigCtxSign(dsigCtx, assertion_signature) < 0) {
        xmlSecDSigCtxDestroy(dsigCtx);
        std::cerr<<"Can not sign assertion"<<std::endl; return;
      }
      if(dsigCtx != NULL)xmlSecDSigCtxDestroy(dsigCtx);

      std::string str;
      assertion.GetXML(str);
      std::cout<<"Assertion: "<<str<<std::endl;
    }
    else {
      assertion = wsse.NewChild(saml_assertion);
    }


    /*****************************/
    //Generate the signature of message body based on the KeyInfo inside saml assertion
    xmlNodePtr wsse_signature = NULL;
    xmlNodePtr wsse_reference = NULL;
    wsse_signature = xmlSecTmplSignatureCreate(NULL,
                                xmlSecTransformExclC14NId,
                                xmlSecTransformRsaSha1Id, NULL);
    //Add signature into wsse
    xmlNodePtr wsse_nd = ((SAMLToken*)(&wsse))->node_;
    xmlAddChild(wsse_nd, wsse_signature);

    //Add reference for signature
    xmlNodePtr bodyPtr = ((SAMLToken*)(&body))->node_;
    //docPtr = wsse_nd->doc;
    xmlChar* id = NULL;
    id =  xmlGetProp(bodyPtr, (xmlChar *)"Id");
    if(!id) {
      std::cout<<"There is not wsu:Id attribute in soap body, add a new one"<<std::endl;
      body.NewAttribute("wsu:Id") = "MsgBody";
    }
    id =  xmlGetProp(bodyPtr, (xmlChar *)"Id");
    std::string body_uri; body_uri.append("#"); body_uri.append((char*)id);

    wsse_reference = xmlSecTmplSignatureAddReference(wsse_signature, xmlSecTransformSha1Id,
                                                    NULL, (xmlChar *)(body_uri.c_str()), NULL);
    xmlSecTmplReferenceAddTransform(wsse_reference, xmlSecTransformEnvelopedId);
    xmlSecTmplReferenceAddTransform(wsse_reference, xmlSecTransformExclC14NId);

    xmlAttrPtr id_attr = xmlHasProp(bodyPtr, (xmlChar *)"Id");
    xmlDocPtr docPtr = bodyPtr->doc;
    xmlAddID(NULL, docPtr, (xmlChar *)id, id_attr);
    xmlFree(id);

    xmlNodePtr key_info = xmlSecTmplSignatureEnsureKeyInfo(wsse_signature, NULL);
    XMLNode keyinfo_nd = wsse["Signature"]["KeyInfo"];
    XMLNode st_ref_nd = keyinfo_nd.NewChild("wsse:SecurityTokenReference");
    st_ref_nd.NewAttribute("wsu:Id") = "STR1";
    st_ref_nd.NewAttribute("wsse11:TokenType")="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
    XMLNode keyid_nd = st_ref_nd.NewChild("wsse:KeyIdentifier");
    keyid_nd.NewAttribute("wsu:Id") = "abcde"; //not specified in the specification
    keyid_nd.NewAttribute("ValueType")="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLID"; 
    keyid_nd = (std::string)(assertion.Attribute("ID"));

    xmlSecDSigCtx *dsigCtx = xmlSecDSigCtxCreate(NULL);
    //Sign the assertion
    dsigCtx = xmlSecDSigCtxCreate(NULL);
    //load private key, assuming there is no need for passphrase
    dsigCtx->signKey = xmlSecCryptoAppKeyLoad(keyfile.c_str(), xmlSecKeyDataFormatPem, NULL, NULL, NULL);
    if(dsigCtx->signKey == NULL) {
      xmlSecDSigCtxDestroy(dsigCtx);
      std::cerr<<"Can not load key"<<std::endl; return;
    }
    //if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, certfile.c_str(), xmlSecKeyDataFormatPem) < 0) {
    //  xmlSecDSigCtxDestroy(dsigCtx);
    //  std::cerr<<"Can not load certificate"<<std::endl; return;
    //}
    if (xmlSecDSigCtxSign(dsigCtx, wsse_signature) < 0) {
      xmlSecDSigCtxDestroy(dsigCtx);
      std::cerr<<"Can not sign wsse"<<std::endl; return;
    }
    if(dsigCtx != NULL)xmlSecDSigCtxDestroy(dsigCtx);

    //fix namespaces
    //NS wsse_ns;
    //wsse_ns = wsse.Namespaces();
    //wsse.Namespaces(wsse_ns);

    std::string str;
    wsse.GetXML(str);
    std::cout<<"WSSE: "<<str<<std::endl;
  }
}

Here is the call graph for this function:

Deconstructor.

Nothing to be done except finalizing the xmlsec library.

Definition at line 415 of file SAMLToken.cpp.

                          {
  //final_xmlsec();
}

Member Function Documentation

bool Arc::SAMLToken::Authenticate ( const std::string &  cafile,
const std::string &  capath 
)

Check signature by using the trusted certificates It is used by relying parting after calling SAMLToken(SOAPEnvelope& soap) This method will check the SAML assertion based on the trusted certificated specified as parameter cafile or capath; and also check the signature to soap message (the signature is generated by attesting entity by signing soap body together witl SAML assertion) by using the public key inside SAML assetion.

Parameters:
cafileca file
capathca directory

Definition at line 159 of file SAMLToken.cpp.

                                                                             {
  xmlSecKeysMngr* keys_manager = NULL;
  xmlSecDSigCtx *dsigCtx;

  /*****************************************/
  //Verify the signature under saml:assertion
  if((bool)x509data && (!cafile.empty() || !capath.empty())) {
    keys_manager = load_trusted_certs(&keys_manager, cafile.c_str(), capath.c_str());
    //keys_manager = load_trusted_cert_file(&keys_manager, cafile.c_str());
    if(keys_manager == NULL) { std::cerr<<"Can not load trusted certificates"<<std::endl; return false; } 
  }
  else if((bool)x509data)
    { std::cerr<<"No trusted certificates exists"<<std::endl; return false;}
  if(keys_manager == NULL){ std::cerr<<"No <X509Data/> exists, or no trusted certificates configured"<<std::endl; return false;}

  dsigCtx = xmlSecDSigCtxCreate(keys_manager);
  if (xmlSecDSigCtxVerify(dsigCtx, assertion_signature_nd) < 0) {
    xmlSecDSigCtxDestroy(dsigCtx);
    if (keys_manager) xmlSecKeysMngrDestroy(keys_manager);
    std::cerr<<"Signature verification failed for saml:assertion"<<std::endl;
    return false;
  }
  if(keys_manager != NULL)xmlSecKeysMngrDestroy(keys_manager);
  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
    std::cout<<"Succeed to verify the signature in saml:assertion"<<std::endl;
    xmlSecDSigCtxDestroy(dsigCtx);
  }
  else { std::cerr<<"Invalid signature in saml:assertion"<<std::endl; xmlSecDSigCtxDestroy(dsigCtx); return false; }


  /*****************************************/
  //Verify the signature under wsse:Security
  dsigCtx = xmlSecDSigCtxCreate(NULL);
  //Load public key from incoming soap's security token
  xmlSecKey* pubkey = NULL;
  if(!pubkey_str.empty())
    pubkey = get_key_from_keystr(pubkey_str);
  else
    pubkey = get_key_from_certstr(x509cert_str);
  if (pubkey == NULL){
    xmlSecDSigCtxDestroy(dsigCtx);
    std::cerr<<"Can not load public key"<<std::endl; return false;
  }
  dsigCtx->signKey = pubkey;
  if (xmlSecDSigCtxVerify(dsigCtx, wsse_signature_nd) < 0) {
    xmlSecDSigCtxDestroy(dsigCtx);
    std::cerr<<"Signature verification failed for wsse:security"<<std::endl;
    return false;
  }
  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
    std::cout<<"Succeed to verify the signature in wsse:security"<<std::endl;
    xmlSecDSigCtxDestroy(dsigCtx); return true;
  }
  else { std::cerr<<"Invalid signature in wsse:security"<<std::endl; xmlSecDSigCtxDestroy(dsigCtx); return false; }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Check signature by using the cert information in soap message.

Definition at line 154 of file SAMLToken.cpp.

                                 {
  //TODO: not sure this situation (no trusted certificate to verify the saml assertion) is needed
  return true;
}
bool Arc::SAMLToken::Check ( SOAPEnvelope &  soap) [private]

Tells if specified SOAP header has WSSE element and SAMLToken inside the WSSE element.

Definition at line 60 of file SAMLToken.cpp.

                                        {
  XMLNode header = soap.Header();
  if(header.NamespacePrefix(WSSE_NAMESPACE).empty()){
    std::cerr<<"No wsse namespace in SOAP Header"<<std::endl;
    return false;
  }
  XMLNode wsse;
  if(!(wsse=header["wsse:Security"])) {
    std::cerr<<"No Security element in SOAP Header"<<std::endl;
    return false;
  };
  if(!(wsse["Assertion"])) {
    std::cerr<<"No SAMLToken element in SOAP Header"<<std::endl;
    return false;
  };
  if((bool)(wsse["Assertion"]["AssertionID"])) samlversion = SAML1;
  else samlversion = SAML2;
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Arc::SAMLToken::operator bool ( void  )

Returns true of constructor succeeded.

Definition at line 80 of file SAMLToken.cpp.

                             {
  return (bool)header;
}

Member Data Documentation

Definition at line 131 of file SAMLToken.h.

std::string Arc::SAMLToken::pubkey_str [private]

public key string under <ds:KeyInfo/> (under <saml:Assertion/>'s <saml:Subject/>), which is used sign the soap body message: ["Subject"]["SubjectConfirmation"]["KeyInfo"]["KeyValue"]; Alternative is: ["Subject"]["SubjectConfirmation"]["KeyInfo"]["X509Data"]["X509Certificate"]

Definition at line 136 of file SAMLToken.h.

Definition at line 142 of file SAMLToken.h.

xmlNodePtr Arc::SAMLToken::wsse_signature_nd [private]

Definition at line 132 of file SAMLToken.h.

std::string Arc::SAMLToken::x509cert_str [private]

dsig:X509Data> inside <saml:Assertion/>'s <ds:Signature/>, which is used to sign the assertion itself

Definition at line 138 of file SAMLToken.h.

Definition at line 140 of file SAMLToken.h.


The documentation for this class was generated from the following files: