Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Static Protected Attributes | Private Attributes
ArcSec::SAML2SSO_AssertionConsumerSH Class Reference

Implement the funcionality of the Service Provider in SAML2 SSO profile. More...

#include <SAML2SSO_AssertionConsumerSH.h>

Inheritance diagram for ArcSec::SAML2SSO_AssertionConsumerSH:
Inheritance graph
Collaboration diagram for ArcSec::SAML2SSO_AssertionConsumerSH:
Collaboration graph

List of all members.

Public Member Functions

 SAML2SSO_AssertionConsumerSH (Arc::Config *cfg, Arc::ChainContext *ctx)
virtual ~SAML2SSO_AssertionConsumerSH (void)
virtual bool Handle (Arc::Message *msg) const

Static Public Member Functions

static Arc::Pluginget_sechandler (Arc::PluginArgument *arg)

Static Protected Attributes

static Arc::Logger logger

Private Attributes

std::string cert_file_
std::string key_file_
std::string ca_file_
std::string ca_dir_

Detailed Description

Implement the funcionality of the Service Provider in SAML2 SSO profile.

Definition at line 24 of file SAML2SSO_AssertionConsumerSH.h.

Constructor & Destructor Documentation

Definition at line 38 of file SAML2SSO_AssertionConsumerSH.cpp.

                                                                                   :SecHandler(cfg), SP_service_loader(NULL){
  if(!init_xmlsec()) return;

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 42 of file SAML2SSO_AssertionConsumerSH.cpp.

Here is the call graph for this function:

Member Function Documentation

Definition at line 21 of file SAML2SSO_AssertionConsumerSH.cpp.

    ArcSec::SecHandlerPluginArgument* shcarg =
    if(!shcarg) return NULL;
    return new ArcSec::SAML2SSO_AssertionConsumerSH((Arc::Config*)(*shcarg),(Arc::ChainContext*)(*shcarg));

Here is the call graph for this function:

Implements ArcSec::SecHandler.

Definition at line 47 of file SAML2SSO_AssertionConsumerSH.cpp.

  //Explaination: The SPService checks the authentication result (generated by IdP and sent by 
  //user agent) and records those successful authentication result into "SAMLAssertion". Since 
  //the real client (client to normal service) and user agent (client to SP service) share the 
  //same tcp/tls session (this is why only one copy of base class ClientTCP is needed in the 
  //ClientSAMLInterface), we can use the authentication result from user-agent/SPService for 
  //the decision-making in normal Client/Service interaction.
  //Here the message which includes the endpoint "/saml2sp" is avoided, because
  //this specific endpoint is supposed to participate the SAML2 SSO prifile, check 
  //the authentication result from IdP and record the authentication information 
  //for later saml2ssp_serviceprovider handler, and itself should not be enforced 
  //the saml2sso_serviceprovider handler.
  std::string http_endpoint = msg->Attributes()->get("HTTP:ENDPOINT");
  std::size_t pos = http_endpoint.find("saml2sp");
  if(pos == std::string::npos) {  
    SecAttr* sattr = msg->Auth()->get("SAMLAssertion");
    if(!sattr) {
      logger.msg(ERROR, "Can not get SAMLAssertion SecAttr from message context");
      return false;

    std::string str;
    XMLNode saml_assertion_nd;
    if(!(sattr->Export(SecAttr::SAML, saml_assertion_nd))) return false;
    std::cout<<"SAML Assertion parsed by SP service: "<<str<<std::endl;

    return true;
  else { return true; }

  return false;

  //TODO: Consume the saml assertion from client side (Push model): assertion inside soap message,
  //assertion inside x509 certificate as exention;
  //Or contact the IdP and get back the saml assertion related to the client(Pull model)


Here is the call graph for this function:

Member Data Documentation

Definition at line 29 of file SAML2SSO_AssertionConsumerSH.h.

Definition at line 28 of file SAML2SSO_AssertionConsumerSH.h.

Definition at line 26 of file SAML2SSO_AssertionConsumerSH.h.

Definition at line 27 of file SAML2SSO_AssertionConsumerSH.h.

Arc::Logger ArcSec::SecHandler::logger [static, protected, inherited]

Reimplemented in ArcSec::DelegationSH.

Definition at line 31 of file SecHandler.h.

Definition at line 30 of file SAML2SSO_AssertionConsumerSH.h.

The documentation for this class was generated from the following files: