Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Static Protected Attributes | Private Attributes
ArcSec::SAML2SSO_AssertionConsumerSH Class Reference

Implement the funcionality of the Service Provider in SAML2 SSO profile. More...

#include <SAML2SSO_AssertionConsumerSH.h>

Inheritance diagram for ArcSec::SAML2SSO_AssertionConsumerSH:
Inheritance graph
[legend]
Collaboration diagram for ArcSec::SAML2SSO_AssertionConsumerSH:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 SAML2SSO_AssertionConsumerSH (Arc::Config *cfg, Arc::ChainContext *ctx)
virtual ~SAML2SSO_AssertionConsumerSH (void)
virtual bool Handle (Arc::Message *msg) const

Static Public Member Functions

static Arc::Pluginget_sechandler (Arc::PluginArgument *arg)

Static Protected Attributes

static Arc::Logger logger

Private Attributes

std::string cert_file_
std::string key_file_
std::string ca_file_
std::string ca_dir_
Arc::MCCLoaderSP_service_loader

Detailed Description

Implement the funcionality of the Service Provider in SAML2 SSO profile.

Definition at line 24 of file SAML2SSO_AssertionConsumerSH.h.


Constructor & Destructor Documentation

Definition at line 38 of file SAML2SSO_AssertionConsumerSH.cpp.

                                                                                   :SecHandler(cfg), SP_service_loader(NULL){
  if(!init_xmlsec()) return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 42 of file SAML2SSO_AssertionConsumerSH.cpp.

Here is the call graph for this function:


Member Function Documentation

Definition at line 21 of file SAML2SSO_AssertionConsumerSH.cpp.

                                                                                    {
    ArcSec::SecHandlerPluginArgument* shcarg =
            arg?dynamic_cast<ArcSec::SecHandlerPluginArgument*>(arg):NULL;
    if(!shcarg) return NULL;
    return new ArcSec::SAML2SSO_AssertionConsumerSH((Arc::Config*)(*shcarg),(Arc::ChainContext*)(*shcarg));
}

Here is the call graph for this function:

Implements ArcSec::SecHandler.

Definition at line 47 of file SAML2SSO_AssertionConsumerSH.cpp.

                                                               {
  //Explaination: The SPService checks the authentication result (generated by IdP and sent by 
  //user agent) and records those successful authentication result into "SAMLAssertion". Since 
  //the real client (client to normal service) and user agent (client to SP service) share the 
  //same tcp/tls session (this is why only one copy of base class ClientTCP is needed in the 
  //ClientSAMLInterface), we can use the authentication result from user-agent/SPService for 
  //the decision-making in normal Client/Service interaction.
  //
  //Here the message which includes the endpoint "/saml2sp" is avoided, because
  //this specific endpoint is supposed to participate the SAML2 SSO prifile, check 
  //the authentication result from IdP and record the authentication information 
  //for later saml2ssp_serviceprovider handler, and itself should not be enforced 
  //the saml2sso_serviceprovider handler.
  std::string http_endpoint = msg->Attributes()->get("HTTP:ENDPOINT");
  std::size_t pos = http_endpoint.find("saml2sp");
  if(pos == std::string::npos) {  
    SecAttr* sattr = msg->Auth()->get("SAMLAssertion");
    if(!sattr) {
      logger.msg(ERROR, "Can not get SAMLAssertion SecAttr from message context");
      return false;
    }

    std::string str;
    XMLNode saml_assertion_nd;
    if(!(sattr->Export(SecAttr::SAML, saml_assertion_nd))) return false;
    saml_assertion_nd.GetXML(str);
    std::cout<<"SAML Assertion parsed by SP service: "<<str<<std::endl;



    return true;
  }
  else { return true; }

  return false;

  //TODO: Consume the saml assertion from client side (Push model): assertion inside soap message,
  //assertion inside x509 certificate as exention;
  //Or contact the IdP and get back the saml assertion related to the client(Pull model)

}

Here is the call graph for this function:


Member Data Documentation

Definition at line 29 of file SAML2SSO_AssertionConsumerSH.h.

Definition at line 28 of file SAML2SSO_AssertionConsumerSH.h.

Definition at line 26 of file SAML2SSO_AssertionConsumerSH.h.

Definition at line 27 of file SAML2SSO_AssertionConsumerSH.h.

Arc::Logger ArcSec::SecHandler::logger [static, protected, inherited]

Reimplemented in ArcSec::DelegationSH.

Definition at line 31 of file SecHandler.h.

Definition at line 30 of file SAML2SSO_AssertionConsumerSH.h.


The documentation for this class was generated from the following files: