Re-organization of the Relying Party code in order to support new configuration seman...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 11 Sep 2006 21:42:51 +0000 (21:42 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 11 Sep 2006 21:42:51 +0000 (21:42 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2019 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/common/RelyingParty.java
src/edu/internet2/middleware/shibboleth/common/RelyingPartyMapper.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/common/RelyingPartyMapperException.java [moved from src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapperException.java with 86% similarity]
src/edu/internet2/middleware/shibboleth/common/ServiceProvider.java
src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java [deleted file]
src/edu/internet2/middleware/shibboleth/idp/IdPConfig.java
src/edu/internet2/middleware/shibboleth/idp/IdPProtocolSupport.java
src/edu/internet2/middleware/shibboleth/idp/IdPResponder.java

index 60e745d..88a1953 100644 (file)
 
 package edu.internet2.middleware.shibboleth.common;
 
-import java.net.URI;
-
 /**
- * Defines a relationship between service providers and an identity provider. In Shibboleth parlance, a relying party
- * represents a SP or group of SPs (perhaps a federation).
+ * Defines a configuration relationship between service providers and an identity provider. In Shibboleth parlance, a
+ * relying party represents a SP or group of SPs (perhaps a federation).
  * 
  * @author Walter Hoehn
  */
-public interface RelyingParty extends ServiceProvider {
-
-       /**
-        * Returns the name of the relying party. If the relying party is a Shibboleth SP (not a group), this function
-        * returns the same thing as {@link #getProviderId}.
-        * 
-        * @return name of the relying party
-        */
-       public String getName();
+public interface RelyingParty {
 
        /**
         * Returns the appropriate identity provider to create assertions for this relying party.
@@ -42,23 +32,6 @@ public interface RelyingParty extends ServiceProvider {
        public IdentityProvider getIdentityProvider();
 
        /**
-        * Returns an array of identifiers for looking up the name mappings to be used when responding to queries from this
-        * {@link RelyingParty}. The array is ordered by the preference that should be given to use of the given name
-        * mappings.
-        * 
-        * @return the ids of the mappers
-        */
-       public String[] getNameMapperIds();
-
-       /**
-        * The authentication method that should be included in assertions to the {@link RelyingParty}, if one is not found
-        * in HTTP request headers.
-        * 
-        * @return the identifier for the method
-        */
-       public URI getDefaultAuthMethod();
-
-       /**
         * A boolean indication of whether internal errors should be transmitted to this {@link RelyingParty}
         */
        public boolean passThruErrors();
@@ -103,9 +76,4 @@ public interface RelyingParty extends ServiceProvider {
         */
        public String getDefaultTarget();
 
-       /**
-        * Boolean indicator of whether or not the legacy schema hack should be used. Older versions of xerces require
-        * (xsi:type="typens:AttributeValueType") on the attribute value to get around a validation bug.
-        */
-       public boolean wantsSchemaHack();
 }
diff --git a/src/edu/internet2/middleware/shibboleth/common/RelyingPartyMapper.java b/src/edu/internet2/middleware/shibboleth/common/RelyingPartyMapper.java
new file mode 100644 (file)
index 0000000..31ae5b4
--- /dev/null
@@ -0,0 +1,439 @@
+/*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.common;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import edu.internet2.middleware.shibboleth.idp.IdPConfig;
+
+/**
+ * Class for determining the effective relying party from the unique id of the service provider. Checks first for an
+ * exact match on the service provider, then for membership in a group of providers (perhaps a federation). Uses the
+ * default relying party if neither is found.
+ * 
+ * @author Walter Hoehn
+ */
+public class RelyingPartyMapper {
+
+       private static Logger log = Logger.getLogger(RelyingPartyMapper.class.getName());
+       protected Map<String, NamedRelyingParty> relyingParties = new HashMap<String, NamedRelyingParty>();
+       protected RelyingParty defaultRelyingParty;
+       protected RelyingParty anonymousRelyingParty;
+
+       private MetadataProvider metaData;
+       private Credentials credentials;
+
+       public RelyingPartyMapper(Element rawConfig, IdPConfig configuration, Credentials credentials, NameMapper nameMapper)
+                       throws RelyingPartyMapperException {
+
+               this.credentials = credentials;
+
+               // Load specified <RelyingParty/> elements
+               NodeList itemElements = rawConfig.getElementsByTagNameNS(IdPConfig.configNameSpace, "RelyingParty");
+               for (int i = 0; i < itemElements.getLength(); i++) {
+                       addRelyingParty((Element) itemElements.item(i));
+               }
+
+               // Load <AnonymousRelyingParty/> element, if specified
+               itemElements = rawConfig.getElementsByTagNameNS(IdPConfig.configNameSpace, "AnonymousRelyingParty");
+               if (itemElements.getLength() > 1) {
+                       log.error("Found multiple <AnonymousRelyingParty/> elements.  Ignoring all but the first...");
+               }
+               if (itemElements.getLength() < 1) {
+                       log.error("No <AnonymousRelyingParty/> elements found.  Disabling support for responding "
+                                       + "to anonymous relying parties.");
+               } else {
+                       addAnonymousRelyingParty((Element) itemElements.item(0));
+               }
+
+               // Load <DefaultRelyingParty/> element, if specified
+               itemElements = rawConfig.getElementsByTagNameNS(IdPConfig.configNameSpace, "DefaultRelyingParty");
+               if (itemElements.getLength() > 1) {
+                       log.error("Found multiple <DefaultRelyingParty/> elements.  Ignoring all but the first...");
+               }
+               if (itemElements.getLength() < 1) {
+                       log.error("No <DefaultRelyingParty/> elements found.  Disabling support for responding "
+                                       + "to anonymous relying parties.");
+               } else {
+                       addDefaultRelyingParty((Element) itemElements.item(0));
+               }
+       }
+
+       public boolean anonymousSuported() {
+
+               return (anonymousRelyingParty != null);
+       }
+
+       public RelyingParty getAnonymousRelyingParty() {
+
+               return anonymousRelyingParty;
+
+       }
+
+       public void setMetadata(MetadataProvider metadata) {
+
+               this.metaData = metadata;
+       }
+
+       private NamedRelyingParty findRelyingPartyByGroup(String providerIdFromSP) {
+
+               if (metaData == null) { return null; }
+
+               // Attempt to lookup the entity in the metdata
+               EntityDescriptor provider = null;
+               try {
+                       provider = metaData.getEntityDescriptor(providerIdFromSP);
+               } catch (MetadataProviderException e) {
+                       log.error("Problem encountered during metadata lookup of entity (" + providerIdFromSP + "): " + e);
+               }
+
+               // OK, if we found it travel recurse down the tree of parent entities
+               if (provider != null) {
+                       EntitiesDescriptor parent = getParentEntitiesDescriptor(provider);
+
+                       while (parent != null) {
+                               if (parent.getName() != null) {
+                                       if (relyingParties.containsKey(parent.getName())) {
+                                               log.info("Found matching Relying Party for group (" + parent.getName() + ").");
+                                               return (NamedRelyingParty) relyingParties.get(parent.getName());
+                                       } else {
+                                               log.debug("Provider is a member of group (" + parent.getName()
+                                                               + "), but no matching Relying Party was found.");
+                                       }
+                               }
+                               parent = getParentEntitiesDescriptor(parent);
+                       }
+               }
+               return null;
+       }
+
+       /**
+        * Returns the appropriate relying party for the supplied service provider id.
+        */
+       public RelyingParty getRelyingParty(String providerIdFromSP) {
+
+               if (providerIdFromSP == null || providerIdFromSP.equals("")) { throw new IllegalArgumentException(
+                               "Incorrect use of ServiceProviderMapper.  Cannot lookup relying party without a provider ID."); }
+
+               // Look for a configuration for the specific relying party
+               if (relyingParties.containsKey(providerIdFromSP)) {
+                       log.info("Found Relying Party for (" + providerIdFromSP + ").");
+                       return (RelyingParty) relyingParties.get(providerIdFromSP);
+               }
+
+               // Lookup by group
+               // Next, check to see if the relying party is in any groups
+               NamedRelyingParty groupParty = findRelyingPartyByGroup(providerIdFromSP);
+               if (groupParty != null) {
+                       log.info("Provider is a member of Relying Party (" + groupParty.getName() + ").");
+                       return groupParty;
+               }
+
+               // Use default if we have one
+               if (defaultRelyingParty != null) {
+                       log.debug("No matching relying party found.  Using default relying party.");
+                       return defaultRelyingParty;
+               }
+
+               // Alright, there's nothing available to us
+               return null;
+
+       }
+
+       private void addRelyingParty(Element e) throws RelyingPartyMapperException {
+
+               log.debug("Found a Relying Party configuration element.");
+               try {
+                       if (e.getLocalName().equals("RelyingParty")) {
+                               NamedRelyingParty party = new NamedRelyingParty(e, credentials);
+                               log.debug("Relying Party (" + party.getName() + ") loaded.");
+                               relyingParties.put(party.getName(), party);
+                       }
+               } catch (RelyingPartyMapperException exc) {
+                       log.error("Encountered an error while attempting to load Relying Party configuration.  Skipping...");
+               }
+       }
+
+       private void addAnonymousRelyingParty(Element e) throws RelyingPartyMapperException {
+
+               log.debug("Found an Anonymous Relying Party configuration element.");
+               try {
+                       if (e.getLocalName().equals("AnonymousRelyingParty")) {
+                               RelyingParty party = new RelyingPartyImpl(e, credentials);
+                               log.debug("Anonymous Relying Party loaded.");
+                               anonymousRelyingParty = party;
+                       }
+               } catch (RelyingPartyMapperException exc) {
+                       log.error("Encountered an error while attempting to load Anonymous Relying"
+                                       + " Party configuration.  Skipping...");
+               }
+       }
+
+       private void addDefaultRelyingParty(Element e) throws RelyingPartyMapperException {
+
+               log.debug("Found a Default Relying Party configuration element.");
+               try {
+                       if (e.getLocalName().equals("DefaultRelyingParty")) {
+                               RelyingParty party = new RelyingPartyImpl(e, credentials);
+                               log.debug("Default Relying Party loaded.");
+                               defaultRelyingParty = party;
+                       }
+               } catch (RelyingPartyMapperException exc) {
+                       log.error("Encountered an error while attempting to load Default "
+                                       + "Relying Party configuration.  Skipping...");
+               }
+       }
+
+       private EntitiesDescriptor getParentEntitiesDescriptor(XMLObject entity) {
+
+               Object parent = entity.getParent();
+
+               if (parent instanceof EntitiesDescriptor) { return (EntitiesDescriptor) parent; }
+
+               return null;
+       }
+
+       /**
+        * Base relying party implementation.
+        * 
+        * @author Walter Hoehn
+        */
+       protected class RelyingPartyImpl implements RelyingParty {
+
+               private RelyingPartyIdentityProvider identityProvider;
+               private String providerId;
+               private boolean passThruErrors = false;
+               private boolean forceAttributePush = false;
+               private boolean forceAttributeNoPush = false;
+               private boolean singleAssertion = false;
+               private boolean defaultToPOST = true;
+               private boolean wantsAssertionsSigned = false;
+               private int preferredArtifactType = 1;
+               private String defaultTarget;
+
+               public RelyingPartyImpl(Element partyConfig, Credentials credentials) throws RelyingPartyMapperException {
+
+                       // Process overrides for global configuration data
+                       String attribute = ((Element) partyConfig).getAttribute("providerId");
+                       if (attribute == null || attribute.equals("")) {
+                               log.error("Relying Party providerId not set.  Add a (providerId) " + "attribute to <RelyingParty>.");
+                               throw new RelyingPartyMapperException("Required configuration not specified.");
+                       }
+                       providerId = attribute;
+                       log.debug("Setting providerId for Relying Party to (" + attribute + ").");
+
+                       attribute = ((Element) partyConfig).getAttribute("passThruErrors");
+                       if (attribute != null && !attribute.equals("")) {
+                               log.debug("Setting passThruErrors for Relying Pary with (" + attribute + ").");
+                               passThruErrors = Boolean.valueOf(attribute).booleanValue();
+                       }
+
+                       // SSO profile defaulting
+                       attribute = ((Element) partyConfig).getAttribute("defaultToPOSTProfile");
+                       if (attribute != null && !attribute.equals("")) {
+                               defaultToPOST = Boolean.valueOf(attribute).booleanValue();
+                       }
+                       if (defaultToPOST) {
+                               log.debug("Relying party defaults to POST profile.");
+                       } else {
+                               log.debug("Relying party defaults to Artifact profile.");
+                       }
+
+                       attribute = ((Element) partyConfig).getAttribute("singleAssertion");
+                       if (attribute != null && !attribute.equals("")) {
+                               singleAssertion = Boolean.valueOf(attribute).booleanValue();
+                       }
+                       if (singleAssertion) {
+                               log.debug("Relying party defaults to a single assertion when pushing attributes.");
+                       } else {
+                               log.debug("Relying party defaults to multiple assertions when pushing attributes.");
+                       }
+
+                       // Relying Party wants assertions signed?
+                       attribute = ((Element) partyConfig).getAttribute("signAssertions");
+                       if (attribute != null && !attribute.equals("")) {
+                               wantsAssertionsSigned = Boolean.valueOf(attribute).booleanValue();
+                       }
+                       if (wantsAssertionsSigned) {
+                               log.debug("Relying party wants SAML Assertions to be signed.");
+                       } else {
+                               log.debug("Relying party does not want SAML Assertions to be signed.");
+                       }
+
+                       // Set a default target for use in artifact redirects
+                       defaultTarget = ((Element) partyConfig).getAttribute("defaultTarget");
+
+                       // Determine whether or not we are forcing attribute push on or off
+                       String forcePush = ((Element) partyConfig).getAttribute("forceAttributePush");
+                       String forceNoPush = ((Element) partyConfig).getAttribute("forceAttributeNoPush");
+
+                       if (forcePush != null && Boolean.valueOf(forcePush).booleanValue() && forceNoPush != null
+                                       && Boolean.valueOf(forceNoPush).booleanValue()) {
+                               log.error("Invalid configuration:  Attribute push is forced to ON and OFF for this relying "
+                                               + "party.  Turning off forcing in favor of profile defaults.");
+                       } else {
+                               forceAttributePush = Boolean.valueOf(forcePush).booleanValue();
+                               forceAttributeNoPush = Boolean.valueOf(forceNoPush).booleanValue();
+                               log.debug("Attribute push forcing is set to (" + forceAttributePush + ").");
+                               log.debug("No attribute push forcing is set to (" + forceAttributeNoPush + ").");
+                       }
+
+                       attribute = ((Element) partyConfig).getAttribute("preferredArtifactType");
+                       if (attribute != null && !attribute.equals("")) {
+                               log.debug("Overriding preferredArtifactType for Relying Pary with (" + attribute + ").");
+                               try {
+                                       preferredArtifactType = Integer.parseInt(attribute);
+                               } catch (NumberFormatException e) {
+                                       log.error("(preferredArtifactType) attribute to is not a valid integer.");
+                                       throw new RelyingPartyMapperException("Configuration is invalid.");
+                               }
+                               log.debug("Preferred artifact type: (" + preferredArtifactType + ").");
+                       }
+
+                       // Load the credential for signing
+                       String credentialName = ((Element) partyConfig).getAttribute("signingCredential");
+                       Credential signingCredential = credentials.getCredential(credentialName);
+                       if (signingCredential == null) {
+                               if (credentialName == null || credentialName.equals("")) {
+                                       log.error("Relying Party credential not set.  Add a (signingCredential) "
+                                                       + "attribute to <RelyingParty>.");
+                                       throw new RelyingPartyMapperException("Required configuration not specified.");
+                               } else {
+                                       log.error("Relying Party credential invalid.  Fix the (signingCredential) attribute "
+                                                       + "on <RelyingParty>.");
+                                       throw new RelyingPartyMapperException("Required configuration is invalid.");
+                               }
+
+                       }
+
+                       // Initialize and Identity Provider object for this use by this relying party
+                       identityProvider = new RelyingPartyIdentityProvider(providerId, signingCredential);
+
+               }
+
+               public IdentityProvider getIdentityProvider() {
+
+                       return identityProvider;
+               }
+
+
+               public boolean passThruErrors() {
+
+                       return passThruErrors;
+               }
+
+               public boolean forceAttributePush() {
+
+                       return forceAttributePush;
+               }
+
+               public boolean forceAttributeNoPush() {
+
+                       return forceAttributeNoPush;
+               }
+
+               public boolean singleAssertion() {
+
+                       return singleAssertion;
+               }
+
+               public boolean defaultToPOSTProfile() {
+
+                       return defaultToPOST;
+               }
+
+               public boolean wantsAssertionsSigned() {
+
+                       return wantsAssertionsSigned;
+               }
+
+               public int getPreferredArtifactType() {
+
+                       return preferredArtifactType;
+               }
+
+               public String getDefaultTarget() {
+
+                       return defaultTarget;
+               }
+
+               /**
+                * Default identity provider implementation.
+                * 
+                * @author Walter Hoehn
+                */
+               protected class RelyingPartyIdentityProvider implements IdentityProvider {
+
+                       private String providerId;
+                       private Credential credential;
+
+                       public RelyingPartyIdentityProvider(String providerId, Credential credential) {
+
+                               this.providerId = providerId;
+                               this.credential = credential;
+                       }
+
+                       /*
+                        * @see edu.internet2.middleware.shibboleth.common.IdentityProvider#getProviderId()
+                        */
+                       public String getProviderId() {
+
+                               return providerId;
+                       }
+
+                       /*
+                        * @see edu.internet2.middleware.shibboleth.common.IdentityProvider#getSigningCredential()
+                        */
+                       public Credential getSigningCredential() {
+
+                               return credential;
+                       }
+               }
+       }
+
+       class NamedRelyingParty extends RelyingPartyImpl {
+
+               private String name;
+
+               public NamedRelyingParty(Element partyConfig, Credentials credentials) throws RelyingPartyMapperException {
+
+                       super(partyConfig, credentials);
+                       // Get party name
+                       name = ((Element) partyConfig).getAttribute("name");
+                       if (name == null || name.equals("")) {
+                               log.error("Relying Party name not set.  Add a (name) attribute to <RelyingParty>.");
+                               throw new RelyingPartyMapperException("Required configuration not specified.");
+                       }
+                       log.debug("Loading Relying Party: (" + name + ").");
+               }
+
+               public String getName() {
+
+                       return name;
+               }
+       }
+}
\ No newline at end of file
@@ -19,9 +19,9 @@ package edu.internet2.middleware.shibboleth.common;
 /**
  * @author Walter Hoehn
  */
-public class ServiceProviderMapperException extends Exception {
+public class RelyingPartyMapperException extends Exception {
 
-       public ServiceProviderMapperException(String message) {
+       public RelyingPartyMapperException(String message) {
 
                super(message);
        }
index 24f9e80..e98bb7f 100644 (file)
@@ -22,7 +22,7 @@ package edu.internet2.middleware.shibboleth.common;
  * @see IdentityProvider
  * @author Walter Hoehn
  */
-public interface ServiceProvider {
+public interface ServiceProvider extends RelyingParty {
 
        /**
         * Returns the unique identifier for the service provider.
diff --git a/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java b/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
deleted file mode 100644 (file)
index 414136b..0000000
+++ /dev/null
@@ -1,708 +0,0 @@
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.common;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.log4j.Logger;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.XMLObject;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import edu.internet2.middleware.shibboleth.idp.IdPConfig;
-
-/**
- * Class for determining the effective relying party from the unique id of the service provider. Checks first for an
- * exact match on the service provider, then for membership in a group of providers (perhaps a federation). Uses the
- * default relying party if neither is found.
- * 
- * @author Walter Hoehn
- */
-public class ServiceProviderMapper {
-
-       private static Logger log = Logger.getLogger(ServiceProviderMapper.class.getName());
-       protected Map<String, RelyingParty> relyingParties = new HashMap<String, RelyingParty>();
-       private MetadataProvider metaData;
-       private IdPConfig configuration;
-       private Credentials credentials;
-       private NameMapper nameMapper;
-
-       public ServiceProviderMapper(Element rawConfig, IdPConfig configuration, Credentials credentials,
-                       NameMapper nameMapper) throws ServiceProviderMapperException {
-
-               this.configuration = configuration;
-               this.credentials = credentials;
-               this.nameMapper = nameMapper;
-
-               NodeList itemElements = rawConfig.getElementsByTagNameNS(IdPConfig.configNameSpace, "RelyingParty");
-
-               for (int i = 0; i < itemElements.getLength(); i++) {
-                       addRelyingParty((Element) itemElements.item(i));
-               }
-
-               verifyDefaultParty(configuration);
-
-       }
-
-       public void setMetadata(MetadataProvider metadata) {
-
-               this.metaData = metadata;
-       }
-
-       private IdPConfig getIdPConfig() {
-
-               return configuration;
-       }
-
-       protected void verifyDefaultParty(IdPConfig configuration) throws ServiceProviderMapperException {
-
-               // Verify we have a proper default party
-               String defaultParty = configuration.getDefaultRelyingPartyName();
-               if (defaultParty == null || defaultParty.equals("")) {
-                       if (relyingParties.size() != 1) {
-                               log
-                                               .error("Default Relying Party not specified.  Add a (defaultRelyingParty) attribute to <IdPConfig>.");
-                               throw new ServiceProviderMapperException("Required configuration not specified.");
-                       } else {
-                               log.debug("Only one Relying Party loaded.  Using this as the default.");
-                       }
-               }
-               log.debug("Default Relying Party set to: (" + defaultParty + ").");
-               if (!relyingParties.containsKey(defaultParty)) {
-                       log.error("Default Relying Party refers to a Relying Party that has not been loaded.");
-                       throw new ServiceProviderMapperException("Invalid configuration (Default Relying Party).");
-               }
-       }
-
-       protected RelyingParty getRelyingPartyImpl(String providerIdFromSP) {
-
-               // Null request, send the default
-               if (providerIdFromSP == null) {
-                       RelyingParty relyingParty = getDefaultRelyingParty();
-                       log.info("Using default Relying Party: (" + relyingParty.getName() + ").");
-                       return new UnknownProviderWrapper(relyingParty, providerIdFromSP);
-               }
-
-               // Look for a configuration for the specific relying party
-               if (relyingParties.containsKey(providerIdFromSP)) {
-                       log.info("Found Relying Party for (" + providerIdFromSP + ").");
-                       return (RelyingParty) relyingParties.get(providerIdFromSP);
-               }
-
-               // Next, check to see if the relying party is in any groups
-               RelyingParty groupParty = findRelyingPartyByGroup(providerIdFromSP);
-               if (groupParty != null) {
-                       log.info("Provider is a member of Relying Party (" + groupParty.getName() + ").");
-                       return new RelyingPartyGroupWrapper(groupParty, providerIdFromSP);
-               }
-
-               // OK, we can't find it... just send the default
-               RelyingParty relyingParty = getDefaultRelyingParty();
-               log.info("Could not locate Relying Party configuration for (" + providerIdFromSP
-                               + ").  Using default Relying Party: (" + relyingParty.getName() + ").");
-               return new UnknownProviderWrapper(relyingParty, providerIdFromSP);
-       }
-
-       private RelyingParty findRelyingPartyByGroup(String providerIdFromSP) {
-
-               if (metaData == null) { return null; }
-
-               // Attempt to lookup the entity in the metdata
-               EntityDescriptor provider = null;
-               try {
-                       provider = metaData.getEntityDescriptor(providerIdFromSP);
-               } catch (MetadataProviderException e) {
-                       log.error("Problem encountered during metadata lookup of entity (" + providerIdFromSP + "): " + e);
-               }
-
-               // OK, if we found it travel recurse down the tree of parent entities
-               if (provider != null) {
-                       EntitiesDescriptor parent = getParentEntitiesDescriptor(provider);
-
-                       while (parent != null) {
-                               if (parent.getName() != null) {
-                                       if (relyingParties.containsKey(parent.getName())) {
-                                               log.info("Found matching Relying Party for group (" + parent.getName() + ").");
-                                               return (RelyingParty) relyingParties.get(parent.getName());
-                                       } else {
-                                               log.debug("Provider is a member of group (" + parent.getName()
-                                                               + "), but no matching Relying Party was found.");
-                                       }
-                               }
-                               parent = getParentEntitiesDescriptor(parent);
-                       }
-               }
-               return null;
-       }
-
-       public RelyingParty getDefaultRelyingParty() {
-
-               // If there is no explicit default, pick the single configured Relying
-               // Party
-               String defaultParty = getIdPConfig().getDefaultRelyingPartyName();
-               if (defaultParty == null || defaultParty.equals("")) { return (RelyingParty) relyingParties.values().iterator()
-                               .next(); }
-
-               // If we do have a default specified, use it...
-               return (RelyingParty) relyingParties.get(defaultParty);
-       }
-
-       /**
-        * Returns the appropriate relying party for the supplied service provider id.
-        */
-       public RelyingParty getRelyingParty(String providerIdFromSP) {
-
-               if (providerIdFromSP == null || providerIdFromSP.equals("")) {
-                       RelyingParty relyingParty = getDefaultRelyingParty();
-                       log.info("Selecting default Relying Party: (" + relyingParty.getName() + ").");
-                       return new NoMetadataWrapper((RelyingParty) relyingParty);
-               }
-
-               return (RelyingParty) getRelyingPartyImpl(providerIdFromSP);
-       }
-
-       private void addRelyingParty(Element e) throws ServiceProviderMapperException {
-
-               log.debug("Found a Relying Party.");
-               try {
-                       if (e.getLocalName().equals("RelyingParty")) {
-                               RelyingParty party = new RelyingPartyImpl(e, configuration, credentials, nameMapper);
-                               log.debug("Relying Party (" + party.getName() + ") loaded.");
-                               relyingParties.put(party.getName(), party);
-                       }
-               } catch (ServiceProviderMapperException exc) {
-                       log.error("Encountered an error while attempting to load Relying Party configuration.  Skipping...");
-               }
-
-       }
-
-       private EntitiesDescriptor getParentEntitiesDescriptor(XMLObject entity) {
-
-               Object parent = entity.getParent();
-
-               if (parent instanceof EntitiesDescriptor) { return (EntitiesDescriptor) parent; }
-
-               return null;
-       }
-
-       /**
-        * Base relying party implementation.
-        * 
-        * @author Walter Hoehn
-        */
-       protected class RelyingPartyImpl implements RelyingParty {
-
-               private RelyingPartyIdentityProvider identityProvider;
-               private String name;
-               private String overridenIdPProviderId;
-               private URI overridenDefaultAuthMethod;
-               private List<String> mappingIds = new ArrayList<String>();
-               private IdPConfig configuration;
-               private boolean overridenPassThruErrors = false;
-               private boolean passThruIsOverriden = false;
-               private boolean forceAttributePush = false;
-               private boolean forceAttributeNoPush = false;
-               private boolean singleAssertion = false;
-               private boolean defaultToPOST = true;
-               private boolean wantsAssertionsSigned = false;
-               private int preferredArtifactType = 1;
-               private String defaultTarget;
-               private boolean wantsSchemaHack = false;
-
-               public RelyingPartyImpl(Element partyConfig, IdPConfig globalConfig, Credentials credentials,
-                               NameMapper nameMapper) throws ServiceProviderMapperException {
-
-                       configuration = globalConfig;
-
-                       // Get party name
-                       name = ((Element) partyConfig).getAttribute("name");
-                       if (name == null || name.equals("")) {
-                               log.error("Relying Party name not set.  Add a (name) attribute to <RelyingParty>.");
-                               throw new ServiceProviderMapperException("Required configuration not specified.");
-                       }
-                       log.debug("Loading Relying Party: (" + name + ").");
-
-                       // Process overrides for global configuration data
-                       String attribute = ((Element) partyConfig).getAttribute("providerId");
-                       if (attribute != null && !attribute.equals("")) {
-                               log.debug("Overriding providerId for Relying Pary (" + name + ") with (" + attribute + ").");
-                               overridenIdPProviderId = attribute;
-                       }
-
-                       attribute = ((Element) partyConfig).getAttribute("defaultAuthMethod");
-                       if (attribute != null && !attribute.equals("")) {
-                               log.debug("Overriding defaultAuthMethod for Relying Pary (" + name + ") with (" + attribute + ").");
-                               try {
-                                       overridenDefaultAuthMethod = new URI(attribute);
-                               } catch (URISyntaxException e1) {
-                                       log.error("(defaultAuthMethod) attribute to is not a valid URI.");
-                                       throw new ServiceProviderMapperException("Configuration is invalid.");
-                               }
-                       }
-
-                       attribute = ((Element) partyConfig).getAttribute("passThruErrors");
-                       if (attribute != null && !attribute.equals("")) {
-                               log.debug("Overriding passThruErrors for Relying Pary (" + name + ") with (" + attribute + ").");
-                               overridenPassThruErrors = Boolean.valueOf(attribute).booleanValue();
-                               passThruIsOverriden = true;
-                       }
-
-                       // SSO profile defaulting
-                       attribute = ((Element) partyConfig).getAttribute("defaultToPOSTProfile");
-                       if (attribute != null && !attribute.equals("")) {
-                               defaultToPOST = Boolean.valueOf(attribute).booleanValue();
-                       }
-                       if (defaultToPOST) {
-                               log.debug("Relying party defaults to POST profile.");
-                       } else {
-                               log.debug("Relying party defaults to Artifact profile.");
-                       }
-
-                       attribute = ((Element) partyConfig).getAttribute("singleAssertion");
-                       if (attribute != null && !attribute.equals("")) {
-                               singleAssertion = Boolean.valueOf(attribute).booleanValue();
-                       }
-                       if (singleAssertion) {
-                               log.debug("Relying party defaults to a single assertion when pushing attributes.");
-                       } else {
-                               log.debug("Relying party defaults to multiple assertions when pushing attributes.");
-                       }
-
-                       // Relying Party wants assertions signed?
-                       attribute = ((Element) partyConfig).getAttribute("signAssertions");
-                       if (attribute != null && !attribute.equals("")) {
-                               wantsAssertionsSigned = Boolean.valueOf(attribute).booleanValue();
-                       }
-                       if (wantsAssertionsSigned) {
-                               log.debug("Relying party wants SAML Assertions to be signed.");
-                       } else {
-                               log.debug("Relying party does not want SAML Assertions to be signed.");
-                       }
-
-                       // Decide whether or not to use the schema hack for old xerces
-                       attribute = ((Element) partyConfig).getAttribute("schemaHack");
-                       if (attribute != null && !attribute.equals("")) {
-                               wantsSchemaHack = Boolean.valueOf(attribute).booleanValue();
-                       }
-                       if (wantsSchemaHack) {
-                               log.debug("XML schema hack enabled for this relying party.");
-                       }
-
-                       // Set a default target for use in artifact redirects
-                       defaultTarget = ((Element) partyConfig).getAttribute("defaultTarget");
-
-                       // Determine whether or not we are forcing attribute push on or off
-                       String forcePush = ((Element) partyConfig).getAttribute("forceAttributePush");
-                       String forceNoPush = ((Element) partyConfig).getAttribute("forceAttributeNoPush");
-
-                       if (forcePush != null && Boolean.valueOf(forcePush).booleanValue() && forceNoPush != null
-                                       && Boolean.valueOf(forceNoPush).booleanValue()) {
-                               log.error("Invalid configuration:  Attribute push is forced to ON and OFF for this relying "
-                                               + "party.  Turning off forcing in favor of profile defaults.");
-                       } else {
-                               forceAttributePush = Boolean.valueOf(forcePush).booleanValue();
-                               forceAttributeNoPush = Boolean.valueOf(forceNoPush).booleanValue();
-                               log.debug("Attribute push forcing is set to (" + forceAttributePush + ").");
-                               log.debug("No attribute push forcing is set to (" + forceAttributeNoPush + ").");
-                       }
-
-                       attribute = ((Element) partyConfig).getAttribute("preferredArtifactType");
-                       if (attribute != null && !attribute.equals("")) {
-                               log.debug("Overriding preferredArtifactType for Relying Pary (" + name + ") with (" + attribute + ").");
-                               try {
-                                       preferredArtifactType = Integer.parseInt(attribute);
-                               } catch (NumberFormatException e) {
-                                       log.error("(preferredArtifactType) attribute to is not a valid integer.");
-                                       throw new ServiceProviderMapperException("Configuration is invalid.");
-                               }
-                               log.debug("Preferred artifact type: (" + preferredArtifactType + ").");
-                       }
-
-                       // Load and verify the name mappings that should be used in
-                       // assertions for this RelyingParty
-
-                       NodeList nameIDs = ((Element) partyConfig).getElementsByTagNameNS(IdPConfig.configNameSpace, "NameID");
-                       // If no specification. Make sure we have a default mapping
-                       if (nameIDs.getLength() < 1) {
-                               if (nameMapper.getNameIdentifierMappingById(null) == null) {
-                                       log.error("Relying Party NameId configuration not set.  Add a <NameID> element to <RelyingParty>.");
-                                       throw new ServiceProviderMapperException("Required configuration not specified.");
-                               }
-
-                       } else {
-
-                               // We do have a specification, so make sure it points to a
-                               // valid Name Mapping
-
-                               for (int i = 0; i < nameIDs.getLength(); i++) {
-
-                                       String mappingId = ((Element) nameIDs.item(i)).getAttribute("nameMapping");
-                                       if (mappingId == null || mappingId.equals("")) {
-                                               log.error("Name mapping not set.  Add a (nameMapping) attribute to <NameID>.");
-                                               throw new ServiceProviderMapperException("Required configuration not specified.");
-                                       }
-
-                                       if (nameMapper.getNameIdentifierMappingById(mappingId) == null) {
-                                               log.error("Relying Party NameID refers to a name mapping that is not loaded.");
-                                               throw new ServiceProviderMapperException("Required configuration not specified.");
-                                       }
-
-                                       mappingIds.add(mappingId);
-                               }
-                       }
-
-                       // Load the credential for signing
-                       String credentialName = ((Element) partyConfig).getAttribute("signingCredential");
-                       Credential signingCredential = credentials.getCredential(credentialName);
-                       if (signingCredential == null) {
-                               if (credentialName == null || credentialName.equals("")) {
-                                       log.error("Relying Party credential not set.  Add a (signingCredential) "
-                                                       + "attribute to <RelyingParty>.");
-                                       throw new ServiceProviderMapperException("Required configuration not specified.");
-                               } else {
-                                       log.error("Relying Party credential invalid.  Fix the (signingCredential) attribute "
-                                                       + "on <RelyingParty>.");
-                                       throw new ServiceProviderMapperException("Required configuration is invalid.");
-                               }
-
-                       }
-
-                       // Initialize and Identity Provider object for this use by this relying party
-                       identityProvider = new RelyingPartyIdentityProvider(overridenIdPProviderId != null
-                                       ? overridenIdPProviderId
-                                       : configuration.getProviderId(), signingCredential);
-
-               }
-
-               public String getProviderId() {
-
-                       return name;
-               }
-
-               public String getName() {
-
-                       return name;
-               }
-
-               public IdentityProvider getIdentityProvider() {
-
-                       return identityProvider;
-               }
-
-               public String[] getNameMapperIds() {
-
-                       return (String[]) mappingIds.toArray(new String[0]);
-               }
-
-               public URI getDefaultAuthMethod() {
-
-                       if (overridenDefaultAuthMethod != null) {
-                               return overridenDefaultAuthMethod;
-                       } else {
-                               return configuration.getDefaultAuthMethod();
-                       }
-               }
-
-               public boolean passThruErrors() {
-
-                       if (passThruIsOverriden) {
-                               return overridenPassThruErrors;
-                       } else {
-                               return configuration.passThruErrors();
-                       }
-               }
-
-               public boolean forceAttributePush() {
-
-                       return forceAttributePush;
-               }
-
-               public boolean forceAttributeNoPush() {
-
-                       return forceAttributeNoPush;
-               }
-
-               public boolean singleAssertion() {
-
-                       return singleAssertion;
-               }
-
-               public boolean defaultToPOSTProfile() {
-
-                       return defaultToPOST;
-               }
-
-               public boolean wantsAssertionsSigned() {
-
-                       return wantsAssertionsSigned;
-               }
-
-               public int getPreferredArtifactType() {
-
-                       return preferredArtifactType;
-               }
-
-               public String getDefaultTarget() {
-
-                       return defaultTarget;
-               }
-
-               public boolean wantsSchemaHack() {
-
-                       return wantsSchemaHack;
-               }
-
-               /**
-                * Default identity provider implementation.
-                * 
-                * @author Walter Hoehn
-                */
-               protected class RelyingPartyIdentityProvider implements IdentityProvider {
-
-                       private String providerId;
-                       private Credential credential;
-
-                       public RelyingPartyIdentityProvider(String providerId, Credential credential) {
-
-                               this.providerId = providerId;
-                               this.credential = credential;
-                       }
-
-                       /*
-                        * @see edu.internet2.middleware.shibboleth.common.IdentityProvider#getProviderId()
-                        */
-                       public String getProviderId() {
-
-                               return providerId;
-                       }
-
-                       /*
-                        * @see edu.internet2.middleware.shibboleth.common.IdentityProvider#getSigningCredential()
-                        */
-                       public Credential getSigningCredential() {
-
-                               return credential;
-                       }
-               }
-       }
-
-       /**
-        * Relying party implementation wrapper for relying parties that are groups.
-        * 
-        * @author Walter Hoehn
-        */
-       class RelyingPartyGroupWrapper implements RelyingParty {
-
-               private RelyingParty wrapped;
-               private String providerId;
-
-               RelyingPartyGroupWrapper(RelyingParty wrapped, String providerId) {
-
-                       this.wrapped = wrapped;
-                       this.providerId = providerId;
-               }
-
-               public String getName() {
-
-                       return wrapped.getName();
-               }
-
-               public IdentityProvider getIdentityProvider() {
-
-                       return wrapped.getIdentityProvider();
-               }
-
-               public String getProviderId() {
-
-                       return providerId;
-               }
-
-               public String[] getNameMapperIds() {
-
-                       return wrapped.getNameMapperIds();
-               }
-
-               public URI getDefaultAuthMethod() {
-
-                       return wrapped.getDefaultAuthMethod();
-               }
-
-               public boolean passThruErrors() {
-
-                       return wrapped.passThruErrors();
-               }
-
-               public boolean forceAttributePush() {
-
-                       return wrapped.forceAttributePush();
-               }
-
-               public boolean forceAttributeNoPush() {
-
-                       return wrapped.forceAttributeNoPush();
-               }
-
-               public boolean singleAssertion() {
-
-                       return wrapped.singleAssertion();
-               }
-
-               public boolean defaultToPOSTProfile() {
-
-                       return wrapped.defaultToPOSTProfile();
-               }
-
-               public boolean wantsAssertionsSigned() {
-
-                       return wrapped.wantsAssertionsSigned();
-               }
-
-               public int getPreferredArtifactType() {
-
-                       return wrapped.getPreferredArtifactType();
-               }
-
-               public String getDefaultTarget() {
-
-                       return wrapped.getDefaultTarget();
-               }
-
-               public boolean wantsSchemaHack() {
-
-                       return wrapped.wantsSchemaHack();
-               }
-       }
-
-       /**
-        * Relying party implementation wrapper for anonymous service providers.
-        * 
-        * @author Walter Hoehn
-        */
-       protected class UnknownProviderWrapper implements RelyingParty {
-
-               protected RelyingParty wrapped;
-               protected String providerId;
-
-               protected UnknownProviderWrapper(RelyingParty wrapped, String providerId) {
-
-                       this.wrapped = wrapped;
-                       this.providerId = providerId;
-               }
-
-               public String getName() {
-
-                       return wrapped.getName();
-               }
-
-               public IdentityProvider getIdentityProvider() {
-
-                       return wrapped.getIdentityProvider();
-               }
-
-               public String getProviderId() {
-
-                       return providerId;
-               }
-
-               public String[] getNameMapperIds() {
-
-                       return wrapped.getNameMapperIds();
-               }
-
-               public URI getDefaultAuthMethod() {
-
-                       return wrapped.getDefaultAuthMethod();
-               }
-
-               public boolean passThruErrors() {
-
-                       return wrapped.passThruErrors();
-               }
-
-               public boolean forceAttributePush() {
-
-                       return false;
-               }
-
-               public boolean forceAttributeNoPush() {
-
-                       return false;
-               }
-
-               public boolean singleAssertion() {
-
-                       return false;
-               }
-
-               public boolean defaultToPOSTProfile() {
-
-                       return true;
-               }
-
-               public boolean wantsAssertionsSigned() {
-
-                       return wrapped.wantsAssertionsSigned();
-               }
-
-               public int getPreferredArtifactType() {
-
-                       return wrapped.getPreferredArtifactType();
-               }
-
-               public String getDefaultTarget() {
-
-                       return wrapped.getDefaultTarget();
-               }
-
-               public boolean wantsSchemaHack() {
-
-                       return wrapped.wantsSchemaHack();
-               }
-       }
-
-       /**
-        * Relying party wrapper for providers for which we have no metadata
-        * 
-        * @author Walter Hoehn
-        */
-       class NoMetadataWrapper extends UnknownProviderWrapper implements RelyingParty {
-
-               NoMetadataWrapper(RelyingParty wrapped) {
-
-                       super(wrapped, null);
-               }
-
-               public String[] getNameMapperIds() {
-
-                       return ((RelyingParty) wrapped).getNameMapperIds();
-               }
-
-               public URI getDefaultAuthMethod() {
-
-                       return ((RelyingParty) wrapped).getDefaultAuthMethod();
-               }
-       }
-}
\ No newline at end of file
index a9c5bd5..d181399 100644 (file)
@@ -16,9 +16,6 @@
 
 package edu.internet2.middleware.shibboleth.idp;
 
-import java.net.URI;
-import java.net.URISyntaxException;
-
 import org.apache.log4j.Logger;
 import org.w3c.dom.Element;
 
@@ -29,14 +26,12 @@ import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationExcepti
  */
 public class IdPConfig {
 
-       private String defaultRelyingPartyName;
-       private String providerId;
+       // TODO re-evaluate whether or not we need this class... most of it has gone away anyway
+
        public static final String configNameSpace = "urn:mace:shibboleth:idp:config:1.0";
        private String resolverConfig = "/conf/resolver.xml";
-       private boolean passThruErrors = false;
+
        private int maxThreads = 30;
-       private String authHeaderName = "REMOTE_USER";
-       private URI defaultAuthMethod;
 
        private static Logger log = Logger.getLogger(IdPConfig.class.getName());
 
@@ -47,50 +42,13 @@ public class IdPConfig {
 
                log.debug("Loading global configuration properties.");
 
-               // Global providerId
-               providerId = ((Element) config).getAttribute("providerId");
-               if (providerId == null || providerId.equals("")) {
-                       log.error("Global providerId not set.  Add a (providerId) attribute to <IdPConfig/>.");
-                       throw new ShibbolethConfigurationException("Required configuration not specified.");
-               }
-
-               // Default Relying Party
-               defaultRelyingPartyName = ((Element) config).getAttribute("defaultRelyingParty");
-               if (defaultRelyingPartyName == null || defaultRelyingPartyName.equals("")) {
-                       log.error("Default Relying Party not set.  Add a (defaultRelyingParty) attribute to <IdPConfig/>.");
-                       throw new ShibbolethConfigurationException("Required configuration not specified.");
-               }
-
                // Attribute resolver config file location
                String rawResolverConfig = ((Element) config).getAttribute("resolverConfig");
                if (rawResolverConfig != null && !rawResolverConfig.equals("")) {
                        resolverConfig = rawResolverConfig;
                }
 
-               // Global Pass thru error setting
-               String attribute = ((Element) config).getAttribute("passThruErrors");
-               if (attribute != null && !attribute.equals("")) {
-                       passThruErrors = Boolean.valueOf(attribute).booleanValue();
-               }
-
-               attribute = ((Element) config).getAttribute("defaultAuthMethod");
-               if (attribute == null || attribute.equals("")) {
-                       try {
-                               defaultAuthMethod = new URI("urn:oasis:names:tc:SAML:1.0:am:unspecified");
-                       } catch (URISyntaxException e1) {
-                               // Shouldn't happen
-                               throw new ShibbolethConfigurationException("Default Auth Method URI could not be constructed.");
-                       }
-               } else {
-                       try {
-                               defaultAuthMethod = new URI(attribute);
-                       } catch (URISyntaxException e1) {
-                               log.error("(defaultAuthMethod) attribute to is not a valid URI.");
-                               throw new ShibbolethConfigurationException("Required configuration is invalid.");
-                       }
-               }
-
-               attribute = ((Element) config).getAttribute("maxSigningThreads");
+               String attribute = ((Element) config).getAttribute("maxSigningThreads");
                if (attribute != null && !attribute.equals("")) {
                        try {
                                maxThreads = Integer.parseInt(attribute);
@@ -101,27 +59,11 @@ public class IdPConfig {
                }
 
                attribute = ((Element) config).getAttribute("authHeaderName");
-               if (attribute != null && !attribute.equals("")) {
-                       authHeaderName = attribute;
-               }
 
-               log.debug("Global IdP config: (defaultAuthMethod) = (" + getDefaultAuthMethod() + ").");
                log.debug("Global IdP config: (maxSigningThreads) = (" + getMaxThreads() + ").");
-               log.debug("Global IdP config: (authHeaderName) = (" + getAuthHeaderName() + ").");
 
                log.debug("Global IdP config: (resolverConfig) = (" + getResolverConfigLocation() + ").");
-               log.debug("Global IdP config: (passThruErrors) = (" + passThruErrors() + ").");
-               log.debug("Global IdP config: Default Relying Party: (" + getDefaultRelyingPartyName() + ").");
-       }
-
-       public String getProviderId() {
 
-               return providerId;
-       }
-
-       public String getDefaultRelyingPartyName() {
-
-               return defaultRelyingPartyName;
        }
 
        public String getResolverConfigLocation() {
@@ -129,23 +71,9 @@ public class IdPConfig {
                return resolverConfig;
        }
 
-       public boolean passThruErrors() {
-
-               return passThruErrors;
-       }
-
        public int getMaxThreads() {
 
                return maxThreads;
        }
 
-       public String getAuthHeaderName() {
-
-               return authHeaderName;
-       }
-
-       public URI getDefaultAuthMethod() {
-
-               return defaultAuthMethod;
-       }
 }
\ No newline at end of file
index c129d0c..7b7628e 100644 (file)
@@ -47,7 +47,7 @@ import edu.internet2.middleware.shibboleth.artifact.ArtifactMapper;
 import edu.internet2.middleware.shibboleth.common.Credential;
 import edu.internet2.middleware.shibboleth.common.NameMapper;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
-import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
+import edu.internet2.middleware.shibboleth.common.RelyingPartyMapper;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrustEngine;
 import edu.internet2.middleware.shibboleth.metadata.MetadataProviderFactory;
@@ -64,7 +64,7 @@ public class IdPProtocolSupport implements MetadataProvider {
        private Logger transactionLog;
        private IdPConfig config;
        private NameMapper nameMapper;
-       private ServiceProviderMapper spMapper;
+       private RelyingPartyMapper spMapper;
        private ArpEngine arpEngine;
        private AttributeResolver resolver;
        private ArtifactMapper artifactMapper;
@@ -72,7 +72,7 @@ public class IdPProtocolSupport implements MetadataProvider {
        private TrustEngine<X509EntityCredential> trust = new ShibbolethTrustEngine();
        private ChainingMetadataProvider wrappedMetadataProvider = new ChainingMetadataProvider();
 
-       IdPProtocolSupport(IdPConfig config, Logger transactionLog, NameMapper nameMapper, ServiceProviderMapper spMapper,
+       IdPProtocolSupport(IdPConfig config, Logger transactionLog, NameMapper nameMapper, RelyingPartyMapper spMapper,
                        ArpEngine arpEngine, AttributeResolver resolver, ArtifactMapper artifactMapper)
                        throws ShibbolethConfigurationException {
 
@@ -104,7 +104,7 @@ public class IdPProtocolSupport implements MetadataProvider {
                return nameMapper;
        }
 
-       public ServiceProviderMapper getServiceProviderMapper() {
+       public RelyingPartyMapper getRelyingPartyMapper() {
 
                return spMapper;
        }
@@ -201,12 +201,7 @@ public class IdPProtocolSupport implements MetadataProvider {
                        Map<String, AAAttribute> attributes = new HashMap<String, AAAttribute>();
                        for (URI name : attributeNames) {
 
-                               AAAttribute attribute = null;
-                               if (relyingParty.wantsSchemaHack()) {
-                                       attribute = new AAAttribute(name.toString(), true);
-                               } else {
-                                       attribute = new AAAttribute(name.toString(), false);
-                               }
+                               AAAttribute attribute = new AAAttribute(name.toString(), false);
                                attributes.put(attribute.getName(), attribute);
                        }
 
index 715b534..21bc6cf 100644 (file)
@@ -50,8 +50,8 @@ import edu.internet2.middleware.shibboleth.common.Credentials;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
 import edu.internet2.middleware.shibboleth.common.NameMapper;
-import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
-import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
+import edu.internet2.middleware.shibboleth.common.RelyingPartyMapper;
+import edu.internet2.middleware.shibboleth.common.RelyingPartyMapperException;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.log.LoggingInitializer;
 
@@ -134,11 +134,11 @@ public class IdPResponder extends HttpServlet {
                        Credentials credentials = new Credentials((Element) itemElements.item(0));
 
                        // Load relying party config
-                       ServiceProviderMapper spMapper;
+                       RelyingPartyMapper spMapper;
                        try {
-                               spMapper = new ServiceProviderMapper(idPConfig.getDocumentElement(), configuration, credentials,
+                               spMapper = new RelyingPartyMapper(idPConfig.getDocumentElement(), configuration, credentials,
                                                nameMapper);
-                       } catch (ServiceProviderMapperException e) {
+                       } catch (RelyingPartyMapperException e) {
                                log.error("Could not load Identity Provider configuration: " + e);
                                throw new ShibbolethConfigurationException("Could not load Identity Provider configuration.");
                        }