[shibboleth-sp2] 17/89: SSPCPP-677 - Filter schacHomeOrganization values against shibmd:Scope
Ferenc Wágner
wferi at moszumanska.debian.org
Thu Sep 1 09:24:04 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository shibboleth-sp2.
commit 7fac2e62afd540b4c762bb39d53778a9de2ed309
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Thu May 5 15:45:17 2016 -0400
SSPCPP-677 - Filter schacHomeOrganization values against shibmd:Scope
https://issues.shibboleth.net/jira/browse/SSPCPP-677
AttributeValueMatchesShibMDScope function type added to code and schema.
schacHomeOrganization added to policy and (commented out) to map.
---
Projects/vc10/shibsp/shibsp.vcxproj | 2 +-
Projects/vc10/shibsp/shibsp.vcxproj.filters | 6 +-
configs/attribute-map.xml | 109 +++++++++++----------
configs/attribute-policy.xml | 5 +
schemas/shibboleth-2.0-afp-mf-saml.xsd | 11 +++
shibsp/Makefile.am | 2 +-
shibsp/attribute/filtering/MatchFunctor.h | 5 +-
....cpp => AttributeMatchesShibMDScopeFunctor.cpp} | 40 ++++++--
shibsp/attribute/filtering/impl/MatchFunctor.cpp | 4 +
9 files changed, 117 insertions(+), 67 deletions(-)
diff --git a/Projects/vc10/shibsp/shibsp.vcxproj b/Projects/vc10/shibsp/shibsp.vcxproj
index daf761a..16ac9cd 100644
--- a/Projects/vc10/shibsp/shibsp.vcxproj
+++ b/Projects/vc10/shibsp/shibsp.vcxproj
@@ -251,7 +251,7 @@
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeRequesterInEntityGroupFunctor.cpp" />
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeRequesterRegexFunctor.cpp" />
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeRequesterStringFunctor.cpp" />
- <ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeScopeMatchesShibMDScopeFunctor.cpp" />
+ <ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeMatchesShibMDScopeFunctor.cpp" />
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeScopeRegexFunctor.cpp" />
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeScopeStringFunctor.cpp" />
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeValueRegexFunctor.cpp" />
diff --git a/Projects/vc10/shibsp/shibsp.vcxproj.filters b/Projects/vc10/shibsp/shibsp.vcxproj.filters
index 929c38e..0552dce 100644
--- a/Projects/vc10/shibsp/shibsp.vcxproj.filters
+++ b/Projects/vc10/shibsp/shibsp.vcxproj.filters
@@ -141,9 +141,6 @@
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeRequesterStringFunctor.cpp">
<Filter>Source Files\attribute\filtering\impl</Filter>
</ClCompile>
- <ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeScopeMatchesShibMDScopeFunctor.cpp">
- <Filter>Source Files\attribute\filtering\impl</Filter>
- </ClCompile>
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeScopeRegexFunctor.cpp">
<Filter>Source Files\attribute\filtering\impl</Filter>
</ClCompile>
@@ -429,6 +426,9 @@
<ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\RegistrationAuthorityFunctor.cpp">
<Filter>Source Files\attribute\filtering\impl</Filter>
</ClCompile>
+ <ClCompile Include="..\..\..\shibsp\attribute\filtering\impl\AttributeMatchesShibMDScopeFunctor.cpp">
+ <Filter>Source Files\attribute\filtering\impl</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\..\shibsp\GSSRequest.h">
diff --git a/configs/attribute-map.xml b/configs/attribute-map.xml
index c163754..febaf90 100644
--- a/configs/attribute-map.xml
+++ b/configs/attribute-map.xml
@@ -8,30 +8,30 @@
-->
<!-- First some useful eduPerson attributes that many sites might use. -->
-
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
-
- <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
<AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
</Attribute>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
<AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
</Attribute>
-
- <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
-
- <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>
+
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>
<!-- A persistent id attribute that supports personalized anonymous access. -->
@@ -60,13 +60,12 @@
<!-- Some more eduPerson attributes, uncomment these to use them... -->
<!--
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
@@ -76,44 +75,22 @@
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
+ <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+ </Attribute>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
+ <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
-->
+ <!-- SCHAC attributes, uncomment to use... -->
+ <!--
+ <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>
+ -->
+
<!-- Examples of LDAP-based attributes, uncomment to use these... -->
<!--
- <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
- <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
- <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
- <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
- <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
- <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
- <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
- <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
- <Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
- <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
- <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
- <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
- <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
- <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
- <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
- <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
- <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
- <Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
- <Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
- <Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
- <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
- <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
- <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
-
<Attribute name="urn:oid:2.5.4.3" id="cn"/>
<Attribute name="urn:oid:2.5.4.4" id="sn"/>
<Attribute name="urn:oid:2.5.4.42" id="givenName"/>
@@ -141,6 +118,34 @@
<Attribute name="urn:oid:2.5.4.11" id="ou"/>
<Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
<Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
+
+ <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
+ <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
+ <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
+ <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
+ <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
+ <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
+ <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
+ <Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
+ <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
+ <Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
+ <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
+ <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
+ <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
+ <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
+ <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
+ <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
+ <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
+ <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
+ <Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
+ <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
+ <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
+ <Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
+ <Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
+ <Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
+ <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
+ <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
+ <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
-->
</Attributes>
diff --git a/configs/attribute-policy.xml b/configs/attribute-policy.xml
index a2d1742..ba0449f 100644
--- a/configs/attribute-policy.xml
+++ b/configs/attribute-policy.xml
@@ -58,6 +58,11 @@
<afp:AttributeRule attributeID="persistent-id">
<afp:PermitValueRule xsi:type="saml:NameIDQualifierString"/>
</afp:AttributeRule>
+
+ <!-- Enforce that the values of schacHomeOrganization are a valid Scope. -->
+ <afp:AttributeRule attributeID="schacHomeOrganization">
+ <afp:PermitValueRule xsi:type="saml:AttributeValueMatchesShibMDScope" />
+ </afp:AttributeRule>
<!-- Catch-all that passes everything else through unmolested. -->
<afp:AttributeRule attributeID="*">
diff --git a/schemas/shibboleth-2.0-afp-mf-saml.xsd b/schemas/shibboleth-2.0-afp-mf-saml.xsd
index 86380b1..4161f58 100644
--- a/schemas/shibboleth-2.0-afp-mf-saml.xsd
+++ b/schemas/shibboleth-2.0-afp-mf-saml.xsd
@@ -247,6 +247,17 @@
</complexContent>
</complexType>
+ <complexType name="AttributeValueMatchesShibMDScope">
+ <annotation>
+ <documentation>
+ A match function that ensures that an attribute's value matches a scope given in metadata for the entity or role.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="afp:MatchFunctorType" />
+ </complexContent>
+ </complexType>
+
<complexType name="AttributeIssuerRegistrationAuthority">
<annotation>
<documentation>
diff --git a/shibsp/Makefile.am b/shibsp/Makefile.am
index 6e75bc7..b5dbbb4 100644
--- a/shibsp/Makefile.am
+++ b/shibsp/Makefile.am
@@ -211,7 +211,7 @@ libshibsp_la_SOURCES = \
attribute/filtering/impl/AttributeRequesterEntityAttributeFunctor.cpp \
attribute/filtering/impl/AttributeIssuerEntityMatcherFunctor.cpp \
attribute/filtering/impl/AttributeRequesterEntityMatcherFunctor.cpp \
- attribute/filtering/impl/AttributeScopeMatchesShibMDScopeFunctor.cpp \
+ attribute/filtering/impl/AttributeMatchesShibMDScopeFunctor.cpp \
attribute/filtering/impl/RegistrationAuthorityFunctor.cpp \
attribute/resolver/impl/ChainingAttributeResolver.cpp \
attribute/resolver/impl/QueryAttributeResolver.cpp \
diff --git a/shibsp/attribute/filtering/MatchFunctor.h b/shibsp/attribute/filtering/MatchFunctor.h
index 8b9ac58..9622665 100644
--- a/shibsp/attribute/filtering/MatchFunctor.h
+++ b/shibsp/attribute/filtering/MatchFunctor.h
@@ -146,9 +146,12 @@ namespace shibsp {
/** Matches based on requester and pluggable criteria. */
extern SHIBSP_API xmltooling::QName AttributeRequesterEntityMatcherType;
- /** Matches based on metadata Scope extensions. */
+ /** Matches scope based on metadata Scope extensions. */
extern SHIBSP_API xmltooling::QName AttributeScopeMatchesShibMDScopeType;
+ /** Matches value based on metadata Scope extensions. */
+ extern SHIBSP_API xmltooling::QName AttributeValueMatchesShibMDScopeType;
+
/** Matches based on NameID NameQualifiers. */
extern SHIBSP_API xmltooling::QName NameIDQualifierStringType;
diff --git a/shibsp/attribute/filtering/impl/AttributeScopeMatchesShibMDScopeFunctor.cpp b/shibsp/attribute/filtering/impl/AttributeMatchesShibMDScopeFunctor.cpp
similarity index 73%
rename from shibsp/attribute/filtering/impl/AttributeScopeMatchesShibMDScopeFunctor.cpp
rename to shibsp/attribute/filtering/impl/AttributeMatchesShibMDScopeFunctor.cpp
index c78f0b6..2d64126 100644
--- a/shibsp/attribute/filtering/impl/AttributeScopeMatchesShibMDScopeFunctor.cpp
+++ b/shibsp/attribute/filtering/impl/AttributeMatchesShibMDScopeFunctor.cpp
@@ -42,12 +42,10 @@ using namespace std;
namespace shibsp {
- static const XMLCh groupID[] = UNICODE_LITERAL_7(g,r,o,u,p,I,D);
-
/**
- * A match function that ensures that an attributes value's scope matches a scope given in metadata for the entity or role.
+ * A match function that ensures that a string matches a scope given in metadata for the entity or role.
*/
- class SHIBSP_DLLLOCAL AttributeScopeMatchesShibMDScopeFunctor : public MatchFunctor
+ class SHIBSP_DLLLOCAL AbstractAttributeMatchesShibMDScopeFunctor : public MatchFunctor
{
public:
bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
@@ -59,10 +57,10 @@ namespace shibsp {
if (!issuer)
return false;
- const char* scope = attribute.getScope(index);
- if (!scope || !*scope)
+ const char* s = getStringToMatch(attribute, index);
+ if (!s || !*s)
return false;
- auto_arrayptr<XMLCh> widescope(fromUTF8(scope));
+ auto_arrayptr<XMLCh> widestr(fromUTF8(s));
const Scope* rule;
const Extensions* ext = issuer->getExtensions();
@@ -70,7 +68,7 @@ namespace shibsp {
const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
for (vector<XMLObject*>::const_iterator e = exts.begin(); e != exts.end(); ++e) {
rule = dynamic_cast<const Scope*>(*e);
- if (rule && matches(*rule, widescope)) {
+ if (rule && matches(*rule, widestr)) {
return true;
}
}
@@ -81,7 +79,7 @@ namespace shibsp {
const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
for (vector<XMLObject*>::const_iterator e = exts.begin(); e != exts.end(); ++e) {
rule = dynamic_cast<const Scope*>(*e);
- if (rule && matches(*rule, widescope)) {
+ if (rule && matches(*rule, widestr)) {
return true;
}
}
@@ -90,6 +88,9 @@ namespace shibsp {
return false;
}
+ protected:
+ virtual const char* getStringToMatch(const Attribute& attribute, size_t index) const = 0;
+
private:
bool matches(const Scope& rule, auto_arrayptr<XMLCh>& scope) const {
const XMLCh* val = rule.getValue();
@@ -106,9 +107,30 @@ namespace shibsp {
}
};
+ class AttributeScopeMatchesShibMDScopeFunctor : public AbstractAttributeMatchesShibMDScopeFunctor
+ {
+ protected:
+ const char* getStringToMatch(const Attribute& attribute, size_t index) const {
+ return attribute.getScope(index);
+ }
+ };
+
+ class AttributeValueMatchesShibMDScopeFunctor : public AbstractAttributeMatchesShibMDScopeFunctor
+ {
+ protected:
+ const char* getStringToMatch(const Attribute& attribute, size_t index) const {
+ return attribute.getString(index);
+ }
+ };
+
MatchFunctor* SHIBSP_DLLLOCAL AttributeScopeMatchesShibMDScopeFactory(const pair<const FilterPolicyContext*,const DOMElement*>& p)
{
return new AttributeScopeMatchesShibMDScopeFunctor();
}
+ MatchFunctor* SHIBSP_DLLLOCAL AttributeValueMatchesShibMDScopeFactory(const pair<const FilterPolicyContext*,const DOMElement*>& p)
+ {
+ return new AttributeValueMatchesShibMDScopeFunctor();
+ }
+
};
diff --git a/shibsp/attribute/filtering/impl/MatchFunctor.cpp b/shibsp/attribute/filtering/impl/MatchFunctor.cpp
index 689989a..e69c337 100644
--- a/shibsp/attribute/filtering/impl/MatchFunctor.cpp
+++ b/shibsp/attribute/filtering/impl/MatchFunctor.cpp
@@ -72,6 +72,7 @@ namespace shibsp {
DECL_FACTORY(AttributeIssuerEntityMatcher);
DECL_FACTORY(AttributeRequesterEntityMatcher);
DECL_FACTORY(AttributeScopeMatchesShibMDScope);
+ DECL_FACTORY(AttributeValueMatchesShibMDScope);
DECL_FACTORY(NameIDQualifierString);
DECL_FACTORY(AttributeIssuerRegistrationAuthority);
DECL_FACTORY(RegistrationAuthority);
@@ -104,6 +105,7 @@ namespace shibsp {
static const XMLCh AttributeIssuerEntityMatcher[] = UNICODE_LITERAL_28(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,E,n,t,i,t,y,M,a,t,c,h,e,r);
static const XMLCh AttributeRequesterEntityMatcher[] = UNICODE_LITERAL_31(A,t,t,r,i,b,u,t,e,R,e,q,u,e,s,t,e,r,E,n,t,i,t,y,M,a,t,c,h,e,r);
static const XMLCh AttributeScopeMatchesShibMDScope[] = UNICODE_LITERAL_32(A,t,t,r,i,b,u,t,e,S,c,o,p,e,M,a,t,c,h,e,s,S,h,i,b,M,D,S,c,o,p,e);
+ static const XMLCh AttributeValueMatchesShibMDScope[] = UNICODE_LITERAL_32(A,t,t,r,i,b,u,t,e,V,a,l,u,e,M,a,t,c,h,e,s,S,h,i,b,M,D,S,c,o,p,e);
static const XMLCh NameIDQualifierString[] = UNICODE_LITERAL_21(N,a,m,e,I,D,Q,u,a,l,i,f,i,e,r,S,t,r,i,n,g);
static const XMLCh AttributeIssuerRegistrationAuthority[] = UNICODE_LITERAL_36(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,R,e,g,i,s,t,r,a,t,i,o,n,A,u,t,h,o,r,i,t,y);
static const XMLCh RegistrationAuthority[] = UNICODE_LITERAL_21(R,e,g,i,s,t,r,a,t,i,o,n,A,u,t,h,o,r,i,t,y);
@@ -136,6 +138,7 @@ DECL_SAML_QNAME(EntityAttributeRegexMatch, EntityAttributeRegexMatch);
DECL_SAML_QNAME(AttributeIssuerEntityMatcher, AttributeIssuerEntityMatcher);
DECL_SAML_QNAME(AttributeRequesterEntityMatcher, AttributeRequesterEntityMatcher);
DECL_SAML_QNAME(AttributeScopeMatchesShibMDScope, AttributeScopeMatchesShibMDScope);
+DECL_SAML_QNAME(AttributeValueMatchesShibMDScope, AttributeValueMatchesShibMDScope);
DECL_SAML_QNAME(NameIDQualifierString, NameIDQualifierString);
DECL_SAML_QNAME(AttributeIssuerRegistrationAuthority, AttributeIssuerRegistrationAuthority);
DECL_SAML_QNAME(RegistrationAuthority, RegistrationAuthority);
@@ -168,6 +171,7 @@ void SHIBSP_API shibsp::registerMatchFunctors()
REGISTER_FACTORY(AttributeIssuerEntityMatcher);
REGISTER_FACTORY(AttributeRequesterEntityMatcher);
REGISTER_FACTORY(AttributeScopeMatchesShibMDScope);
+ REGISTER_FACTORY(AttributeValueMatchesShibMDScope);
REGISTER_FACTORY(NameIDQualifierString);
REGISTER_FACTORY(AttributeIssuerRegistrationAuthority);
REGISTER_FACTORY(RegistrationAuthority);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list