Skip to Content.
Sympa Menu

mace-opensaml-users - cpp-opensaml2: BindingExceptions while decoding

Subject: OpenSAML user discussion

List archive

cpp-opensaml2: BindingExceptions while decoding


Chronological Thread 
  • From: Andreas Vallen <>
  • To: , Scott Cantor <>
  • Subject: cpp-opensaml2: BindingExceptions while decoding
  • Date: Mon, 05 Feb 2007 12:51:04 +0100

Hello Scott,

Some time ago you refactored the SecurityPolicyRules so that messages were successfully decoded even when the message violated some of the rules.

In order to indicate its result, a rule now sets the policy's "secure" flag for messages that it regards properly authenticated.

A BindingException continues to be thrown in those cases where decoding is
not possible.

Then there are some cases where an exception is thrown even if the message could possibly be decoded successfully.

I may want to repond with a <StatusResponse> message to some of these conditions, so it would be necessary to be able to extract its Issuer. Would it be possible to reuse or extend the above mechanism for these conditions, so that no exception was thrown in these cases - or am I missing something?

Here the cases where I'd prefer the usage of a BindingException to be replaced by the use of m_secure or some other status attribute:

* SAML2POSTEncoder: a signed message's "Destination" attribute is not present or it is not equal to the actual receiving endpoint's URL.

* MessageFlowRule: a message's IssueInstant is to old or lies in the future.

* MessageFlowRule: no instance of ReplayCache found in XMLToolingConfig (what about checking this at construction time?).

* MessageFlowRule: a replay of a message ID was detected

* ArtifactMap: the received artifact has expired

Cheers,
Andreas


--
Andreas Vallen Software Engineer
fun communications GmbH Lorenzstrasse 29 D-76135 Karlsruhe
Tel: +49 721 96448-132 Fax: +49 721 96448-299

www.fun.de



Archive powered by MHonArc 2.6.16.

Top of Page