in src/authentication/adfs/adfs.cc [30:80]
std::string AdfsCredentialsProvider::GetSAMLAssertion(std::string& err_info) {
std::string url = get_signin_url();
LOG(INFO) << "Got ADFS URL: " << url;
std::shared_ptr<Aws::Http::HttpRequest> req = Aws::Http::CreateHttpRequest(url, Aws::Http::HttpMethod::HTTP_GET, Aws::Utils::Stream::DefaultResponseStreamFactoryMethod);
std::shared_ptr<Aws::Http::HttpResponse> response = http_client->MakeRequest(req);
std::string retval;
// check response code
if (response->GetResponseCode() != Aws::Http::HttpResponseCode::OK) {
LOG(WARNING) << "ADFS request returned bad HTTP response code: " << response->GetResponseCode();
err_info = "Adfs signOnPageRequest failed.";
if (response->HasClientError()) {
err_info += "Client error: '" + response->GetClientErrorMessage() + "'.";
}
return retval;
}
std::istreambuf_iterator<char> eos;
std::string body(std::istreambuf_iterator<char>(response->GetResponseBody().rdbuf()), eos);
DLOG(INFO) << "Signout response body: " << body;
// retrieve SAMLResponse value
std::smatch matches;
std::string action;
if (std::regex_search(body, matches, std::regex(FORM_ACTION_PATTERN))) {
action = HtmlUtil::EscapeHtmlEntity(matches.str(1));
} else {
err_info = "Could not extract action from the response body";
return retval;
}
if (!action.empty() && action[0]=='/') {
url = "https://";
url += std::string(cfg.idp_endpoint);
url += ":";
url += std::string(cfg.idp_port);
url += action;
}
DLOG(INFO) << "Updated URL [" << url << "] using Action [" << action << "]";
std::map<std::string, std::string> params = get_para_from_html_body(body);
std::string content = get_form_action_body(url, params);
if (std::regex_search(content, matches, std::regex(SAML_RESPONSE_PATTERN))) {
DLOG(INFO) << "SAML Response: " << matches.str(1);
return matches.str(1);
}
LOG(WARNING) << "Failed SAML Asesertion";
return retval;
}