summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2019-01-07 10:10:10 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2019-01-19 11:11:33 (GMT)
commit151ad17e0422f77efe3d55038398a510364b850e (patch)
tree93801420e29d4dccee64a3d6a1e8c2eb465791f2
parent642182bdf49c9c93a86b093ad7335c8a7a5ae8cc (diff)
downloadlasso-151ad17e0422f77efe3d55038398a510364b850e.zip
lasso-151ad17e0422f77efe3d55038398a510364b850e.tar.gz
lasso-151ad17e0422f77efe3d55038398a510364b850e.tar.bz2
xml: adapt schema in saml2:AuthnContext (#29340)
saml2:AuthnContext XML schema indicate that AuthenticatingAuthority is an optional unbounded list of nodes, but the current Lasso schema only handle an unique element. To prevent Lasso from refusing perfectly legal messages, we add a rule to the Lasso ignoring other nodes after the first one.
-rw-r--r--lasso/xml/saml-2.0/saml2_authn_context.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/lasso/xml/saml-2.0/saml2_authn_context.c b/lasso/xml/saml-2.0/saml2_authn_context.c
index e9ba4b0..d2a1f0e 100644
--- a/lasso/xml/saml-2.0/saml2_authn_context.c
+++ b/lasso/xml/saml-2.0/saml2_authn_context.c
@@ -71,6 +71,10 @@ static struct XmlSnippet schema_snippets[] = {
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL},
{ "AuthenticatingAuthority", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthenticatingAuthority), NULL, NULL, NULL},
+ /* Other AuthenticatingAuthority are just ignored, it's a work-around to at least accept correct SAML message.
+ * See https://dev.entrouvert.org/issues/29340 */
+ { "AuthenticatingAuthority", SNIPPET_LIST_CONTENT | SNIPPET_OPTIONAL,
+ NULL, NULL, NULL, NULL},
{NULL, 0, 0, NULL, NULL, NULL}
};