ID-WSF 2.0: reorganize EPR minting, add a process_request method to disco service
* data_service.c: remove dependency on discovery.h * discovery.{c,h}: - add a lasso_idwsf2_discovery_process_request_msg to extract request data before validate request (SvcMDID, SvcMD or RequestService). - store SvcMDID in a private field, add a setter for it. - SvcMDID is now used for building response to MDAssociationQuery and parsing request for MDQuery, MDDelete, MDAssociationAdd and MDAssociationDelete. * idwsf2_helper.{c,h}: - change security mechanism argument of lasso_wsa_endpoint_reference_add_security_token from a NULL terminated string array to a GList. * saml2_login.{c,h}: - add a lasso_server_create_assertion_as_idwsf2_security_token for minting assertion for ID-WSF 2.0 security, to be used in Discovery bootstap EPR creation and EPR minting for Discovery service Query responses. - add a lasso_saml2_assertion_get_discovery_bootstrap_epr, and rewirte lasso_login_idwsf2_get_discovery_bootstrap_epr to use it. - make lasso_login_idwsf2_add_discovery_bootstrap_epr accept a list of security mechanisms, not just one. * tests/idwsf2_tests.c: - adapt to new argument type of lasso_login_idwsf2_add_discovery_bootstrap_epr.
This commit is contained in:
parent
432b54a79d
commit
1ee8f53663
|
@ -34,8 +34,7 @@
|
|||
#include <libxml/xpath.h>
|
||||
#include <libxml/xpathInternals.h>
|
||||
|
||||
#include "discovery.h"
|
||||
#include "data_service.h"
|
||||
#include "./data_service.h"
|
||||
|
||||
#include "../xml/id-wsf-2.0/disco_service_type.h"
|
||||
#include "../xml/id-wsf-2.0/dstref_query.h"
|
||||
|
|
|
@ -85,6 +85,7 @@
|
|||
#include "./discovery.h"
|
||||
#include "./soap_binding.h"
|
||||
#include "./idwsf2_helper.h"
|
||||
#include "./saml2_login.h"
|
||||
#include "../utils.h"
|
||||
|
||||
struct _LassoIdWsf2DiscoveryPrivate
|
||||
|
@ -92,6 +93,7 @@ struct _LassoIdWsf2DiscoveryPrivate
|
|||
gboolean dispose_has_run;
|
||||
GList *metadatas; /* of LassoIdWsf2DiscoSvcMetadata* */
|
||||
GList *requested_services; /* of LassoIdWsf2DiscoRequestedService */
|
||||
GList *svcmdids; /* of utf8 */
|
||||
};
|
||||
|
||||
#define LASSO_IDWSF2_DISCOVERY_ELEMENT_METADATAS "Metadatas"
|
||||
|
@ -99,11 +101,11 @@ struct _LassoIdWsf2DiscoveryPrivate
|
|||
#define LASSO_IDWSF2_DISCOVERY_ELEMENT_REQUESTED_SERVICES "RequestedServices"
|
||||
|
||||
|
||||
static void
|
||||
static int
|
||||
lasso_idwsf2_discovery_add_identity_to_epr(LassoIdWsf2Discovery *discovery,
|
||||
LassoWsAddrMetadata *epr_metadata,
|
||||
const char *provider_id,
|
||||
const char *security_mech_id)
|
||||
const char *security_mechanism)
|
||||
{
|
||||
LassoIdentity *identity = discovery->parent.parent.identity;
|
||||
LassoFederation *federation = NULL;
|
||||
|
@ -111,38 +113,34 @@ lasso_idwsf2_discovery_add_identity_to_epr(LassoIdWsf2Discovery *discovery,
|
|||
LassoProvider *provider = NULL;
|
||||
LassoIdWsf2DiscoSecurityContext *security_context;
|
||||
LassoIdWsf2SecToken *sec_token;
|
||||
LassoSaml2NameID *name_id;
|
||||
|
||||
if (LASSO_IS_IDENTITY(identity))
|
||||
return;
|
||||
if (! LASSO_IS_IDENTITY(identity))
|
||||
return LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND;
|
||||
|
||||
federation = lasso_identity_get_federation(identity, provider_id);
|
||||
if (federation == NULL || ! LASSO_IS_SAML2_NAME_ID(federation->remote_nameIdentifier))
|
||||
return;
|
||||
name_id = (LassoSaml2NameID*)federation->remote_nameIdentifier;
|
||||
assertion = (LassoSaml2Assertion*)lasso_saml2_assertion_new();
|
||||
lasso_server_saml2_assertion_setup_signature(discovery->parent.parent.server, assertion);
|
||||
if (federation == NULL || ! LASSO_IS_SAML2_NAME_ID(federation->local_nameIdentifier))
|
||||
return LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND;
|
||||
provider = lasso_server_get_provider(discovery->parent.parent.server, provider_id);
|
||||
if (provider)
|
||||
lasso_saml2_assertion_set_subject_name_id(assertion,
|
||||
(LassoNode*)lasso_saml2_encrypted_element_build_encrypted_persistent_name_id(
|
||||
name_id->content,
|
||||
name_id->NameQualifier,
|
||||
provider));
|
||||
else
|
||||
lasso_saml2_assertion_set_subject_name_id(assertion,
|
||||
(LassoNode*)lasso_saml2_name_id_build_persistent(
|
||||
name_id->content,
|
||||
name_id->NameQualifier,
|
||||
provider_id));
|
||||
if (! provider) {
|
||||
return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND;
|
||||
}
|
||||
|
||||
assertion =
|
||||
lasso_server_create_assertion_as_idwsf2_security_token(discovery->parent.parent.server,
|
||||
LASSO_SAML2_NAME_ID(federation->local_nameIdentifier),
|
||||
LASSO_DURATION_HOUR, 2 * LASSO_DURATION_DAY, provider ? TRUE :
|
||||
FALSE, provider);
|
||||
|
||||
sec_token = (LassoIdWsf2SecToken*)lasso_idwsf2_sec_token_new();
|
||||
sec_token->any = (LassoNode*)assertion;
|
||||
security_context = (LassoIdWsf2DiscoSecurityContext*)
|
||||
lasso_idwsf2_disco_security_context_new();
|
||||
lasso_list_add_string(security_context->SecurityMechID,
|
||||
security_mech_id);
|
||||
security_mechanism);
|
||||
lasso_list_add_new_gobject(security_context->Token, sec_token);
|
||||
lasso_list_add_new_gobject(epr_metadata->any, security_context);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
@ -372,7 +370,8 @@ lasso_idwsf2_discovery_add_service_metadata(LassoIdWsf2Discovery *discovery,
|
|||
* @service_types:(element-type utf8)(allow-none): an array of service type URIs
|
||||
* @options:(element-type LassoIdWsf2DiscoOptions)(allow-none): an array of option string
|
||||
* @address:(allow-none): the URI of the service endpoint for the default EndpointContext
|
||||
* @security_mech_ids:(allow-none)(element-type utf8): the security mechanisms supported by the service
|
||||
* @security_mechanisms:(allow-none)(element-type utf8): the security mechanisms supported by the
|
||||
* service
|
||||
*
|
||||
* Add new metadata to the current Metadata Register request.
|
||||
*
|
||||
|
@ -381,7 +380,7 @@ lasso_idwsf2_discovery_add_service_metadata(LassoIdWsf2Discovery *discovery,
|
|||
int
|
||||
lasso_idwsf2_discovery_add_simple_service_metadata(LassoIdWsf2Discovery *idwsf2_discovery,
|
||||
const char *abstract, const char *provider_id, GList *service_types, GList *options,
|
||||
const char *address, GList *security_mech_ids)
|
||||
const char *address, GList *security_mechanisms)
|
||||
{
|
||||
LassoIdWsf2DiscoSvcMetadata *service_metadata;
|
||||
LassoIdWsf2DiscoServiceContext *service_context;
|
||||
|
@ -408,9 +407,10 @@ lasso_idwsf2_discovery_add_simple_service_metadata(LassoIdWsf2Discovery *idwsf2_
|
|||
if (address) {
|
||||
lasso_list_add_string(endpoint_context->Address, address);
|
||||
}
|
||||
lasso_list_add_new_gobject(endpoint_context->Framework, lasso_idwsf2_sbf_framework_new_full("2.0"));
|
||||
if (security_mech_ids) {
|
||||
lasso_assign_list_of_strings(endpoint_context->SecurityMechID, security_mech_ids);
|
||||
lasso_list_add_new_gobject(endpoint_context->Framework,
|
||||
lasso_idwsf2_sbf_framework_new_full("2.0"));
|
||||
if (security_mechanisms) {
|
||||
lasso_assign_list_of_strings(endpoint_context->SecurityMechID, security_mechanisms);
|
||||
}
|
||||
|
||||
lasso_list_add_new_gobject(service_context->EndpointContext, endpoint_context);
|
||||
|
@ -472,54 +472,36 @@ cleanup:
|
|||
*
|
||||
* Return the list of SvcMDID, or service metadata ids, returned by the last discovery query.
|
||||
*
|
||||
* Return value:(transfer none)(element-type utf8): a list of SvcMDID's.
|
||||
* Return value:(transfer none)(element-type utf8)(allow-none): a list of SvcMDID's.
|
||||
*/
|
||||
GList*
|
||||
lasso_idwsf2_discovery_get_svcmdids(LassoIdWsf2Discovery *discovery)
|
||||
{
|
||||
GList *content;
|
||||
GList **svc_md_ids;
|
||||
|
||||
if (! LASSO_IS_IDWSF2_DISCOVERY(discovery))
|
||||
if (! LASSO_IS_IDWSF2_DISCOVERY(discovery) || ! discovery->private_data)
|
||||
return NULL;
|
||||
content =
|
||||
lasso_soap_envelope_get_body_content(
|
||||
lasso_idwsf2_profile_get_soap_envelope_request(
|
||||
&discovery->parent));
|
||||
switch (lasso_idwsf2_discovery_get_request_type(discovery)) {
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_QUERY:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDQuery*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_DELETE:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDDelete*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_ADD:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDAssociationAdd*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_DELETE:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDAssociationDelete*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_QUERY:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDAssociationQuery*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
if (svc_md_ids) {
|
||||
return *svc_md_ids;
|
||||
}
|
||||
return NULL;
|
||||
return discovery->private_data->svcmdids;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_discovery_set_svcmdids:
|
||||
* @discovery: a #LassoIdWsf2Discovery object
|
||||
* @svcmdids:(element-type utf8)(allow-none): a list of service metadata IDs
|
||||
*
|
||||
* Set the list of SvcMDID, or service metadata ids.
|
||||
*
|
||||
*/
|
||||
void
|
||||
lasso_idwsf2_discovery_set_svcmdids(LassoIdWsf2Discovery *discovery, GList *svcmdids)
|
||||
{
|
||||
if (! LASSO_IS_IDWSF2_DISCOVERY(discovery) || ! discovery->private_data)
|
||||
return;
|
||||
lasso_assign_list_of_strings(discovery->private_data->svcmdids, svcmdids);
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_discovery_build_request_msg:
|
||||
* @discovery: a #LassoIdWsf2Discovery object
|
||||
* @security_mech_id:(allow-none):the security mech id to use, if NULL a Bearer mechanism is used.
|
||||
* @security_mechanism:(allow-none):the security mech id to use, if NULL a Bearer mechanism is used.
|
||||
*
|
||||
* Build the request message using a security mechanism to authenticate the requester and the target
|
||||
* identity. If none is given Bearer mechanism is used.
|
||||
|
@ -528,7 +510,7 @@ lasso_idwsf2_discovery_get_svcmdids(LassoIdWsf2Discovery *discovery)
|
|||
*/
|
||||
gint
|
||||
lasso_idwsf2_discovery_build_request_msg(LassoIdWsf2Discovery *discovery,
|
||||
const char *security_mech_id)
|
||||
const char *security_mechanism)
|
||||
{
|
||||
GList *content = NULL;
|
||||
LassoIdWsf2DiscoQuery *query = NULL;
|
||||
|
@ -560,9 +542,11 @@ lasso_idwsf2_discovery_build_request_msg(LassoIdWsf2Discovery *discovery,
|
|||
check_svcMDID = TRUE;
|
||||
metadatas = &((LassoIdWsf2DiscoSvcMDReplace*)
|
||||
lasso_list_get_first_child(content))->SvcMD;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_DELETE:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDDelete*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_ADD:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDAssociationAdd*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
|
@ -598,20 +582,94 @@ lasso_idwsf2_discovery_build_request_msg(LassoIdWsf2Discovery *discovery,
|
|||
}
|
||||
}
|
||||
if (svc_md_ids) {
|
||||
GList *i;
|
||||
lasso_foreach(i, discovery->private_data->metadatas)
|
||||
{
|
||||
if (LASSO_IS_IDWSF2_DISCO_SVC_METADATA(i->data)) {
|
||||
lasso_list_add_string(*svc_md_ids,
|
||||
((LassoIdWsf2DiscoSvcMetadata*)i->data)->svcMDID);
|
||||
}
|
||||
}
|
||||
lasso_assign_list_of_strings(*svc_md_ids, discovery->private_data->svcmdids);
|
||||
}
|
||||
rc = lasso_idwsf2_profile_build_request_msg(&discovery->parent, security_mech_id);
|
||||
rc = lasso_idwsf2_profile_build_request_msg(&discovery->parent, security_mechanism);
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_discovery_process_request_msg:
|
||||
* @discovery: a #LassoIdWsf2Discovery object
|
||||
* @message: a received SOAP message
|
||||
*
|
||||
* Parse a Discovery service request.
|
||||
*
|
||||
* Return value: 0 if sucessful, an error code otherwise among:
|
||||
* <itemizedlist>
|
||||
* <listitem><para>LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if @profile is not a #LassoIdWsf2Profile
|
||||
* object,</para></listitem>
|
||||
* <listitem><para>LASSO_PARAM_ERROR_INVALID_VALUE if message is NULL,</para></listitem>
|
||||
* <listitem><para>LASSO_PROFILE_ERROR_INVALID_MSG if we cannot parse the message,</para></listitem>
|
||||
* <listitem><para>LASSO_SOAP_ERROR_MISSING_BODY if the message has no body
|
||||
* content.</para></listitem>
|
||||
* </itemizedlist>
|
||||
*/
|
||||
int
|
||||
lasso_idwsf2_discovery_process_request_msg(LassoIdWsf2Discovery *discovery, const char *message)
|
||||
{
|
||||
LassoProfile *profile;
|
||||
LassoIdWsf2Profile *idwsf2_profile;
|
||||
GList *content;
|
||||
GList **svc_md_ids = NULL, **metadatas = NULL, **service_types = NULL;
|
||||
int rc;
|
||||
|
||||
lasso_bad_param(IDWSF2_DISCOVERY, discovery);
|
||||
idwsf2_profile = &discovery->parent;
|
||||
profile = &idwsf2_profile->parent;
|
||||
|
||||
lasso_check_good_rc(lasso_idwsf2_profile_process_request_msg(idwsf2_profile, message));
|
||||
|
||||
content =
|
||||
lasso_soap_envelope_get_body_content(
|
||||
lasso_idwsf2_profile_get_soap_envelope_request(
|
||||
&discovery->parent));
|
||||
switch (lasso_idwsf2_discovery_get_request_type(discovery)) {
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_REGISTER:
|
||||
metadatas = &((LassoIdWsf2DiscoSvcMDRegister*)
|
||||
lasso_list_get_first_child(content))->SvcMD;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_QUERY:
|
||||
service_types = &((LassoIdWsf2DiscoQuery*)
|
||||
lasso_list_get_first_child(content))->RequestedService;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_QUERY:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDQuery*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_DELETE:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDDelete*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_ADD:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDAssociationAdd*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_DELETE:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDAssociationDelete*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_QUERY:
|
||||
svc_md_ids = &((LassoIdWsf2DiscoSvcMDAssociationQuery*)
|
||||
lasso_list_get_first_child(content))->SvcMDID;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
if (discovery->private_data && svc_md_ids) {
|
||||
lasso_assign_list_of_strings(discovery->private_data->svcmdids, *svc_md_ids);
|
||||
}
|
||||
if (metadatas) {
|
||||
lasso_assign_list_of_gobjects(discovery->private_data->metadatas, *metadatas);
|
||||
}
|
||||
if (service_types) {
|
||||
lasso_assign_list_of_gobjects(discovery->private_data->requested_services, *service_types);
|
||||
}
|
||||
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_discovery_get_request_type:
|
||||
* @discovery: a #LassoIdWsf2Discovery object
|
||||
|
@ -808,8 +866,8 @@ lasso_idwsf2_discovery_match_request_service_and_metadata2(
|
|||
GList *i;
|
||||
gboolean result = TRUE;
|
||||
gboolean option_result = TRUE;
|
||||
LassoIdWsf2DiscoOptions *options;
|
||||
GList *service_options;
|
||||
LassoIdWsf2DiscoOptions *options = NULL;
|
||||
GList *service_options = NULL;
|
||||
|
||||
|
||||
result = result &&
|
||||
|
@ -848,7 +906,14 @@ lasso_idwsf2_discovery_match_request_service_and_metadata2(
|
|||
_string_list_intersect(requested_service->Framework, endpoint_context->Framework);
|
||||
} else {
|
||||
/* FIXME: should be the value of the query SOAP header sbf:Framework */
|
||||
result = result && _string_list_contains(endpoint_context->Framework, "2.0");
|
||||
GList *k;
|
||||
gboolean has20 = FALSE;
|
||||
lasso_foreach (k, endpoint_context->Framework) {
|
||||
LassoIdWsf2SbfFramework *framework = k->data;
|
||||
if (LASSO_IS_IDWSF2_SBF_FRAMEWORK(framework) && g_strcmp0(framework->version, "2.0") == 0)
|
||||
has20 = TRUE;
|
||||
}
|
||||
result = result && has20;
|
||||
}
|
||||
}
|
||||
if (result) {
|
||||
|
@ -1020,6 +1085,9 @@ lasso_idwsf2_discovery_validate_request(LassoIdWsf2Discovery *discovery)
|
|||
lasso_list_add_gobject(md_query_response->SvcMD, i->data);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
lasso_assign_list_of_gobjects(md_query_response->SvcMD,
|
||||
discovery->private_data->metadatas);
|
||||
}
|
||||
status = &md_query_response->Status;
|
||||
break;
|
||||
|
@ -1119,6 +1187,9 @@ lasso_idwsf2_discovery_process_metadata_register_response_msg(LassoIdWsf2Discove
|
|||
i = i->next;
|
||||
j = j->next;
|
||||
}
|
||||
if (discovery->private_data && discovery->private_data->metadatas != request->SvcMD) {
|
||||
lasso_assign_list_of_gobjects(discovery->private_data->metadatas, request->SvcMD);
|
||||
}
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
@ -1130,10 +1201,11 @@ cleanup:
|
|||
* @service_types:(element-type utf8)(allow-none): the service type (or data profile) requested
|
||||
* @provider_ids:(element-type utf8)(allow-none): the providers ids to select
|
||||
* @options:(element-type utf8)(allow-none): the options to select
|
||||
* @security_mech_ids:(element-type utf8)(allow-none): the security mechanisms to select
|
||||
* @security_mechanisms:(element-type utf8)(allow-none): the security mechanisms to select
|
||||
* @frameworks:(element-type utf8)(allow-none): the ID-WSF framework version to select
|
||||
* @actions:(element-type utf8)(allow-none): the actions to select
|
||||
* @result_type:(allow-none)(default LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_NONE): how to filter the generated EPRs
|
||||
* @result_type:(allow-none)(default LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_NONE): how to filter
|
||||
* the generated EPRs
|
||||
* @req_id:(allow-none): an eventual ID to put on the request, that can be matched with the
|
||||
* generated EndpointReferences
|
||||
*
|
||||
|
@ -1144,7 +1216,7 @@ cleanup:
|
|||
**/
|
||||
gint
|
||||
lasso_idwsf2_discovery_add_requested_service(LassoIdWsf2Discovery *discovery,
|
||||
GList *service_types, GList *provider_ids, GList *options, GList *security_mech_ids,
|
||||
GList *service_types, GList *provider_ids, GList *options, GList *security_mechanisms,
|
||||
GList *frameworks, GList *actions, LassoIdWsf2DiscoveryQueryResultType result_type,
|
||||
const char *req_id)
|
||||
{
|
||||
|
@ -1159,7 +1231,7 @@ lasso_idwsf2_discovery_add_requested_service(LassoIdWsf2Discovery *discovery,
|
|||
lasso_assign_list_of_strings(service->ProviderID, provider_ids);
|
||||
lasso_assign_list_of_strings(service->Framework, frameworks);
|
||||
lasso_assign_list_of_strings(service->Action, actions);
|
||||
lasso_assign_list_of_strings(service->SecurityMechID, security_mech_ids);
|
||||
lasso_assign_list_of_strings(service->SecurityMechID, security_mechanisms);
|
||||
lasso_assign_list_of_gobjects(service->Options, options);
|
||||
switch (result_type) {
|
||||
case LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_BEST:
|
||||
|
@ -1205,9 +1277,9 @@ lasso_idwsf2_discovery_process_response_msg(LassoIdWsf2Discovery *discovery,
|
|||
|
||||
lasso_bad_param(IDWSF2_DISCOVERY, discovery);
|
||||
profile = &discovery->parent.parent;
|
||||
response = profile->response;
|
||||
|
||||
lasso_check_good_rc(lasso_idwsf2_profile_process_response_msg(&discovery->parent, msg));
|
||||
response = profile->response;
|
||||
|
||||
switch (lasso_idwsf2_discovery_get_request_type(discovery)) {
|
||||
case LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_QUERY:
|
||||
|
@ -1320,7 +1392,8 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
|
|||
if (pdata->requested_services) {
|
||||
xmlNode *requested_services;
|
||||
GList *i;
|
||||
requested_services = xmlNewChild(xmlnode, NULL, BAD_CAST LASSO_IDWSF2_DISCOVERY_ELEMENT_REQUESTED_SERVICES, NULL);
|
||||
requested_services = xmlNewChild(xmlnode, NULL, BAD_CAST
|
||||
LASSO_IDWSF2_DISCOVERY_ELEMENT_REQUESTED_SERVICES, NULL);
|
||||
lasso_foreach(i, pdata->requested_services) {
|
||||
xmlAddChild(requested_services, lasso_node_get_xmlNode(i->data, lasso_dump));
|
||||
}
|
||||
|
@ -1345,8 +1418,12 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode)
|
|||
if (xmlnode == NULL)
|
||||
return LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED;
|
||||
|
||||
metadatas_node = xmlSecFindChild(xmlnode, BAD_CAST LASSO_IDWSF2_DISCOVERY_ELEMENT_METADATAS, BAD_CAST LASSO_LASSO_HREF);
|
||||
requested_services_node = xmlSecFindChild(xmlnode, BAD_CAST LASSO_IDWSF2_DISCOVERY_ELEMENT_REQUESTED_SERVICES, BAD_CAST LASSO_LASSO_HREF);
|
||||
metadatas_node = xmlSecFindChild(xmlnode,
|
||||
BAD_CAST LASSO_IDWSF2_DISCOVERY_ELEMENT_METADATAS,
|
||||
BAD_CAST LASSO_LASSO_HREF);
|
||||
requested_services_node = xmlSecFindChild(xmlnode,
|
||||
BAD_CAST LASSO_IDWSF2_DISCOVERY_ELEMENT_REQUESTED_SERVICES,
|
||||
BAD_CAST LASSO_LASSO_HREF);
|
||||
|
||||
if (! discovery->private_data) {
|
||||
discovery->private_data = g_new0(LassoIdWsf2DiscoveryPrivate, 1);
|
||||
|
|
|
@ -105,6 +105,7 @@ LASSO_EXPORT gint lasso_idwsf2_discovery_init_query(LassoIdWsf2Discovery *discov
|
|||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_query(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_register(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_replace(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_delete(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_association_add(
|
||||
LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_association_delete(
|
||||
|
@ -118,18 +119,20 @@ LASSO_EXPORT int lasso_idwsf2_discovery_add_service_metadata(
|
|||
LASSO_EXPORT int lasso_idwsf2_discovery_add_simple_service_metadata(
|
||||
LassoIdWsf2Discovery *idwsf2_discovery, const char *abstract,
|
||||
const char *provider_id, GList *service_types, GList *options, const char *address,
|
||||
GList *security_mech_ids);
|
||||
GList *security_mechanisms);
|
||||
LASSO_EXPORT GList* lasso_idwsf2_discovery_get_metadatas(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_add_requested_service(LassoIdWsf2Discovery *discovery,
|
||||
GList *service_types, GList *provider_ids, GList *options, GList *security_mech_ids,
|
||||
GList *service_types, GList *provider_ids, GList *options, GList *security_mechanisms,
|
||||
GList *frameworks, GList *actions, LassoIdWsf2DiscoveryQueryResultType result_type,
|
||||
const char *req_id);
|
||||
|
||||
/* Build the request message */
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_build_request_msg(LassoIdWsf2Discovery *discovery,
|
||||
const char *security_mech_id);
|
||||
const char *security_mechanism);
|
||||
|
||||
/* Handle a request */
|
||||
LASSO_EXPORT int lasso_idwsf2_discovery_process_request_msg(LassoIdWsf2Discovery *discovery,
|
||||
const char *message);
|
||||
LASSO_EXPORT LassoIdWsf2DiscoveryRequestType lasso_idwsf2_discovery_get_request_type(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_validate_request(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_fail_request(LassoIdWsf2Discovery *discovery,
|
||||
|
@ -140,6 +143,7 @@ LASSO_EXPORT gint lasso_idwsf2_discovery_process_response_msg(LassoIdWsf2Discove
|
|||
const char *msg);
|
||||
LASSO_EXPORT GList* lasso_idwsf2_discovery_get_endpoint_references(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT GList* lasso_idwsf2_discovery_get_svcmdids(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT void lasso_idwsf2_discovery_set_svcmdids(LassoIdWsf2Discovery *discovery, GList *svcmdids);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -279,7 +279,7 @@ lasso_wsa_endpoint_reference_new_for_idwsf2_service(const char *address,
|
|||
* lasso_wsa_endpoint_reference_add_security_token:
|
||||
* @epr: a #LassoWsAddrEndpointReference object
|
||||
* @security_token: a security token as a #LassoNode object
|
||||
* @security_mechanisms:(in)(transfer none)(array zero-terminated=1): a list of security mechanism
|
||||
* @security_mechanisms:(element-type utf8): a list of security mechanism
|
||||
* for whom the token is made
|
||||
*
|
||||
* Add a new security context declaration for the given security mechanisms identifiers and populate
|
||||
|
@ -289,7 +289,7 @@ lasso_wsa_endpoint_reference_new_for_idwsf2_service(const char *address,
|
|||
*/
|
||||
int
|
||||
lasso_wsa_endpoint_reference_add_security_token(LassoWsAddrEndpointReference *epr,
|
||||
LassoNode *security_token, const char **security_mechanisms)
|
||||
LassoNode *security_token, GList *security_mechanisms)
|
||||
{
|
||||
LassoIdWsf2SecToken *sec_token = NULL;
|
||||
LassoWsAddrMetadata *metadata = NULL;
|
||||
|
@ -298,10 +298,6 @@ lasso_wsa_endpoint_reference_add_security_token(LassoWsAddrEndpointReference *ep
|
|||
|
||||
lasso_bad_param(WSA_ENDPOINT_REFERENCE, epr);
|
||||
lasso_bad_param(NODE, security_token);
|
||||
lasso_null_param(security_mechanisms);
|
||||
if (security_mechanisms[0] == NULL) {
|
||||
return LASSO_PARAM_ERROR_INVALID_VALUE;
|
||||
}
|
||||
|
||||
lasso_extract_node_or_fail(metadata, epr->Metadata, WSA_METADATA, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||
|
||||
|
@ -310,10 +306,8 @@ lasso_wsa_endpoint_reference_add_security_token(LassoWsAddrEndpointReference *ep
|
|||
lasso_assign_string(sec_token->usage, LASSO_IDWSF2_SEC_TOKEN_USAGE_SECURITY_TOKEN);
|
||||
|
||||
security_context = lasso_idwsf2_disco_security_context_new();
|
||||
while (security_mechanisms[0] != NULL) {
|
||||
lasso_list_add_string(security_context->SecurityMechID, security_mechanisms[0]);
|
||||
++security_mechanisms;
|
||||
}
|
||||
lasso_assign_list_of_strings(security_context->SecurityMechID,
|
||||
security_mechanisms);
|
||||
lasso_list_add_new_gobject(security_context->Token, sec_token);
|
||||
lasso_list_add_new_gobject(metadata->any, security_context);
|
||||
cleanup:
|
||||
|
|
|
@ -59,7 +59,7 @@ LASSO_EXPORT LassoWsAddrEndpointReference* lasso_wsa_endpoint_reference_new_for_
|
|||
const char *abstract);
|
||||
|
||||
LASSO_EXPORT int lasso_wsa_endpoint_reference_add_security_token(LassoWsAddrEndpointReference *epr,
|
||||
LassoNode *security_token, const char **security_mechanisms);
|
||||
LassoNode *security_token, GList *security_mechanisms);
|
||||
|
||||
LASSO_EXPORT LassoIdWsf2Profile *lasso_wsa_endpoint_reference_get_service(
|
||||
LassoWsAddrEndpointReference *epr);
|
||||
|
|
|
@ -422,6 +422,9 @@ lasso_idwsf2_profile_check_security_mechanism(LassoIdWsf2Profile *profile,
|
|||
provider_id = lasso_soap_envelope_sb2_get_provider_id(envelope);
|
||||
if (! provider_id)
|
||||
goto cleanup;
|
||||
if (! profile->parent.server)
|
||||
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_MISSING_SERVER);
|
||||
lasso_check_good_rc(lasso_saml2_assertion_decrypt_subject(assertion, profile->parent.server));
|
||||
if (! assertion || ! assertion->Subject || ! assertion->Subject->NameID
|
||||
|| ! assertion->Subject->NameID->SPNameQualifier)
|
||||
goto cleanup;
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
#include "session.h"
|
||||
#include "../id-ff/login.h"
|
||||
#include "../saml-2.0/saml2_helper.h"
|
||||
#include "../saml-2.0/provider.h"
|
||||
#include "../xml/saml-2.0/saml2_assertion.h"
|
||||
#include "../xml/ws/wsa_endpoint_reference.h"
|
||||
#include "../xml/id-wsf-2.0/disco_abstract.h"
|
||||
|
@ -46,20 +47,88 @@
|
|||
#include "../xml/private.h"
|
||||
|
||||
|
||||
/**
|
||||
* lasso_server_create_assertion_as_idwsf2_security_token:
|
||||
* @server: a #LassoServer object
|
||||
* @name_id: a #LassoSaml2NameID object
|
||||
* @tolerance: tolerance around the normal duration which is accepted
|
||||
* @duration: life duration for this assertion in seconds
|
||||
* @cipher: whether to cipher the NameID
|
||||
* @audience:(allow-none)(optional): if @cipher is true, the provider for which to encrypt the NameID
|
||||
*
|
||||
* Create a new assertion usable as a security token in an ID-WSF 2.0 EndpointReference. See
|
||||
* lasso_saml2_assertion_set_basic_conditions() for detail about @tolerance and @duration.
|
||||
*
|
||||
* Return value:(transfer full)(allow-none): a newly allocated #LassoSaml2Assertion object, or NULL.
|
||||
*/
|
||||
LassoSaml2Assertion*
|
||||
lasso_server_create_assertion_as_idwsf2_security_token(LassoServer *server,
|
||||
LassoSaml2NameID *name_id,
|
||||
int tolerance,
|
||||
int duration,
|
||||
gboolean cipher,
|
||||
LassoProvider *audience)
|
||||
{
|
||||
LassoSaml2Assertion *assertion;
|
||||
int rc;
|
||||
|
||||
if (! LASSO_IS_SERVER(server))
|
||||
return NULL;
|
||||
if (! LASSO_IS_SAML2_NAME_ID(name_id))
|
||||
return NULL;
|
||||
if (cipher && ! LASSO_IS_PROVIDER(audience))
|
||||
return NULL;
|
||||
|
||||
assertion = (LassoSaml2Assertion*)lasso_saml2_assertion_new();
|
||||
assertion->ID = lasso_build_unique_id(32);
|
||||
assertion->Issuer = (LassoSaml2NameID*)lasso_saml2_name_id_new_with_string(server->parent.ProviderID);
|
||||
assertion->Subject = (LassoSaml2Subject*)lasso_saml2_subject_new();
|
||||
if (cipher) {
|
||||
LassoSaml2EncryptedElement *encrypted_id =
|
||||
lasso_provider_saml2_node_encrypt(audience, (LassoNode*)name_id);
|
||||
if (! encrypted_id) {
|
||||
lasso_release_gobject(assertion);
|
||||
goto cleanup;
|
||||
}
|
||||
lasso_assign_gobject(assertion->Subject->EncryptedID, encrypted_id);
|
||||
} else {
|
||||
lasso_assign_new_gobject(assertion->Subject->NameID, name_id);
|
||||
}
|
||||
lasso_saml2_assertion_set_basic_conditions(assertion,
|
||||
tolerance, duration, FALSE);
|
||||
rc = lasso_server_saml2_assertion_setup_signature(server, assertion);
|
||||
if (rc != 0) {
|
||||
lasso_release_gobject(assertion);
|
||||
}
|
||||
cleanup:
|
||||
return assertion;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* lasso_login_idwsf2_add_discovery_bootstrap_epr:
|
||||
* @login: a #LassoLogin object
|
||||
* @url: the Disco service address
|
||||
* @abstract: the Disco service description
|
||||
* @security_mechanisms:(allow-none)(element-type utf8): the list of supported security mechanisms
|
||||
* @tolerance:(default -1): see lasso_saml2_assertion_set_basic_conditions().
|
||||
* @duration:(default 0): see lasso_saml2_assertion_set_basic_conditions().
|
||||
*
|
||||
* Add the needed bootstrap attribute to the #LassoSaml2Assertion currently container in the
|
||||
* #LassoLogin object. This function should be called after lasso_login_build_assertion() by an IdP
|
||||
* also having the Discovery service role.
|
||||
*
|
||||
* The default @tolerance and @duration are respectively ten minutes and two days.
|
||||
*
|
||||
* Return value: 0 if successfull, otherwise #LASSO_PROFILE_ERROR_MISSING_ASSERTION if no assertion is present
|
||||
* in the #LassoLogin object, #LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a #LassoLogin
|
||||
* object.
|
||||
*/
|
||||
int
|
||||
lasso_login_idwsf2_add_discovery_bootstrap_epr(LassoLogin *login, const char *url, const char *abstract, const char *security_mech_id)
|
||||
lasso_login_idwsf2_add_discovery_bootstrap_epr(LassoLogin *login, const char *url,
|
||||
const char *abstract, GList *security_mechanisms, int tolerance, int duration)
|
||||
{
|
||||
LassoWsAddrEndpointReference *epr = NULL;
|
||||
LassoWsAddrMetadata *metadata = NULL;
|
||||
|
@ -71,8 +140,8 @@ lasso_login_idwsf2_add_discovery_bootstrap_epr(LassoLogin *login, const char *ur
|
|||
LassoSaml2Assertion *assertion_identity_token = NULL;
|
||||
LassoSaml2Assertion *assertion = NULL;
|
||||
LassoServer *server = NULL;
|
||||
LassoSaml2NameID *name_id = NULL;
|
||||
int rc = 0;
|
||||
const char *security_mechanisms[] = { security_mech_id, NULL };
|
||||
|
||||
lasso_bad_param(LOGIN, login);
|
||||
lasso_null_param(url);
|
||||
|
@ -97,21 +166,26 @@ lasso_login_idwsf2_add_discovery_bootstrap_epr(LassoLogin *login, const char *ur
|
|||
url, LASSO_IDWSF2_DISCOVERY_HREF, server->parent.ProviderID, abstract);
|
||||
|
||||
/* Security/Identity token */
|
||||
assertion_identity_token = LASSO_SAML2_ASSERTION(lasso_saml2_assertion_new());
|
||||
assertion_identity_token->ID = lasso_build_unique_id(32);
|
||||
assertion_identity_token->Issuer = (LassoSaml2NameID*)lasso_saml2_name_id_new_with_string(server->parent.ProviderID);
|
||||
lasso_assign_gobject(assertion_identity_token->Subject,
|
||||
assertion->Subject);
|
||||
lasso_saml2_assertion_set_basic_conditions(assertion_identity_token,
|
||||
5, 2*LASSO_DURATION_DAY, FALSE);
|
||||
|
||||
/* Do we sign the assertion ? */
|
||||
if (lasso_security_mech_id_is_saml_authentication(security_mech_id) || lasso_security_mech_id_is_bearer_authentication(security_mech_id)) {
|
||||
lasso_check_good_rc(lasso_server_saml2_assertion_setup_signature(login->parent.server,
|
||||
assertion_identity_token));
|
||||
if (duration <= 0) {
|
||||
duration = 2 * LASSO_DURATION_DAY;
|
||||
}
|
||||
if (tolerance < 0) {
|
||||
tolerance = 10*LASSO_DURATION_MINUTE;
|
||||
}
|
||||
/* If the NameID is encrypted try to get to he unencrypted one */
|
||||
if (assertion->Subject->NameID) {
|
||||
name_id = assertion->Subject->NameID;
|
||||
} else if (assertion->Subject->EncryptedID &&
|
||||
LASSO_IS_SAML2_NAME_ID(assertion->Subject->EncryptedID->original_data)) {
|
||||
name_id = (LassoSaml2NameID*)assertion->Subject->EncryptedID->original_data;
|
||||
}
|
||||
goto_cleanup_if_fail_with_rc (name_id, LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER);
|
||||
assertion_identity_token = lasso_server_create_assertion_as_idwsf2_security_token(server,
|
||||
name_id, tolerance, duration, TRUE, &server->parent);
|
||||
|
||||
rc = lasso_wsa_endpoint_reference_add_security_token(epr, (LassoNode*)assertion_identity_token, security_mechanisms);
|
||||
/* Add the assertion to the EPR */
|
||||
rc = lasso_wsa_endpoint_reference_add_security_token(epr,
|
||||
(LassoNode*)assertion_identity_token, security_mechanisms);
|
||||
goto_cleanup_if_fail(rc == 0);
|
||||
|
||||
/* Add the EPR to the assertion as a SAML attribute */
|
||||
|
@ -133,29 +207,22 @@ cleanup:
|
|||
}
|
||||
|
||||
/**
|
||||
* lasso_login_idwsf2_get_discovery_bootstrap_epr:
|
||||
* @login: a #LassoLogin object
|
||||
* lasso_saml2_assertion_idwsf2_get_discovery_bootstrap_epr:
|
||||
* @assertion: a #LassoSaml2Assertion object
|
||||
*
|
||||
* Extract the Discovery boostrap EPR from the attribute named #LASSO_SAML2_ATTRIBUTE_NAME_EPR.
|
||||
* Extract the Discovery bootstrap EPR from @assertion.
|
||||
*
|
||||
* Return value: a caller owned #LassoWsAddrEndpointReference object, or NULL if none can be found.
|
||||
* Return value:(transfer none): a #LassoWsAddrEndpointReference or NULL if no bootstrap EPR is found.
|
||||
*/
|
||||
LassoWsAddrEndpointReference *
|
||||
lasso_login_idwsf2_get_discovery_bootstrap_epr(LassoLogin *login)
|
||||
LassoWsAddrEndpointReference*
|
||||
lasso_saml2_assertion_idwsf2_get_discovery_bootstrap_epr(LassoSaml2Assertion *assertion)
|
||||
{
|
||||
LassoProfile *profile = NULL;
|
||||
LassoSession *session = NULL;
|
||||
LassoSaml2Assertion *assertion = NULL;
|
||||
LassoSaml2AttributeStatement *attribute_statement = NULL;
|
||||
LassoSaml2Attribute *attribute = NULL;
|
||||
LassoSaml2AttributeValue *attribute_value = NULL;
|
||||
GList *i = NULL, *j = NULL, *k = NULL;
|
||||
LassoWsAddrEndpointReference *rc = NULL;
|
||||
|
||||
g_return_val_if_fail (LASSO_IS_LOGIN (login), NULL);
|
||||
profile = &login->parent;
|
||||
lasso_extract_node_or_fail (session, profile->session, SESSION, NULL);
|
||||
assertion = (LassoSaml2Assertion*)lasso_login_get_assertion(login);
|
||||
if (! LASSO_IS_SAML2_ASSERTION (assertion)) {
|
||||
return NULL;
|
||||
}
|
||||
|
@ -198,4 +265,29 @@ lasso_login_idwsf2_get_discovery_bootstrap_epr(LassoLogin *login)
|
|||
|
||||
cleanup:
|
||||
return rc;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_login_idwsf2_get_discovery_bootstrap_epr:
|
||||
* @login: a #LassoLogin object
|
||||
*
|
||||
* Extract the Discovery boostrap EPR from the attribute named #LASSO_SAML2_ATTRIBUTE_NAME_EPR.
|
||||
*
|
||||
* Return value:(transfer none): a caller owned #LassoWsAddrEndpointReference object, or NULL if none can be found.
|
||||
*/
|
||||
LassoWsAddrEndpointReference *
|
||||
lasso_login_idwsf2_get_discovery_bootstrap_epr(LassoLogin *login)
|
||||
{
|
||||
LassoProfile *profile = NULL;
|
||||
LassoSaml2Assertion *assertion = NULL;
|
||||
LassoWsAddrEndpointReference *rc = NULL;
|
||||
|
||||
g_return_val_if_fail (LASSO_IS_LOGIN (login), NULL);
|
||||
profile = &login->parent;
|
||||
assertion = (LassoSaml2Assertion*)lasso_login_get_assertion(login);
|
||||
rc = lasso_saml2_assertion_idwsf2_get_discovery_bootstrap_epr(assertion);
|
||||
lasso_release_gobject(assertion);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -30,15 +30,24 @@ extern "C" {
|
|||
#endif /* __cplusplus */
|
||||
|
||||
#include "../id-ff/login.h"
|
||||
#include "../id-ff/provider.h"
|
||||
#include "../xml/saml-2.0/saml2_assertion.h"
|
||||
#include "../xml/saml-2.0/saml2_name_id.h"
|
||||
#include "../xml/ws/wsa_endpoint_reference.h"
|
||||
|
||||
LASSO_EXPORT int lasso_login_idwsf2_add_discovery_bootstrap_epr(LassoLogin *login, const char *url,
|
||||
const char *abstract, const char *security_mech_id);
|
||||
|
||||
const char *abstract, GList *security_mechanisms, int tolerance, int duration);
|
||||
|
||||
LASSO_EXPORT LassoWsAddrEndpointReference *lasso_login_idwsf2_get_discovery_bootstrap_epr(
|
||||
LassoLogin *login);
|
||||
|
||||
LASSO_EXPORT LassoWsAddrEndpointReference*
|
||||
lasso_saml2_assertion_idwsf2_get_discovery_bootstrap_epr(LassoSaml2Assertion *assertion);
|
||||
|
||||
LASSO_EXPORT LassoSaml2Assertion* lasso_server_create_assertion_as_idwsf2_security_token(
|
||||
LassoServer *server, LassoSaml2NameID *name_id, int tolerance, int duration,
|
||||
gboolean cipher, LassoProvider *audience);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif /* __cplusplus */
|
||||
|
|
|
@ -199,6 +199,8 @@ lasso_soap_envelope_get_saml2_security_token(LassoSoapEnvelope *soap_envelope)
|
|||
GList *it;
|
||||
|
||||
security = lasso_soap_envelope_wssec_get_security_header (soap_envelope);
|
||||
if (! security)
|
||||
return NULL;
|
||||
lasso_foreach (it, security->any) {
|
||||
if (LASSO_IS_SAML2_ASSERTION (it->data)) {
|
||||
return (LassoSaml2Assertion*)g_object_ref(it->data);
|
||||
|
|
|
@ -165,6 +165,8 @@ prepare_saml2_authn_request(LassoLogin *splogin, LassoLogin *idplogin)
|
|||
static void
|
||||
process_authn_request(LassoLogin *splogin, LassoLogin *idplogin)
|
||||
{
|
||||
GList node = { .data = LASSO_SECURITY_MECH_BEARER, .next = NULL };
|
||||
|
||||
check_good_rc(lasso_login_process_authn_request_msg(idplogin, strchr(splogin->parent.msg_url,'?')+1));
|
||||
lasso_login_must_authenticate(idplogin);
|
||||
check_false(lasso_login_must_ask_for_consent(idplogin));
|
||||
|
@ -177,7 +179,7 @@ process_authn_request(LassoLogin *splogin, LassoLogin *idplogin)
|
|||
"FIXME: notOnOrAfter"));
|
||||
check_good_rc(lasso_login_idwsf2_add_discovery_bootstrap_epr(idplogin,
|
||||
"http://example.com/disco", "Discovery Service Description",
|
||||
LASSO_SECURITY_MECH_BEARER));
|
||||
&node, -1, 0));
|
||||
check_good_rc(lasso_login_build_artifact_msg(idplogin, LASSO_HTTP_METHOD_ARTIFACT_GET));
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue