From 6ba0e84575d723813f0222dd39115907229f681f Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Thu, 22 Jul 2010 06:02:43 +0000
Subject: [PATCH 01/31] [Website] fix non escaped ampersand
---
website/web/download/index.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/website/web/download/index.xml b/website/web/download/index.xml
index 2d5d3f6c..45ed119b 100644
--- a/website/web/download/index.xml
+++ b/website/web/download/index.xml
@@ -41,7 +41,7 @@ deb http://deb.entrouvert.org karmic main
- liblasso3: runtime library
- liblasso3-dev: C development kit
- - python-lasso: Python 2.5 & 2.6 bindings
+ - python-lasso: Python 2.5 & 2.6 bindings
- php5-lasso: PHP bindings
- liblasso-java: JAVA bindings
- liblasso3-perl: Perl bindings
From d0be4ae7ad038359780e4a6e0d6a95d3d89ca55d Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 14:48:52 +0200
Subject: [PATCH 02/31] [Website] add news file aboute release 2.3.0
---
website/web/news/15-release-2.3.0.xml | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
create mode 100644 website/web/news/15-release-2.3.0.xml
diff --git a/website/web/news/15-release-2.3.0.xml b/website/web/news/15-release-2.3.0.xml
new file mode 100644
index 00000000..de7355cf
--- /dev/null
+++ b/website/web/news/15-release-2.3.0.xml
@@ -0,0 +1,18 @@
+
+
+
2010-07-21: Released 2.3.0
+
+
+ Lasso 2.3.0 has been released.
+ Download it now
+
+
+
+ What changed ?
+
This release contains many bugfixes, better support for profiles outside
+ of WebSSO (especially Attribute requests), better control over
+ signatures creation and validation, support for encrypted private
+ keys, and improved Python, PHP5, Java, and Perl bindings.
+
+
+
From 20a1566dd868ed1706b5257a8b2f1ea09f835ee0 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 15:06:06 +0200
Subject: [PATCH 03/31] [Website] import convert-to-static.py modification from
lupin
---
website/convert-to-static.py | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/website/convert-to-static.py b/website/convert-to-static.py
index c6e4b4a3..83e61d93 100644
--- a/website/convert-to-static.py
+++ b/website/convert-to-static.py
@@ -113,11 +113,16 @@ class Build:
if self.changelog:
self.changelog = self.changelog.replace('.xml', '')
- dom_cl = xml.dom.minidom.parse(file('web' + self.changelog + '.xml'))
- self.last_commit_author = getText(dom_cl.getElementsByTagName('author')[-1].childNodes)
- self.nb_commits = len(dom_cl.getElementsByTagName('entry'))
- if not self.nb_commits:
- self.nb_commits = len(dom_cl.getElementsByTagName('logentry'))
+ try:
+ dom_cl = xml.dom.minidom.parse(file('web' + self.changelog + '.xml'))
+ except:
+ self.nb_commits = '?'
+ self.last_commit_author = '?'
+ else:
+ self.last_commit_author = getText(dom_cl.getElementsByTagName('author')[-1].childNodes)
+ self.nb_commits = len(dom_cl.getElementsByTagName('entry'))
+ if not self.nb_commits:
+ self.nb_commits = len(dom_cl.getElementsByTagName('logentry'))
@@ -205,7 +210,7 @@ for BUILDLOGS_DIR in ('build-logs', 'build-logs-wsf'):
day_dirs = os.listdir('web/%s/' % BUILDLOGS_DIR)
day_dirs.sort()
day_dirs.reverse()
- day_dirs = day_dirs[:20]
+ day_dirs = day_dirs[:60]
main_page = []
@@ -217,7 +222,7 @@ for BUILDLOGS_DIR in ('build-logs', 'build-logs-wsf'):
main_page.sort()
main_page.reverse()
- main_page = main_page[:20]
+ main_page = main_page[:50]
builds = []
for filename in main_page:
builds.append( Build(xml.dom.minidom.parse(filename)) )
@@ -255,6 +260,8 @@ for base, dirs, files in os.walk('web'):
src_file = os.path.join(base, filename)
dst_file = 'web-static/' + src_file[4:]
+ if os.path.isdir(src_file): continue
+
if os.path.exists(dst_file) and \
os.stat(dst_file)[stat.ST_MTIME] >= os.stat(src_file)[stat.ST_MTIME]:
continue
From 274670628f0adae7c547dd04c4017156025b5339 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 15:52:49 +0200
Subject: [PATCH 04/31] [Website] fix wrong structure for the news file about
release 2.3.0
---
website/web/news/15-release-2.3.0.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/website/web/news/15-release-2.3.0.xml b/website/web/news/15-release-2.3.0.xml
index de7355cf..439f3d83 100644
--- a/website/web/news/15-release-2.3.0.xml
+++ b/website/web/news/15-release-2.3.0.xml
@@ -9,10 +9,10 @@
What changed ?
-
This release contains many bugfixes, better support for profiles outside
+ This release contains many bugfixes, better support for profiles outside
of WebSSO (especially Attribute requests), better control over
signatures creation and validation, support for encrypted private
- keys, and improved Python, PHP5, Java, and Perl bindings.
+ keys, and improved Python, PHP5, Java, and Perl bindings.
From 31a26948bf6aec1d956d14291054a206f2756737 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 16:13:07 +0200
Subject: [PATCH 05/31] [Website] in convert-to-static.py, work around errors
in build logs
If Build() constructor fails, keep going.
---
website/convert-to-static.py | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/website/convert-to-static.py b/website/convert-to-static.py
index 83e61d93..a1107644 100644
--- a/website/convert-to-static.py
+++ b/website/convert-to-static.py
@@ -134,7 +134,6 @@ re_summary = re.compile('[a-z]+\.[0-9]{4}.xml')
if not os.path.exists('web-static'):
os.mkdir('web-static')
-
for BUILDLOGS_DIR in ('build-logs', 'build-logs-wsf'):
if not os.path.exists('web/%s' % BUILDLOGS_DIR):
continue
@@ -142,7 +141,7 @@ for BUILDLOGS_DIR in ('build-logs', 'build-logs-wsf'):
os.mkdir('web-static/%s' % BUILDLOGS_DIR)
for base, dirs, files in os.walk('web/%s' % BUILDLOGS_DIR):
- if base.endswith('/CVS') or base.endswith('/.svn'):
+ if base.endswith('/CVS') or base.endswith('/.svn') or base.endswith('/.git'):
continue
for dirname in dirs:
src_file = os.path.join(base, dirname)
@@ -225,9 +224,12 @@ for BUILDLOGS_DIR in ('build-logs', 'build-logs-wsf'):
main_page = main_page[:50]
builds = []
for filename in main_page:
- builds.append( Build(xml.dom.minidom.parse(filename)) )
- if len(builds) > 1 and builds[-2].date[:8] == builds[-1].date[:8]:
- builds[-1].display_date = ''
+ try:
+ builds.append( Build(xml.dom.minidom.parse(filename)) )
+ if len(builds) > 1 and builds[-2].date[:8] == builds[-1].date[:8]:
+ builds[-1].display_date = ''
+ except:
+ pass
fd = StringIO()
buildlog_template.generate(fd, {'build': builds})
@@ -260,7 +262,7 @@ for base, dirs, files in os.walk('web'):
src_file = os.path.join(base, filename)
dst_file = 'web-static/' + src_file[4:]
- if os.path.isdir(src_file): continue
+ if os.path.isdir(src_file): continue
if os.path.exists(dst_file) and \
os.stat(dst_file)[stat.ST_MTIME] >= os.stat(src_file)[stat.ST_MTIME]:
From 1681bc52eb445218ce05a5df5dde022ec5ee87e3 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 16:13:41 +0200
Subject: [PATCH 06/31] [Website] change position of Download block in right
bar
---
website/templates/base.ezt | 38 +++++++++++++++++++-------------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/website/templates/base.ezt b/website/templates/base.ezt
index ac877c72..ecdb0c8a 100644
--- a/website/templates/base.ezt
+++ b/website/templates/base.ezt
@@ -32,25 +32,6 @@
-[is section "download"]
-[else]
-
-
Download
-
- The most recent version of Lasso is 2.3 and was
- release on July 19th 2010.
-
-
Binary packages
-
- There are some Debian and Ubuntu packages (for lenny and karmic)
- available at deb.entrouvert.org.
-
-
Source
-
-
Wait for 2.3 updates of download links...
-
-
-[end]
Resources
@@ -71,6 +52,25 @@
[news]
[end]
+[is section "download"]
+[else]
+
+
Download
+
+ The most recent version of Lasso is 2.3 and was
+ release on July 19th 2010.
+
+
Binary packages
+
+ There are some Debian and Ubuntu packages (for lenny and karmic)
+ available at deb.entrouvert.org.
+
+
Source
+
+
Wait for 2.3 updates of download links...
+
+
+[end]
From 7f6331f73f6a63d8189a4a1c9e8bb44c878fcbb4 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 16:19:33 +0200
Subject: [PATCH 07/31] [Website] fix source and download links
The source repository is now the git repository on dev.entrouvert.org.
Latest source release is 2.3.0. And git browser is included in our
redmine.
---
website/templates/base.ezt | 6 ++++--
website/web/download/index.xml | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/website/templates/base.ezt b/website/templates/base.ezt
index ecdb0c8a..a75c992f 100644
--- a/website/templates/base.ezt
+++ b/website/templates/base.ezt
@@ -58,7 +58,7 @@
Download
The most recent version of Lasso is 2.3 and was
- release on July 19th 2010.
+ release on July 21th 2010.
Binary packages
@@ -67,7 +67,9 @@
Source
-
Wait for 2.3 updates of download links...
+ .tar.gz
+ Browse git repository
[end]
diff --git a/website/web/download/index.xml b/website/web/download/index.xml
index 45ed119b..cd81df8b 100644
--- a/website/web/download/index.xml
+++ b/website/web/download/index.xml
@@ -10,7 +10,7 @@
Lasso is licensed under the GNU GPL and the latest release
is available here as a gzipped tarball:
- lasso-2.3.0.tar.gz
+ lasso-2.3.0.tar.gz
Binary Downloads
From b8aa645569cb9baf44b03c80797c4146cc3f7e98 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 16:26:27 +0200
Subject: [PATCH 08/31] [Website] fix typos
---
website/templates/base.ezt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/website/templates/base.ezt b/website/templates/base.ezt
index a75c992f..2d49cee2 100644
--- a/website/templates/base.ezt
+++ b/website/templates/base.ezt
@@ -68,8 +68,8 @@
Source
.tar.gz
- Browse git repository
+ Git repository : http://dev.entrouvert.org/git/lasso.git
+ Browse git repository
[end]
From 66f314b191246aa3c17e00b44efe22f497d459d3 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 27 Jul 2010 16:28:16 +0200
Subject: [PATCH 09/31] [Website] update download link on front page
---
website/web/index.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/website/web/index.xml b/website/web/index.xml
index 0f30a3db..81b36d1b 100644
--- a/website/web/index.xml
+++ b/website/web/index.xml
@@ -46,10 +46,10 @@
- The most recent version of Lasso is 2.1.1. You can
+ The most recent version of Lasso is 2.3.0. You can
download
- the 2.1.1 tarball here or get more options on the general download
+ the 2.3.0 tarball here or get more options on the general download page.
From 72e581f8cfa70417477b60d0a5b4c80c475a2482 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Thu, 5 Aug 2010 14:07:02 +0200
Subject: [PATCH 10/31] [Core] fix change of enumeration value
This change broke the API, revert it.
---
lasso/id-ff/provider.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lasso/id-ff/provider.h b/lasso/id-ff/provider.h
index fc4a6fa1..c3566c00 100644
--- a/lasso/id-ff/provider.h
+++ b/lasso/id-ff/provider.h
@@ -128,8 +128,8 @@ typedef enum {
typedef enum {
LASSO_PROVIDER_ROLE_ANY = -1,
LASSO_PROVIDER_ROLE_NONE = 0,
- LASSO_PROVIDER_ROLE_IDP = 1,
- LASSO_PROVIDER_ROLE_SP = 2,
+ LASSO_PROVIDER_ROLE_SP = 1,
+ LASSO_PROVIDER_ROLE_IDP = 2,
LASSO_PROVIDER_ROLE_BOTH = 3,
LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY = 4,
LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY = 8,
From fc9c2738c680370edba577689e341a0e7c87a182 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 15:41:55 +0200
Subject: [PATCH 11/31] [SAMLv2] when AuthnRequest contains invalid attributes
returns INVALID_REQUEST not NO_DEFAULT_ENDPOINT
This is the right status to return.
---
lasso/saml-2.0/login.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 7b6cf3c7..e0582559 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -310,7 +310,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
(authn_request->AssertionConsumerServiceURL != NULL)) &&
(authn_request->AssertionConsumerServiceIndex != -1))
{
- rc = LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT;
+ rc = LASSO_PROFILE_ERROR_INVALID_REQUEST;
goto cleanup;
}
From 4b05610fa5c88dccb1d49d74e2bb2896af4dac4b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 15:43:09 +0200
Subject: [PATCH 12/31] [XML] use strtol instead of atoi to parse XSchema
integers
This commit also reject negative integers from being parsed (all integers
in SAMLv2 and ID-FFv1.2 schemas are positive integers).
---
lasso/xml/xml.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index f5339721..db20ac25 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -1295,7 +1295,15 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
*(void**)value = tmp;
tmp = NULL;
} else if (snippet->type & SNIPPET_INTEGER) {
- int val = atoi(tmp);
+ int val = strtol(tmp, NULL, 10);
+ if (((val == LONG_MIN || val == LONG_MAX) && errno == ERANGE)
+ || errno == EINVAL || val < 0) {
+ if (snippet->type & SNIPPET_OPTIONAL_NEG) {
+ val = -1;
+ } else {
+ val = 0;
+ }
+ }
(*(int*)value) = val;
trace_snippet(" setting integer %i for ", val);
xmlFree(tmp);
@@ -1356,7 +1364,15 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
continue;
if (snippet->type & SNIPPET_INTEGER) {
- int val = atoi(tmp);
+ int val = strtol(tmp, NULL, 10);
+ if (((val == LONG_MIN || val == LONG_MAX) && errno == ERANGE)
+ || errno == EINVAL || val < 0) {
+ if (snippet->type & SNIPPET_OPTIONAL_NEG) {
+ val = -1;
+ } else {
+ val = 0;
+ }
+ }
(*(int*)value) = val;
} else if (snippet->type & SNIPPET_BOOLEAN) {
int val = 0;
From fb8ed0e264bfc364a7dd30d41f1987b8b7cfb984 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 16:06:45 +0200
Subject: [PATCH 13/31] [Core] add structure to store endpoints type for
metadata files
This new C structure will allow to filter ID-FFv1.2 and SAMLv2 endpoints
more easily.
---
lasso/id-ff/providerprivate.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lasso/id-ff/providerprivate.h b/lasso/id-ff/providerprivate.h
index de3bc963..66b9ad08 100644
--- a/lasso/id-ff/providerprivate.h
+++ b/lasso/id-ff/providerprivate.h
@@ -41,6 +41,18 @@ typedef enum {
LASSO_PUBLIC_KEY_ENCRYPTION
} LassoPublicKeyType;
+/* This structure should allow to map ID-FFv1.2 and SAMLv2 endpoints */
+struct EndpointType_s {
+ LassoProviderRole role;
+ char *kind;
+ char *binding;
+ char *url;
+ char *return_url;
+ int index;
+ gboolean is_default;
+};
+typedef struct EndpointType_s EndpointType;
+
struct _LassoProviderPrivate
{
@@ -65,9 +77,9 @@ struct _LassoProviderPrivate
LassoEncryptionSymKeyType encryption_sym_key_type;
char *valid_until;
char *cache_duration;
+ GList *endpoints; /* of EndpointType_s */
};
-
gboolean lasso_provider_load_metadata(LassoProvider *provider, const gchar *metadata);
gboolean lasso_provider_load_metadata_from_buffer(LassoProvider *provider, const gchar *metadata);
int lasso_provider_verify_signature(LassoProvider *provider,
From 5c85507ffd906e9a3f15b1206f9cc0e56bc8a207 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 18:55:04 +0200
Subject: [PATCH 14/31] [Core] add destroy code for new private field endpoints
The contained string must be disallocated if the object is destroyed.
---
lasso/id-ff/provider.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index 9b713fe4..910c4aba 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -859,6 +859,13 @@ finalize(GObject *object)
/* instance and class init functions */
/*****************************************************************************/
+void
+lasso_endpoint_free(EndpointType *endpoint_type) {
+ g_free(endpoint_type->binding);
+ g_free(endpoint_type->url);
+ g_free(endpoint_type->kind);
+ g_free(endpoint_type->return_url);
+}
static void
instance_init(LassoProvider *provider)
@@ -881,6 +888,7 @@ instance_init(LassoProvider *provider)
provider->private_data->encryption_public_key = NULL;
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
provider->private_data->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_128;
+ lasso_release_list_of_full(provider->private_data->endpoints, lasso_endpoint_free);
/* no value_destroy_func since it shouldn't destroy the GList on insert */
provider->private_data->Descriptors = g_hash_table_new_full(
From 908d4288a0a7df793c104118dc921ba4b57a2bb8 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 18:57:25 +0200
Subject: [PATCH 15/31] [SAMLv2] rebuild specialized LassoProvider methods upon
new endpoints storage
The new way of storing endpoints allows to keep ordering between
endpoints with respect to the order of the index and isDefault field for
indexed endpoint type, and to the XML node orders for other endpoints.
It also simplifies the code.
---
lasso/saml-2.0/provider.c | 543 ++++++++++++++++++--------------------
1 file changed, 252 insertions(+), 291 deletions(-)
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 65bd579b..b532259e 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -53,8 +53,6 @@ const char *profile_names[LASSO_MD_PROTOCOL_TYPE_LAST] = {
"AttributeService" /*AttributeAuthorityDescriptor*/
};
-static void add_assertion_consumer_url_to_list(gchar *key, G_GNUC_UNUSED gpointer value, GList **list);
-
static const char*
binding_uri_to_identifier(const char *uri)
{
@@ -74,23 +72,21 @@ binding_uri_to_identifier(const char *uri)
return NULL;
}
-static const char*
-identifier_to_binding_uri(const char *identifier)
+static LassoHttpMethod
+binding_uri_to_http_method(const char *uri)
{
- if (strcmp(identifier, "SOAP") == 0) {
- return LASSO_SAML2_METADATA_BINDING_SOAP;
- } else if (strcmp(identifier, "HTTP-Redirect") == 0) {
- return LASSO_SAML2_METADATA_BINDING_REDIRECT;
- } else if (strcmp(identifier, "HTTP-POST") == 0) {
- return LASSO_SAML2_METADATA_BINDING_POST;
- } else if (strcmp(identifier, "HTTP-Artifact") == 0) {
- return LASSO_SAML2_METADATA_BINDING_ARTIFACT;
- } else if (strcmp(identifier, "PAOS") == 0) {
- return LASSO_SAML2_METADATA_BINDING_PAOS;
- } else if (strcmp(identifier, "URI") == 0) {
- return LASSO_SAML2_METADATA_BINDING_URI;
+ if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_SOAP) == 0) {
+ return LASSO_HTTP_METHOD_SOAP;
+ } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_REDIRECT) == 0) {
+ return LASSO_HTTP_METHOD_REDIRECT;
+ } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_POST) == 0) {
+ return LASSO_HTTP_METHOD_NONE;
+ } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_ARTIFACT) == 0) {
+ return LASSO_HTTP_METHOD_ARTIFACT_GET;
+ } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_PAOS) == 0) {
+ return LASSO_HTTP_METHOD_PAOS;
}
- return NULL;
+ return LASSO_HTTP_METHOD_NONE;
}
static gboolean
@@ -127,6 +123,87 @@ xsdIsFalse(xmlChar *value)
return FALSE;
}
+static gboolean
+xsdUnsignedShortParse(xmlChar *value, int *out) {
+ int l = strtol((char*)value, NULL, 10);
+
+ if (((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE) ||
+ errno == EINVAL || l < 0 || l >= 65535) {
+ return FALSE;
+ }
+ *out = l;
+ return TRUE;
+}
+
+static void
+load_endpoint_type2(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole role, int *counter)
+{
+ xmlChar *binding = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_BINDING);
+ xmlChar *location = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_LOCATION);
+ xmlChar *response_location = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_RESPONSE_LOCATION);
+ xmlChar *index = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_INDEX);
+ xmlChar *isDefault = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_ISDEFAULT);
+ gboolean indexed_endpoint = FALSE;
+ int idx = *counter++;
+ gboolean is_default = FALSE;
+ EndpointType *endpoint_type;
+
+ if (! binding || ! location) {
+ warning("Invalid endpoint node %s", (char*) xmlnode->name);
+ goto cleanup;
+ }
+ indexed_endpoint = checkSaml2MdNode(xmlnode, LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE);
+ if (indexed_endpoint) {
+ if (! xsdUnsignedShortParse(index, &idx)) {
+ warning("Invalid AssertionConsumerService, no index set");
+ goto cleanup;
+ }
+ is_default = xsdIsTrue(isDefault);
+ }
+ endpoint_type = g_new0(EndpointType, 1);
+ endpoint_type->kind = g_strdup((char*)xmlnode->name);
+ endpoint_type->binding = g_strdup((char*)binding);
+ endpoint_type->url = g_strdup((char*)location);
+ endpoint_type->return_url = g_strdup((char*)response_location);
+ endpoint_type->role = role;
+ endpoint_type->index = idx;
+ endpoint_type->is_default = is_default;
+ lasso_list_add(provider->private_data->endpoints, (void*)endpoint_type);
+
+cleanup:
+ lasso_release_xml_string(binding);
+ lasso_release_xml_string(location);
+ lasso_release_xml_string(response_location);
+ lasso_release_xml_string(isDefault);
+ lasso_release_xml_string(index);
+}
+
+static gint
+compare_endpoint_type(const EndpointType *a, const EndpointType *b) {
+ int c;
+
+ if (a->role < b->role)
+ return -1;
+ if (a->role > b->role)
+ return +1;
+ c = g_strcmp0(a->kind, b->kind);
+ if (c != 0)
+ return c;
+ c = g_strcmp0(a->binding, b->binding);
+ if (c != 0)
+ return c;
+ if (a->is_default && ! b->is_default)
+ return -1;
+ if (! a->is_default && b->is_default)
+ return +1;
+ if (a->index < b->index)
+ return -1;
+ if (a->index > b->index)
+ return +1;
+ return 0;
+}
+
+
static void
load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole role)
{
@@ -141,7 +218,7 @@ load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole
binding_s = binding_uri_to_identifier((char*)binding);
if (! binding_s) {
- message(G_LOG_LEVEL_CRITICAL, "XXX: unknown binding: %s", binding);
+ critical("XXX: unknown binding: %s", binding);
goto cleanup;
}
@@ -259,6 +336,7 @@ load_descriptor(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole rol
xmlChar *value;
LassoProviderPrivate *pdata = provider->private_data;
char *token, *saveptr;
+ int counter = 0;
/* check protocol support enumeration */
value = getSaml2MdProp(xmlnode,
@@ -290,6 +368,7 @@ load_descriptor(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole rol
attribute);
} else if (hasSaml2MdProp(t, LASSO_SAML2_METADATA_ATTRIBUTE_BINDING)) {
load_endpoint_type(t, provider, role);
+ load_endpoint_type2(t, provider, role, &counter);
} else {
value = xmlNodeGetContent(t);
_lasso_provider_add_metadata_value_for_role(provider, role, (char*)t->name,
@@ -298,6 +377,8 @@ load_descriptor(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole rol
}
t = xmlSecGetNextElementNode(t->next);
}
+ provider->private_data->endpoints = g_list_sort(provider->private_data->endpoints,
+ (GCompareFunc) compare_endpoint_type);
for (i = 0; descriptor_attrs[i]; i++) {
value = getSaml2MdProp(xmlnode, descriptor_attrs[i]);
if (value == NULL) {
@@ -403,226 +484,141 @@ lasso_saml20_provider_load_metadata(LassoProvider *provider, xmlNode *root_node)
}
LassoHttpMethod
-lasso_saml20_provider_get_first_http_method(LassoProvider *provider,
+lasso_saml20_provider_get_first_http_method(G_GNUC_UNUSED LassoProvider *provider,
LassoProvider *remote_provider, LassoMdProtocolType protocol_type)
{
- LassoHttpMethod method = LASSO_HTTP_METHOD_NONE;
- LassoProviderRole our_role = LASSO_PROVIDER_ROLE_SP;
- int i;
- const char *possible_bindings[] = {
- "HTTP-POST",
- "HTTP-Redirect",
- "HTTP-Artifact",
- "SOAP",
- "PAOS",
- NULL
- };
- LassoHttpMethod method_bindings[] = {
- LASSO_HTTP_METHOD_POST,
- LASSO_HTTP_METHOD_REDIRECT,
- LASSO_HTTP_METHOD_ARTIFACT_GET,
- LASSO_HTTP_METHOD_SOAP,
- LASSO_HTTP_METHOD_PAOS
- };
-
- switch (remote_provider->role) {
- case LASSO_PROVIDER_ROLE_IDP:
- our_role = LASSO_PROVIDER_ROLE_SP;
- break;
- case LASSO_PROVIDER_ROLE_SP:
- our_role = LASSO_PROVIDER_ROLE_IDP;
- break;
- default:
- return LASSO_HTTP_METHOD_NONE;
+ GList *t = NULL;
+ const char *kind = NULL;
+ LassoHttpMethod result = LASSO_HTTP_METHOD_NONE;
+
+ if (protocol_type < LASSO_MD_PROTOCOL_TYPE_LAST) {
+ kind = profile_names[protocol_type];
+ }
+ if (! kind) {
+ warning("Could not find a first http method for protocol type %u", protocol_type);
+ return LASSO_HTTP_METHOD_NONE;
}
- for (i=0; possible_bindings[i] && method == LASSO_HTTP_METHOD_NONE; i++) {
- char *s;
- const GList *l1, *l2;
- s = g_strdup_printf("%s %s",
- profile_names[protocol_type],
- possible_bindings[i]);
- l1 = lasso_provider_get_metadata_list_for_role(provider, our_role, s);
- l2 = lasso_provider_get_metadata_list(remote_provider, s);
- if (l1 && l2) {
- method = method_bindings[i];
+ lasso_foreach(t, remote_provider->private_data->endpoints) {
+ EndpointType *endpoint_type = (EndpointType*)t->data;
+ if (endpoint_type && g_strcmp0(endpoint_type->kind, kind) == 0) {
+ result = binding_uri_to_http_method(endpoint_type->binding);
+ if (result) break;
}
}
- return method;
+ return result;
+}
+
+gboolean
+lasso_saml20_provider_accept_http_method(G_GNUC_UNUSED LassoProvider *provider, LassoProvider *remote_provider,
+ LassoMdProtocolType protocol_type, LassoHttpMethod http_method,
+ G_GNUC_UNUSED gboolean initiate_profile)
+{
+ GList *t = NULL;
+ const char *kind = NULL;
+
+ if (protocol_type < LASSO_MD_PROTOCOL_TYPE_LAST) {
+ kind = profile_names[protocol_type];
+ }
+ if (! kind) {
+ warning("Could not find a first http method for protocol type %u", protocol_type);
+ return LASSO_HTTP_METHOD_NONE;
+ }
+
+ lasso_foreach(t, remote_provider->private_data->endpoints) {
+ EndpointType *endpoint_type = (EndpointType*)t->data;
+ if (endpoint_type && endpoint_type->role == remote_provider->role &&
+ g_strcmp0(endpoint_type->kind, kind) == 0) {
+ if (binding_uri_to_http_method(endpoint_type->binding) == http_method) {
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
}
gboolean
lasso_saml20_provider_check_assertion_consumer_service_url(LassoProvider *provider, const gchar *url, const gchar *binding)
{
- GHashTable *descriptor;
- GList *l = NULL, *r = NULL, *candidate = NULL;
- char *name;
- const char *binding_s = NULL;
- int lname;
+ GList *t = NULL;
- descriptor = provider->private_data->Descriptors;
- if (descriptor == NULL || url == NULL || binding == NULL)
- return FALSE;
-
- binding_s = binding_uri_to_identifier(binding);
- if (binding_s == NULL) {
- return FALSE;
- }
-
- g_hash_table_foreach(descriptor,
- (GHFunc)add_assertion_consumer_url_to_list,
- &r);
-
- name = g_strdup_printf(LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE
- " %s ", binding_s);
- lname = strlen(name);
- for (l = r; l; l = g_list_next(l)) {
- char *b = l->data;
- if (strncmp(name, b, lname) == 0) {
- candidate = lasso_provider_get_metadata_list_for_role(provider, LASSO_PROVIDER_ROLE_SP, b);
- if (candidate && candidate->data && strcmp(candidate->data, url) == 0)
- break;
- else
- candidate = NULL;
+ lasso_foreach (provider->private_data->endpoints, t) {
+ EndpointType *endpoint_type = (EndpointType*) t->data;
+ if (endpoint_type && endpoint_type->role == LASSO_PROVIDER_ROLE_SP
+ && g_strcmp0(endpoint_type->url, url) == 0
+ && g_strcmp0(endpoint_type->binding, binding) == 0)
+ {
+ return TRUE;
}
}
- lasso_release(name);
- lasso_release_list(r);
-
- if (candidate)
- return TRUE;
- else
- return FALSE;
+ return FALSE;
}
+static const char *supported_assertion_consumer_bindings[] = { LASSO_SAML2_METADATA_BINDING_POST,
+ LASSO_SAML2_METADATA_BINDING_ARTIFACT, NULL };
+
+static gboolean match_any(const char *key, const char *array[]) {
+ const char **t = array;
+
+ while (*t) {
+ if (g_strcmp0(key, *t) == 0) {
+ return TRUE;
+ }
+ t++;
+ }
+ return FALSE;
+}
+
+static EndpointType *
+lasso_saml20_provider_get_assertion_consumer_service(LassoProvider *provider, int service_id)
+{
+ const char *kind = LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE;
+ GList *t = NULL;
+ EndpointType *result = NULL;
+
+ if (service_id != -1) {
+ lasso_foreach(t, provider->private_data->endpoints) {
+ EndpointType *endpoint_type = (EndpointType*) t->data;
+ if (! endpoint_type)
+ continue;
+ if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
+ g_strcmp0(endpoint_type->kind, kind) == 0 &&
+ endpoint_type->index == service_id)
+ {
+ result = endpoint_type;
+ break;
+ }
+ }
+ } else { /* lookup a default supported endpoint type */
+ lasso_foreach(t, provider->private_data->endpoints) {
+ EndpointType *endpoint_type = (EndpointType*) t->data;
+ if (! endpoint_type)
+ continue;
+ if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
+ g_strcmp0(endpoint_type->kind, kind) == 0 &&
+ match_any(endpoint_type->binding,
+ supported_assertion_consumer_bindings))
+ {
+ result = endpoint_type;
+ break;
+ }
+ }
+ }
+ return result;
+}
+
+
gchar*
lasso_saml20_provider_get_assertion_consumer_service_url(LassoProvider *provider,
int service_id)
{
- GList *l = NULL;
- char *sid;
- char *name;
- const char *possible_bindings[] = {
- "HTTP-Artifact",
- "HTTP-POST",
- NULL
- };
- int i;
-
- if (service_id == -1) {
- sid = g_strdup(provider->private_data->default_assertion_consumer);
- } else {
- sid = g_strdup_printf("%d", service_id);
+ EndpointType *endpoint_type = lasso_saml20_provider_get_assertion_consumer_service(provider, service_id);
+ if (endpoint_type)
+ {
+ return g_strdup(endpoint_type->url);
}
-
- for (i=0; possible_bindings[i]; i++) {
- name = g_strdup_printf(LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE
- " %s %s",
- possible_bindings[i], sid);
- l = lasso_provider_get_metadata_list_for_role(provider,
- LASSO_PROVIDER_ROLE_SP,
- name);
- lasso_release_string(name);
- if (l != NULL)
- break;
- }
- lasso_release_string(sid);
- if (l)
- return g_strdup(l->data);
- return NULL;
-}
-
-#define ACS_KEY "sp " LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE
-
-static void
-add_assertion_consumer_url_to_list(gchar *key, G_GNUC_UNUSED gpointer value, GList **list)
-{
- if (strncmp(key, ACS_KEY, sizeof(ACS_KEY)-1) == 0) {
- lasso_list_add_new_string(*list, key);
- }
-}
-
-struct HelperBindingByUrl {
- const char *binding;
- const char *url;
-};
-
-void
-helper_binding_by_url(char *key, GList *value, struct HelperBindingByUrl *data)
-{
- if (strncmp(key, ACS_KEY, sizeof(ACS_KEY)-1) != 0) {
- return;
- }
-
- if (data->binding == NULL && g_list_find_custom(value, data->url, (GCompareFunc)g_strcmp0) != NULL) {
- char *end;
- // URL was found for the first time
- key += sizeof(ACS_KEY);
- end = strchr(key, ' ');
- if (end) {
- key = g_strndup(key, (ptrdiff_t)(end-key));
- data->binding = identifier_to_binding_uri(key);
- lasso_release(key);
- } else {
- data->binding = identifier_to_binding_uri(key);
- }
- }
-
-}
-
-const gchar*
-lasso_saml20_provider_get_assertion_consumer_service_binding_by_url(LassoProvider *provider, const char *url)
-{
- struct HelperBindingByUrl _helper_binding_by_url = { .binding = NULL, .url = url };
-
- g_hash_table_foreach(provider->private_data->Descriptors, (GHFunc)helper_binding_by_url,
- &_helper_binding_by_url);
-
- return _helper_binding_by_url.binding;
-}
-
-gchar*
-lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(LassoProvider *provider,
- const gchar *binding)
-{
- GHashTable *descriptor;
- GList *l = NULL, *r = NULL;
- char *name;
- const char *binding_s = NULL;
- int lname;
-
- descriptor = provider->private_data->Descriptors;
- if (descriptor == NULL)
- return NULL;
-
- binding_s = binding_uri_to_identifier(binding);
- if (binding_s == NULL) {
- return NULL;
- }
-
- g_hash_table_foreach(descriptor,
- (GHFunc)add_assertion_consumer_url_to_list,
- &r);
-
- name = g_strdup_printf("sp "
- LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE
- " %s ", binding_s);
- lname = strlen(name);
- for (l = r; l; l = g_list_next(l)) {
- char *b = l->data;
- if (strncmp(name, b, lname) == 0) {
- l = g_hash_table_lookup(descriptor, b);
- break;
- }
- }
- lasso_release_string(name);
- lasso_release_list(r);
-
- if (l) {
- return g_strdup(l->data);
- }
-
return NULL;
}
@@ -630,88 +626,53 @@ gchar*
lasso_saml20_provider_get_assertion_consumer_service_binding(LassoProvider *provider,
int service_id)
{
- GHashTable *descriptor;
- GList *l = NULL;
- char *sid;
- char *name;
- char *binding = NULL;
- const char *possible_bindings[] = {
- "HTTP-POST",
- "HTTP-Redirect",
- "HTTP-Artifact",
- "SOAP",
- NULL
- };
- int i;
-
- if (service_id == -1) {
- sid = g_strdup(provider->private_data->default_assertion_consumer);
- } else {
- sid = g_strdup_printf("%d", service_id);
+ EndpointType *endpoint_type = lasso_saml20_provider_get_assertion_consumer_service(provider, service_id);
+ if (endpoint_type)
+ {
+ return g_strdup(binding_uri_to_identifier(endpoint_type->binding));
}
- descriptor = provider->private_data->Descriptors;
- if (descriptor == NULL)
- return NULL;
-
- for (i=0; possible_bindings[i]; i++) {
- name = g_strdup_printf(LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE
- " %s %s",
- possible_bindings[i], sid);
- l = lasso_provider_get_metadata_list_for_role(provider, LASSO_PROVIDER_ROLE_SP, name);
- lasso_release_string(name);
- if (l != NULL) {
- binding = g_strdup(possible_bindings[i]);
- break;
- }
- }
- lasso_release_string(sid);
- return binding;
+ return NULL;
}
-gboolean
-lasso_saml20_provider_accept_http_method(LassoProvider *provider, LassoProvider *remote_provider,
- LassoMdProtocolType protocol_type, LassoHttpMethod http_method,
- gboolean initiate_profile)
+const gchar*
+lasso_saml20_provider_get_assertion_consumer_service_binding_by_url(LassoProvider *provider, const char *url)
{
- char *protocol_profile;
- static const char *http_methods[] = {
- NULL,
- NULL,
- NULL,
- NULL,
- "HTTP-POST",
- "HTTP-Redirect",
- "SOAP",
- "HTTP-Artifact",
- "HTTP-Artifact",
- NULL
- };
- gboolean rc = FALSE;
- LassoProviderRole initiating_role;
+ const char *kind = LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE;
+ GList *t = NULL;
- initiating_role = remote_provider->role;
- if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
- provider->role = LASSO_PROVIDER_ROLE_IDP;
+ lasso_foreach(t, provider->private_data->endpoints) {
+ EndpointType *endpoint_type = (EndpointType*) t->data;
+ if (! endpoint_type)
+ continue;
+ if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
+ g_strcmp0(endpoint_type->kind, kind) == 0 &&
+ g_strcmp0(endpoint_type->url, url) == 0)
+ {
+ return endpoint_type->binding;
+ }
}
- if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP) {
- provider->role = LASSO_PROVIDER_ROLE_SP;
+ return NULL;
+}
+
+gchar*
+lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(LassoProvider *provider,
+ const gchar *binding)
+{
+ const char *kind = LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE;
+ GList *t = NULL;
+
+ lasso_foreach(t, provider->private_data->endpoints) {
+ EndpointType *endpoint_type = (EndpointType*) t->data;
+ if (! endpoint_type)
+ continue;
+ if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
+ g_strcmp0(endpoint_type->kind, kind) == 0 &&
+ g_strcmp0(endpoint_type->binding, binding) == 0)
+ {
+ return endpoint_type->url;
+ }
}
- if (initiate_profile)
- initiating_role = provider->role;
-
- /* exclude bad input */
- if (http_method > (int)G_N_ELEMENTS(http_methods) || http_method < 0 || http_methods[http_method+1] == NULL) {
- return FALSE;
- }
-
- protocol_profile = g_strdup_printf("%s %s", profile_names[protocol_type],
- http_methods[http_method+1]);
-
- /* just check if remote provider can receive the request, remote provider will have to check
- * how to return the response itself */
- rc = (lasso_provider_get_metadata_list(remote_provider, protocol_profile) != NULL);
- lasso_release_string(protocol_profile);
- return rc;
+ return NULL;
}
/**
From 2ab81b8e6f7870f650e41bf183c27cdbf7b6ef84 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 19:00:36 +0200
Subject: [PATCH 16/31] [SAMLv2] replace use of
lasso_provider_get_default_name_id_format with direct use of
lasso_provider_get_metadata_one_for_role
The first is trying to use provider->role to know which kind of role
descriptor to lookup, but for the server object this field is 0 and when
building authn request we know that we want our default NameIDFormat for
the SP sso descriptor.
---
lasso/saml-2.0/login.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index e0582559..60b71d6b 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -91,7 +91,8 @@ lasso_saml20_login_init_authn_request(LassoLogin *login, LassoHttpMethod http_me
lasso_samlp2_name_id_policy_new());
/* set name id policy format */
/* no need to check server, done in init_request */
- default_name_id_format = lasso_provider_get_default_name_id_format(&profile->server->parent);
+ default_name_id_format = lasso_provider_get_metadata_one_for_role(&profile->server->parent,
+ LASSO_PROVIDER_ROLE_SP, "NameIDFormat");
if (default_name_id_format) {
/* steal the string */
lasso_assign_new_string(LASSO_SAMLP2_AUTHN_REQUEST(request)->NameIDPolicy->Format,
From 3769decc5842c141ffbe6816898448f5806902be Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 19:02:01 +0200
Subject: [PATCH 17/31] [SAMLv2] fix string in comment
---
lasso/saml-2.0/login.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 60b71d6b..02113a42 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -319,7 +319,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
protocol_binding = authn_request->ProtocolBinding;
if (protocol_binding == NULL && authn_request->AssertionConsumerServiceIndex) {
/* protocol binding not set; so it will look into
- * AssertionConsumingServiceIndex
+ * AssertionConsumerServiceIndex
* Also, if AssertionConsumerServiceIndex is not set in request,
* its value will be -1, which is just the right value to get
* default assertion consumer... (convenient)
From 88236da2d2d23184cbd927720127dfb6da24b363 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 25 Aug 2010 19:02:22 +0200
Subject: [PATCH 18/31] [SAMLv2] mark Redirect binding as an invalid binding
for return AuthnResponse
This is really not supported by the SAMLv2 protocol.
---
lasso/saml-2.0/login.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 02113a42..80b98131 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -361,6 +361,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
} else if (g_strcmp0(protocol_binding,
LASSO_SAML2_METADATA_BINDING_REDIRECT) == 0) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT;
+ goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE);
} else if (g_strcmp0(protocol_binding, LASSO_SAML2_METADATA_BINDING_PAOS) == 0) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP;
} else {
From 8ebeeb9a361d6bb9f7f74039eef9feb320feeb17 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 31 Aug 2010 11:36:33 +0200
Subject: [PATCH 19/31] [DOAP] fix typos
Tags were badly formatted.
---
lasso.doap | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lasso.doap b/lasso.doap
index 8e002c49..d07f0eff 100644
--- a/lasso.doap
+++ b/lasso.doap
@@ -1,4 +1,4 @@
-
Liberty Alliance ID-FF 1.2
-
OASIS SAML 2.0
-
From 35ff3d6950e6428c3a6c3d7b275313db2412aafa Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 1 Sep 2010 12:41:28 +0200
Subject: [PATCH 20/31] [Strings] add string constant for the internal XML
attributes used in dumps
Add string constants for signature method, signature type, private key
(file path or content), private key password and certificate (file path
or content).
Add cast for xmlChar constant strings definition in python bindings, it
assumed all constant strings were char*.
---
bindings/java/lang.py | 2 +-
bindings/perl/lang.py | 2 +-
bindings/php5/wrapper_source.py | 2 +-
bindings/python/lang.py | 2 +-
lasso/xml/strings.h | 35 +++++++++++++++++++++++++++++++++
5 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/bindings/java/lang.py b/bindings/java/lang.py
index 904aff78..47d5a3b5 100644
--- a/bindings/java/lang.py
+++ b/bindings/java/lang.py
@@ -364,7 +364,7 @@ protected static native void destroy(long cptr);
elif c[0] == 's':
print >>fd, wrapper_decl(s,'jstring')
print >>fd, ') {'
- print >>fd, ' return (*env)->NewStringUTF(env, %s);' % c[1]
+ print >>fd, ' return (*env)->NewStringUTF(env, (char*) %s);' % c[1]
print >>fd, '}'
elif c[0] == 'b':
print >>fd, wrapper_decl(s,'jboolean')
diff --git a/bindings/perl/lang.py b/bindings/perl/lang.py
index 0d3e4f8b..7390ecb4 100644
--- a/bindings/perl/lang.py
+++ b/bindings/perl/lang.py
@@ -223,7 +223,7 @@ INCLUDE: LassoNode.xs
if type == 'i':
self.xs.pn('ct = newSViv(%s);' % name)
elif type == 's':
- self.xs.pn('ct = newSVpv(%s, 0);' % name)
+ self.xs.pn('ct = newSVpv((char*)%s, 0);' % name)
elif type == 'b': # only one case LASSO_WSF_ENABLED
self.xs.unindent()
self.xs.pn('''#ifdef %s
diff --git a/bindings/php5/wrapper_source.py b/bindings/php5/wrapper_source.py
index 9b2698f2..7148fd9c 100644
--- a/bindings/php5/wrapper_source.py
+++ b/bindings/php5/wrapper_source.py
@@ -76,7 +76,7 @@ PHP_MINIT_FUNCTION(lasso)
if c[0] == 'i':
print >> self.fd, ' REGISTER_LONG_CONSTANT("%s", %s, CONST_CS|CONST_PERSISTENT);' % (c[1], c[1])
elif c[0] == 's':
- print >> self.fd, ' REGISTER_STRING_CONSTANT("%s", %s, CONST_CS|CONST_PERSISTENT);' % (c[1], c[1])
+ print >> self.fd, ' REGISTER_STRING_CONSTANT("%s", (char*) %s, CONST_CS|CONST_PERSISTENT);' % (c[1], c[1])
elif c[0] == 'b':
print >> self.fd, '''\
#ifdef %s
diff --git a/bindings/python/lang.py b/bindings/python/lang.py
index ab987266..8be92e39 100644
--- a/bindings/python/lang.py
+++ b/bindings/python/lang.py
@@ -692,7 +692,7 @@ register_constants(PyObject *d)
if c[0] == 'i':
print >> fd, ' obj = PyInt_FromLong(%s);' % c[1]
elif c[0] == 's':
- print >> fd, ' obj = PyString_FromString(%s);' % c[1]
+ print >> fd, ' obj = PyString_FromString((char*)%s);' % c[1]
elif c[0] == 'b':
print >> fd, '''\
#ifdef %s
diff --git a/lasso/xml/strings.h b/lasso/xml/strings.h
index 9638e9c1..097eac7d 100644
--- a/lasso/xml/strings.h
+++ b/lasso/xml/strings.h
@@ -131,6 +131,41 @@
*/
#define LASSO_PYTHON_HREF "http://www.entrouvert.org/namespaces/python/0.0"
+/**
+ * LASSO_SIGNATURE_TYPE_ATTRIBUTE:
+ *
+ * Attribute name for the Lasso signature type attribute.
+ */
+#define LASSO_SIGNATURE_TYPE_ATTRIBUTE BAD_CAST "SignatureType"
+
+/**
+ * LASSO_SIGNATURE_METHOD_ATTRIBUTE:
+ *
+ * Attribute name for the Lasso signature type attribute.
+ */
+#define LASSO_SIGNATURE_METHOD_ATTRIBUTE BAD_CAST "SignatureMethod"
+
+/**
+ * LASSO_PRIVATE_KEY_ATTRIBUTE:
+ *
+ * Attribute name for the Lasso private key attribute.
+ */
+#define LASSO_PRIVATE_KEY_ATTRIBUTE BAD_CAST "PrivateKey"
+
+/**
+ * LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE:
+ *
+ * Attribute name for the Lasso private key attribute.
+ */
+#define LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE BAD_CAST "PrivateKeyPassword"
+
+/**
+ * LASSO_CERTIFICATE_ATTRIBUTE:
+ *
+ * Attribute name for the Lasso private key attribute.
+ */
+#define LASSO_CERTIFICATE_ATTRIBUTE BAD_CAST "Certificate"
+
/*****************************************************************************/
/* Liberty Alliance ID-FF */
/*****************************************************************************/
From c3985f6f6dae132088d2541d798be1ed17714288 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 1 Sep 2010 12:42:40 +0200
Subject: [PATCH 21/31] [Core] add LAST enum values to LassoSignatureMethod and
LassoSignatureType enumerations
It helps making range checks.
---
lasso/xml/tools.c | 4 ++++
lasso/xml/xml.h | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index 523a7dda..38f81dd6 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -518,6 +518,8 @@ lasso_query_sign(char *query, LassoSignatureMethod sign_method, const char *priv
new_query = g_strdup_printf("%s&SigAlg=%s", query, t);
xmlFree(t);
break;
+ case LASSO_SIGNATURE_METHOD_LAST:
+ g_assert_not_reached();
}
/* build buffer digest */
@@ -568,6 +570,8 @@ lasso_query_sign(char *query, LassoSignatureMethod sign_method, const char *priv
case LASSO_SIGNATURE_METHOD_DSA_SHA1:
s_new_query = g_strdup_printf("%s&Signature=%s", new_query, e_b64_sigret);
break;
+ case LASSO_SIGNATURE_METHOD_LAST:
+ g_assert_not_reached();
}
done:
diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h
index 06709c02..d4283956 100644
--- a/lasso/xml/xml.h
+++ b/lasso/xml/xml.h
@@ -84,7 +84,8 @@ typedef enum {
typedef enum {
LASSO_SIGNATURE_TYPE_NONE = 0,
LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_TYPE_WITHX509
+ LASSO_SIGNATURE_TYPE_WITHX509,
+ LASSO_SIGNATURE_TYPE_LAST
} LassoSignatureType;
@@ -97,7 +98,8 @@ typedef enum {
**/
typedef enum {
LASSO_SIGNATURE_METHOD_RSA_SHA1 = 1,
- LASSO_SIGNATURE_METHOD_DSA_SHA1
+ LASSO_SIGNATURE_METHOD_DSA_SHA1,
+ LASSO_SIGNATURE_METHOD_LAST
} LassoSignatureMethod;
From 5f5942a4dd209a6c608aa67f3af4b62c2be9bdf0 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 1 Sep 2010 12:43:49 +0200
Subject: [PATCH 22/31] [Core] add private function to read an integer
attribute
This function does integer parsing and range checks, it returns TRUE if
all goes well.
---
lasso/xml/xml.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index f5339721..6fbe700e 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -1129,6 +1129,27 @@ _lasso_node_collect_namespaces(GHashTable **namespaces, xmlNode *node)
}
}
+gboolean
+lasso_get_integer_attribute(xmlNode *node, xmlChar *attribute_name, xmlChar *ns_href, int *integer, long int low, long int high) {
+ xmlChar *content = NULL;
+ gboolean rc = FALSE;
+ long int what;
+
+ g_assert (integer);
+ content = xmlGetNsProp(node, attribute_name, ns_href);
+ if (! content)
+ goto cleanup;
+ if (! lasso_string_to_xsd_integer((char*)content, &what))
+ goto cleanup;
+ if (*integer < low || *integer >= high)
+ goto cleanup;
+ *integer = what;
+ rc = TRUE;
+cleanup:
+ lasso_release_xml_string(content);
+ return rc;
+}
+
/** FIXME: return a real error code */
static int
lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
From 90fda9d5564dfc690e5df9c9085bf534f918b2e8 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 1 Sep 2010 12:44:42 +0200
Subject: [PATCH 23/31] [Core] load signature parameters
Generic signature parameters (attached as qdata to nodes) is now
reloaded when initializing a node from XML for a node type with a
signature snippet in its metadatas.
It fixes the problematic usage of ciphered private keys with the
HTTP-Artifact binding (which needs to keep a copy of the AuthnResponse
around and to sign it later).
---
lasso/xml/xml.c | 54 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 49 insertions(+), 5 deletions(-)
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index 6fbe700e..5dbc010b 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -1162,6 +1162,7 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
struct XmlSnippet *snippet_any = NULL;
struct XmlSnippet *snippet_any_attribute = NULL;
struct XmlSnippet *snippet_collect_namespaces = NULL;
+ struct XmlSnippet *snippet_signature = NULL;
GSList *unknown_nodes = NULL;
GSList *known_attributes = NULL;
gboolean keep_xmlnode = FALSE;
@@ -1363,6 +1364,10 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
snippet_collect_namespaces = snippet;
}
+ if (type == SNIPPET_SIGNATURE) {
+ snippet_signature = snippet;
+ }
+
if (type == SNIPPET_ATTRIBUTE) {
if (snippet->type & SNIPPET_ANY) {
snippet_any_attribute = snippet;
@@ -1411,6 +1416,44 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
_lasso_node_collect_namespaces(value, xmlnode);
}
+ /* Collect signature parameters */
+ {
+ LassoSignatureMethod method;
+ LassoSignatureType type;
+ xmlChar *private_key = NULL;
+ xmlChar *private_key_password = NULL;
+ xmlChar *certificate = NULL;
+
+ while (snippet_signature) {
+ int what;
+ if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE,
+ BAD_CAST LASSO_LIB_HREF, &what,
+ LASSO_SIGNATURE_METHOD_RSA_SHA1,
+ LASSO_SIGNATURE_METHOD_LAST))
+ break;
+ method = what;
+ if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE,
+ BAD_CAST LASSO_LIB_HREF, &what, LASSO_SIGNATURE_TYPE_NONE+1,
+ LASSO_SIGNATURE_TYPE_LAST))
+ break;
+ type = what;
+ private_key = xmlGetNsProp(xmlnode, LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE,
+ BAD_CAST LASSO_LIB_HREF);
+ if (! private_key)
+ break;
+ private_key = xmlGetNsProp(xmlnode, LASSO_PRIVATE_KEY_ATTRIBUTE, BAD_CAST
+ LASSO_LIB_HREF);
+ certificate = xmlGetNsProp(xmlnode, LASSO_CERTIFICATE_ATTRIBUTE, BAD_CAST
+ LASSO_LIB_HREF);
+ lasso_node_set_signature(node, type,
+ method, (char*) private_key, (char*) private_key_password, (char*) certificate);
+ }
+ lasso_release_xml_string(private_key);
+ lasso_release_xml_string(private_key_password);
+ lasso_release_xml_string(certificate);
+ }
+
+ /* Collect other children */
if (unknown_nodes && snippet_any) {
xmlNode *t = unknown_nodes->data;
void *tmp;
@@ -1419,6 +1462,7 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
(*(char**)value) = tmp;
}
+ /* Collect other attributes */
if (snippet_any_attribute) {
GHashTable **any_attribute;
GSList *tmp_attr;
@@ -1638,15 +1682,15 @@ lasso_node_impl_get_xmlNode(LassoNode *node, gboolean lasso_dump)
if (private_key) {
ns = get_or_define_ns(xmlnode, BAD_CAST LASSO_LASSO_HREF);
sprintf(buffer, "%u", type);
- xmlSetNsProp(xmlnode, ns, BAD_CAST "SignatureType", BAD_CAST buffer);
+ xmlSetNsProp(xmlnode, ns, LASSO_SIGNATURE_TYPE_ATTRIBUTE, BAD_CAST buffer);
sprintf(buffer, "%u", method);
- xmlSetNsProp(xmlnode, ns, BAD_CAST "SignatureMethod", BAD_CAST buffer);
- xmlSetNsProp(xmlnode, ns, BAD_CAST "PrivateKey", BAD_CAST private_key);
+ xmlSetNsProp(xmlnode, ns, LASSO_SIGNATURE_METHOD_ATTRIBUTE, BAD_CAST buffer);
+ xmlSetNsProp(xmlnode, ns, LASSO_PRIVATE_KEY_ATTRIBUTE, BAD_CAST private_key);
if (private_key_password) {
- xmlSetNsProp(xmlnode, ns, BAD_CAST "PrivateKeyPassword", BAD_CAST private_key_password);
+ xmlSetNsProp(xmlnode, ns, LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE, BAD_CAST private_key_password);
}
if (certificate) {
- xmlSetNsProp(xmlnode, ns, BAD_CAST "Certificate", BAD_CAST certificate);
+ xmlSetNsProp(xmlnode, ns, LASSO_CERTIFICATE_ATTRIBUTE, BAD_CAST certificate);
}
}
}
From edd618319cca334a311ad31103d8a24cb7701ef8 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 1 Sep 2010 12:49:38 +0200
Subject: [PATCH 24/31] [SAMLv2] make lasso_saml20_profile_generate_artifact a
static function
It is only used in lasso/saml-2.0/profile.c anyway.
---
lasso/saml-2.0/profile.c | 3 ++-
lasso/saml-2.0/profileprivate.h | 1 -
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index bcefee3c..6ff5b37a 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -62,6 +62,7 @@ static gint lasso_profile_saml20_build_artifact_post_response_msg(LassoProfile *
const char *service);
static gboolean has_signature(LassoNode *node, LassoSignatureMethod *signature_method,
char **private_key_file, char **private_key_password);
+static char* lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part);
#define check_msg_body \
if (! profile->msg_body) { \
@@ -152,7 +153,7 @@ http_method_to_binding(LassoHttpMethod method) {
*
* Return value: the generated artifact (internally allocated, don't free)
**/
-char*
+static char*
lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part)
{
lasso_assign_new_string(profile->private_data->artifact,
diff --git a/lasso/saml-2.0/profileprivate.h b/lasso/saml-2.0/profileprivate.h
index c3968aa3..54e3a336 100644
--- a/lasso/saml-2.0/profileprivate.h
+++ b/lasso/saml-2.0/profileprivate.h
@@ -40,7 +40,6 @@ extern "C" {
int lasso_saml20_profile_init_request(LassoProfile *profile, const char *remote_provider_id,
gboolean first_in_session, LassoSamlp2RequestAbstract *request_abstract,
LassoHttpMethod http_method, LassoMdProtocolType protocol_type);
-char* lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part);
#define lasso_saml20_profile_set_response_status_success(profile, code2) \
lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS, code2)
#define lasso_saml20_profile_set_response_status_responder(profile, code2) \
From 4178cbef13b2fbb2feb0f9c8ca6d691ffc060b2d Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 1 Sep 2010 13:03:42 +0200
Subject: [PATCH 25/31] [SAMLv2] change the way content is stored and loaded
for the HTTP-Artifact binding
Previously content was stored as the result of lasso_node_dump method
then reloaded, and then serialized again as part of the ArtifactResponse
message. lasso_node_dump was ignoring all hint to sign node, but keeping
the needed parameters around. That's not what must be done, the
signature should happen at the generation of the artifact and the result
must manipulated as is (i.e. XML content) and never moved back to the
land of LassoNode objects.
Now the content is:
- first removed of any signature at the message level, because the
ArtifactResponse will take care of this, (any signature under this
level (like at the assertion) is kept),
- serialized using lasso_node_export_to_xml,
- reloaded using lasso_xml_parse_memory,
- and put into the ArtifactResponse using a
lasso_misc_text_node_new_with_xml_node.
---
lasso/saml-2.0/profile.c | 49 +++++++++++++++++++++++++---------------
1 file changed, 31 insertions(+), 18 deletions(-)
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 6ff5b37a..507a35b5 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -46,6 +46,7 @@
#include "../xml/saml-2.0/samlp2_status_response.h"
#include "../xml/saml-2.0/samlp2_response.h"
#include "../xml/saml-2.0/saml2_assertion.h"
+#include "../xml/misc_text_node.h"
#include "../utils.h"
#include "../debug.h"
@@ -156,17 +157,21 @@ http_method_to_binding(LassoHttpMethod method) {
static char*
lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part)
{
+ LassoNode *what = NULL;
lasso_assign_new_string(profile->private_data->artifact,
lasso_saml20_profile_build_artifact(&profile->server->parent));
if (part == 0) {
- lasso_assign_new_string(profile->private_data->artifact_message,
- lasso_node_dump(profile->request));
+ what = profile->request;
} else if (part == 1) {
- lasso_assign_new_string(profile->private_data->artifact_message,
- lasso_node_dump(profile->response));
+ what = profile->response;
} else {
/* XXX: RequestDenied here? */
}
+ /* Remove signature at the response level, if needed if will be on the ArtifactResponse */
+ lasso_node_remove_signature(what);
+ /* Keep an XML copy of the response for later retrieval */
+ lasso_assign_new_string(profile->private_data->artifact_message,
+ lasso_node_export_to_xml(what));
return profile->private_data->artifact;
}
@@ -379,34 +384,42 @@ int
lasso_saml20_profile_build_artifact_response(LassoProfile *profile)
{
LassoSamlp2StatusResponse *response = NULL;
- LassoNode *resp = NULL;
int rc = 0;
if ( ! LASSO_IS_SAMLP2_REQUEST_ABSTRACT(profile->request)) {
return LASSO_PROFILE_ERROR_MISSING_REQUEST;
}
+ /* Setup the response */
response = LASSO_SAMLP2_STATUS_RESPONSE(lasso_samlp2_artifact_response_new());
- if (profile->private_data->artifact_message) {
- resp = lasso_node_new_from_dump(profile->private_data->artifact_message);
- lasso_assign_new_gobject(LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any, resp);
- }
+ lasso_assign_new_gobject(profile->response, response);
response->ID = lasso_build_unique_id(32);
lasso_assign_string(response->Version, "2.0");
response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
response->IssueInstant = lasso_get_current_time();
lasso_assign_string(response->InResponseTo, LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
+ /* Add content */
+ if (profile->private_data->artifact_message) {
+ xmlDoc *doc;
+ xmlNode *node;
+ char *content = profile->private_data->artifact_message;
+ doc = lasso_xml_parse_memory(content, strlen(content));
+ if (doc) {
+ node = xmlDocGetRootElement(doc);
+ lasso_assign_new_gobject(LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any,
+ lasso_misc_text_node_new_with_xml_node(node));
+ lasso_release_doc(doc);
+ lasso_saml20_profile_set_response_status(profile,
+ LASSO_SAML2_STATUS_CODE_SUCCESS, NULL);
+ } else {
+ lasso_saml20_profile_set_response_status(profile,
+ LASSO_SAML2_STATUS_CODE_REQUESTER, NULL);
+ }
+ }
+ /* Setup the signature */
lasso_check_good_rc(lasso_profile_saml20_setup_message_signature(profile,
(LassoNode*)response));
- lasso_assign_new_gobject(profile->response, LASSO_NODE(response));
-
- if (resp == NULL) {
- lasso_saml20_profile_set_response_status(profile,
- LASSO_SAML2_STATUS_CODE_REQUESTER, NULL);
- } else {
- lasso_saml20_profile_set_response_status(profile,
- LASSO_SAML2_STATUS_CODE_SUCCESS, NULL);
- }
+ /* Serialize the message */
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_soap(profile->response));
cleanup:
return rc;
From f245907b8ce8bc216d4f68eae215049dfde0ef2d Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Fri, 3 Sep 2010 17:48:11 +0200
Subject: [PATCH 26/31] [SAMLv2] when failing to recreate the content for the
ArtefactResponse set a lasso specific status code
---
lasso/saml-2.0/profile.c | 3 ++-
lasso/xml/strings.h | 7 +++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 507a35b5..98698762 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -413,7 +413,8 @@ lasso_saml20_profile_build_artifact_response(LassoProfile *profile)
LASSO_SAML2_STATUS_CODE_SUCCESS, NULL);
} else {
lasso_saml20_profile_set_response_status(profile,
- LASSO_SAML2_STATUS_CODE_REQUESTER, NULL);
+ LASSO_SAML2_STATUS_CODE_RESPONDER,
+ LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT);
}
}
/* Setup the signature */
diff --git a/lasso/xml/strings.h b/lasso/xml/strings.h
index 097eac7d..e3610316 100644
--- a/lasso/xml/strings.h
+++ b/lasso/xml/strings.h
@@ -107,6 +107,13 @@
*/
#define LASSO_SOAP_FAULT_CODE_VERSION_MISMATCH "s:VersionMismatch"
+/**
+ * LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT:
+ *
+ * An artifact content is present but Lasso failed to rebuild the corresponding XML content.
+ */
+#define LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT "FailedToRestoreArtifact"
+
/*****************************************************************************/
/* Lasso */
/*****************************************************************************/
From aaca9ce9927d9ea1568dfa89ba05a41b40333e9b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Fri, 3 Sep 2010 19:01:30 +0200
Subject: [PATCH 27/31] [ID-FFv1.2&SAMLv2] add more warning for failure to load
metadata file
Report detailf of the failure through warning log.
---
lasso/id-ff/provider.c | 1 +
lasso/saml-2.0/provider.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index 9b713fe4..43bfe90c 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -1019,6 +1019,7 @@ _lasso_provider_load_metadata_from_doc(LassoProvider *provider, xmlDoc *doc)
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE);
if (doc == NULL) {
+ warning("Metadata is not an XML document");
return FALSE;
}
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 65bd579b..8f3807d9 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -396,6 +396,12 @@ lasso_saml20_provider_load_metadata(LassoProvider *provider, xmlNode *root_node)
(! loaded_one_or_more_descriptor || (pdata->roles & provider->role) == 0)) {
/* We must at least load one descriptor, and we must load a descriptor for our
* assigned role or we fail. */
+ if (! loaded_one_or_more_descriptor) {
+ warning("No descriptor was loaded, failing");
+ }
+ if ((pdata->roles & provider->role) == 0) {
+ warning("Loaded roles and prescribed role does not intersect");
+ }
return FALSE;
}
From 9ab6b944f14556422fd4f279be5f568b0b18cfe4 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Fri, 3 Sep 2010 19:05:27 +0200
Subject: [PATCH 28/31] [Core] fix memory leak in lasso_endpoint_free
---
lasso/id-ff/provider.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index 910c4aba..07176952 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -865,6 +865,7 @@ lasso_endpoint_free(EndpointType *endpoint_type) {
g_free(endpoint_type->url);
g_free(endpoint_type->kind);
g_free(endpoint_type->return_url);
+ g_free(endpoint_type);
}
static void
From 08d61d5c959e999c2299cf314afe304b8647af0b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Mon, 6 Sep 2010 16:32:39 +0200
Subject: [PATCH 29/31] [Tests integration] fix configuration variable name
---
tests/integration/saml2/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/integration/saml2/__init__.py b/tests/integration/saml2/__init__.py
index 0080258f..800db3ee 100644
--- a/tests/integration/saml2/__init__.py
+++ b/tests/integration/saml2/__init__.py
@@ -25,7 +25,7 @@ if os.path.exists(CONFIG_FILE):
# Combine default and configuration file
AUTHENTIC_SRCDIR = CONFIG.get('AUTHENTIC_SRCDIR') or '/usr/local/src/authentic'
AUTHENTICCTL = CONFIG.get('AUTHENTICCTL') or '/usr/sbin/authenticctl.py'
-AUTHENTIC_DATA_DIR = CONFIG.get('AUTHENTIC_DATA_DIR') or '/usr/share/authentic/'
+AUTHENTIC_DATADIR = CONFIG.get('AUTHENTIC_DATADIR') or '/usr/share/authentic/'
LCSCTL = CONFIG.get('LCSCTL') or '/usr/sbin/lcsctl.py'
LCS_DATADIR = CONFIG.get('LCS_DATADIR') or '/usr/share/lcs/'
LASSO_BUILDDIR = os.environ.get('LASSO_BUILDDIR') or \
From b1f6b7e0ed03cb57c349ace061c9e015b8b94bdb Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 7 Sep 2010 10:34:34 +0200
Subject: [PATCH 30/31] [SAMLv2] when no artifact message is present, still
return a success status
It is mandated by the specification.
---
configure.ac | 2 +-
lasso/saml-2.0/profile.c | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 790ee011..3d80fa54 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,7 +15,7 @@ dnl - Second number is the number of supported API versions where API version >
dnl first number.
dnl - Third number is the current API version implementation version number.
dnl See libtool explanations about current, age and release, later in this file.
-AC_INIT([lasso], 2.3.0, lasso-devel@lists.labs.libre-entreprise.org)
+AC_INIT([lasso], 2.3.1, lasso-devel@lists.labs.libre-entreprise.org)
dnl Check if autoconf ver > 2.53
AC_PREREQ(2.53)
AC_CONFIG_MACRO_DIR([m4])
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 98698762..083d05ac 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -416,6 +416,10 @@ lasso_saml20_profile_build_artifact_response(LassoProfile *profile)
LASSO_SAML2_STATUS_CODE_RESPONDER,
LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT);
}
+ } else {
+ /* if no artifact is present, it is a success anyway */
+ lasso_saml20_profile_set_response_status(profile,
+ LASSO_SAML2_STATUS_CODE_SUCCESS, NULL);
}
/* Setup the signature */
lasso_check_good_rc(lasso_profile_saml20_setup_message_signature(profile,
From 9af598f85cec93d40218656bc34d01690fe635e7 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Tue, 7 Sep 2010 16:39:01 +0200
Subject: [PATCH 31/31] Update files for release 2.3.1
---
ChangeLog | 259 +++++++++
NEWS | 21 +-
abi/{abi-2.3 => abi-2.3.0} | 0
abi/abi-2.3.1 | 1091 ++++++++++++++++++++++++++++++++++++
configure.ac | 2 +-
lasso.doap | 4 +
website/templates/base.ezt | 6 +-
website/web/doap.rdf | 10 +-
8 files changed, 1385 insertions(+), 8 deletions(-)
rename abi/{abi-2.3 => abi-2.3.0} (100%)
create mode 100644 abi/abi-2.3.1
diff --git a/ChangeLog b/ChangeLog
index 038940cd..9ffd0603 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,262 @@
+2010-09-07 Benjamin Dauvergne
+
+ * configure.ac, lasso/saml-2.0/profile.c:
+ [SAMLv2] when no artifact message is present, still return a success
+ status
+
+ It is mandated by the specification.
+
+2010-09-06 Benjamin Dauvergne
+
+ * tests/integration/saml2/__init__.py:
+ [Tests integration] fix configuration variable name
+
+2010-09-03 Benjamin Dauvergne
+
+ * lasso/id-ff/provider.c:
+ [Core] fix memory leak in lasso_endpoint_free
+
+2010-09-03 Benjamin Dauvergne
+
+ * lasso/id-ff/provider.c, lasso/saml-2.0/provider.c:
+ [ID-FFv1.2&SAMLv2] add more warning for failure to load metadata file
+
+ Report detailf of the failure through warning log.
+
+2010-09-03 Benjamin Dauvergne
+
+ * lasso/saml-2.0/profile.c, lasso/xml/strings.h:
+ [SAMLv2] when failing to recreate the content for the ArtefactResponse set a lasso specific status code
+
+2010-09-01 Benjamin Dauvergne
+
+ * lasso/saml-2.0/profile.c:
+ [SAMLv2] change the way content is stored and loaded for the
+ HTTP-Artifact binding
+
+ Previously content was stored as the result of lasso_node_dump method
+ then reloaded, and then serialized again as part of the
+ ArtifactResponse message. lasso_node_dump was ignoring all hint to
+ sign node, but keeping the needed parameters around. That's not what
+ must be done, the signature should happen at the generation of the
+ artifact and the result must manipulated as is (i.e. XML content) and
+ never moved back to the land of LassoNode objects.
+
+ Now the content is:
+ - first removed of any signature at the message level, because the
+ ArtifactResponse will take care of this, (any signature under this
+ level (like at the assertion) is kept),
+ - serialized using lasso_node_export_to_xml,
+ - reloaded using lasso_xml_parse_memory,
+ - and put into the ArtifactResponse using a
+ lasso_misc_text_node_new_with_xml_node.
+
+2010-09-01 Benjamin Dauvergne
+
+ * lasso/saml-2.0/profile.c, lasso/saml-2.0/profileprivate.h:
+ [SAMLv2] make lasso_saml20_profile_generate_artifact a static function
+
+ It is only used in lasso/saml-2.0/profile.c anyway.
+
+2010-09-01 Benjamin Dauvergne
+
+ * lasso/xml/xml.c:
+ [Core] load signature parameters
+
+ Generic signature parameters (attached as qdata to nodes) is now
+ reloaded when initializing a node from XML for a node type with a
+ signature snippet in its metadatas.
+
+ It fixes the problematic usage of ciphered private keys with the
+ HTTP-Artifact binding (which needs to keep a copy of the AuthnResponse
+ around and to sign it later).
+
+2010-09-01 Benjamin Dauvergne
+
+ * lasso/xml/xml.c:
+ [Core] add private function to read an integer attribute
+
+ This function does integer parsing and range checks, it returns TRUE if
+ all goes well.
+
+2010-09-01 Benjamin Dauvergne
+
+ * lasso/xml/tools.c, lasso/xml/xml.h:
+ [Core] add LAST enum values to LassoSignatureMethod and
+ LassoSignatureType enumerations
+
+ It helps making range checks.
+
+2010-09-01 Benjamin Dauvergne
+
+ * bindings/java/lang.py, bindings/perl/lang.py,
+ bindings/php5/wrapper_source.py, bindings/python/lang.py,
+ lasso/xml/strings.h:
+ [Strings] add string constant for the internal XML attributes used in
+ dumps
+
+ Add string constants for signature method, signature type, private key
+ (file path or content), private key password and certificate (file
+ path or content).
+
+ Add cast for xmlChar constant strings definition in python bindings,
+ it assumed all constant strings were char*.
+
+2010-08-31 Benjamin Dauvergne
+
+ * lasso.doap:
+ [DOAP] fix typos
+
+ Tags were badly formatted.
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/saml-2.0/login.c:
+ [SAMLv2] mark Redirect binding as an invalid binding for return AuthnResponse
+
+ This is really not supported by the SAMLv2 protocol.
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/saml-2.0/login.c:
+ [SAMLv2] fix string in comment
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/saml-2.0/login.c:
+ [SAMLv2] replace use of lasso_provider_get_default_name_id_format with direct use of lasso_provider_get_metadata_one_for_role
+
+ The first is trying to use provider->role to know which kind of role
+ descriptor to lookup, but for the server object this field is 0 and
+ when building authn request we know that we want our default
+ NameIDFormat for the SP sso descriptor.
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/saml-2.0/provider.c:
+ [SAMLv2] rebuild specialized LassoProvider methods upon new endpoints storage
+
+ The new way of storing endpoints allows to keep ordering between
+ endpoints with respect to the order of the index and isDefault field
+ for indexed endpoint type, and to the XML node orders for other
+ endpoints.
+
+ It also simplifies the code.
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/id-ff/provider.c:
+ [Core] add destroy code for new private field endpoints
+
+ The contained string must be disallocated if the object is destroyed.
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/id-ff/providerprivate.h:
+ [Core] add structure to store endpoints type for metadata files
+
+ This new C structure will allow to filter ID-FFv1.2 and SAMLv2
+ endpoints more easily.
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/xml/xml.c:
+ [XML] use strtol instead of atoi to parse XSchema integers
+
+ This commit also reject negative integers from being parsed (all
+ integers in SAMLv2 and ID-FFv1.2 schemas are positive integers).
+
+2010-08-25 Benjamin Dauvergne
+
+ * lasso/saml-2.0/login.c:
+ [SAMLv2] when AuthnRequest contains invalid attributes returns
+ INVALID_REQUEST not NO_DEFAULT_ENDPOINT
+
+ This is the right status to return.
+
+2010-08-05 Benjamin Dauvergne
+
+ * lasso/id-ff/provider.h:
+ [Core] fix change of enumeration value
+
+ This change broke the API, revert it.
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/web/index.xml:
+ [Website] update download link on front page
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/templates/base.ezt:
+ [Website] fix typos
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/templates/base.ezt, website/web/download/index.xml:
+ [Website] fix source and download links
+
+ The source repository is now the git repository on dev.entrouvert.org.
+ Latest source release is 2.3.0. And git browser is included in our
+ redmine.
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/templates/base.ezt:
+ [Website] change position of Download block in right bar
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/convert-to-static.py:
+ [Website] in convert-to-static.py, work around errors in build logs
+
+ If Build() constructor fails, keep going.
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/web/news/15-release-2.3.0.xml:
+ [Website] fix wrong structure for the news file about release 2.3.0
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/convert-to-static.py:
+ [Website] import convert-to-static.py modification from lupin
+
+2010-07-27 Benjamin Dauvergne
+
+ * website/web/news/15-release-2.3.0.xml:
+ [Website] add news file aboute release 2.3.0
+
+2010-07-22 Benjamin Dauvergne
+
+ * website/web/download/index.xml:
+ [Website] fix non escaped ampersand
+
+2010-07-21 Benjamin Dauvergne
+
+ * configure.ac:
+ [Release] update libtool version
+
+2010-07-21 Benjamin Dauvergne
+
+ * website/web/download/index.xml:
+ [Website] update download links
+
+2010-07-21 Benjamin Dauvergne
+
+ * NEWS, configure.ac, lasso.doap, website/web/doap.rdf:
+ [Release] Update version number from 2.3 to 2.3.0
+
+2010-07-21 Benjamin Dauvergne
+
+ * NEWS:
+ [Release] update release date in NEWS file
+
+2010-07-21 Benjamin Dauvergne
+
+ * ChangeLog:
+ [Release] update ChangeLog
+
2010-07-21 17:55 bdauvergne
* NEWS, abi/abi-2.3, configure.ac, lasso.doap, website/templates/base.ezt,
diff --git a/NEWS b/NEWS
index bf7ef559..323d8d49 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,27 @@
NEWS
====
+2.3.1 - September 9th 2010
+--------------------------
+
+31 commits, 23 files changed, 523 insertions, 356 deletions
+
+ * An ABI breakage was introduced in 2.3.0 with change of value for enumeration
+ values LASSO_PROVIDER_ROLE_SP and LASSO_PROVIDER_ROLE_IDP, it breaked code
+ compiled with previous version and dumps of server objects. This release fix
+ it.
+ * SAMLv2 handling of the artifact binding for the WebSSO profile is now
+ simpler, no more dumping of the response nodes and signing at the artifact
+ building time, the final response is signed when the artifact is generated
+ and when unserialized later it is only manipulated as XML for not breaking
+ the signature. It fixes usage of ciphered private keys with the
+ HTTP-Artifact binding.
+ * SAMLv2 internal storage of endpoints was modified to better keep the
+ ordering between endpoints, which is espacially important for
+ AssertionConsumerService endpoints and difficult to implement well.
+
2.3.0 - July 21th 2010
---------------------
+----------------------
391 commits, 332 files changed, 13919 insertions, 7137 deletions
diff --git a/abi/abi-2.3 b/abi/abi-2.3.0
similarity index 100%
rename from abi/abi-2.3
rename to abi/abi-2.3.0
diff --git a/abi/abi-2.3.1 b/abi/abi-2.3.1
new file mode 100644
index 00000000..f63734ab
--- /dev/null
+++ b/abi/abi-2.3.1
@@ -0,0 +1,1091 @@
+BACKWARD_COMP_H
+LASSO_ASSERTION_QUERY_ERROR_ATTRIBUTE_REQUEST_ALREADY_EXIST
+LASSO_ASSERTION_QUERY_ERROR_NOT_AN_ATTRIBUTE_QUERY
+LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID
+LASSO_ASSERTION_QUERY_REQUEST_TYPE_ATTRIBUTE
+LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHN
+LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHZ_DECISION
+LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST
+LASSO_ASSERTION_QUERY_REQUEST_TYPE_UNSET
+LASSO_CERTIFICATE_ATTRIBUTE
+LASSO_CHECK_VERSIONABI_COMPATIBLE
+LASSO_CHECK_VERSION_EXACT
+LASSO_CHECK_VERSION_NUMERIC
+LASSO_DATA_SERVICE_ERROR_CANNOT_ADD_ITEM
+LASSO_DATA_SERVICE_ERROR_UNREGISTERED_DST
+LASSO_DEFEDERATION_ERROR_MISSING_NAME_IDENTIFIER
+LASSO_DISCOVERY_ERROR_FAILED_TO_BUILD_ENDPOINT_REFERENCE
+LASSO_DISCOVERY_ERROR_MISSING_REQUESTED_SERVICE
+LASSO_DISCOVERY_ERROR_SVC_METADATA_ASSOCIATION_ADD_FAILED
+LASSO_DISCOVERY_ERROR_SVC_METADATA_REGISTER_FAILED
+LASSO_DST_ERROR_EMPTY_REQUEST
+LASSO_DST_ERROR_MALFORMED_QUERY
+LASSO_DST_ERROR_MISSING_SERVICE_DATA
+LASSO_DST_ERROR_MODIFY_FAILED
+LASSO_DST_ERROR_MODIFY_PARTIALLY_FAILED
+LASSO_DST_ERROR_NEW_DATA_MISSING
+LASSO_DST_ERROR_NO_DATA
+LASSO_DST_ERROR_QUERY_FAILED
+LASSO_DST_ERROR_QUERY_NOT_FOUND
+LASSO_DST_ERROR_QUERY_PARTIALLY_FAILED
+LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED
+LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED
+LASSO_DS_ERROR_CONTEXT_CREATION_FAILED
+LASSO_DS_ERROR_DECRYPTION_FAILED
+LASSO_DS_ERROR_DECRYPTION_FAILED_MISSING_PRIVATE_KEY
+LASSO_DS_ERROR_DIGEST_COMPUTE_FAILED
+LASSO_DS_ERROR_ENCRYPTION_FAILED
+LASSO_DS_ERROR_INVALID_REFERENCE_FOR_SAML
+LASSO_DS_ERROR_INVALID_SIGALG
+LASSO_DS_ERROR_INVALID_SIGNATURE
+LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED
+LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED
+LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED
+LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED
+LASSO_DS_ERROR_SIGNATURE_FAILED
+LASSO_DS_ERROR_SIGNATURE_NOT_FOUND
+LASSO_DS_ERROR_SIGNATURE_TEMPLATE_NOT_FOUND
+LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED
+LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED
+LASSO_DS_ERROR_TOO_MUCH_REFERENCES
+LASSO_DS_HREF
+LASSO_DS_PREFIX
+LASSO_DURATION_DAY
+LASSO_DURATION_HOUR
+LASSO_DURATION_MINUTE
+LASSO_DURATION_WEEK
+LASSO_ECP_HREF
+LASSO_ECP_PREFIX
+LASSO_ENCRYPTION_MODE_ASSERTION
+LASSO_ENCRYPTION_MODE_NAMEID
+LASSO_ENCRYPTION_MODE_NONE
+LASSO_ENCRYPTION_SYM_KEY_TYPE_3DES
+LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_128
+LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_256
+LASSO_ENCRYPTION_SYM_KEY_TYPE_DEFAULT
+LASSO_ERROR_CAST_FAILED
+LASSO_ERROR_OUT_OF_MEMORY
+LASSO_ERROR_UNDEFINED
+LASSO_ERROR_UNIMPLEMENTED
+LASSO_HTTP_METHOD_ANY
+LASSO_HTTP_METHOD_ARTIFACT_GET
+LASSO_HTTP_METHOD_ARTIFACT_POST
+LASSO_HTTP_METHOD_GET
+LASSO_HTTP_METHOD_IDP_INITIATED
+LASSO_HTTP_METHOD_LAST
+LASSO_HTTP_METHOD_NONE
+LASSO_HTTP_METHOD_PAOS
+LASSO_HTTP_METHOD_POST
+LASSO_HTTP_METHOD_REDIRECT
+LASSO_HTTP_METHOD_SOAP
+LASSO_IDWSF2_DISCOVERY_ERROR_DUPLICATE
+LASSO_IDWSF2_DISCOVERY_ERROR_FAILED
+LASSO_IDWSF2_DISCOVERY_ERROR_FORBIDDEN
+LASSO_IDWSF2_DISCOVERY_ERROR_LOGICAL_DUPLICATE
+LASSO_IDWSF2_DISCOVERY_ERROR_NOT_FOUND
+LASSO_IDWSF2_DISCOVERY_ERROR_NO_RESULTS
+LASSO_IDWSF2_DST_ERROR_DUPLICATE_ITEM
+LASSO_IDWSF2_DST_ERROR_ITEM_NOT_FOUND
+LASSO_IDWSF2_DST_ERROR_PARTIAL_FAILURE
+LASSO_IDWSF2_DST_ERROR_UNKNOWN_STATUS_CODE
+LASSO_LASSO_HREF
+LASSO_LASSO_PREFIX
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_INTERNET_PROTOCOL
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_INTERNET_PROTOCOL_PASSWORD
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_MOBILE_ONE_FACTOR_CONTRACT
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_MOBILE_ONE_FACTOR_UNREGISTERED
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_MOBILE_TWO_FACTOR_CONTRACT
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_MOBILE_TWO_FACTOR_UNREGISTERED
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_PASSWORD
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_PASSWORD_PROTECTED_TRANSPORT
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_PREVIOUS_SESSION
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_SMARTCARD
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_SMARTCARD_PKI
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_SOFTWARE_PKI
+LASSO_LIB_AUTHN_CONTEXT_CLASS_REF_TIME_SYNC_TOKEN
+LASSO_LIB_AUTHN_CONTEXT_COMPARISON_BETTER
+LASSO_LIB_AUTHN_CONTEXT_COMPARISON_EXACT
+LASSO_LIB_AUTHN_CONTEXT_COMPARISON_MAXIMUM
+LASSO_LIB_AUTHN_CONTEXT_COMPARISON_MINIMUM
+LASSO_LIB_CONSENT_INAPPLICABLE
+LASSO_LIB_CONSENT_OBTAINED
+LASSO_LIB_CONSENT_OBTAINED_CURRENT_EXPLICIT
+LASSO_LIB_CONSENT_OBTAINED_CURRENT_IMPLICIT
+LASSO_LIB_CONSENT_OBTAINED_PRIOR
+LASSO_LIB_CONSENT_UNAVAILABLE
+LASSO_LIB_HREF
+LASSO_LIB_MAJOR_VERSION_N
+LASSO_LIB_MINOR_VERSION_N
+LASSO_LIB_NAMEID_POLICY_TYPE_ANY
+LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED
+LASSO_LIB_NAMEID_POLICY_TYPE_NONE
+LASSO_LIB_NAMEID_POLICY_TYPE_ONE_TIME
+LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENCRYPTED
+LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENTITYID
+LASSO_LIB_NAME_IDENTIFIER_FORMAT_FEDERATED
+LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME
+LASSO_LIB_PREFIX
+LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART
+LASSO_LIB_PROTOCOL_PROFILE_BRWS_LECP
+LASSO_LIB_PROTOCOL_PROFILE_BRWS_POST
+LASSO_LIB_PROTOCOL_PROFILE_FED_TERM_IDP_HTTP
+LASSO_LIB_PROTOCOL_PROFILE_FED_TERM_IDP_SOAP
+LASSO_LIB_PROTOCOL_PROFILE_FED_TERM_SP_HTTP
+LASSO_LIB_PROTOCOL_PROFILE_FED_TERM_SP_SOAP
+LASSO_LIB_PROTOCOL_PROFILE_NIM_SP_HTTP
+LASSO_LIB_PROTOCOL_PROFILE_RNI_IDP_HTTP
+LASSO_LIB_PROTOCOL_PROFILE_RNI_IDP_SOAP
+LASSO_LIB_PROTOCOL_PROFILE_RNI_SP_HTTP
+LASSO_LIB_PROTOCOL_PROFILE_RNI_SP_SOAP
+LASSO_LIB_PROTOCOL_PROFILE_SLO_IDP_HTTP
+LASSO_LIB_PROTOCOL_PROFILE_SLO_IDP_SOAP
+LASSO_LIB_PROTOCOL_PROFILE_SLO_SP_HTTP
+LASSO_LIB_PROTOCOL_PROFILE_SLO_SP_SOAP
+LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST
+LASSO_LIB_STATUS_CODE_INVALID_ASSERTION_CONSUMER_SERVICE_INDEX
+LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE
+LASSO_LIB_STATUS_CODE_NO_AUTHN_CONTEXT
+LASSO_LIB_STATUS_CODE_NO_AVAILABLEIDP
+LASSO_LIB_STATUS_CODE_NO_PASSIVE
+LASSO_LIB_STATUS_CODE_NO_SUPPORTEDIDP
+LASSO_LIB_STATUS_CODE_PROXY_COUNT_EXCEEDED
+LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL
+LASSO_LIB_STATUS_CODE_UNSIGNED_AUTHN_REQUEST
+LASSO_LIB_STATUS_CODE_UNSUPPORTED_PROFILE
+LASSO_LOGIN_ERROR_ASSERTION_DOES_NOT_MATCH_REQUEST_ID
+LASSO_LOGIN_ERROR_ASSERTION_REPLAY
+LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED
+LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND
+LASSO_LOGIN_ERROR_INVALID_ASSERTION_SIGNATURE
+LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY
+LASSO_LOGIN_ERROR_INVALID_SIGNATURE
+LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT
+LASSO_LOGIN_ERROR_REQUEST_DENIED
+LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS
+LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL
+LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST
+LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART
+LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP
+LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST
+LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT
+LASSO_LOGOUT_ERROR_FEDERATION_NOT_FOUND
+LASSO_LOGOUT_ERROR_REQUEST_DENIED
+LASSO_LOGOUT_ERROR_UNKNOWN_PRINCIPAL
+LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE
+LASSO_MD_PROTOCOL_TYPE_ARTIFACT_RESOLUTION
+LASSO_MD_PROTOCOL_TYPE_ASSERTION_ID_REQUEST
+LASSO_MD_PROTOCOL_TYPE_ATTRIBUTE
+LASSO_MD_PROTOCOL_TYPE_AUTHN_QUERY
+LASSO_MD_PROTOCOL_TYPE_AUTHZ
+LASSO_MD_PROTOCOL_TYPE_FEDERATION_TERMINATION
+LASSO_MD_PROTOCOL_TYPE_LAST
+LASSO_MD_PROTOCOL_TYPE_MANAGE_NAME_ID
+LASSO_MD_PROTOCOL_TYPE_NAME_IDENTIFIER_MAPPING
+LASSO_MD_PROTOCOL_TYPE_REGISTER_NAME_IDENTIFIER
+LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT
+LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON
+LASSO_MESSAGE_FORMAT_BASE64
+LASSO_MESSAGE_FORMAT_ERROR
+LASSO_MESSAGE_FORMAT_QUERY
+LASSO_MESSAGE_FORMAT_SOAP
+LASSO_MESSAGE_FORMAT_UNKNOWN
+LASSO_MESSAGE_FORMAT_XML
+LASSO_MESSAGE_FORMAT_XSCHEMA_ERROR
+LASSO_METADATA_HREF
+LASSO_METADATA_PREFIX
+LASSO_NAME_IDENTIFIER_MAPPING_ERROR_FORBIDDEN_CALL_ON_THIS_SIDE
+LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_IDENTIFIER
+LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_NAMESPACE
+LASSO_PAOS_HREF
+LASSO_PAOS_PREFIX
+LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ
+LASSO_PARAM_ERROR_CHECK_FAILED
+LASSO_PARAM_ERROR_INVALID_VALUE
+LASSO_PARAM_ERROR_NON_INITIALIZED_OBJECT
+LASSO_PRIVATE_KEY_ATTRIBUTE
+LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE
+LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT
+LASSO_PROFILE_ERROR_BAD_IDENTITY_DUMP
+LASSO_PROFILE_ERROR_BAD_SESSION_DUMP
+LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED
+LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED
+LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED
+LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED
+LASSO_PROFILE_ERROR_CANNOT_FIND_A_PROVIDER
+LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE
+LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND
+LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND
+LASSO_PROFILE_ERROR_INVALID_ARTIFACT
+LASSO_PROFILE_ERROR_INVALID_ASSERTION
+LASSO_PROFILE_ERROR_INVALID_ASSERTION_CONDITIONS
+LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD
+LASSO_PROFILE_ERROR_INVALID_ISSUER
+LASSO_PROFILE_ERROR_INVALID_MSG
+LASSO_PROFILE_ERROR_INVALID_POST_MSG
+LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE
+LASSO_PROFILE_ERROR_INVALID_QUERY
+LASSO_PROFILE_ERROR_INVALID_REQUEST
+LASSO_PROFILE_ERROR_INVALID_RESPONSE
+LASSO_PROFILE_ERROR_INVALID_SOAP_MSG
+LASSO_PROFILE_ERROR_ISSUER_IS_NOT_AN_IDP
+LASSO_PROFILE_ERROR_MISSING_ARTIFACT
+LASSO_PROFILE_ERROR_MISSING_ASSERTION
+LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY
+LASSO_PROFILE_ERROR_MISSING_ENDPOINT_REFERENCE
+LASSO_PROFILE_ERROR_MISSING_ENDPOINT_REFERENCE_ADDRESS
+LASSO_PROFILE_ERROR_MISSING_ISSUER
+LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER
+LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID
+LASSO_PROFILE_ERROR_MISSING_REQUEST
+LASSO_PROFILE_ERROR_MISSING_RESOURCE_OFFERING
+LASSO_PROFILE_ERROR_MISSING_RESPONSE
+LASSO_PROFILE_ERROR_MISSING_SERVER
+LASSO_PROFILE_ERROR_MISSING_SERVICE_DESCRIPTION
+LASSO_PROFILE_ERROR_MISSING_SERVICE_INSTANCE
+LASSO_PROFILE_ERROR_MISSING_SERVICE_TYPE
+LASSO_PROFILE_ERROR_MISSING_STATUS_CODE
+LASSO_PROFILE_ERROR_MISSING_SUBJECT
+LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND
+LASSO_PROFILE_ERROR_RESPONSE_DOES_NOT_MATCH_REQUEST
+LASSO_PROFILE_ERROR_SESSION_NOT_FOUND
+LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS
+LASSO_PROFILE_ERROR_UNKNOWN_ISSUER
+LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL
+LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER
+LASSO_PROFILE_ERROR_UNSUPPORTED_BINDING
+LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE
+LASSO_PROFILE_SIGNATURE_HINT_FORBID
+LASSO_PROFILE_SIGNATURE_HINT_FORCE
+LASSO_PROFILE_SIGNATURE_HINT_MAYBE
+LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE
+LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE
+LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST
+LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE
+LASSO_PROTOCOL_LIBERTY_1_0
+LASSO_PROTOCOL_LIBERTY_1_1
+LASSO_PROTOCOL_LIBERTY_1_2
+LASSO_PROTOCOL_NONE
+LASSO_PROTOCOL_SAML_2_0
+LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY
+LASSO_PROVIDER_ROLE_ANY
+LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY
+LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY
+LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY
+LASSO_PROVIDER_ROLE_BOTH
+LASSO_PROVIDER_ROLE_IDP
+LASSO_PROVIDER_ROLE_LAST
+LASSO_PROVIDER_ROLE_NONE
+LASSO_PROVIDER_ROLE_SP
+LASSO_PYTHON_HREF
+LASSO_REGISTRY_ERROR_KEY_EXISTS
+LASSO_REQUEST_TYPE_DEFEDERATION
+LASSO_REQUEST_TYPE_DISCO_MODIFY
+LASSO_REQUEST_TYPE_DISCO_QUERY
+LASSO_REQUEST_TYPE_DST_MODIFY
+LASSO_REQUEST_TYPE_DST_QUERY
+LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY
+LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD
+LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER
+LASSO_REQUEST_TYPE_INVALID
+LASSO_REQUEST_TYPE_LECP
+LASSO_REQUEST_TYPE_LOGIN
+LASSO_REQUEST_TYPE_LOGOUT
+LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING
+LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT
+LASSO_REQUEST_TYPE_NAME_REGISTRATION
+LASSO_REQUEST_TYPE_SASL_REQUEST
+LASSO_SAML2_ACTION_GHPP_GET
+LASSO_SAML2_ACTION_GHPP_HEAD
+LASSO_SAML2_ACTION_GHPP_POST
+LASSO_SAML2_ACTION_GHPP_PUT
+LASSO_SAML2_ACTION_NAMESPACE_GHPP
+LASSO_SAML2_ACTION_NAMESPACE_RWEDC
+LASSO_SAML2_ACTION_NAMESPACE_RWEDC_NEGATION
+LASSO_SAML2_ACTION_NAMESPACE_UNIX
+LASSO_SAML2_ACTION_RWEDC_CONTROL
+LASSO_SAML2_ACTION_RWEDC_DELETE
+LASSO_SAML2_ACTION_RWEDC_EXECUTE
+LASSO_SAML2_ACTION_RWEDC_NEGATION
+LASSO_SAML2_ACTION_RWEDC_READ
+LASSO_SAML2_ACTION_RWEDC_WRITE
+LASSO_SAML2_ASSERTION_HREF
+LASSO_SAML2_ASSERTION_INDETERMINATE
+LASSO_SAML2_ASSERTION_INVALID
+LASSO_SAML2_ASSERTION_PREFIX
+LASSO_SAML2_ASSERTION_VALID
+LASSO_SAML2_ATTRIBUTE_NAME_EPR
+LASSO_SAML2_ATTRIBUTE_NAME_FORMAT_BASIC
+LASSO_SAML2_ATTRIBUTE_NAME_FORMAT_UNSPECIFIED
+LASSO_SAML2_ATTRIBUTE_NAME_FORMAT_URI
+LASSO_SAML2_ATTRIBUTE_PROFILE_BASIC
+LASSO_SAML2_ATTRIBUTE_PROFILE_DCE
+LASSO_SAML2_ATTRIBUTE_PROFILE_UUID
+LASSO_SAML2_ATTRIBUTE_PROFILE_X500
+LASSO_SAML2_AUTHN_CONTEXT_AUTHENTICATED_TELEPHONY
+LASSO_SAML2_AUTHN_CONTEXT_INTERNET_PROTOCOL
+LASSO_SAML2_AUTHN_CONTEXT_INTERNET_PROTOCOL_PASSWORD
+LASSO_SAML2_AUTHN_CONTEXT_KERBEROS
+LASSO_SAML2_AUTHN_CONTEXT_MOBILE_ONE_FACTOR_CONTRACT
+LASSO_SAML2_AUTHN_CONTEXT_MOBILE_ONE_FACTOR_UNREGISTERED
+LASSO_SAML2_AUTHN_CONTEXT_MOBILE_TWO_FACTOR_CONTRACT
+LASSO_SAML2_AUTHN_CONTEXT_MOBILE_TWO_FACTOR_UNREGISTERED
+LASSO_SAML2_AUTHN_CONTEXT_NOMAD_TELEPHONY
+LASSO_SAML2_AUTHN_CONTEXT_PASSWORD
+LASSO_SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
+LASSO_SAML2_AUTHN_CONTEXT_PERSONALIZED_TELEPHONY
+LASSO_SAML2_AUTHN_CONTEXT_PGP
+LASSO_SAML2_AUTHN_CONTEXT_PREVIOUS_SESSION
+LASSO_SAML2_AUTHN_CONTEXT_SECURE_REMOTE_PASSWORD
+LASSO_SAML2_AUTHN_CONTEXT_SMARTCARD
+LASSO_SAML2_AUTHN_CONTEXT_SMARTCARD_PKI
+LASSO_SAML2_AUTHN_CONTEXT_SOFTWARE_PKI
+LASSO_SAML2_AUTHN_CONTEXT_SPKI
+LASSO_SAML2_AUTHN_CONTEXT_TELEPHONY
+LASSO_SAML2_AUTHN_CONTEXT_TIME_SYNC_TOKEN
+LASSO_SAML2_AUTHN_CONTEXT_TLS_CLIENT
+LASSO_SAML2_AUTHN_CONTEXT_UNSPECIFIED
+LASSO_SAML2_AUTHN_CONTEXT_X509
+LASSO_SAML2_AUTHN_CONTEXT_XMLDSIG
+LASSO_SAML2_CONFIRMATION_METHOD_BEARER
+LASSO_SAML2_CONFIRMATION_METHOD_HOLDER_OF_KEY
+LASSO_SAML2_CONSENT_EXPLICIT
+LASSO_SAML2_CONSENT_IMPLICIT
+LASSO_SAML2_CONSENT_INAPPLICABLE
+LASSO_SAML2_CONSENT_OBTAINED
+LASSO_SAML2_CONSENT_PRIOR
+LASSO_SAML2_CONSENT_UNAVAILABLE
+LASSO_SAML2_DEFLATE_ENCODING
+LASSO_SAML2_FIELD_ARTIFACT
+LASSO_SAML2_FIELD_ENCODING
+LASSO_SAML2_FIELD_RELAYSTATE
+LASSO_SAML2_FIELD_REQUEST
+LASSO_SAML2_FIELD_RESPONSE
+LASSO_SAML2_FIELD_SIGALG
+LASSO_SAML2_FIELD_SIGNATURE
+LASSO_SAML2_METADATA_BINDING_ARTIFACT
+LASSO_SAML2_METADATA_BINDING_PAOS
+LASSO_SAML2_METADATA_BINDING_POST
+LASSO_SAML2_METADATA_BINDING_REDIRECT
+LASSO_SAML2_METADATA_BINDING_SOAP
+LASSO_SAML2_METADATA_BINDING_URI
+LASSO_SAML2_METADATA_HREF
+LASSO_SAML2_METADATA_PREFIX
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_EMAIL
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENTITY
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_WINDOWS
+LASSO_SAML2_NAME_IDENTIFIER_FORMAT_X509
+LASSO_SAML2_PROTOCOL_HREF
+LASSO_SAML2_PROTOCOL_PREFIX
+LASSO_SAML2_STATUS_CODE_AUTHN_FAILED
+LASSO_SAML2_STATUS_CODE_INVALID_ATTR_NAME
+LASSO_SAML2_STATUS_CODE_INVALID_NAME_ID_POLICY
+LASSO_SAML2_STATUS_CODE_NO_AUTHN_CONTEXT
+LASSO_SAML2_STATUS_CODE_NO_AVAILABLE_IDP
+LASSO_SAML2_STATUS_CODE_NO_PASSIVE
+LASSO_SAML2_STATUS_CODE_NO_SUPPORTED_IDP
+LASSO_SAML2_STATUS_CODE_PARTIAL_LOGOUT
+LASSO_SAML2_STATUS_CODE_PROXY_COUNT_EXCEEDED
+LASSO_SAML2_STATUS_CODE_REQUESTER
+LASSO_SAML2_STATUS_CODE_REQUEST_DENIED
+LASSO_SAML2_STATUS_CODE_REQUEST_UNSUPPORTED
+LASSO_SAML2_STATUS_CODE_REQUEST_VERSION_DEPRECATED
+LASSO_SAML2_STATUS_CODE_REQUEST_VERSION_TOO_HIGH
+LASSO_SAML2_STATUS_CODE_REQUEST_VERSION_TOO_LOW
+LASSO_SAML2_STATUS_CODE_RESOURCE_NOT_RECOGNIZED
+LASSO_SAML2_STATUS_CODE_RESPONDER
+LASSO_SAML2_STATUS_CODE_SUCCESS
+LASSO_SAML2_STATUS_CODE_TOO_MANY_RESPONSES
+LASSO_SAML2_STATUS_CODE_UNKNOWN_ATTR_PROFILE
+LASSO_SAML2_STATUS_CODE_UNKNOWN_PRINCIPAL
+LASSO_SAML2_STATUS_CODE_UNSUPPORTED_BINDING
+LASSO_SAML2_STATUS_CODE_VERSION_MISMATCH
+LASSO_SAML_ASSERTION_HREF
+LASSO_SAML_ASSERTION_PREFIX
+LASSO_SAML_AUTHENTICATION_METHODS_PKI
+LASSO_SAML_AUTHENTICATION_METHOD_HARDWARE_TOKEN
+LASSO_SAML_AUTHENTICATION_METHOD_KERBEROS
+LASSO_SAML_AUTHENTICATION_METHOD_LIBERTY
+LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD
+LASSO_SAML_AUTHENTICATION_METHOD_PGP
+LASSO_SAML_AUTHENTICATION_METHOD_SECURE_REMOTE_PASSWORD
+LASSO_SAML_AUTHENTICATION_METHOD_SMARTCARD_PKI
+LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI
+LASSO_SAML_AUTHENTICATION_METHOD_UNSPECIFIED
+LASSO_SAML_AUTHENTICATION_METHOD_XKMS
+LASSO_SAML_AUTHENTICATION_METHOD_XMLD_SIG
+LASSO_SAML_CONFIRMATION_METHOD_ARTIFACT
+LASSO_SAML_CONFIRMATION_METHOD_ARTIFACT01
+LASSO_SAML_CONFIRMATION_METHOD_BEARER
+LASSO_SAML_CONFIRMATION_METHOD_HOLDER_OF_KEY
+LASSO_SAML_CONFIRMATION_METHOD_SENDER_VOUCHES
+LASSO_SAML_MAJOR_VERSION_N
+LASSO_SAML_MINOR_VERSION_N
+LASSO_SAML_PROTOCOL_HREF
+LASSO_SAML_PROTOCOL_PREFIX
+LASSO_SAML_STATUS_CODE_REQUESTER
+LASSO_SAML_STATUS_CODE_REQUEST_DENIED
+LASSO_SAML_STATUS_CODE_REQUEST_VERSION_DEPRECATED
+LASSO_SAML_STATUS_CODE_REQUEST_VERSION_TOO_HIGH
+LASSO_SAML_STATUS_CODE_REQUEST_VERSION_TOO_LOW
+LASSO_SAML_STATUS_CODE_RESOURCE_NOT_RECOGNIZED
+LASSO_SAML_STATUS_CODE_RESPONDER
+LASSO_SAML_STATUS_CODE_SUCCESS
+LASSO_SAML_STATUS_CODE_TOO_MANY_RESPONSES
+LASSO_SAML_STATUS_CODE_VERSION_MISMATCH
+LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED
+LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH
+LASSO_SERVER_ERROR_INVALID_XML
+LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND
+LASSO_SERVER_ERROR_SET_ENCRYPTION_PRIVATE_KEY_FAILED
+LASSO_SIGNATURE_METHOD_ATTRIBUTE
+LASSO_SIGNATURE_METHOD_DSA_SHA1
+LASSO_SIGNATURE_METHOD_LAST
+LASSO_SIGNATURE_METHOD_RSA_SHA1
+LASSO_SIGNATURE_TYPE_ATTRIBUTE
+LASSO_SIGNATURE_TYPE_LAST
+LASSO_SIGNATURE_TYPE_NONE
+LASSO_SIGNATURE_TYPE_SIMPLE
+LASSO_SIGNATURE_TYPE_WITHX509
+LASSO_SOAP_ENV_ACTOR
+LASSO_SOAP_ENV_HREF
+LASSO_SOAP_ENV_PREFIX
+LASSO_SOAP_ERROR_MISSING_BODY
+LASSO_SOAP_ERROR_MISSING_ENVELOPE
+LASSO_SOAP_ERROR_MISSING_HEADER
+LASSO_SOAP_ERROR_MISSING_SOAP_FAULT_DETAIL
+LASSO_SOAP_ERROR_REDIRECT_REQUEST_FAULT
+LASSO_SOAP_FAULT_CODE_CLIENT
+LASSO_SOAP_FAULT_CODE_MUST_UNDERSTAND
+LASSO_SOAP_FAULT_CODE_SERVER
+LASSO_SOAP_FAULT_CODE_VERSION_MISMATCH
+LASSO_SOAP_FAULT_REDIRECT_REQUEST
+LASSO_WSF_ENABLED
+LASSO_WSF_PROFILE_ERROR_INVALID_OR_MISSING_REFERENCE_TO_MESSAGE_ID
+LASSO_WSF_PROFILE_ERROR_MISSING_ASSERTION_ID
+LASSO_WSF_PROFILE_ERROR_MISSING_CORRELATION
+LASSO_WSF_PROFILE_ERROR_MISSING_CREDENTIAL_REF
+LASSO_WSF_PROFILE_ERROR_MISSING_DESCRIPTION
+LASSO_WSF_PROFILE_ERROR_MISSING_ENDPOINT
+LASSO_WSF_PROFILE_ERROR_MISSING_RESOURCE_ID
+LASSO_WSF_PROFILE_ERROR_MISSING_SECURITY
+LASSO_WSF_PROFILE_ERROR_MISSING_SENDER_ID
+LASSO_WSF_PROFILE_ERROR_REDIRECT_REQUEST
+LASSO_WSF_PROFILE_ERROR_REDIRECT_REQUEST_UNSUPPORTED_BY_REQUESTER
+LASSO_WSF_PROFILE_ERROR_SECURITY_MECHANISM_CHECK_FAILED
+LASSO_WSF_PROFILE_ERROR_SERVER_INTERACTION_REQUIRED
+LASSO_WSF_PROFILE_ERROR_SERVER_INTERACTION_REQUIRED_FOR_DATA
+LASSO_WSF_PROFILE_ERROR_SOAP_FAULT
+LASSO_WSF_PROFILE_ERROR_UNKNOWN_STATUS_CODE
+LASSO_WSF_PROFILE_ERROR_UNSUPPORTED_SECURITY_MECHANISM
+LASSO_WSSEC_ERROR_BAD_PASSWORD
+LASSO_WSSEC_ERROR_MISSING_SECURITY_TOKEN
+LASSO_XML_ERROR_ATTR_NOT_FOUND
+LASSO_XML_ERROR_ATTR_VALUE_NOT_FOUND
+LASSO_XML_ERROR_INVALID_FILE
+LASSO_XML_ERROR_MISSING_NAMESPACE
+LASSO_XML_ERROR_NODE_CONTENT_NOT_FOUND
+LASSO_XML_ERROR_NODE_NOT_FOUND
+LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED
+LASSO_XML_ERROR_SCHEMA_INVALID_FRAGMENT
+LASSO_XSI_HREF
+LASSO_XSI_PREFIX
+struct LassoAssertionQuery { LassoAssertionQueryPrivate* private_data }
+LassoAssertionQueryRequestType
+LassoCheckVersionMode
+struct LassoDefederation { }
+struct LassoDsKeyInfo { LassoDsKeyValue* KeyValue }
+struct LassoDsKeyValue { LassoDsRsaKeyValue* RSAKeyValue }
+struct LassoDsRsaKeyValue { char* Modulus, char* Exponent }
+struct LassoEcp { gchar* assertionConsumerURL, LassoEcpPrivate* private_data }
+LassoEncryptionMode
+LassoEncryptionSymKeyType
+struct LassoFederation { gchar* remote_providerID, LassoNode* local_nameIdentifier, LassoNode* remote_nameIdentifier, LassoFederationPrivate* private_data }
+LassoHttpMethod
+struct LassoIdentity { GHashTable* federations, gboolean is_dirty, LassoIdentityPrivate* private_data }
+struct LassoLecp { LassoLibAuthnRequestEnvelope* authnRequestEnvelope, LassoLibAuthnResponseEnvelope* authnResponseEnvelope, char* assertionConsumerServiceURL }
+struct LassoLibAssertion { char* InResponseTo }
+struct LassoLibAuthenticationStatement { LassoLibAuthnContext* AuthnContext, char* ReauthenticateOnOrAfter, char* SessionIndex }
+struct LassoLibAuthnContext { char* AuthnContextClassRef, char* AuthnContextStatementRef }
+struct LassoLibAuthnRequest { GList* Extension, char* ProviderID, char* AffiliationID, char* NameIDPolicy, gboolean ForceAuthn, gboolean IsPassive, char* ProtocolProfile, char* AssertionConsumerServiceID, LassoLibRequestAuthnContext* RequestAuthnContext, char* RelayState, LassoLibScoping* Scoping, char* consent }
+struct LassoLibAuthnRequestEnvelope { GList* Extension, LassoLibAuthnRequest* AuthnRequest, char* ProviderID, char* ProviderName, char* AssertionConsumerServiceURL, LassoLibIDPList* IDPList, gboolean IsPassive }
+struct LassoLibAuthnResponse { GList* Extension, char* ProviderID, char* RelayState, char* consent }
+struct LassoLibAuthnResponseEnvelope { GList* Extension, LassoLibAuthnResponse* AuthnResponse, char* AssertionConsumerServiceURL }
+struct LassoLibFederationTerminationNotification { GList* Extension, char* ProviderID, LassoSamlNameIdentifier* NameIdentifier, char* consent, char* RelayState }
+struct LassoLibIDPEntries { GList* IDPEntry }
+struct LassoLibIDPEntry { char* ProviderID, char* ProviderName, char* Loc }
+struct LassoLibIDPList { LassoLibIDPEntries* IDPEntries, char* GetComplete }
+struct LassoLibLogoutRequest { GList* Extension, char* ProviderID, LassoSamlNameIdentifier* NameIdentifier, char* SessionIndex, char* RelayState, char* consent, char* NotOnOrAfter }
+struct LassoLibLogoutResponse { }
+struct LassoLibNameIdentifierMappingRequest { GList* Extension, char* ProviderID, LassoSamlNameIdentifier* NameIdentifier, char* TargetNamespace, char* consent }
+struct LassoLibNameIdentifierMappingResponse { GList* Extension, char* ProviderID, LassoSamlpStatus* Status, LassoSamlNameIdentifier* NameIdentifier }
+struct LassoLibRegisterNameIdentifierRequest { GList* Extension, char* ProviderID, LassoSamlNameIdentifier* IDPProvidedNameIdentifier, LassoSamlNameIdentifier* SPProvidedNameIdentifier, LassoSamlNameIdentifier* OldProvidedNameIdentifier, char* RelayState }
+struct LassoLibRegisterNameIdentifierResponse { }
+struct LassoLibRequestAuthnContext { GList* AuthnContextClassRef, GList* AuthnContextStatementRef, char* AuthnContextComparison }
+struct LassoLibScoping { int ProxyCount, LassoLibIDPList* IDPList }
+struct LassoLibStatusResponse { GList* Extension, char* ProviderID, LassoSamlpStatus* Status, char* RelayState }
+struct LassoLibSubject { LassoSamlNameIdentifier* IDPProvidedNameIdentifier }
+struct LassoLogin { LassoLoginProtocolProfile protocolProfile, gchar* assertionArtifact, LassoSamlAssertion* assertion, gchar* nameIDPolicy, LassoHttpMethod http_method, LassoLoginPrivate* private_data }
+LassoLoginProtocolProfile
+struct LassoLogout { LassoNode* initial_request, LassoNode* initial_response, gchar* initial_remote_providerID, gint providerID_index, LassoHttpMethod initial_http_request_method, LassoLogoutPrivate* private_data }
+LassoMdProtocolType
+LassoMessageFormat
+struct LassoMiscTextNode { char* content, char* name, char* ns_href, char* ns_prefix, gboolean text_child }
+struct LassoNameIdManagement { }
+struct LassoNameIdentifierMapping { gchar* targetNameIdentifier }
+struct LassoNameRegistration { LassoSamlNameIdentifier* oldNameIdentifier }
+struct LassoNode { }
+struct LassoProfile { LassoServer* server, LassoNode* request, LassoNode* response, LassoNode* nameIdentifier, gchar* remote_providerID, gchar* msg_url, gchar* msg_body, gchar* msg_relayState, LassoIdentity* identity, LassoSession* session, LassoHttpMethod http_request_method, gint signature_status, LassoProfilePrivate* private_data }
+LassoProfileSignatureHint
+LassoProfileSignatureVerifyHint
+LassoProtocolConformance
+struct LassoProvider { gchar* ProviderID, LassoProviderRole role, char* metadata_filename, gchar* public_key, gchar* ca_cert_chain, LassoProviderPrivate* private_data }
+LassoProviderRole
+LassoRequestType
+struct LassoSaml2Action { char* content, char* Namespace }
+struct LassoSaml2Advice { GList* AssertionIDRef, GList* AssertionURIRef, GList* Assertion, GList* EncryptedAssertion }
+struct LassoSaml2Assertion { LassoSaml2NameID* Issuer, LassoSaml2Subject* Subject, LassoSaml2Conditions* Conditions, LassoSaml2Advice* Advice, GList* Statement, GList* AuthnStatement, GList* AuthzDecisionStatement, GList* AttributeStatement, char* Version, char* ID, char* IssueInstant, LassoSignatureType sign_type, LassoSignatureMethod sign_method, char* private_key_file, char* certificate_file, gboolean encryption_activated, char* encryption_public_key_str, LassoEncryptionSymKeyType encryption_sym_key_type }
+LassoSaml2AssertionValidationState
+struct LassoSaml2Attribute { GList* AttributeValue, char* Name, char* NameFormat, char* FriendlyName }
+struct LassoSaml2AttributeStatement { GList* Attribute, GList* EncryptedAttribute }
+struct LassoSaml2AttributeValue { GList* any }
+struct LassoSaml2AudienceRestriction { char* Audience }
+struct LassoSaml2AuthnContext { char* AuthnContextClassRef, char* AuthnContextDeclRef, char* AuthenticatingAuthority }
+struct LassoSaml2AuthnStatement { LassoSaml2SubjectLocality* SubjectLocality, LassoSaml2AuthnContext* AuthnContext, char* AuthnInstant, char* SessionIndex, char* SessionNotOnOrAfter }
+struct LassoSaml2AuthzDecisionStatement { LassoSaml2Action* Action, LassoSaml2Evidence* Evidence, char* Resource, char* Decision }
+struct LassoSaml2BaseIDAbstract { char* NameQualifier, char* SPNameQualifier }
+struct LassoSaml2ConditionAbstract { }
+struct LassoSaml2Conditions { GList* Condition, GList* AudienceRestriction, GList* OneTimeUse, GList* ProxyRestriction, char* NotBefore, char* NotOnOrAfter }
+struct LassoSaml2EncryptedElement { xmlNode* EncryptedData, GList* EncryptedKey, LassoNode* original_data }
+struct LassoSaml2Evidence { GList* AssertionIDRef, GList* AssertionURIRef, GList* Assertion, GList* EncryptedAssertion }
+struct LassoSaml2KeyInfoConfirmationData { }
+struct LassoSaml2NameID { char* content, char* Format, char* SPProvidedID, char* NameQualifier, char* SPNameQualifier }
+struct LassoSaml2OneTimeUse { }
+struct LassoSaml2ProxyRestriction { char* Audience, char* Count }
+struct LassoSaml2StatementAbstract { }
+struct LassoSaml2Subject { LassoSaml2BaseIDAbstract* BaseID, LassoSaml2NameID* NameID, LassoSaml2EncryptedElement* EncryptedID, LassoSaml2SubjectConfirmation* SubjectConfirmation }
+struct LassoSaml2SubjectConfirmation { LassoSaml2BaseIDAbstract* BaseID, LassoSaml2NameID* NameID, LassoSaml2EncryptedElement* EncryptedID, LassoSaml2SubjectConfirmationData* SubjectConfirmationData, char* Method }
+struct LassoSaml2SubjectConfirmationData { char* NotBefore, char* NotOnOrAfter, char* Recipient, char* InResponseTo, char* Address }
+struct LassoSaml2SubjectLocality { char* Address, char* DNSName }
+struct LassoSamlAdvice { GList* AssertionIDReference, LassoNode* Assertion }
+struct LassoSamlAssertion { LassoSamlConditions* Conditions, LassoSamlAdvice* Advice, LassoSamlSubjectStatement* SubjectStatement, LassoSamlAuthenticationStatement* AuthenticationStatement, LassoSamlAttributeStatement* AttributeStatement, int MajorVersion, int MinorVersion, char* AssertionID, char* Issuer, char* IssueInstant, LassoSignatureType sign_type, LassoSignatureMethod sign_method, char* private_key_file, char* certificate_file }
+struct LassoSamlAttribute { gchar* attributeName, gchar* attributeNameSpace, GList* AttributeValue }
+struct LassoSamlAttributeDesignator { char* AttributeName, char* AttributeNamespace }
+struct LassoSamlAttributeStatement { GList* Attribute }
+struct LassoSamlAttributeValue { GList* any }
+struct LassoSamlAudienceRestrictionCondition { GList* Audience }
+struct LassoSamlAuthenticationStatement { LassoSamlSubjectLocality* SubjectLocality, GList* AuthorityBinding, char* AuthenticationMethod, char* AuthenticationInstant }
+struct LassoSamlAuthorityBinding { char* AuthorityKind, char* Location, char* Binding }
+struct LassoSamlConditionAbstract { }
+struct LassoSamlConditions { GList* Condition, GList* AudienceRestrictionCondition, char* NotBefore, char* NotOnOrAfter }
+struct LassoSamlNameIdentifier { char* NameQualifier, char* Format, char* content }
+struct LassoSamlStatementAbstract { }
+struct LassoSamlSubject { LassoSamlNameIdentifier* NameIdentifier, LassoSamlSubjectConfirmation* SubjectConfirmation, LassoSaml2EncryptedElement* EncryptedNameIdentifier }
+struct LassoSamlSubjectConfirmation { GList* ConfirmationMethod, char* SubjectConfirmationData, LassoDsKeyInfo* KeyInfo }
+struct LassoSamlSubjectLocality { char* IPAddress, char* DNSAddress }
+struct LassoSamlSubjectStatement { }
+struct LassoSamlSubjectStatementAbstract { LassoSamlSubject* Subject }
+struct LassoSamlp2ArtifactResolve { char* Artifact }
+struct LassoSamlp2ArtifactResponse { LassoNode* any }
+struct LassoSamlp2AssertionIDRequest { char* AssertionIDRef }
+struct LassoSamlp2AttributeQuery { GList* Attribute }
+struct LassoSamlp2AuthnQuery { LassoSamlp2RequestedAuthnContext* RequestedAuthnContext, char* SessionIndex }
+struct LassoSamlp2AuthnRequest { LassoSaml2Subject* Subject, LassoSamlp2NameIDPolicy* NameIDPolicy, LassoSaml2Conditions* Conditions, LassoSamlp2RequestedAuthnContext* RequestedAuthnContext, LassoSamlp2Scoping* Scoping, gboolean ForceAuthn, gboolean IsPassive, char* ProtocolBinding, int AssertionConsumerServiceIndex, char* AssertionConsumerServiceURL, int AttributeConsumingServiceIndex, char* ProviderName, G_GNUC_DEPRECATED char }
+struct LassoSamlp2AuthzDecisionQuery { LassoSaml2Action* Action, LassoSaml2Evidence* Evidence, char* Resource }
+struct LassoSamlp2Extensions { }
+struct LassoSamlp2IDPEntry { char* ProviderID, char* Name, char* Loc }
+struct LassoSamlp2IDPList { LassoSamlp2IDPEntry* IDPEntry, char* GetComplete }
+struct LassoSamlp2LogoutRequest { LassoSaml2BaseIDAbstract* BaseID, LassoSaml2NameID* NameID, LassoSaml2EncryptedElement* EncryptedID, char* SessionIndex, char* Reason, char* NotOnOrAfter, G_GNUC_DEPRECATED char }
+struct LassoSamlp2LogoutResponse { G_GNUC_DEPRECATED char }
+struct LassoSamlp2ManageNameIDRequest { LassoSaml2NameID* NameID, LassoSaml2EncryptedElement* EncryptedID, char* NewID, LassoSaml2EncryptedElement* NewEncryptedID, LassoSamlp2Terminate* Terminate }
+struct LassoSamlp2ManageNameIDResponse { }
+struct LassoSamlp2NameIDMappingRequest { LassoSaml2BaseIDAbstract* BaseID, LassoSaml2NameID* NameID, LassoSaml2EncryptedElement* EncryptedID, LassoSamlp2NameIDPolicy* NameIDPolicy }
+struct LassoSamlp2NameIDMappingResponse { LassoSaml2NameID* NameID, LassoSaml2EncryptedElement* EncryptedID }
+struct LassoSamlp2NameIDPolicy { char* Format, char* SPNameQualifier, gboolean AllowCreate }
+struct LassoSamlp2RequestAbstract { LassoSaml2NameID* Issuer, LassoSamlp2Extensions* Extensions, char* ID, char* Version, char* IssueInstant, char* Destination, char* Consent, LassoSignatureType sign_type, LassoSignatureMethod sign_method, char* private_key_file, char* certificate_file }
+struct LassoSamlp2RequestedAuthnContext { GList* AuthnContextClassRef, GList* AuthnContextDeclRef, char* Comparison }
+struct LassoSamlp2Response { GList* Assertion, GList* EncryptedAssertion }
+struct LassoSamlp2Scoping { LassoSamlp2IDPList* IDPList, char* RequesterID, char* ProxyCount }
+struct LassoSamlp2Status { LassoSamlp2StatusCode* StatusCode, char* StatusMessage, LassoSamlp2StatusDetail* StatusDetail }
+struct LassoSamlp2StatusCode { LassoSamlp2StatusCode* StatusCode, char* Value }
+struct LassoSamlp2StatusDetail { }
+struct LassoSamlp2StatusResponse { LassoSaml2NameID* Issuer, LassoSamlp2Extensions* Extensions, LassoSamlp2Status* Status, char* ID, char* InResponseTo, char* Version, char* IssueInstant, char* Destination, char* Consent, LassoSignatureType sign_type, LassoSignatureMethod sign_method, char* private_key_file, char* certificate_file }
+struct LassoSamlp2SubjectQueryAbstract { LassoSaml2Subject* Subject }
+struct LassoSamlp2Terminate { }
+struct LassoSamlpRequest { char* AssertionArtifact }
+struct LassoSamlpRequestAbstract { GList* RespondWith, char* RequestID, int MajorVersion, int MinorVersion, char* IssueInstant, LassoSignatureType sign_type, LassoSignatureMethod sign_method, char* private_key_file, char* certificate_file }
+struct LassoSamlpResponse { LassoSamlpStatus* Status, GList* Assertion }
+struct LassoSamlpResponseAbstract { char* ResponseID, char* InResponseTo, int MajorVersion, int MinorVersion, char* IssueInstant, char* Recipient, LassoSignatureType sign_type, LassoSignatureMethod sign_method, char* private_key_file, char* certificate_file }
+struct LassoSamlpStatus { LassoSamlpStatusCode* StatusCode, char* StatusMessage }
+struct LassoSamlpStatusCode { LassoSamlpStatusCode* StatusCode, char* Value }
+struct LassoServer { GHashTable* providers, GHashTable* services, gchar* private_key, gchar* private_key_password, gchar* certificate, LassoSignatureMethod signature_method, LassoServerPrivate* private_data }
+struct LassoSession { GHashTable* assertions, gboolean is_dirty, LassoSessionPrivate* private_data }
+LassoSignatureMethod
+LassoSignatureType
+lasso_error_t lasso_assertion_query_add_attribute_request ( LassoAssertionQuery* assertion_query, char* format, char* name )
+lasso_error_t lasso_assertion_query_build_request_msg ( LassoAssertionQuery* assertion_query )
+lasso_error_t lasso_assertion_query_build_response_msg ( LassoAssertionQuery* assertion_query )
+None lasso_assertion_query_destroy ( LassoAssertionQuery* assertion_query )
+LassoAssertionQueryRequestType lasso_assertion_query_get_request_type ( LassoAssertionQuery* assertion_query )
+GType lasso_assertion_query_get_type ( )
+lasso_error_t lasso_assertion_query_init_request ( LassoAssertionQuery* assertion_query, char* remote_provider_id, LassoHttpMethod http_method, LassoAssertionQueryRequestType query_request_type )
+LassoAssertionQuery* lasso_assertion_query_new ( LassoServer* server )
+lasso_error_t lasso_assertion_query_process_request_msg ( LassoAssertionQuery* assertion_query, gchar* request_msg )
+lasso_error_t lasso_assertion_query_process_response_msg ( LassoAssertionQuery* assertion_query, gchar* response_msg )
+lasso_error_t lasso_assertion_query_validate_request ( LassoAssertionQuery* assertion_query )
+char* lasso_build_unique_id ( unsigned int size )
+int lasso_check_version ( int major, int minor, int subminor, LassoCheckVersionMode mode )
+lasso_error_t lasso_defederation_build_notification_msg ( LassoDefederation* defederation )
+None lasso_defederation_destroy ( LassoDefederation* defederation )
+GType lasso_defederation_get_type ( )
+lasso_error_t lasso_defederation_init_notification ( LassoDefederation* defederation, gchar* remote_providerID, LassoHttpMethod http_method )
+LassoDefederation* lasso_defederation_new ( LassoServer* server )
+lasso_error_t lasso_defederation_process_notification_msg ( LassoDefederation* defederation, gchar* notification_msg )
+lasso_error_t lasso_defederation_validate_notification ( LassoDefederation* defederation )
+GType lasso_ds_key_info_get_type ( )
+LassoDsKeyInfo* lasso_ds_key_info_new ( )
+GType lasso_ds_key_value_get_type ( )
+LassoDsKeyValue* lasso_ds_key_value_new ( )
+GType lasso_ds_rsa_key_value_get_type ( )
+LassoDsRsaKeyValue* lasso_ds_rsa_key_value_new ( )
+None lasso_ecp_destroy ( LassoEcp* ecp )
+GType lasso_ecp_get_type ( )
+LassoEcp* lasso_ecp_new ( LassoServer* server )
+lasso_error_t lasso_ecp_process_authn_request_msg ( LassoEcp* ecp, const char* authn_request_msg )
+lasso_error_t lasso_ecp_process_response_msg ( LassoEcp* ecp, const char* response_msg )
+None lasso_federation_build_local_name_identifier ( LassoFederation* federation, const gchar* nameQualifier, const gchar* format, const gchar* content )
+None lasso_federation_destroy ( LassoFederation* federation )
+GType lasso_federation_get_type ( )
+LassoFederation* lasso_federation_new ( const gchar* remote_providerID )
+gboolean lasso_federation_verify_name_identifier ( LassoFederation* federation, LassoNode* name_identifier )
+char* lasso_get_prefix_for_dst_service_href ( const char* href )
+gchar* lasso_get_prefix_for_idwsf2_dst_service_href ( const gchar* href )
+None lasso_identity_destroy ( LassoIdentity* identity )
+gchar* lasso_identity_dump ( LassoIdentity* identity )
+LassoFederation* lasso_identity_get_federation ( LassoIdentity* identity, const char* providerID )
+GType lasso_identity_get_type ( )
+LassoIdentity* lasso_identity_new ( )
+LassoIdentity* lasso_identity_new_from_dump ( const gchar* dump )
+lasso_error_t lasso_init ( )
+lasso_error_t lasso_lecp_build_authn_request_envelope_msg ( LassoLecp* lecp )
+lasso_error_t lasso_lecp_build_authn_request_msg ( LassoLecp* lecp )
+lasso_error_t lasso_lecp_build_authn_response_envelope_msg ( LassoLecp* lecp )
+lasso_error_t lasso_lecp_build_authn_response_msg ( LassoLecp* lecp )
+None lasso_lecp_destroy ( LassoLecp* lecp )
+GType lasso_lecp_get_type ( )
+lasso_error_t lasso_lecp_init_authn_request ( LassoLecp* lecp, const char* remote_providerID )
+LassoLecp* lasso_lecp_new ( LassoServer* server )
+lasso_error_t lasso_lecp_process_authn_request_envelope_msg ( LassoLecp* lecp, const char* request_msg )
+lasso_error_t lasso_lecp_process_authn_request_msg ( LassoLecp* lecp, const char* authn_request_msg )
+lasso_error_t lasso_lecp_process_authn_response_envelope_msg ( LassoLecp* lecp, const char* response_msg )
+GType lasso_lib_assertion_get_type ( )
+LassoLibAssertion* lasso_lib_assertion_new ( )
+LassoLibAssertion* lasso_lib_assertion_new_full ( const char* issuer, const char* requestID, const char* audience, const char* notBefore, const char* notOnOrAfter )
+GType lasso_lib_authentication_statement_get_type ( )
+LassoLibAuthenticationStatement* lasso_lib_authentication_statement_new ( )
+LassoLibAuthenticationStatement* lasso_lib_authentication_statement_new_full ( const char* authenticationMethod, const char* authenticationInstant, const char* reauthenticateOnOrAfter, LassoSamlNameIdentifier* sp_identifier, LassoSamlNameIdentifier* idp_identifier )
+GType lasso_lib_authn_context_get_type ( )
+LassoNode* lasso_lib_authn_context_new ( )
+GType lasso_lib_authn_request_envelope_get_type ( )
+LassoLibAuthnRequestEnvelope* lasso_lib_authn_request_envelope_new ( )
+LassoLibAuthnRequestEnvelope* lasso_lib_authn_request_envelope_new_full ( LassoLibAuthnRequest* authnRequest, char* providerID, char* assertionConsumerServiceURL )
+GType lasso_lib_authn_request_get_type ( )
+LassoLibAuthnRequest* lasso_lib_authn_request_new ( )
+GType lasso_lib_authn_response_envelope_get_type ( )
+LassoLibAuthnResponseEnvelope* lasso_lib_authn_response_envelope_new ( LassoLibAuthnResponse* response, char* assertionConsumerServiceURL )
+GType lasso_lib_authn_response_get_type ( )
+LassoNode* lasso_lib_authn_response_new ( char* providerID, LassoLibAuthnRequest* request )
+GType lasso_lib_federation_termination_notification_get_type ( )
+LassoNode* lasso_lib_federation_termination_notification_new ( )
+LassoNode* lasso_lib_federation_termination_notification_new_full ( char* providerID, LassoSamlNameIdentifier* nameIdentifier, LassoSignatureType sign_type, LassoSignatureMethod sign_method )
+GType lasso_lib_idp_entries_get_type ( )
+LassoNode* lasso_lib_idp_entries_new ( )
+GType lasso_lib_idp_entry_get_type ( )
+LassoNode* lasso_lib_idp_entry_new ( )
+GType lasso_lib_idp_list_get_type ( )
+LassoNode* lasso_lib_idp_list_new ( )
+GType lasso_lib_logout_request_get_type ( )
+LassoNode* lasso_lib_logout_request_new ( )
+LassoNode* lasso_lib_logout_request_new_full ( char* providerID, LassoSamlNameIdentifier* nameIdentifier, LassoSignatureType sign_type, LassoSignatureMethod sign_method )
+GType lasso_lib_logout_response_get_type ( )
+LassoNode* lasso_lib_logout_response_new ( )
+LassoNode* lasso_lib_logout_response_new_full ( char* providerID, const char* statusCodeValue, LassoLibLogoutRequest* request, LassoSignatureType sign_type, LassoSignatureMethod sign_method )
+GType lasso_lib_name_identifier_mapping_request_get_type ( )
+LassoNode* lasso_lib_name_identifier_mapping_request_new ( )
+LassoNode* lasso_lib_name_identifier_mapping_request_new_full ( char* providerID, LassoSamlNameIdentifier* nameIdentifier, const char* targetNamespace, LassoSignatureType sign_type, LassoSignatureMethod sign_method )
+GType lasso_lib_name_identifier_mapping_response_get_type ( )
+LassoNode* lasso_lib_name_identifier_mapping_response_new ( )
+LassoNode* lasso_lib_name_identifier_mapping_response_new_full ( char* provideRID, const char* statusCodeValue, LassoLibNameIdentifierMappingRequest* request, LassoSignatureType sign_type, LassoSignatureMethod sign_method )
+GType lasso_lib_register_name_identifier_request_get_type ( )
+LassoNode* lasso_lib_register_name_identifier_request_new ( )
+LassoNode* lasso_lib_register_name_identifier_request_new_full ( const char* providerID, LassoSamlNameIdentifier* idpNameIdentifier, LassoSamlNameIdentifier* spNameIdentifier, LassoSamlNameIdentifier* oldNameIdentifier, LassoSignatureType sign_type, LassoSignatureMethod sign_method )
+GType lasso_lib_register_name_identifier_response_get_type ( )
+LassoNode* lasso_lib_register_name_identifier_response_new ( )
+LassoNode* lasso_lib_register_name_identifier_response_new_full ( const char* providerID, const char* statusCodeValue, LassoLibRegisterNameIdentifierRequest* request, LassoSignatureType sign_type, LassoSignatureMethod sign_method )
+GType lasso_lib_request_authn_context_get_type ( )
+LassoLibRequestAuthnContext* lasso_lib_request_authn_context_new ( )
+GType lasso_lib_scoping_get_type ( )
+LassoLibScoping* lasso_lib_scoping_new ( )
+GType lasso_lib_status_response_get_type ( )
+LassoNode* lasso_lib_status_response_new ( )
+GType lasso_lib_subject_get_type ( )
+LassoLibSubject* lasso_lib_subject_new ( )
+lasso_error_t lasso_login_accept_sso ( LassoLogin* login )
+lasso_error_t lasso_login_build_artifact_msg ( LassoLogin* login, LassoHttpMethod http_method )
+lasso_error_t lasso_login_build_assertion ( LassoLogin* login, const char* authenticationMethod, const char* authenticationInstant, const char* reauthenticateOnOrAfter, const char* notBefore, const char* notOnOrAfter )
+lasso_error_t lasso_login_build_authn_request_msg ( LassoLogin* login )
+lasso_error_t lasso_login_build_authn_response_msg ( LassoLogin* login )
+lasso_error_t lasso_login_build_request_msg ( LassoLogin* login )
+lasso_error_t lasso_login_build_response_msg ( LassoLogin* login, gchar* remote_providerID )
+None lasso_login_destroy ( LassoLogin* login )
+gchar* lasso_login_dump ( LassoLogin* login )
+LassoNode* lasso_login_get_assertion ( LassoLogin* login )
+GType lasso_login_get_type ( )
+lasso_error_t lasso_login_init_authn_request ( LassoLogin* login, const gchar* remote_providerID, LassoHttpMethod http_method )
+lasso_error_t lasso_login_init_idp_initiated_authn_request ( LassoLogin* login, const gchar* remote_providerID )
+lasso_error_t lasso_login_init_request ( LassoLogin* login, gchar* response_msg, LassoHttpMethod response_http_method )
+gboolean lasso_login_must_ask_for_consent ( LassoLogin* login )
+gboolean lasso_login_must_authenticate ( LassoLogin* login )
+LassoLogin* lasso_login_new ( LassoServer* server )
+LassoLogin* lasso_login_new_from_dump ( LassoServer* server, const gchar* dump )
+lasso_error_t lasso_login_process_authn_request_msg ( LassoLogin* login, const char* authn_request_msg )
+lasso_error_t lasso_login_process_authn_response_msg ( LassoLogin* login, gchar* authn_response_msg )
+lasso_error_t lasso_login_process_paos_response_msg ( LassoLogin* login, gchar* msg )
+lasso_error_t lasso_login_process_request_msg ( LassoLogin* login, gchar* request_msg )
+lasso_error_t lasso_login_process_response_msg ( LassoLogin* login, gchar* response_msg )
+lasso_error_t lasso_login_validate_request_msg ( LassoLogin* login, gboolean authentication_result, gboolean is_consent_obtained )
+lasso_error_t lasso_logout_build_request_msg ( LassoLogout* logout )
+lasso_error_t lasso_logout_build_response_msg ( LassoLogout* logout )
+None lasso_logout_destroy ( LassoLogout* logout )
+gchar* lasso_logout_dump ( LassoLogout* logout )
+gchar* lasso_logout_get_next_providerID ( LassoLogout* logout )
+GType lasso_logout_get_type ( )
+lasso_error_t lasso_logout_init_request ( LassoLogout* logout, gchar* remote_providerID, LassoHttpMethod request_method )
+LassoLogout* lasso_logout_new ( LassoServer* server )
+LassoLogout* lasso_logout_new_from_dump ( LassoServer* server, const gchar* dump )
+lasso_error_t lasso_logout_process_request_msg ( LassoLogout* logout, gchar* request_msg )
+lasso_error_t lasso_logout_process_response_msg ( LassoLogout* logout, gchar* response_msg )
+lasso_error_t lasso_logout_reset_providerID_index ( LassoLogout* logout )
+lasso_error_t lasso_logout_validate_request ( LassoLogout* logout )
+GType lasso_misc_text_node_get_type ( )
+xmlNode* lasso_misc_text_node_get_xml_content ( LassoMiscTextNode* misc_text_node )
+LassoNode* lasso_misc_text_node_new ( )
+LassoMiscTextNode* lasso_misc_text_node_new_with_string ( const char* content )
+LassoMiscTextNode* lasso_misc_text_node_new_with_xml_node ( xmlNode* xml_node )
+None lasso_misc_text_node_set_xml_content ( LassoMiscTextNode* misc_text_node, xmlNode* node )
+lasso_error_t lasso_name_id_management_build_request_msg ( LassoNameIdManagement* name_id_management )
+lasso_error_t lasso_name_id_management_build_response_msg ( LassoNameIdManagement* name_id_management )
+None lasso_name_id_management_destroy ( LassoNameIdManagement* name_id_management )
+char* lasso_name_id_management_dump ( LassoNameIdManagement* name_id_management )
+GType lasso_name_id_management_get_type ( )
+lasso_error_t lasso_name_id_management_init_request ( LassoNameIdManagement* name_id_management, char* remote_provider_id, char* new_name_id, LassoHttpMethod http_method )
+LassoNameIdManagement* lasso_name_id_management_new ( LassoServer* server )
+LassoNameIdManagement* lasso_name_id_management_new_from_dump ( LassoServer* server, const char* dump )
+lasso_error_t lasso_name_id_management_process_request_msg ( LassoNameIdManagement* name_id_management, gchar* request_msg )
+lasso_error_t lasso_name_id_management_process_response_msg ( LassoNameIdManagement* name_id_management, gchar* response_msg )
+lasso_error_t lasso_name_id_management_validate_request ( LassoNameIdManagement* name_id_management )
+lasso_error_t lasso_name_identifier_mapping_build_request_msg ( LassoNameIdentifierMapping* mapping )
+lasso_error_t lasso_name_identifier_mapping_build_response_msg ( LassoNameIdentifierMapping* mapping )
+None lasso_name_identifier_mapping_destroy ( LassoNameIdentifierMapping* mapping )
+GType lasso_name_identifier_mapping_get_type ( )
+lasso_error_t lasso_name_identifier_mapping_init_request ( LassoNameIdentifierMapping* mapping, gchar* targetNamespace, gchar* remote_providerID )
+LassoNameIdentifierMapping* lasso_name_identifier_mapping_new ( LassoServer* server )
+lasso_error_t lasso_name_identifier_mapping_process_request_msg ( LassoNameIdentifierMapping* mapping, gchar* request_msg )
+lasso_error_t lasso_name_identifier_mapping_process_response_msg ( LassoNameIdentifierMapping* mapping, gchar* response_msg )
+lasso_error_t lasso_name_identifier_mapping_validate_request ( LassoNameIdentifierMapping* mapping )
+lasso_error_t lasso_name_registration_build_request_msg ( LassoNameRegistration* name_registration )
+lasso_error_t lasso_name_registration_build_response_msg ( LassoNameRegistration* name_registration )
+None lasso_name_registration_destroy ( LassoNameRegistration* name_registration )
+gchar* lasso_name_registration_dump ( LassoNameRegistration* name_registration )
+GType lasso_name_registration_get_type ( )
+lasso_error_t lasso_name_registration_init_request ( LassoNameRegistration* name_registration, char* remote_providerID, LassoHttpMethod http_method )
+LassoNameRegistration* lasso_name_registration_new ( LassoServer* server )
+LassoNameRegistration* lasso_name_registration_new_from_dump ( LassoServer* server, const char* dump )
+lasso_error_t lasso_name_registration_process_request_msg ( LassoNameRegistration* name_registration, gchar* request_msg )
+lasso_error_t lasso_name_registration_process_response_msg ( LassoNameRegistration* name_registration, gchar* response_msg )
+lasso_error_t lasso_name_registration_validate_request ( LassoNameRegistration* name_registration )
+None lasso_node_cleanup_original_xmlnodes ( LassoNode* node )
+char* lasso_node_debug ( LassoNode* node, int level )
+None lasso_node_destroy ( LassoNode* node )
+char* lasso_node_dump ( LassoNode* node )
+char* lasso_node_export_to_base64 ( LassoNode* node )
+char* lasso_node_export_to_ecp_soap_response ( LassoNode* node, const char* assertionConsumerURL )
+char* lasso_node_export_to_paos_request ( LassoNode* node, const char* issuer, const char* responseConsumerURL, const char* relay_state )
+char* lasso_node_export_to_query ( LassoNode* node, LassoSignatureMethod sign_method, const char* private_key_file )
+char* lasso_node_export_to_query_with_password ( LassoNode* node, LassoSignatureMethod sign_method, const char* private_key_file, const char* private_key_file_password )
+char* lasso_node_export_to_soap ( LassoNode* node )
+gchar* lasso_node_export_to_xml ( LassoNode* node )
+const char* lasso_node_get_name ( LassoNode* node )
+const char* lasso_node_get_namespace ( LassoNode* node )
+xmlNode* lasso_node_get_original_xmlnode ( LassoNode* node )
+GType lasso_node_get_type ( )
+xmlNode* lasso_node_get_xmlNode ( LassoNode* node, gboolean lasso_dump )
+LassoMessageFormat lasso_node_init_from_message ( LassoNode* node, const char* message )
+gboolean lasso_node_init_from_query ( LassoNode* node, const char* query )
+lasso_error_t lasso_node_init_from_xml ( LassoNode* node, xmlNode* xmlnode )
+LassoNode* lasso_node_new ( )
+LassoNode* lasso_node_new_from_dump ( const char* dump )
+LassoNode* lasso_node_new_from_soap ( const char* soap )
+LassoNode* lasso_node_new_from_xmlNode ( xmlNode* node )
+None lasso_node_set_custom_namespace ( LassoNode* node, const char* prefix, const char* href )
+None lasso_node_set_custom_nodename ( LassoNode* node, const char* nodename )
+None lasso_node_set_original_xmlnode ( LassoNode* node, xmlNode* xmlnode )
+char* lasso_profile_get_artifact ( LassoProfile* profile )
+char* lasso_profile_get_artifact_message ( LassoProfile* profile )
+LassoIdentity* lasso_profile_get_identity ( LassoProfile* profile )
+LassoNode* lasso_profile_get_nameIdentifier ( LassoProfile* profile )
+LassoRequestType lasso_profile_get_request_type_from_soap_msg ( const gchar* soap )
+LassoSession* lasso_profile_get_session ( LassoProfile* profile )
+LassoProfileSignatureHint lasso_profile_get_signature_hint ( LassoProfile* profile )
+lasso_error_t lasso_profile_get_signature_status ( LassoProfile* profile )
+LassoProfileSignatureVerifyHint lasso_profile_get_signature_verify_hint ( LassoProfile* profile )
+GType lasso_profile_get_type ( )
+gboolean lasso_profile_is_identity_dirty ( LassoProfile* profile )
+gboolean lasso_profile_is_liberty_query ( const gchar* query )
+gboolean lasso_profile_is_saml_query ( const gchar* query )
+gboolean lasso_profile_is_session_dirty ( LassoProfile* profile )
+None lasso_profile_set_artifact_message ( LassoProfile* profile, const char* message )
+lasso_error_t lasso_profile_set_identity_from_dump ( LassoProfile* profile, const gchar* dump )
+lasso_error_t lasso_profile_set_session_from_dump ( LassoProfile* profile, const gchar* dump )
+None lasso_profile_set_signature_hint ( LassoProfile* profile, LassoProfileSignatureHint signature_hint )
+None lasso_profile_set_signature_verify_hint ( LassoProfile* profile, LassoProfileSignatureVerifyHint signature_verify_hint )
+lasso_error_t lasso_profile_set_soap_fault_response ( LassoProfile* profile, const char* faultcode, const char* faultstring, GList* details )
+LassoProviderRole lasso_profile_sso_role_with ( LassoProfile* profile, const char* remote_provider_id )
+gboolean lasso_provider_accept_http_method ( LassoProvider* provider, LassoProvider* remote_provider, LassoMdProtocolType protocol_type, LassoHttpMethod http_method, gboolean initiate_profile )
+gchar* lasso_provider_get_assertion_consumer_service_url ( LassoProvider* provider, const char* service_id )
+gchar* lasso_provider_get_base64_succinct_id ( const LassoProvider* provider )
+char* lasso_provider_get_cache_duration ( LassoProvider* provider )
+gchar* lasso_provider_get_default_name_id_format ( LassoProvider* provider )
+LassoEncryptionMode lasso_provider_get_encryption_mode ( LassoProvider* provider )
+LassoHttpMethod lasso_provider_get_first_http_method ( LassoProvider* provider, LassoProvider* remote_provider, LassoMdProtocolType protocol_type )
+GList* lasso_provider_get_idp_supported_attributes ( LassoProvider* provider )
+GList* lasso_provider_get_metadata_keys_for_role ( LassoProvider* provider, LassoProviderRole role )
+GList* lasso_provider_get_metadata_list ( LassoProvider* provider, const char* name )
+GList* lasso_provider_get_metadata_list_for_role ( const LassoProvider* provider, LassoProviderRole role, const char* name )
+gchar* lasso_provider_get_metadata_one ( LassoProvider* provider, const char* name )
+char* lasso_provider_get_metadata_one_for_role ( LassoProvider* provider, LassoProviderRole role, const char* name )
+xmlNode* lasso_provider_get_organization ( const LassoProvider* provider )
+LassoProtocolConformance lasso_provider_get_protocol_conformance ( const LassoProvider* provider )
+LassoProviderRole lasso_provider_get_roles ( LassoProvider* provider )
+const char* lasso_provider_get_sp_name_qualifier ( LassoProvider* provider )
+GType lasso_provider_get_type ( )
+char* lasso_provider_get_valid_until ( LassoProvider* provider )
+gboolean lasso_provider_has_protocol_profile ( LassoProvider* provider, LassoMdProtocolType protocol_type, const char* protocol_profile )
+gboolean lasso_provider_match_conformance ( LassoProvider* provider, LassoProvider* another_provider )
+LassoProvider* lasso_provider_new ( LassoProviderRole role, const char* metadata, const char* public_key, const char* ca_cert_chain )
+LassoProvider* lasso_provider_new_from_buffer ( LassoProviderRole role, const char* metadata, const char* public_key, const char* ca_cert_chain )
+LassoProvider* lasso_provider_new_from_dump ( const gchar* dump )
+LassoSaml2EncryptedElement* lasso_provider_saml2_node_encrypt ( const LassoProvider* provider, LassoNode* lasso_node )
+None lasso_provider_set_encryption_mode ( LassoProvider* provider, LassoEncryptionMode encryption_mode )
+None lasso_provider_set_encryption_sym_key_type ( LassoProvider* provider, LassoEncryptionSymKeyType encryption_sym_key_type )
+lasso_error_t lasso_provider_verify_single_node_signature ( LassoProvider* provider, LassoNode* node, const char* id_attr_name )
+None lasso_register_dst_service ( const char* prefix, const char* href )
+None lasso_register_idwsf2_dst_service ( const gchar* prefix, const gchar* href )
+GType lasso_saml2_action_get_type ( )
+LassoNode* lasso_saml2_action_new ( )
+LassoNode* lasso_saml2_action_new_with_string ( char* content )
+GType lasso_saml2_advice_get_type ( )
+LassoNode* lasso_saml2_advice_new ( )
+lasso_error_t lasso_saml2_assertion_add_attribute_with_node ( LassoSaml2Assertion* assertion, const char* name, const char* nameformat, LassoNode* content )
+None lasso_saml2_assertion_add_audience_restriction ( LassoSaml2Assertion* saml2_assertion, const char* providerID )
+None lasso_saml2_assertion_add_proxy_limit ( LassoSaml2Assertion* saml2_assertion, int proxy_count, GList* proxy_audiences )
+LassoSaml2AssertionValidationState lasso_saml2_assertion_allows_proxying ( LassoSaml2Assertion* saml2_assertion )
+LassoSaml2AssertionValidationState lasso_saml2_assertion_allows_proxying_to ( LassoSaml2Assertion* saml2_assertion, const char* audience )
+lasso_error_t lasso_saml2_assertion_decrypt_subject ( LassoSaml2Assertion* assertion, LassoServer* server )
+const char* lasso_saml2_assertion_get_in_response_to ( LassoSaml2Assertion* assertion )
+LassoProvider* lasso_saml2_assertion_get_issuer_provider ( const LassoSaml2Assertion* saml2_assertion, const LassoServer* server )
+LassoSaml2SubjectConfirmationData* lasso_saml2_assertion_get_subject_confirmation_data ( LassoSaml2Assertion* saml2_assertion, gboolean create )
+GType lasso_saml2_assertion_get_type ( )
+gboolean lasso_saml2_assertion_has_audience_restriction ( LassoSaml2Assertion* saml2_assertion )
+gboolean lasso_saml2_assertion_has_one_time_use ( LassoSaml2Assertion* saml2_assertion )
+gboolean lasso_saml2_assertion_is_audience_restricted ( LassoSaml2Assertion* saml2_assertion, char* providerID )
+LassoNode* lasso_saml2_assertion_new ( )
+None lasso_saml2_assertion_set_basic_conditions ( LassoSaml2Assertion* saml2_assertion, time_t tolerance, time_t length, gboolean one_time_use )
+None lasso_saml2_assertion_set_one_time_use ( LassoSaml2Assertion* saml2_assertion, gboolean one_time_use )
+None lasso_saml2_assertion_set_subject_confirmation_data ( LassoSaml2Assertion* saml2_assertion, time_t tolerance, time_t length, const char* Recipient, const char* InResponseTo, const char* Address )
+None lasso_saml2_assertion_set_subject_confirmation_name_id ( LassoSaml2Assertion* saml2_assertion, LassoNode* node )
+None lasso_saml2_assertion_set_subject_name_id ( LassoSaml2Assertion* saml2_assertion, LassoNode* node )
+LassoSaml2AssertionValidationState lasso_saml2_assertion_validate_audience ( LassoSaml2Assertion* saml2_assertion, const gchar* audience )
+LassoSaml2AssertionValidationState lasso_saml2_assertion_validate_conditions ( LassoSaml2Assertion* saml2_assertion, const char* relaying_party_providerID )
+LassoSaml2AssertionValidationState lasso_saml2_assertion_validate_time_checks ( LassoSaml2Assertion* saml2_assertion, unsigned int tolerance, time_t now )
+GType lasso_saml2_attribute_get_type ( )
+LassoNode* lasso_saml2_attribute_new ( )
+GType lasso_saml2_attribute_statement_get_type ( )
+LassoNode* lasso_saml2_attribute_statement_new ( )
+GType lasso_saml2_attribute_value_get_type ( )
+LassoSaml2AttributeValue* lasso_saml2_attribute_value_new ( )
+GType lasso_saml2_audience_restriction_get_type ( )
+LassoNode* lasso_saml2_audience_restriction_new ( )
+GType lasso_saml2_authn_context_get_type ( )
+LassoNode* lasso_saml2_authn_context_new ( )
+GType lasso_saml2_authn_statement_get_type ( )
+LassoNode* lasso_saml2_authn_statement_new ( )
+GType lasso_saml2_authz_decision_statement_get_type ( )
+LassoNode* lasso_saml2_authz_decision_statement_new ( )
+GType lasso_saml2_base_idabstract_get_type ( )
+LassoNode* lasso_saml2_base_idabstract_new ( )
+GType lasso_saml2_condition_abstract_get_type ( )
+LassoNode* lasso_saml2_condition_abstract_new ( )
+GType lasso_saml2_conditions_get_type ( )
+LassoNode* lasso_saml2_conditions_new ( )
+LassoSaml2EncryptedElement* lasso_saml2_encrypted_element_build_encrypted_persistent_name_id ( const char* id, const char* idpID, const LassoProvider* provider )
+GType lasso_saml2_encrypted_element_get_type ( )
+LassoNode* lasso_saml2_encrypted_element_new ( )
+lasso_error_t lasso_saml2_encrypted_element_server_decrypt ( LassoSaml2EncryptedElement* encrypted_element, LassoServer* server, LassoNode** decrypted_node )
+GType lasso_saml2_evidence_get_type ( )
+LassoNode* lasso_saml2_evidence_new ( )
+GType lasso_saml2_key_info_confirmation_data_get_type ( )
+LassoNode* lasso_saml2_key_info_confirmation_data_new ( )
+LassoSaml2NameID* lasso_saml2_name_id_build_persistent ( const char* id, const char* idpID, const char* providerID )
+gboolean lasso_saml2_name_id_equals ( LassoSaml2NameID* name_id, LassoSaml2NameID* other_name_id )
+GType lasso_saml2_name_id_get_type ( )
+LassoNode* lasso_saml2_name_id_new ( )
+LassoSaml2NameID* lasso_saml2_name_id_new_with_persistent_format ( const char* id, const char* idpID, const char* providerID )
+LassoNode* lasso_saml2_name_id_new_with_string ( char* content )
+GType lasso_saml2_one_time_use_get_type ( )
+LassoNode* lasso_saml2_one_time_use_new ( )
+GType lasso_saml2_proxy_restriction_get_type ( )
+LassoNode* lasso_saml2_proxy_restriction_new ( )
+GType lasso_saml2_statement_abstract_get_type ( )
+LassoNode* lasso_saml2_statement_abstract_new ( )
+GType lasso_saml2_subject_confirmation_data_get_type ( )
+LassoNode* lasso_saml2_subject_confirmation_data_new ( )
+GType lasso_saml2_subject_confirmation_get_type ( )
+LassoNode* lasso_saml2_subject_confirmation_new ( )
+GType lasso_saml2_subject_get_type ( )
+GType lasso_saml2_subject_locality_get_type ( )
+LassoNode* lasso_saml2_subject_locality_new ( )
+LassoNode* lasso_saml2_subject_new ( )
+GType lasso_saml_advice_get_type ( )
+LassoNode* lasso_saml_advice_new ( )
+GType lasso_saml_assertion_get_type ( )
+LassoSamlAssertion* lasso_saml_assertion_new ( )
+GType lasso_saml_attribute_designator_get_type ( )
+LassoNode* lasso_saml_attribute_designator_new ( )
+GType lasso_saml_attribute_get_type ( )
+LassoSamlAttribute* lasso_saml_attribute_new ( )
+GType lasso_saml_attribute_statement_get_type ( )
+LassoSamlAttributeStatement* lasso_saml_attribute_statement_new ( )
+GType lasso_saml_attribute_value_get_type ( )
+LassoSamlAttributeValue* lasso_saml_attribute_value_new ( )
+GType lasso_saml_audience_restriction_condition_get_type ( )
+LassoSamlAudienceRestrictionCondition* lasso_saml_audience_restriction_condition_new ( )
+LassoSamlAudienceRestrictionCondition* lasso_saml_audience_restriction_condition_new_full ( const char* audience )
+GType lasso_saml_authentication_statement_get_type ( )
+LassoNode* lasso_saml_authentication_statement_new ( )
+GType lasso_saml_authority_binding_get_type ( )
+LassoNode* lasso_saml_authority_binding_new ( )
+GType lasso_saml_condition_abstract_get_type ( )
+GType lasso_saml_conditions_get_type ( )
+LassoSamlConditions* lasso_saml_conditions_new ( )
+GType lasso_saml_name_identifier_get_type ( )
+LassoSamlNameIdentifier* lasso_saml_name_identifier_new ( )
+LassoSamlNameIdentifier* lasso_saml_name_identifier_new_from_xmlNode ( xmlNode* xmlnode )
+GType lasso_saml_statement_abstract_get_type ( )
+GType lasso_saml_subject_confirmation_get_type ( )
+LassoSamlSubjectConfirmation* lasso_saml_subject_confirmation_new ( )
+GType lasso_saml_subject_get_type ( )
+GType lasso_saml_subject_locality_get_type ( )
+LassoNode* lasso_saml_subject_locality_new ( )
+LassoNode* lasso_saml_subject_new ( )
+GType lasso_saml_subject_statement_abstract_get_type ( )
+GType lasso_saml_subject_statement_get_type ( )
+LassoNode* lasso_saml_subject_statement_new ( )
+GType lasso_samlp2_artifact_resolve_get_type ( )
+LassoNode* lasso_samlp2_artifact_resolve_new ( )
+GType lasso_samlp2_artifact_response_get_type ( )
+LassoNode* lasso_samlp2_artifact_response_new ( )
+GType lasso_samlp2_assertion_id_request_get_type ( )
+LassoNode* lasso_samlp2_assertion_id_request_new ( )
+GType lasso_samlp2_attribute_query_get_type ( )
+LassoNode* lasso_samlp2_attribute_query_new ( )
+GType lasso_samlp2_authn_query_get_type ( )
+LassoNode* lasso_samlp2_authn_query_new ( )
+GType lasso_samlp2_authn_request_get_type ( )
+LassoNode* lasso_samlp2_authn_request_new ( )
+GType lasso_samlp2_authz_decision_query_get_type ( )
+LassoNode* lasso_samlp2_authz_decision_query_new ( )
+GType lasso_samlp2_extensions_get_type ( )
+LassoNode* lasso_samlp2_extensions_new ( )
+GType lasso_samlp2_idp_entry_get_type ( )
+LassoNode* lasso_samlp2_idp_entry_new ( )
+GType lasso_samlp2_idp_list_get_type ( )
+LassoNode* lasso_samlp2_idp_list_new ( )
+GList* lasso_samlp2_logout_request_get_session_indexes ( LassoSamlp2LogoutRequest* logout_request )
+GType lasso_samlp2_logout_request_get_type ( )
+LassoNode* lasso_samlp2_logout_request_new ( )
+None lasso_samlp2_logout_request_set_session_indexes ( LassoSamlp2LogoutRequest* logout_request, GList* session_index )
+GType lasso_samlp2_logout_response_get_type ( )
+LassoNode* lasso_samlp2_logout_response_new ( )
+GType lasso_samlp2_manage_name_id_request_get_type ( )
+LassoNode* lasso_samlp2_manage_name_id_request_new ( )
+GType lasso_samlp2_manage_name_id_response_get_type ( )
+LassoNode* lasso_samlp2_manage_name_id_response_new ( )
+GType lasso_samlp2_name_id_mapping_request_get_type ( )
+LassoNode* lasso_samlp2_name_id_mapping_request_new ( )
+GType lasso_samlp2_name_id_mapping_response_get_type ( )
+LassoNode* lasso_samlp2_name_id_mapping_response_new ( )
+GType lasso_samlp2_name_id_policy_get_type ( )
+LassoNode* lasso_samlp2_name_id_policy_new ( )
+GType lasso_samlp2_request_abstract_get_type ( )
+LassoNode* lasso_samlp2_request_abstract_new ( )
+GType lasso_samlp2_requested_authn_context_get_type ( )
+LassoNode* lasso_samlp2_requested_authn_context_new ( )
+GType lasso_samlp2_response_get_type ( )
+LassoNode* lasso_samlp2_response_new ( )
+GType lasso_samlp2_scoping_get_type ( )
+LassoNode* lasso_samlp2_scoping_new ( )
+GType lasso_samlp2_status_code_get_type ( )
+LassoNode* lasso_samlp2_status_code_new ( )
+GType lasso_samlp2_status_detail_get_type ( )
+LassoNode* lasso_samlp2_status_detail_new ( )
+GType lasso_samlp2_status_get_type ( )
+LassoNode* lasso_samlp2_status_new ( )
+GType lasso_samlp2_status_response_get_type ( )
+LassoNode* lasso_samlp2_status_response_new ( )
+GType lasso_samlp2_subject_query_abstract_get_type ( )
+LassoNode* lasso_samlp2_subject_query_abstract_new ( )
+GType lasso_samlp2_terminate_get_type ( )
+LassoNode* lasso_samlp2_terminate_new ( )
+GType lasso_samlp_request_abstract_get_type ( )
+GType lasso_samlp_request_get_type ( )
+LassoNode* lasso_samlp_request_new ( )
+None lasso_samlp_response_abstract_fill ( LassoSamlpResponseAbstract* response, const char* InResponseTo, const char* Recipient )
+GType lasso_samlp_response_abstract_get_type ( )
+GType lasso_samlp_response_get_type ( )
+LassoNode* lasso_samlp_response_new ( )
+GType lasso_samlp_status_code_get_type ( )
+LassoSamlpStatusCode* lasso_samlp_status_code_new ( )
+GType lasso_samlp_status_get_type ( )
+LassoSamlpStatus* lasso_samlp_status_new ( )
+lasso_error_t lasso_server_add_provider ( LassoServer* server, LassoProviderRole role, const gchar* metadata, const gchar* public_key, const gchar* ca_cert_chain )
+lasso_error_t lasso_server_add_provider_from_buffer ( LassoServer* server, LassoProviderRole role, const gchar* metadata, const gchar* public_key, const gchar* ca_cert_chain )
+None lasso_server_destroy ( LassoServer* server )
+gchar* lasso_server_dump ( LassoServer* server )
+LassoProvider* lasso_server_get_provider ( const LassoServer* server, const gchar* providerID )
+GType lasso_server_get_type ( )
+lasso_error_t lasso_server_load_affiliation ( LassoServer* server, const gchar* filename )
+LassoServer* lasso_server_new ( const gchar* metadata, const gchar* private_key, const gchar* private_key_password, const gchar* certificate )
+LassoServer* lasso_server_new_from_buffers ( const gchar* metadata, const gchar* private_key_content, const gchar* private_key_password, const gchar* certificate_content )
+LassoServer* lasso_server_new_from_dump ( const gchar* dump )
+lasso_error_t lasso_server_saml2_assertion_setup_signature ( LassoServer* server, LassoSaml2Assertion* saml2_assertion )
+lasso_error_t lasso_server_set_encryption_private_key ( LassoServer* server, const gchar* filename_or_buffer )
+lasso_error_t lasso_server_set_encryption_private_key_with_password ( LassoServer* server, const gchar* filename_or_buffer, const gchar* password )
+lasso_error_t lasso_session_add_assertion ( LassoSession* session, const char* providerID, LassoNode* assertion )
+None lasso_session_destroy ( LassoSession* session )
+gchar* lasso_session_dump ( LassoSession* session )
+LassoNode* lasso_session_get_assertion ( LassoSession* session, const gchar* providerID )
+GList* lasso_session_get_assertions ( LassoSession* session, const char* provider_id )
+gchar* lasso_session_get_provider_index ( LassoSession* session, gint index )
+GType lasso_session_get_type ( )
+gboolean lasso_session_is_empty ( LassoSession* session )
+LassoSession* lasso_session_new ( )
+LassoSession* lasso_session_new_from_dump ( const gchar* dump )
+lasso_error_t lasso_session_remove_assertion ( LassoSession* session, const gchar* providerID )
+None lasso_set_flag ( char* flag )
+lasso_error_t lasso_shutdown ( )
+const char* lasso_strerror ( int error_code )
diff --git a/configure.ac b/configure.ac
index 3d80fa54..16713faf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -184,7 +184,7 @@ dnl - interfaces removed -> AGE = 0
# m = a
# r = r
current=`expr $VERSION_MAJOR + $VERSION_MINOR`
-LASSO_VERSION_INFO="11:0:8"
+LASSO_VERSION_INFO="12:0:8"
AC_SUBST(LASSO_VERSION_INFO)
dnl Compute the minimal supported ABI version for Win32 scripts and resources files.
diff --git a/lasso.doap b/lasso.doap
index d07f0eff..ef98b10e 100644
--- a/lasso.doap
+++ b/lasso.doap
@@ -61,6 +61,10 @@
+
+ 2010-09-07
+ 2.3.1
+
2010-07-21
2.3.0
diff --git a/website/templates/base.ezt b/website/templates/base.ezt
index 2d49cee2..b1f144d9 100644
--- a/website/templates/base.ezt
+++ b/website/templates/base.ezt
@@ -57,8 +57,8 @@
Download
- The most recent version of Lasso is 2.3 and was
- release on July 21th 2010.
+ The most recent version of Lasso is 2.3.1 and was
+ release on Septembre 9th 2010.
Binary packages
@@ -67,7 +67,7 @@
Source
-
.tar.gz
+
.tar.gz
Git repository : http://dev.entrouvert.org/git/lasso.git
Browse git repository
diff --git a/website/web/doap.rdf b/website/web/doap.rdf
index 8e002c49..ef98b10e 100644
--- a/website/web/doap.rdf
+++ b/website/web/doap.rdf
@@ -1,4 +1,4 @@
-
Liberty Alliance ID-FF 1.2
-
OASIS SAML 2.0
-
@@ -61,6 +61,10 @@
+
+ 2010-09-07
+ 2.3.1
+
2010-07-21
2.3.0