From 9adc9bfaadac2bb4f450b77146dfa3f72c46084c Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Sun, 8 Sep 2013 21:21:41 +0200 Subject: [PATCH] saml2/login: fix role of providers in process_authn_request() and idp_initiated_authn_request() It is necessary for endpoint resolution to know the role of providers. --- lasso/saml-2.0/login.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 02a659f6..b1b79ddc 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -260,6 +260,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth LassoSamlp2StatusResponse *response = NULL; LassoSamlp2AuthnRequest *authn_request = NULL; LassoProvider *remote_provider = NULL; + LassoServer *server = NULL; const gchar *protocol_binding = NULL; const char *status1 = LASSO_SAML2_STATUS_CODE_RESPONDER; const char *status2 = NULL; @@ -298,6 +299,10 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth rc = LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER; goto cleanup; } + lasso_extract_node_or_fail(server, lasso_profile_get_server(&login->parent), SERVER, + LASSO_PROFILE_ERROR_MISSING_SERVER); + remote_provider->role = LASSO_PROVIDER_ROLE_SP; + server->parent.role = LASSO_PROVIDER_ROLE_IDP; /* all those attributes are mutually exclusive */ if (((authn_request->ProtocolBinding != NULL) || @@ -1501,6 +1506,10 @@ lasso_saml20_login_init_idp_initiated_authn_request(LassoLogin *login, if (! LASSO_IS_PROVIDER(provider)) return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND; + /* fix roles */ + server->parent.role = LASSO_PROVIDER_ROLE_IDP; + provider->role = LASSO_PROVIDER_ROLE_SP; + lasso_assign_string(profile->remote_providerID, remote_providerID); lasso_assign_new_gobject(profile->request, lasso_samlp2_authn_request_new()); lasso_assign_new_gobject(LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy,