diff --git a/bindings/python/tests/binding_tests.py b/bindings/python/tests/binding_tests.py
index bd621215..89039d2e 100755
--- a/bindings/python/tests/binding_tests.py
+++ b/bindings/python/tests/binding_tests.py
@@ -293,7 +293,6 @@ class BindingTestCase(unittest.TestCase):
mdata = os.path.join(dataDir, 'sp7-saml2', 'metadata.xml')
password = file(os.path.join(dataDir, 'sp7-saml2', 'password')).read().strip()
server = lasso.Server(mdata, pkey, password)
- print server
assert isinstance(server, lasso.Server)
server_dump = server.dump()
assert server_dump
diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py
index 42cac2f9..c923f87f 100755
--- a/bindings/python/tests/profiles_tests.py
+++ b/bindings/python/tests/profiles_tests.py
@@ -208,6 +208,42 @@ class LoginTestCase(unittest.TestCase):
self.failUnless('do action 2' in extensionsList[0])
self.failUnless('do action 3' in extensionsList[0])
+ def test05(self):
+ '''SAMLv2 Authn request emitted and received using Artifact binding'''
+
+ sp = lasso.Server(
+ os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
+ os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
+ assert sp
+ sp.addProvider(
+ lasso.PROVIDER_ROLE_IDP,
+ os.path.join(dataDir, 'idp5-saml2/metadata.xml'))
+ sp_login = lasso.Login(sp)
+ assert sp_login
+ sp_login.initAuthnRequest(None, lasso.HTTP_METHOD_ARTIFACT_GET)
+ sp_login.buildAuthnRequestMsg()
+ sp_login_dump = sp_login.dump()
+ idp = lasso.Server(
+ os.path.join(dataDir, 'idp5-saml2/metadata.xml'),
+ os.path.join(dataDir, 'idp5-saml2/private-key.pem'))
+ idp.addProvider(
+ lasso.PROVIDER_ROLE_SP,
+ os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
+ idp_login = lasso.Login(idp)
+ idp_login.initRequest(sp_login.msgUrl.split('?')[1], lasso.HTTP_METHOD_ARTIFACT_GET)
+ idp_login.buildRequestMsg()
+ sp_login2 = lasso.Login.newFromDump(sp, sp_login_dump)
+ assert isinstance(sp_login2, lasso.Login)
+ assert idp_login.msgBody
+ sp_login2.processRequestMsg(idp_login.msgBody)
+ sp_login2.buildResponseMsg()
+ assert sp_login2.msgBody
+ try:
+ idp_login.processResponseMsg(sp_login2.msgBody)
+ except:
+ print idp_login.response
+ raise
+ assert isinstance(idp_login.request, lasso.Samlp2AuthnRequest)
class LogoutTestCase(unittest.TestCase):
def test01(self):
@@ -294,21 +330,6 @@ class LogoutTestCase(unittest.TestCase):
else:
self.fail('Logout processResponseMsg should have failed.')
- def test05(self):
- """IDP logout; testing logout dump & newFromDump()."""
-
- lassoServer = lasso.Server(
- os.path.join(dataDir, 'idp1-la/metadata.xml'),
- os.path.join(dataDir, 'idp1-la/private-key-raw.pem'),
- None,
- os.path.join(dataDir, 'idp1-la/certificate.pem'))
- lassoServer.addProvider(
- lasso.PROVIDER_ROLE_SP,
- os.path.join(dataDir, 'sp1-la/metadata.xml'),
- os.path.join(dataDir, 'sp1-la/public-key.pem'),
- os.path.join(dataDir, 'sp1-la/certificate.pem'))
-
-
class DefederationTestCase(unittest.TestCase):
def test01(self):
"""IDP initiated defederation; testing processNotificationMsg with non Liberty query."""
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 7b80ffc3..229f9540 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -52,6 +52,7 @@
#include "../xml/saml-2.0/saml2_attribute_value.h"
#include "../xml/saml-2.0/saml2_name_id.h"
#include "../xml/saml-2.0/saml2_xsd.h"
+#include "../xml/saml-2.0/samlp2_artifact_response.h"
#include "../utils.h"
@@ -1078,8 +1079,11 @@ lasso_saml20_login_process_response_msg(LassoLogin *login, gchar *response_msg)
if (rc) {
return rc;
}
-
- return lasso_saml20_login_process_response_status_and_assertion(login);
+ if (LASSO_IS_SAMLP2_ARTIFACT_RESPONSE(login->parent.response)) {
+ return lasso_saml20_login_process_authn_request_msg(login, NULL);
+ } else {
+ return lasso_saml20_login_process_response_status_and_assertion(login);
+ }
}
static gint
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index e6e2c9d1..4b993671 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -424,10 +424,16 @@ lasso_saml20_profile_process_artifact_response(LassoProfile *profile, const char
goto_cleanup_if_fail_with_rc(profile->response != NULL,
critical_error(LASSO_PROFILE_ERROR_INVALID_RESPONSE));
if (artifact_response->any == NULL) {
- lasso_release_gobject(profile->response);
- goto_cleanup_with_rc(LASSO_PROFILE_ERROR_MISSING_RESPONSE);
+ rc = LASSO_PROFILE_ERROR_MISSING_RESPONSE;
+ } else {
+ if (LASSO_IS_SAMLP2_REQUEST_ABSTRACT(artifact_response->any)) {
+ lasso_assign_gobject(profile->request, artifact_response->any);
+ } else if (LASSO_IS_SAMLP2_STATUS_RESPONSE(artifact_response->any)) {
+ lasso_assign_gobject(profile->response, artifact_response->any);
+ } else {
+ rc = LASSO_PROFILE_ERROR_INVALID_RESPONSE;
+ }
}
- lasso_assign_gobject(profile->response, artifact_response->any);
cleanup:
lasso_release_gobject(artifact_response);
diff --git a/tests/data/idp5-saml2/metadata.xml b/tests/data/idp5-saml2/metadata.xml
index 8ce19176..d6910f67 100644
--- a/tests/data/idp5-saml2/metadata.xml
+++ b/tests/data/idp5-saml2/metadata.xml
@@ -82,6 +82,9 @@ LlTxKnCrWAXftSm1rNtewTsF
+
Entr'ouvert
diff --git a/tests/data/sp5-saml2/metadata.xml b/tests/data/sp5-saml2/metadata.xml
index 6b36d97a..da2d693c 100644
--- a/tests/data/sp5-saml2/metadata.xml
+++ b/tests/data/sp5-saml2/metadata.xml
@@ -64,6 +64,9 @@ LlTxKnCrWAXftSm1rNtewTsF
+