entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

[id-wsf2 profile] check provider->private_data->roles instead of provider->role 

Fixes #140.
This commit is contained in:
Benjamin Dauvergne 2011-10-10 17:29:34 +02:00
parent 984759ea67
commit c6d4076599
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lasso/id-wsf-2.0/profile.c
View File

@ -22,6 +22,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include "../xml/private.h"
#include <libxml/xpath.h>
#include <libxml/xpathInternals.h>
@ -415,6 +416,7 @@ lasso_idwsf2_profile_check_security_mechanism(LassoIdWsf2Profile *profile,
const char *sender_id = NULL, *local_service_id = NULL;
const char *name_qualifier = NULL, *sp_name_qualifier = NULL;
LassoSaml2AssertionValidationState validation_state;
LassoProviderRole role;
assertion = lasso_soap_envelope_get_saml2_security_token (envelope);
if (assertion == NULL)
@ -425,7 +427,12 @@ lasso_idwsf2_profile_check_security_mechanism(LassoIdWsf2Profile *profile,
issuer = lasso_saml2_assertion_get_issuer_provider(assertion, profile->parent.server);
if (! issuer)
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_UNKNOWN_ISSUER);
if (issuer->role != LASSO_PROVIDER_ROLE_IDP)
if (issuer == &profile->parent.server->parent || issuer->role == 0) {
role = issuer->private_data->roles;
} else {
role = issuer->role;
}
if ((role & LASSO_PROVIDER_ROLE_IDP) == 0)
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_ISSUER_IS_NOT_AN_IDP);
lasso_check_good_rc(lasso_provider_verify_single_node_signature(issuer,
(LassoNode*)assertion, "ID"));