* lasso/xml/saml-2.0/saml2_condition_abstract.c:
last commit to this file changed the element name from
ConditionAbstract to Condition so the XML parser cannot find the
corresponding GObject class anymore.
* lasso/saml-2.0/saml2_helper.{c,h}:
distribute code from lasso_saml2_assertion_validate_conditions to
lasso_saml2_assertion_validate_time_checks and
lasso_saml2_assertion_validate_audience.
add lasso_saml2_assertion_allows_proxying and
lasso_saml2_assertion_allows_proxying_to, to respectively check for
proxying of the current assertion, and for proxying to a specific
provider (you must call both of them to test completely the proxying
status of an assertion).
* docs/reference/lasso/lasso-sections.txt:
reference new functions into documentation.
* bindings/python/lang.py:
support pickling protocol methods __getstate__ and __setstate__
leveraging the lasso_node_dump and lasso_node_new_from_dump methods
from Lasso.
* lasso/xml/saml-2.0/saml2_condition_abstract.c:
saml2:Condition is an element whose type is abstract, it must be used
as an extension point helped by the xsi:type field. As the content is
unknown before hand we must keep the original xmlNode for later
analysis.
* data_service.c:
remove dependency on discovery.h
* discovery.{c,h}:
- add a lasso_idwsf2_discovery_process_request_msg to extract request
data before validate request (SvcMDID, SvcMD or RequestService).
- store SvcMDID in a private field, add a setter for it.
- SvcMDID is now used for building response to MDAssociationQuery and
parsing request for MDQuery, MDDelete, MDAssociationAdd and
MDAssociationDelete.
* idwsf2_helper.{c,h}:
- change security mechanism argument of
lasso_wsa_endpoint_reference_add_security_token from a NULL
terminated string array to a GList.
* saml2_login.{c,h}:
- add a lasso_server_create_assertion_as_idwsf2_security_token for
minting assertion for ID-WSF 2.0 security, to be used in Discovery
bootstap EPR creation and EPR minting for Discovery service Query
responses.
- add a lasso_saml2_assertion_get_discovery_bootstrap_epr, and
rewirte lasso_login_idwsf2_get_discovery_bootstrap_epr to use it.
- make lasso_login_idwsf2_add_discovery_bootstrap_epr accept a list
of security mechanisms, not just one.
* tests/idwsf2_tests.c:
- adapt to new argument type of
lasso_login_idwsf2_add_discovery_bootstrap_epr.
* lasso/xml/saml-2.0/saml2_assertion.c:
assertion in lasso when read are not usable anymore because the
signature is lost, this commit allows to keep assertion unaltered
after reading them if they contained a top level signature (a
signature contained in the Assertion node).
This is useful for reusing assertion kept in a LassoSession object
and for using assertion as security token for ID-WSF.
* lasso/xml/tools.c lasso/xml/private.h:
lots of functions duplicate this code, so we factorized it there.
It has two parameters, the xmlnode and boolean deciding whether to
format the resulting content (good for reading but bad for
signatures).
* lasso/saml-2.0/profile.c:
dump for already signed assertion containing an EncryptedID as
Subject does not work as before, the decrypted NameID is no more
included in it, so instead of trying to plug it in the NameID field
we resort to really deciphering the EncryptedID.
That could be a performance problem if the session object is stuffed
with a lot of assertions.
* lasso/id-wsf-2.0/profile.c:
simplify use of lasso_idwsf2_profile_redirect_user_for_interaction by
directly adding the ID of the SOAP response message to the URL.
Report an error if no MessageID can be found.
* lasso/id-wsf-2.0/soap_binding.{c,h}:
fix error in conception of
lasso_soap_envelope_sb2_get_redirect_request_url, RedirectRequest is
part of a SOAP fault not the headers.
Explain in the documentation how to use the RedirectRequest URL.
Change the return type to a const string.
* lasso/id-wsf-2.0/soap_binding.{c,h}:
add method lasso_soap_envelope_get_soap_fault which returns/create
the first SOAP fault inside the body of the SOAP envelope.
* lasso/python/lang.py:
extract value freeing generation code to method free_value,
add proper liberation of values at exit of wrapper functions, remove
g_free call from return_value generated code.
* lasso/id-ff/provider.c:
fix lasso_provider_get_base64_succinct_id, it returned a libxml
string, copy it with g_strdup before releasing it to stay with GLib
allocated string in return values.
* lasso/id-ff/identity.c lasso/id-ff/profile.c:
precise owner semantic of lasso_profile_get_identity,
lasso_profile_get_session, lasso_profile_get_server
* lasso/id-wsf-2.0/saml2_login.c tests/login_tests_saml2.c:
in the same vein add missing release of assertion returned by
lasso_login_get_assertion which return a caller owned object.
* lasso/id-wsf-2.0/profile.c:
if redirect boolean property is false, refuse to return a redirect
request.
automatically create a SOAP fault to signal to the requester that it
needs to support interaction via redirect.
* lasso/id-wsf-2.0/idwsf2_helper.c lasso/id-wsf-2.0/soap_binding.c
lasso/id-wsf/data_service.:
add missing check for the return value of strcmp, maybe we need a
macro like lasso_strequal.
* bindings/bindings.py:
Allow to build constants using other constants (prefix string), the
constant type is retrieved from the prefix existing record.
Benjamin Dauvergne
Mikael Ates