* Does it also in process_response_msg if no more assertions are
present.
* Take into account that lasso_saml20_profile_process_any_response
already check for the status code, and so specify finer error code in
the cleanup code.
* lasso/saml-2.0/logout.c:
when initiating a logout, if no problem is found, remove the assertion.
you can always continue by changing profile->http_request_method to
SOAP for example and redo a build_request_msg.
* lasso/saml-2.0/logout.c:
There is no need to check what the previous remote provider ID was,
just that initial_remote_providerID is not NULL in order to switch
request, response and remote_providerID.
* lasso/saml-2.0/login.c:
in lasso_saml20_process_federation:
- if no name id format can be found by the request, use the default from
the metadata file (first declared NameIDFormat)
- instead of checking if format is TRANSIENT, check if it is PERSISTENT,
and proceed with the federation, if not just return 0.
- return LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER instead of
LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
- in any case, check for consent.
* lasso/id-ff/profile.h:
- add end symbol for enum LassoProfileSignatureVerifyHint
* lasso/id-ff/profile.c:
- fix documentation of lasso_profile_set_signature_verify_hint
- do not allow to set or return invalid value for the
signature_verify_hint attribute.
* lasso/saml-2.0/login.c:
- handle new enum value
* lasso/saml-2.0/profile.c:
- handle new enum value
- fix missing catch of signature error reporting when
signature_verify_hint is IGNORE.
* docs/reference/lasso/lasso-sections.txt:
- export enums LassoProfileSignatureHint and
LassoProfileSignatureVerifyHint
* tests/metadata_tests.c:
- fix test of all Role enumerations
* lasso/saml-2.0/profile.c:
this change make Lasso respect paragraphs 3.4.5.2 (HTTP-Redirect
binding securit considerations ) and 3.5.5.2 (the same for HTTP-Post)
of the saml-bindings-2.0-os.pdf document, and should allow our Authn
Requests to be accepted by shiboleth IdP.
* if no default_assertion_consumer value is set after traversing the
list of endpoint, try to find the first one without isDefault="false"
and finally take the first one.