* lasso/id-ff/profile.{c,h}:
the method lasso_profile_sso_role_with, evaluate using the current
LassoIdentity content if we are in a relation of IdP or SP toward
another provider. This is based on the existence of a federation with
this provider.
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
* lasso/id-ff/profile.{c,h}:
add a LassoProfileSignatureVerifyHint enumeration and two accessor
methods:
- lasso_profile_get_signature_verify_hint
- lasso_profile_set_signature_verify_hint
* lasso/id-ff/profileprivate.h:
add private field signature_verify_hint.
* lassoxml/disco_send_single_logout.c:
* lassoxml/id-wsf-2.0/sb2_user_interaction_header.c:
* lassoxml/id-wsf-2.0/subsref_app_data.c:
* lassoxml/lib_assertion.c:
* lassoxml/saml-2.0/saml2_condition_abstract.c:
* lassoxml/saml-2.0/saml2_encrypted_element.c:
* lassoxml/ws/wsa_attributed_uri.c:
* lassoxml/ws/wsa_endpoint_reference.c:
class_init is only called the first time an object of the given type
is created, registry mappings must exist before this time, so I moved
the registration code to the _get_type() functions.
* lasso/xml/tools.h:
add new header to export lasso_build_unique_id as a public API.
* lasso/xml/Makefile.am:
add tools.h to header list
* lasso/xml/tools.c:
add GObjectIntrospection annotations to exported functions.
* lasso/id-ff/profile.{c,h}:
add lasso_profile_add_soap_fault_response(char* code, char *string,
GList *details).
* lasso/id-wsf-2.0/profile.{c,h}:
change signature of lasso_idwsf2_profile_init_soap_fault_response.
* lasso/id-wsf-2.0/data_service.c:
use new function instead of manually intializing soap faults
* lasso/id-wsf-2.0/discovery.c:
init a soap fault when parsed request is of an unknown type, return
proper error.
* bindings/python/tests/idwsf2_tests.py:
all Discovery service request types are tested, and Data Service
query is tested as well. Data Service testing and API should more
tested, especially failure cases.
* lasso/id-wsf-2.0/discovery.c:
- in lasso_idwsf2_discovery_validate_request, use svcmdids to
intialize response to MSAssociationQuery requests.
- in lasso_idwsf2_discovery_process_response_msg, extract received
svcmdids; use lasso_check_good_rc when needed.
* lasso/id-wsf-2.0/discovery.c:
- in lasso_idwsf2_discovery_add_identity_to_epr, receive an Epr
instead of an EprMetadata node, and use
lasso_wsa_endpoint_reference_add_security_token to add the
assertion token instead of duplicating this logic.
- in lasso_idwsf2_discovery_build_epr change the call site.
* lasso/errors.c lasso/errors.h:
- add errors concerning invalid assertion, assertion with invalid
conditions, unknown issuers, or when the issuer is not a provider
we marked as an IdP.
- add error for missing sender id in an ID-WSF message.
* lasso/xml/saml-2.0/saml2_condition_abstract.c:
last commit to this file changed the element name from
ConditionAbstract to Condition so the XML parser cannot find the
corresponding GObject class anymore.
* lasso/saml-2.0/saml2_helper.{c,h}:
distribute code from lasso_saml2_assertion_validate_conditions to
lasso_saml2_assertion_validate_time_checks and
lasso_saml2_assertion_validate_audience.
add lasso_saml2_assertion_allows_proxying and
lasso_saml2_assertion_allows_proxying_to, to respectively check for
proxying of the current assertion, and for proxying to a specific
provider (you must call both of them to test completely the proxying
status of an assertion).
* docs/reference/lasso/lasso-sections.txt:
reference new functions into documentation.
* bindings/python/lang.py:
support pickling protocol methods __getstate__ and __setstate__
leveraging the lasso_node_dump and lasso_node_new_from_dump methods
from Lasso.
Benjamin Dauvergne