* lasso/id-ff/profile.c:
if no LassoIdentity is accessible try to get a name identifier
through the assertion in the LassoSession object. This allows the
logout profile to work without an identity object (which is normal
since logout does not modify the federation status).
* lasso/saml-2.0/login.c: check that the URL is know before using it
* lasso/saml-2.0/provider.c lasso/saml-2.0/providerprivate.h:
add a function to check that an URL corresponds to a know
AssertionConsumer of the given provider.
* lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/profile.h:
- lasso_idwsf2_profile_get_name_identifier returns the NameID found
in an assertion used as a WS-Security token when security mechanism
Bearer or SAML are used.
- complete the function lasso_id_wsf2_profile_build_soap_envelope
with construction of the Sender element which is used to transmit
the providerID of the message sender by the SOAP binding ID-WSF 2.0
specification.
- remove useless instance_init function in profile object
- reset some profile fields in process_soap_request_msg (response,
body, nameIdentifier). use
lasso_saml20_profile_name_identifier_decryption for handling NameID
from WS-Security mechanism assertion.
- add private_data
- change signature of lasso_idwsf2_profile_init_soap_request to use
and EPR and a security mechanism specifier when building the SOAP
request.
- change signature of lasso_idwsf2_profile_process_soap_request to
verify security_mech_id of received messages.
* docs/reference/lasso/lasso-sections.txt:
add the function to the documentation.
* lasso/id-wsf-2.0/discovery.{c,h}:
- use utils.h macros instead of g_return_val_if_fail because it
removes useless warning, since it returns an error code. release
acquired resources.
- in lasso_idwsf2_discovery_metadata_register_self, return error code
instead of identifier string for the new service, use an out
parmeter to return the identifier, use utils.h macros.
- in lasso_idwsf2_discovery_init_metadata_register, use utils.h
macros, check return code of lasso_idwsf2_profile_init_soap_request.
- change signature of lasso_idwsf2_discovery_init_metadata_register
to support security_mech_id, try to get URL from an existing
Discovery service EPR (from Session object).
- change signature of
lasso_idwsf2_discovery_process_metadata_register_msg,
lasso_idwsf2_discovery_init_metadata_association_add,
lasso_idwsf2_discovery_process_metadata_association_add_msg,
lasso_idwsf2_discovery_init_query,
lasso_idwsf2_discovery_process_query_msg, to support security
mechanism.
- improve lasso_idwsf2_discovery_build_query_response_eprs.
- add lasso_idwsf2_discovery_get_nth_data_service to acces returned
services.
* lasso/id-wsf-2.0/data_service.{c,h}:
- redo all the API
- add LASSO_DST_ERROR_EMPTY_REQUEST
- add LASSO_WSF_PROFILE_ERROR_SECURITY_MECHANISM_CHECK_FAILED
- add new errors codes for generic profiles and disco service
standards
- add status code for ID-WSF 2.0 DST
- add token usage identifiers
- conform security mechanism identifiers to ID-WSF 2.0 Liberty Sech
Mech specification
- add Discovery Service status codes
- add Soap Binding status codes
- add disco result type and user interaction hint strings
Benjamin Dauvergne