entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity
Free software C library wich implements SAML 2.0 and Liberty Alliance standards
5,435 Commits 7 Branches 40 Tags 14 MiB
C 66.1%
Roff 17.2%
Python 10.5%
M4 2.6%
PHP 0.9%
Other 2.6%
Go to file
John Dennis ec73384ccf Add Destination attribute for SAML ECP Response 
The Destination attribute on SAML Response element was not being set
when handling an ECP response. It is a requirement of SAML 2.0 that
signed values contain a Destination attribute on the root element
otherwise the client will reject the response. This is documented in
the SAML Bindings Specification, Section 3.4.5.2 "Security
Considerations":

    If the message is signed, the Destination XML attribute in the
    root SAML element of the protocol message MUST contain the URL to
    which the sender has instructed the user agent to deliver the
    message. The recipient MUST then verify that the value matches the
    location at which the message has been received.

Normally on login one calls
lasso_saml20_login_build_authn_response_msg() which then calls
lasso_saml20_profile_build_response_msg() which sets the Destination
attribute on the SAML Response. But when doing ECP you do not call
lasso_saml20_login_build_authn_response_msg(), instead you call call
lasso_saml20_login_build_response_msg() and if it's ECP it then calls
lasso_node_export_to_ecp_soap_response(). Thus the ECP
response never gets the Destination attribute set because of the
different code path, plus for ECP the destination is different, it's
the assertion consumer service.

FWIW this line of code was copied almost verbatim from
lasso_saml20_profile_build_response_msg which also sets the
Destination attribute.

License: MIT
Signed-off-by: John Dennis <jdennis@redhat.com>
 		2015-03-11 09:13:22 +01:00
abi more work toward release 2.4.0 2013-12-19 09:00:17 +01:00
bindings Port Java binding generator to Python 3 2015-02-12 19:21:13 +01:00
docs doc: add lasso_server_add_provider2 and lasso_server_load_metadata 2014-08-12 10:11:33 +02:00
examples/sp-cgi Improve top level commint in CGI script example 2014-10-17 23:02:12 +02:00
fedora configure.ac,fedora/lasso.spec: remove expat dependency 2013-12-19 10:14:52 +01:00
lasso Add Destination attribute for SAML ECP Response 2015-03-11 09:13:22 +01:00
logos Added Lasso logo. 2004-07-30 08:02:08 +00:00
m4 Fix license boilerplates 2013-12-03 21:55:06 +01:00
tests SAML-2.0: Rework protocol profile selection when parsing AuthnRequest messages 2015-02-12 16:40:12 +01:00
tools Add tool gitlog-to-changelog 2014-08-28 16:00:13 +02:00
website Release 2.4.1 2014-08-28 16:02:06 +02:00
win32 Fix license boilerplates 2013-12-03 21:55:06 +01:00
.gitignore Ignore some Perl binding files 2015-02-12 19:21:11 +01:00
AUTHORS Update AUHTORS file 2015-02-12 19:21:13 +01:00
COPYING Fix license boilerplates 2013-12-03 21:55:06 +01:00
ChangeLog Mention Python 3 support in the changelog 2015-02-12 19:21:12 +01:00
FAQ.rst FAQ.rst: start a FAQ file 2013-06-04 22:14:41 +02:00
HACKING limit line length to 100 characters. 2004-11-25 22:25:51 +00:00
INSTALL Python 3: Fix Python 2 support (use six.print_) 2015-02-12 19:21:12 +01:00
Makefile.am configure: generate version number from git revision between tagged release 2013-05-15 11:28:25 +02:00
NEWS Fix release date of 2.4.1 2014-08-28 17:20:18 +02:00
README Fix license boilerplates 2013-12-03 21:55:06 +01:00
README.JAVA [Core] complete README.JAVA about later release of gcj 2010-07-21 13:57:00 +00:00
README.WIN32 fixing minor typo 2006-12-27 14:59:40 +00:00
autogen.sh Support automake 1.13 and 1.14 2013-12-05 17:20:51 +01:00
configure.ac Python 3: Fix print calls in configure.ac 2015-02-12 19:21:11 +01:00
jenkins.sh jenkins.sh: do not ignore errors 2013-11-20 08:49:00 +01:00
lasso-src-config.in Perl module builds and links correctly. 2005-01-02 22:37:25 +00:00
lasso.doap [release] 2.3.6 2011-11-29 10:42:16 +01:00
lasso.pc.in pkgconfig: do not leak lasso dependencies to users 2013-03-07 13:52:03 +01:00

README 

==============
Lasso Overview
==============

  Current homepage: <http://lasso.entrouvert.org>

Lasso (Liberty Alliance Single Sign-On) is a free (GNU GPL) implementation
of the Liberty Alliance specifications.  Those define processes for
federated identities, single sign-on and related protocols.  Lasso provides
both a C library and bindings for different languages.

  Liberty Alliance Project homepage: <http://www.project-liberty.org>


The latest version of Lasso can be found on the labs.libre-entreprise.org
website, <http://labs.libre-entreprise.org/frs/?group_id=31>


Lasso has several mailing lists:

- lasso-devel@lists.labs.libre-entreprise.org

  The mailing list for Lasso users and developers; discussions about both
  development and deployment of Lasso have their place on this list.

  <http://lists.labs.libre-entreprise.org/mailman/listinfo/lasso-devel>

- lasso-cvs-commits@lists.labs.libre-entreprise.org

  This list just distributes notices about commits to the Lasso CVS tree.
  It has no discussions, and it is not interesting unless you wish to
  take part in development.

  <http://lists.labs.libre-entreprise.org/mailman/listinfo/lasso-cvs-commits>

There is also a bug tracking system on the labs.libre-entreprise.org website,
  <http://labs.libre-entreprise.org/tracker/?atid=206&group_id=31>


Lasso was originally written by Nicolas Clapiès and Valéry Febvre.  Please
see the file AUTHORS_ for a list of major contributors, and the ChangeLog
for a detailed listing of all contributions.

::

  Copyright (c) 2004-2008 Entr'ouvert
  Excepted the Lasso logo, copyright (c) 2004, Entr'ouvert & Florent Monnier


  This program is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by the Free
  Software Foundation; either version 2 of the License, or (at your option)
  any later version.

  This program is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  for more details.

  You should have received a copy of the GNU General Public License along
  with this program; if not, write to the Free Software Foundation, Inc.,
  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA.

  In addition, as a special exception, Entr'ouvert gives permission to link
  the code of its release of Lasso with the OpenSSL project's "OpenSSL"
  library (or with modified versions of it that use the same license as the
  "OpenSSL" library), and distribute the linked executables.  You must obey
  the GNU General Public License in all respects for all of the code used
  other than "OpenSSL".  If you modify this file, you may extend this
  exception to your version of the file, but you are not obligated to do so.
  If you do not wish to do so, delete this exception statement from your
  version.