entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity
lasso/ChangeLog

20769 lines
706 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

2023-02-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Release 2.8.1
-·Major·overhaul·of·OpenSSL·API·usage·by·using·only·the·EVP·API·as·the·low¶
··level·API·(RSA*,·HMAC*)·is·deprecated.¶
-·Fix·wrong·parsing·of·Count·attribute·on·saml:ProxyRestriction,·thanks·to¶
··Maxime·Besson·from·Worteks.¶
-·Perl:·pass·LDFLAGS·to·Makefile.PL¶
-·Replace·use·of·deprecated·xmlSecBase64Decode·by·xmlSecBase64Decode_ex¶
-·Fix·overwrite·of·profile.signature_status·in·lasso_saml20_login_process_response_status_and_assertion¶
-·Fix·lot·of·GCC·warnings¶
2022-11-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
In lasso_saml20_login_process_response_status_and_assertion does not overwirte signature_status with rc which is always at 0 (#54689)
We are losing information in this case, like if the response was not
signed.
2022-11-23 Jakub Hrozek <jhrozek@redhat.com>
In lasso_saml20_login_process_response_status_and_assertion remove dead switch (#54689)
In case VERIFY_HINT was set to IGNORE and the login signature was
incorrect, lasso_saml20_login_process_response_status_and_assertion
would have jumped straight to the cleanup label which just returns the
return code.
Related: https://dev.entrouvert.org/issues/54689
License: MIT
2022-11-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix unused parameters warnings (#71400)
Fix all cast-function-type warnings (#71400)
Fix warning about enum conversion (#71400)
Fix all warnings in tests (#71400)
Fix use of wrong enumeration NULL value (#71400)
It produced a cast warning.
Fix warnings about type casts (#71400)
Replace all use of xmlSecBase64Decode by lasso_base64_decode (#71399)
Adapt lasso_base64_decode to the deprecation of xmlSecBase64Decode (#71399)
We now use the non-deprecated new API (since xmlsec 1.2.35) xmlSecBase64Decode_ex.
Add new define LASSO_XMLSEC_VERSION_NUMBER allow version check on libxmlsec (#71399)
Make lasso_inflate output the inflated buffer size (#71399)
Use OpenSSL EVP API to work around deprecation of low level APIs in OpenSSL 3 (#71313)
OpenSSL API is used to sign query-string values in the SAML 2.0 Redirect binding.
Other binding only need the libxmlsec API as signature are XML DSIG signatures.
Prevent loading of default cert file during tests (#71396)
2022-11-20 Frédéric Péters <fpeters@entrouvert.com>
debian: sync with upstream packaging changes
perl: pass $(LDFLAGS) to Makefile.PL (#71393)
LDFLAGS is set during the Debian build to pass hardening flags and
we want them to be applied to the perl module.
2022-09-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix parsing of Count attribute of saml:ProxyRestriction (#69673)
2022-04-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Revert "Use the AM_PATH_PYTHON macro instead of custom macros"
This reverts commit 23d91efac34fed8c338a388449e763e58527b3d3.
Use the AM_PATH_PYTHON macro instead of custom macros
2022-03-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
website: update for 2.8.0
Release 2.8.0
2022-03-14 Frédéric Péters <fpeters@entrouvert.com>
debian: sync bullseye packaging with upstream debian.org (#62756)
2022-02-28 Frédéric Péters <fpeters@entrouvert.com>
jenkins: add bullseye to packaging targets
2021-11-20 Frédéric Péters <fpeters@entrouvert.com>
debian: sync bullseye packaging with upstream debian.org (#58788)
debian: init debian-bullseye as a copy of debian buster (#58788)
2021-09-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Does not decref boolean constants (#57268)
TRUE/FALSE are special references in CPython bindings whose reference
count must never be updated.
2021-09-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Keep ABI stability (#56883)
The following functions where part of the experimental ID-WSF support
recently removed but where incorrectly included in the official ABI, so we
restore dummy versions of them (they do nothing or return NULL):
- lasso_get_prefix_for_dst_service_href
- lasso_get_prefix_for_idwsf2_dst_service_href
- lasso_register_dst_service
- lasso_register_idwsf2_dst_service
2021-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
debian: update liblasso3.symbols
2021-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Clear Python error indicator after logging (#56572)
Lasso log using the GLib logging API and the Python binding install a
hook to delegate logging to a Python logger named "lasso".
During the logging call the error indicator can be set to signal an
exception. The indicator will still be set when we return from the Lasso
API call, and is not handled by the Python wrapping of the C functions.
If our function returns a non-NULL value, the Python interpreter will
raise because this situation is forbidden.
To prevent it, if we detect that an exception occurred during logging
calls, we print it to stderr, clear the error indicator and return
immediately.
2021-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Change default key encryption padding algorithm to RSA-OAEP (#56023)
The key encryption padding algorithm is now configurable, the default
being changed to OAEP. It's possible to set the default through
./configure with:
--with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]
at initialization time with an environment variable:
LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]
or at runtime for a service provider:
lasso_provider_set_key_encryption_method(LassoProvider *provider,
LassoKeyEncryptionMethod key_encryption_method)
The setting is global for all encrypted nodes (Assertion or NameID).
2021-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Python: fix formatting (#56023)
Remove win32 directory (#56645)
It's obsolete.
Remove ID-WSF 1.0, 2.0 and WS-* support (#56644)
It has been deprecated for a long time.
2021-09-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix warning about int conversion
saml2_authn_context.c:77:3: warning: initialization of unsigned int from void *
makes integer from pointer without a cast [-Wint-conversion]
2021-07-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Prevent multiple OneTimeUse elements (#52961)
"A SAML authority MUST NOT include more than one <OneTimeUse> element within a
<Conditions>element of an assertion"
2021-07-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
python: clear warnings about PY_SSIZE_T_CLEAN (#55561)
Using the python3 bindings on recent python3 >=3.8 versions shows:
DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
https://docs.python.org/3.9/whatsnew/changelog.html?highlight=py_ssize_t_clean#id193
2021-07-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
python: clear warnings about assertX methods (#55561)
2021-06-24 Jakub Hrozek <jhrozek@redhat.com>
test13_test_lasso_server_load_metadata: Don't verify signature if lasso is not configured with sha-1 (#54037)
python: Skip the DSA key test unless SHA-1 is configured (#54037)
lasso supports DSA-XXX only with SHA-1. The alternative is to use
DSA-SHA256.
2021-06-24 Jakub Hrozek <jhrozek@redhat.com>
Check if the signature method is allowed in addition to being valid (#54037)
Adds a new utility function lasso_allowed_signature_method() that checks
if the signature method is allowed. Previously, the code would only
check if the method was valid.
This new function is used whenever lasso_validate_signature_method was
previously used through lasso_ok_signature_method() which wraps both
validate and allowed.
lasso_allowed_signature_method() is also used on a couple of places,
notably lasso_query_verify_helper().
Related:
https://dev.entrouvert.org/issues/54037
2021-06-23 Jakub Hrozek <jhrozek@redhat.com>
Mass-replace LASSO_SIGNATURE_METHOD_RSA_SHA1 with lasso_get_default_signature_method() (#54037)
This should be backwards-compatible but at the same time use the
selected default instead of RSA-SHA1.
Related:
https://dev.entrouvert.org/issues/54037
2021-06-23 Jakub Hrozek <jhrozek@redhat.com>
Make the default signature method and the minimal hash strength configurable (#54037)
Adds two new configure options:
--with-default-sign-algo
--min-hash-algo
--with-default-sign-algo sets the default signing algorithm and defaults
to rsa-sha1. At the moment, two algorithms are supported: rsa-sha1 and
rsa-sha256.
--min-hash-algo sets the minimum hash algorithm to be accepted. The
default is sha1 for backwards compatibility as well.
Related:
https://dev.entrouvert.org/issues/54037
2021-06-23 Jakub Hrozek <jhrozek@redhat.com>
tests: Move test08_lasso_key and test07_saml2_query_verify_signature to SHA256 (#54037)
These tests use a hardcoded query and private key which makes it
unsuitable to make the tests use the configured default digest. Let's
just convert them to SHA256 unconditionally.
Fix lasso_query_sign HMAC other than SHA1 (#54037)
The switch clause was using SHA1 digests for all digest types when
signing. This obviously breaks verifying the signatures if HMAC-SHAXXX
is used and XXX is something else than 1.
2021-06-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Release 2.7.0
2021-06-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix signature checking on unsigned response with multiple assertions
CVE-2021-28091 : when AuthnResponse messages are not signed (which is
permitted by the specifiation), all assertion's signatures should be
checked, but currently after the first signed assertion is checked all
following assertions are accepted without checking their signature, and
the last one is considered the main assertion.
This patch :
* check signatures from all assertions if the message is not signed,
* refuse messages with assertion from different issuers than the one on
the message, to prevent assertion bundling event if they are signed.
2021-04-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Jenkinsfile: update name of main branch
2021-03-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Python: improve display of warnings in the binding generator
2021-02-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
replace deprecated index() by strchr() (#51385)
2021-02-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix: new provider reference count is incremented one time too many (#51420)
2021-02-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
docs: update gtk-doc-tools integration (#50441)
Using reference documentation on https://developer.gnome.org/gtk-doc-manual/stable/index.html.en
bindings: disable java tests when java is disabled
2021-02-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix: python3 bindings (#51249)
The __str__ method called itself, resulting in an RecursionError.
======================================================================
ERROR: test14 (__main__.BindingTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
File "./binding_tests.py", line 336, in test14
assert isinstance(str(cm.exception), str)
File "../lasso.py", line 69, in __str__
return '<lasso.%s: %s>' % (self.__class__.__name__, self)
File "../lasso.py", line 69, in __str__
return '<lasso.%s: %s>' % (self.__class__.__name__, self)
File "../lasso.py", line 69, in __str__
return '<lasso.%s: %s>' % (self.__class__.__name__, self)
[Previous line repeated 489 more times]
File "../lasso.py", line 68, in __str__
if sys.version_info >= (3,):
RecursionError: maximum recursion depth exceeded in comparison
----------------------------------------------------------------------
2021-02-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac: disable java bindings
2020-12-26 Frédéric Péters <fpeters@entrouvert.com>
build: update to use origin/main
2020-10-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
debian: add packaging for debian-buster
jenkins.sh: build against all available python versions (#44287)
python: do not leak out_pyvalue if method call protocol is not respected (#44287)
python: do not raise in valid_seq() (#44287)
python: return NULL if get_list_of_strings() fails (#44287)
python: return NULL if get_list_of_pygobject fails (#44287)
python: return NULL if get_list_of_xml_nodes fails (#44287)
python: return NULL if set_list_of_pygobject fails (#44287)
python: return NULL if set_list_of_xml_nodes fails (#44287)
python: return NULL if set_list_of_strings fails (#44287)
python: return NULL if set_hashtable_of_strings fails (#44287)
python: return NULL if set_hashtable_of_pygobject fails (#44287)
python: free internal string buffer if needed in set_list_of_strings (#44287)
python: check if hashtable is NULL before deallocatio (#44287)n
python: add a failure label to method wrappers (#44287)
To separate wrapping code from unwinding and error handling code.
python: add macro for early return (#44287)
python: remove newline before method call (#44287)
python: simplify get_logger_object (#44287)
python: fix warning about discarded const modifier (#44287)
python: replace exception by warning on logging path (#44287)
python: use simpler call format to prevent warning about PY_SSIZE_T_CLEAN (#44287)
python: remove deprecated PyErr_Warn (#44287)
python: remove unused PyString_Size (#44287)
2020-08-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
python: Exception.message was removed in python3 (#45995)
2020-08-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
tools: reimplement xmlURIEscapeStr to respect RFC3986 (#45581)
Bugfix by Emmanuel Dreyfus.
License: MIT
2020-08-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac: support php7 interpreter on CentOS 8 (#42299)
2020-04-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Release 2.6.1
Keep order of SessionIndexes
Clear SessionIndex when private SessionIndexes is empty (#41950)
2020-03-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
misc: clear warnings about class_init signature using coccinelle
$ spatch --in-place --sp-file add-second-arg-to-class-init.cocci `git grep -l -C1 ^class_init \*.c`
$ sed -i 's/\*unused\>/*unused G_GNUC_UNUSED/' `git grep -l 'void \*unused'`
tests: fix compilation with check>0.12 (#39101)
2020-03-05 Bernhard M. Wiedemann <bwiedemann@suse.de>
Sort input file lists (#40454)
so that lasso.py, lasso/types.c and liblasso.so.3.13.0
build reproducibly
in spite of indeterministic filesystem readdir order.
For some reason, lasso/extract_sections.py lasso/extract_symbols.py
do not need such patches to get a reproducible openSUSE package.
See https://reproducible-builds.org/ for why this is good.
This patch was done while working on reproducible builds for openSUSE.
License: MIT
2019-09-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
debian: disable php7 (#28608)
2019-09-09 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net>
Modify .gitignore for PHP 7 binding (#28608)
License: MIT
Add PHP 7 binding (#28608)
License: MIT
2019-09-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix tests broken by new DEBUG logs (#12829)
2019-09-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Improve error logging during node parsing (#12829)
Improve configure compatibility (#32425)
Improve compatibility with Solaris (#32425)
2019-09-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix reference count in lasso_server_add_provider2 (fixes #35061)
As implemented lasso_server_add_provider2 could not be used as a publik
API as it dit not increase the reference count of the LassoProvider
object before adding it to the providers hashtable.
lasso_server_add_provider_helper had to be modified to decrement the
reference count of the new LassoProvider object after using
lasso_server_add_provider2.
2019-09-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix python multi-version builds on jessie and stretch
debian/rules supposed that lasso Makefile would always prefer python2 to
python3, it's not the case anymore. Also recent python3 improvements to
bindings scripts did not work with python 3.5 on jessie (on jessie/3.5
default open() encoding is still ASCII not UTF-8 as with the default
UTF-8 of later python3 versions).
2019-08-27 Thomas NOEL <tnoel@entrouvert.com>
docs/xsltproc: do not use Internet to fetch DTDs, entities or documents (#35590)
2019-07-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix missing include <strings.h> for index() (fixes #33791)
tests/basic_tests.c:2141:7: warning: implicit declaration of function 'index' [-Wimplicit-function-declaration]
qs = index(authnRequestUrl, '?') + 1;
^~~~~
tests/basic_tests.c:2141:7: warning: incompatible implicit declaration of built-in function 'index'
2019-07-03 Dmitrii Shcherbakov <dmitrii.shcherbakov@canonical.com>
PAOS: Do not populate "Destination" attribute
When ECP profile (saml-ecp-v2.0-cs01) is used with PAOS binding Lasso
populates an AuthnRequest with the "Destination" attribute set to
AssertionConsumerURL of an SP - this leads to IdP-side errors because
the destination attribute in the request does not match the IdP URL.
The "Destination" attribute is mandatory only for HTTP Redirect and HTTP
Post bindings when AuthRequests are signed per saml-bindings-2.0-os
(sections 3.4.5.2 and 3.5.5.2). Specifically for PAOS it makes sense to
avoid setting that optional attribute because an ECP decides which IdP
to use, not the SP.
Fixes Bug: 34409
License: MIT
2019-07-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
export symbol lasso_log (#33784)
The symbol lasso_log has to be exported, otherwise Solaris run-time linker
fails due to an unresolved symbol dependency.
2019-06-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
tests: use self-generated certificate to sign federation metadata file (#33823)
Generation procedure :
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 99999 -out rootCA.crt
openssl genrsa -out lasso.key 2048
openssl req -new -sha256 -key lasso.key -subj "/C=FR/CN=Lasso" -out lasso.csr
openssl x509 -req -in lasso.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out lasso.crt -days 99999 -sha256
openssl pkcs12 -export -inkey lasso.key -password pass: -in lasso.crt -name lasso -out lasso.pkcs12
xmlsec1 --sign --output renater.xml --trusted-pem rootCA.crt --pwd "" --pkcs12 lasso.pkcs12 metadata/renater-metadata.xml
xmlsec1 --verify --trusted-pem rootCA.crt metadata/renater-metadata.xml
2019-05-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Do not ignore WantAuthnRequestSigned value with hint MAYBE (fixes #33354)
Bug introduced in commit 394680712.
Use io.open(encoding=utf8) in extract_symbols/sections.py (fixes #33360)
2019-01-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
xml: adapt schema in saml2:AuthnContext (#29340)
saml2:AuthnContext XML schema indicate that AuthenticatingAuthority is
an optional unbounded list of nodes, but the current Lasso schema only
handle an unique element. To prevent Lasso from refusing perfectly legal
messages, we add a rule to the Lasso ignoring other nodes after the
first one.
2019-01-11 John Dennis <jdennis@redhat.com>
Fix ECP signature not found error when only assertion is signed (#26828)
With a SAML Authn Response either the message or the assertion
contained in the response message or both can be signed. Most IdP's
sign the message. This fixes a bug when processing an ECP authn
response when only the assertion is signed.
lasso_saml20_profile_process_soap_response_with_headers() performs a
signature check on the SAML message. A signature can also appear on
the assertion which is checked by
lasso_saml20_login_process_response_status_and_assertion() The problem
occurred when the message was not signed and
lasso_saml20_profile_process_soap_response_with_headers() returned
LASSO_DS_ERROR_SIGNATURE_NOT_FOUND as an error code which is not
actually an error because we haven't checked the signature on the
assertion yet. We were returning the first
LASSO_DS_ERROR_SIGNATURE_NOT_FOUND error when in fact the subsequent
signature check in
lasso_saml20_login_process_response_status_and_assertion() succeeded.
The ECP unit tests were enhanced to cover these cases.
The enhanced unit test revealed a problem in two switch statements
operating on the return value of
lasso_profile_get_signature_verify_hint() which were missing a case
statement for LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE which caused
an abort due to an unknown enumeration value.
Fixes Bug: 26828
License: MIT
2018-10-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
extract_types.py: force io to use UTF-8 encoding (fixes #27332)
2018-10-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add Jenkinsfile
xml: fix parsing of saml:AuthnContext (fixes #25640)
Decl/DeclRef are alternatives, when matching a Decl we should jump over
the DeclRef.
2018-07-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Remove -Werror from --enable-debugging (fixes #24771)
GCC 8 has better warnings and it breaks the build on platform already
using it and wanting debugging symbols.
Move AC_SUBST declaration for AM_CFLAGS with alike (#24771)
Just to reorder things properly in configure.ac.
Clean python cache when building python3 binding
Python3 store .pyc cache in hidden directory __pycache__, distcheck
complained that the source directory was not completely clean after a
distclean.
2018-07-24 John Dennis <jdennis@redhat.com>
Configure should search for versioned Python interpreter.
Following the guidelines in Python PEP 394 with regards to the python
command on UNIX like systems preference should be given to explicitly
versioned command interpreter as opposed to unversioned and that an
unversioned python command should (but might not) refer to
Python2. Also in some environments unversioned Python interpreters
(e.g. /usr/bin/python) do not even exist, onlyh their explicitly
versioned variants are (e.g. /usr/bin/python2 and /usr/bin/python3).
Therefore the AC_CHECK_PROGS directive in configure.ac should not rely
exclusively on an unversioned Python interpreter as it does not,
rather it should search in priority order. First for python3, then for
an unversionsed python because some distributions have already moved
the default unversioned python to python3, and then finally search for
python2. In the scenario where unversioned python is still pointing to
python2 it's equivalent to selecting the last prority option of
python2, but if unversioned python is pointing to python3 you get
instead. The net result is always preferring python3 but gracefully
falling back to python2 not matter how the environment exports it's
Python.
If AC_CHECK_PROGS for python does not check for the versioned variants
the build fails in environments that only have versioned variants with
this error:
configure: error: Python must be installed to compile lasso
License: MIT
2018-07-24 John Dennis <jdennis@redhat.com>
Make more Python scripts compatible with both Py2 and Py3
While porting other Python code in the repo to run under Py3 (as well
as Py2) it was discovered there were a number of other Python scripts
which also needed porting. However these scripts are never invoked
during a build so there was no easy way to test the porting work. I
assume these scripts are for developers only and/or are
historical. Because there was no way for me to test the porting
changes on these scripts I did not want to include the changes in the
patch for the Py3 porting which fixed scripts that are invoked during
the build (the former patch is mandatory, this patch is optional at
the moment). I did verify the scripts compile cleanly under both Py2
and Py3, however it's possible I missed porting something or the error
does not show up until run-time.
Examples of the required changes are:
* Replace use of the built-in function file() with open(). file()
does not exist in Py3, open works in both Py2 and Py3. The code was
also modified to use a file context manager (e.g. with open(xxx) as
f:). This assures open files are properly closed when the code block
using the file goes out of scope. This is a standard modern Python
idiom.
* Replace all use of the print keyword with the six.print_()
function, which itself is an emulation of Py3's print function. Py3
no longer has a print keyword, only a print() function.
* The dict methods .keys(), .values(), .items() no longer return a
list in Py3, instead they return a "view" object which is an
iterator whose result is an unordered set. The most notable
consequence is you cannot index the result of these functions like
your could in Py2 (e.g. dict.keys()[0] will raise a run time
exception).
* Replace use of StringIO.StringIO and cStringIO with
six.StringIO. Py3 no longer has cStringIO and the six variant
handles the correct import.
* Py3 no longer allows the "except xxx, variable" syntax, where
variable appering after the comma is assigned the exception object,
you must use the "as" keyword to perform the variable assignment
(e.g. execpt xxx as variable)
* Python PEP 3113 removed tuple parameter unpacking. Therefore you can
no longer define a formal parameter list that contains tuple
notation representing a single parameter that is unpacked into
multiple arguments.
License: MIT
2018-07-24 John Dennis <jdennis@redhat.com>
Downcase UTF-8 file encoding name
Python and Emacs (and others?) recognize a special directive line in a
file that identifies what encoding the file is encoded in. See Python
PEP 263. For example:
The general form of the directive is:
where xxx is the name of a codec. Python codec names are lower case
with underscores used to seperate words.
In both Python and Emacs one can create aliases for the codecs so you
can use an alternate name to refer to the same codec.
Python is forgiving with respect to case, underscore and
hyphens. Python will automatically create an alias for a codec name by
downcasing it and replacing hyphens with underscores, thus "UTF-8" is
actually an alias for the "utf_8" codec. Unfortunately emacs does not
automatically create such aliases, although one can add aliases via a
custom initialization file, but doing so requires every user using
emacs to edit the files to manually create their own aliases.
If you try to write a file in emacs with the "UTF-8" codec name it
won't recognize it as "utf-8", instead you'll get errors like this:
Warning (mule): Invalid coding system UTF-8 is specified
for the current buffer/file by the :coding tag.
It is highly recommended to fix it before writing to a file.
and you must force the file to be written by responding to additional
propmpts.
This patch simply downcases the the "UTF-8" codec name to "utf-8" so
that both Python and Emacs will accept the codec name.
License: MIT
2018-07-24 John Dennis <jdennis@redhat.com>
fix duplicate definition of LogoutTestCase and logoutSuite
Commit 6f617027e added a duplicate definition of the LogoutTestCase
class containing only 1 test which shaddowed the original
LogoutTestCase containing 4 tests. The logoutSuite variable was also
shadowed and the allTests variable contained a duplicate of
logoutSuite causing the 2nd definition of LogoutTestCase to be run
twice.
Not only were the original 4 tests not being run but the entire unit
test in profiles_tests.py was failing under Python3. This is because
the unittest code in Py3 deletes a test from it's list of tests to run
once it's been run. The second time the logoutSuite was invoked it no
longer contained any tests which caused an exception to be raised
because there were no tests to be run.
License: MIT
2018-07-24 John Dennis <jdennis@redhat.com>
Make Python scripts compatible with both Py2 and Py3
During the build if the Python3 interpreter is used a number of
scripts will fail because they were never ported from Py2 to Py3. In
general we want Python code to be compatible with both Py2 and
Py3. This patch brings the scripts up to date with Py3 but retains
backwards compatibility with Py2 (specifically Py 2.7, the last Py2
release).
Examples of the required changes are:
* Replace use of the built-in function file() with open(). file()
does not exist in Py3, open works in both Py2 and Py3. The code was
also modified to use a file context manager (e.g. with open(xxx) as
f:). This assures open files are properly closed when the code block
using the file goes out of scope. This is a standard modern Python
idiom.
* Replace all use of the print keyword with the six.print_()
function, which itself is an emulation of Py3's print function. Py3
no longer has a print keyword, only a print() function.
* The dict methods .keys(), .values(), .items() no longer return a
list in Py3, instead they return a "view" object which is an
iterator whose result is an unordered set. The most notable
consequence is you cannot index the result of these functions like
your could in Py2 (e.g. dict.keys()[0] will raise a run time
exception).
* Replace use of StringIO.StringIO and cStringIO with
six.StringIO. Py3 no longer has cStringIO and the six variant
handles the correct import.
* Py3 no longer allows the "except xxx, variable" syntax, where
variable appering after the comma is assigned the exception object,
you must use the "as" keyword to perform the variable assignment
(e.g. execpt xxx as variable)
Note: the modifications in this patch are the minimum necessary to get
the build to run with the Py3 interpreter. There are numerous other
Python scripts in the repo which need Py3 porting as well but because
they are not invoked during a build they will be updated in a
subsequent patch.
License: MIT
2018-07-24 John Dennis <jdennis@redhat.com>
Use python interpreter specified configure script
The configure script allows you to specify the python interpreter to
use via the --with-python option. There were several places where the
python interpreter was implicity invoked without using the specified
version. This can create a number of problems in an environment with
multiple python versions as is the case during the transition from
Python 2 to Python 3. Python 2 is not compatible with Python
3. Lasso's Python code is supposed to be compatible with both
versions. But during the build and when running the unit tests it is
essential the same interpreter be used consistently otherwise you can
have problems.
This patch assures whenever python is invoked it does so via the
$(PYTHON) configuration variable.
What about shebang lines (e.g #/usr/bin/python) at the top of scripts?
Python PEP 394 (https://www.python.org/dev/peps/pep-0394/) covers
this. Basically it says if a script is compatible only with Py2 the
shebang should be #/usr/bin/python2, if only compatible with Py3 the
shebang should be #/usr/bin/python3. However, if the script is
compatible with both versions it can continue to use the
compatible with both Py2 and Py3.
License: MIT
2018-06-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
tools: set output buffer size in lasso_inflate to 20 times the input size (fixes #24853)
jenkins.sh: add a make clean to prevent previous build to break new ones
tools: fix segfault in lasso_get_saml_message (fixes #24830)
We reuse the "message" local variable but we should not.
Also fix a segfault in lasso_xmltextreader_from_message() when getting
the length of "message" before checking if it is NULL or not.
2018-06-28 Frédéric Péters <fpeters@entrouvert.com>
python: add a classmethod for lasso.profileGetIssuer (#24831)
2018-06-27 Frédéric Péters <fpeters@entrouvert.com>
faq: fix references to lasso.profileGetIssuer (#24832)
debian: sync with debian package (#24595)
2018-06-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
website: add news about 2.6.0 release
2018-05-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Release 2.6.0
perl/tests: build Makefile.perl before running the tests
2018-05-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
deprecate loading PEM formatted public keys in lasso_xmlsec_load_key_info
Also ensure work-around bug[1] in libxmlsec 1.2.24 and 1.2.25.
[1]: https://github.com/lsh123/xmlsec/issues/164
2018-05-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add a pem-public-key runtime flag
We want to deprecate support for loading PEM formatted key
from ds:KeyValue nodes, before final removal it will have to be activated
through a runtime flag (using LASSO_FLAG environment variable).
2018-04-30 John Dennis <jdennis@redhat.com>
Replace xmlSecSoap functions with lasso implementations
xmlsec has removed support for SOAP. The missing xmlSecSoap* functions
and their dependent utiliity functions were added to Lasso following
the model of the existing xmlSec implmentations.
Note: Lasso tried to accommodate both SOAP 1.1 and SOAP 1.2 but SAML2
*only* uses SOAP 1.1 thus the SOAP 1.2 support was superfluous and
confused matters. Therefire the SOAP 1.2 support was removed.
The following new functions were added to Lasso to support SOAP:
* lasso_xml_next_element_node
* lasso_xml_get_node_ns_href
* lasso_xml_is_element_node
* lasso_xml_soap11_get_header
* lasso_xml_soap11_get_body
The following is the mapping from the deprecated xmlSecSoap symbols
to the new Lasso symbols:
xmlSecSoap11Ns -> LASSO_SOAP_ENV_HREF
xmlSecGetNextElementNode -> lasso_xml_next_element_node
xmlSecGetNodeNsHref -> lasso_xml_get_node_ns_href
xmlSecCheckNodeName -> lasso_xml_is_element_node
xmlSecSoap11GetHeader -> lasso_xml_soap11_get_header
xmlSecSoap11GetBody -> lasso_xml_soap11_get_body
This patch also extends the automake version support in autogen.sh to the
current 1.16 version.
License: MIT
2018-04-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
perl: set DESTDIR and PREFIX at Makefile's creation
2018-04-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
perl: force use of the in-tree lasso when running tests (fixes #23276)
python: route logs for libxml2 and libxmlsec2 to their own logger
2018-04-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add xmlsec_soap.h to Makefile
java: stop setting a bytecode version target
tests: prevent crash in glib caused by abort on recursive logging
The fail() function from libcheck is doing a longjump() from inside the
logging subsystem, preventing the depth counter to be reinitialised to 0.
(Seen with g_private_get(&g_log_depth) in a gdb session).
route logs from libxml2 and libxmlsec through GLib logging
fix get_issuer and get_in_response_to
fix warnings
replace use of <xmlsec/soap.h> which is deprecated (fixes #18771)
2018-02-10 Frédéric Péters <fpeters@entrouvert.com>
debian: initialize stretch packaging with a copy of upstream debian (#21772)
2017-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
saml-2.0: improve support for free content inside samlp2:Extensions (fixes #18581)
Four new accesors:
lasso_samlp2_extensions_get_any
lasso_samlp2_extensions_set_any
lasso_samlp2_extensions_get_attributes
lasso_samlp2_extensions_set_attributes
The two new pseudo field are fully supported in the python binding.
node = lasso.Samlp2Extensions()
node.any = '<test>ok</test>'
node.attributes = {'{http://entrouvert.org/}attribute1': 'value'}
print node.dump()
2017-08-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ignore unknown attributes from the xsi: namespace
add defined for the XML namespace
jenkins.sh: add V=1
2016-08-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix definitions of error, critical and warning macros (fixes #12830)
They all log at the DEBUG level instead of their respective levels.
tests: convert log level as string
2016-06-18 John Dennis <jdennis@redhat.com>
Fix ecp test validate_idp_list() (fixes #11421)
validate_idp_list was not using the correct list elements when it
iterated over the known_sp_provided_idp_entries_supporting_ecp list.
It treated them as lists of strings instead of lists of
LassoSamlp2IDPEntry.
License: MIT
2016-06-15 John Dennis <jdennis@redhat.com>
enable user supplied CFLAGS
CFLAGS is initialized to the empty string in configure.ac, this
effectively turned off user supplied values for CFLAGS preventing site
specific values from being used. A further complicating factor was of
all the user supplied values documented in Automake only CFLAGS was
disabled allowing all other user supplied variables to take
effect. Some variables must be coordinated (e.g. CFLAGS with LDFLAGS),
the fact LDFLAGS was picked up from the environment but CFLAGS was
discarded caused build failures due to incompatible combination of
compiler and linker options.
The problem was first introduced in commit: 73d9c98f "Reset CFLAGS
when --enable-debugging is used". This patch simply removes hardcoding
CFLAGS to the empty string and appends the debug options
(--enable-debugging) to the existing CFLAGS.
Proper use of the variables is described in the Automake documentation
in the section "Flag Variables Ordering"
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
Although the Automake documentation claims manipulating CFLAGS
directly is improper use there are many examples of this in the
existing configure.ac, this patch makes no attempt at addressing this
issue, rather it makes existing usage consistent. In the particular
case of debug flags appending to CFLAGS is probably the only valid
solution because the debug flags must appear at the end of the list of
flags in order to override earlier flags, CFLAGS always appears last
in the Makefile (see above Automake doc).
License: MIT
2016-04-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
do not call xmlSecKeyDuplicate is source key is NULL
2016-03-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix segfault when parsed node has no namespace (#47)
This bug was introduced in commit 8d06806d, the check for a correct namespace on
head node of parsed XML fragments does not handle the case where the node has no
namespace. Using lasso_equal_namespace() fix this.
2016-03-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
check node names in lasso_node_impl_init_from_xml() (fixes #47)
tests: silence unused variable warning
2016-03-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add docstring on SHA-2 signature method enum
remove DGME specific commented out code
add support for C14N 1.1 methods and C14N withComments methods (fixes #4863)
Choose the Reference transform based on the chosen Signature transform (fixes #10155)
i.e. if the signature use SHA2 then use SHA2 of the same strength for digesting
references.
2016-02-24 John Dennis <jdennis@redhat.com>
add inline implementation of lasso_log
lasso_log is a private function of lasso and as such cannot be
referenced by the loader.
This is equivalent to commit e0bda691 in the PHP binding which
exhibited the same problem.
lasso_log is referenced in jobject_to_gobject() because of
lasso_assign_gobject macro, which includes the lasso_release_gobject
macro which invokes the message macro which expands to lasso_log.
License: MIT
2016-02-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Release 2.5.1
fix warning about INCLUDES directive
2016-02-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
bindings/php5: fix enum getters and setters (fixes #10032)
enumeration type were being wrongly interpreted as objects types because
is_object() was used instead of the local specialisation done in
PhpCode.is_object().
Also fix docstring of getters/setters.
2016-02-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
tools.c: use correct NID and digest length when building RSA signature using SHA-2 digest (fixes #10019)
Thanks to Brett Gardner for the bug report and patch.
Licence: MIT
2016-01-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix wrong snippet type (fixes #9616)
In elements samlp2:RequestedAuthnContext, Comparison is an attribute, not a text
child node.
2016-01-11 Frédéric Péters <fpeters@entrouvert.com>
perl: remove quotes from $PERL -V::ccflags: output (#9572)
2015-11-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
tests: update valgrind suppressions
tests: fix leak
saml-2.0: fix leaks of url
profile: fix leak of private idp_list field
xml: fix leak in lasso_soap_envelope_new_full
2015-11-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
xml: fix wrong termination of comment
tests: fix leaks in test_ecp
saml-2.0: fix leak of message_id in lasso_profile_saml20_build_paos_request_msg
id-ff: fix leak of profile->private_data->message_id
tests: fix leak in test test16_test_get_issuer
2015-10-30 Rob Crittenden <rcritten@redhat.com>
Set NotBefore in SAML 2.0 login assertions
License: MIT
2015-10-15 John Dennis <jdennis@redhat.com>
Add missing urn constants used in PAOS HTTP header
The new OASIS "SAML V2.0 Enhanced Client or Proxy Profile Version 2.0"
specification added new options that can appear in the PAOS HTTP header.
Section 2.3.1 enumerates the following URN options which can appear
in the PAOS HEADER:
urn:oasis:names:tc:SAML:protocol:ext:channel-binding
urn:oasis:names:tc:SAML:2.0:cm:holder-of-key
urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp:2.0:WantAuthnRequestsSigned
urn:oasis:names:tc:SAML:2.0:conditions:delegation
Of these only the holder-of-key was previously defined in Lasso,
this patch adds the other 3 constants.
License: MIT
2015-09-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Release 2.5.0
remove errors.c, it breaks computation of version from tags
java: fix AllJunitTests generation when building out of source directory
2015-09-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Revert "Add messageID and idp_list to profile properties"
This reverts commit b10c48058ed5942b135712f46888e0697fb593ff.
2015-09-01 John Dennis <jdennis@redhat.com>
fix test08_lasso_key test failure
Note: the rest of this message is formatted as reStructuredText (rst).
Test Failure
============
The unit tests run by "make check" fail with the following error:
::
tests.c:61:F:Lasso keys:test08_lasso_key:0: No logging output expected: message «ID _E3F8E9116EE08F0E2607CF9789649BB4 already defined
» was emitted for domain «Lasso» at the level «128»
This is not a regression in Lasso, rather the failure is caused by one
of the components Lasso is dependent upon. It was first observed when
the identical Lasso package was built in Fedora 22, no problems were
observed in Fedora 21. This implies one or more updated components in
Fedora 22 is the cause.
This was a particularity difficult error to track down, first one had
to identify who was emitting the message and on what file descriptor
(stream) and who was triggering on the message emission and causing a
check failure. The obvious assumption the check library was
responsible for detecting the message emission and failing the test is
wrong.
Who is emitting the message and why?
------------------------------------
The message is emitted by libxml2 in the function `xmlAddID()`
(valid.c:2578). It occurs at the end of xmlAddID() when it detects the
ID (which is supposed to be unique to the document is already defined,
which for valid XML is illegal (violates uniquenesss constraint). The
message emission occurs because of the code fragment
::
if (xmlHashAddEntry(table, value, ret) < 0) {
#ifdef LIBXML_VALID_ENABLED
/*
* The id is already defined in this DTD.
*/
xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED,
"ID %s already defined\n", value, NULL, NULL);
#endif /* LIBXML_VALID_ENABLED */
xmlFreeID(ret);
return(NULL);
}
Why is the message emission different between libxml2 versions?
---------------------------------------------------------------
The change occured between libxml2 version 2.9.1 and 2.9.2 in commit
a16eb968075a82ec33b2c1e77db8909a35b44620
::
commit a16eb968075a82ec33b2c1e77db8909a35b44620
Author: Daniel Veillard <veillard@redhat.com>
Date: Tue Jun 10 16:06:14 2014 +0800
erroneously ignores a validation error if no error callback set
Reported by Stefan Behnel
https://bugzilla.gnome.org/show_bug.cgi?id=724903
diff --git a/valid.c b/valid.c
index aedd9d7..1e03a7c 100644
--- a/valid.c
+++ b/valid.c
@@ -2633,11 +2633,8 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value,
/*
* The id is already defined in this DTD.
*/
- if ((ctxt != NULL) && (ctxt->error != NULL)) {
- xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED,
- "ID %s already defined\n",
- value, NULL, NULL);
- }
+ xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED,
+ "ID %s already defined\n", value, NULL, NULL);
#endif /* LIBXML_VALID_ENABLED */
xmlFreeID(ret);
return(NULL);
In both versions of libxml2 the conditional complilation
LIBXML_VALID_ENABLED is enabled by default via the configure
script. What is different is the the requirement ctxt be
non-NULL. Lasso invokes xmlAddID with a NULL ctxt parameter. Because
the NULL test for ctxt is absent in libxlm2 2.9.2 the message is now
emitted where previously it was not.
Who triggers on messge emission and fails the test?
---------------------------------------------------
This is a Lasso feature, it is not part of libcheck. In tests/tests.c
is the following function
::
void error_logger(const gchar *log_domain, GLogLevelFlags log_level,
const gchar *message, G_GNUC_UNUSED gpointer user_data)
{
fail("No logging output expected: message «%s» was emitted for domain «%s» at the level"
" «%d»", message, log_domain, log_level);
}
Before the test are run the error_logger function is installed as a
glib handler
::
g_log_set_default_handler(error_logger, NULL);
When the message is emitted the error_logger traps it and invokes the
libcheck (deprecated) function fail() which aborts the test case.
Why does `test08_lasso_key` cause an XML validation failure?
------------------------------------------------------------
`test08_lasso_key` invokes `lasso_key_saml2_xml_verify()` twice on the
same XML document. Any time `lasso_key_saml2_xml_verify()` is called
more than once the XML validation will fail on the second and
subsequent invocations. This occurs because
`lasso_key_saml2_xml_verify()` invokes `lasso_verify_signature()`
passing it the node id in the `id_attr_name` parameter. Inside
`lasso_verify_signature()` is this code fragment:
::
/* Find ID */
if (id_attr_name) {
id = xmlGetProp(signed_node, (xmlChar*)id_attr_name);
if (id) {
xmlAddID(NULL, doc, id, xmlHasProp(signed_node, (xmlChar*)id_attr_name));
}
}
Note that it unconditionally invokes `xmlAddID()`, which adds the ID
to the set of unique element ID's in the document. But if you invoke
`xmlAddID()` more than once with the same ID in the same document you
violate the uniqueness constraint.
The ID needs to be registered in the document because the <Reference>
element of the <SignedInfo> may utilize an XPointer reference to the
signed data. In it's simplest form the XPointer reference is an ID
attribute on a node. Thus to locate the signed data referenced by the
ID it should (must?) be in a table of ID's for the document.
Simple Solution (patch)
-----------------------
The solution is simple now that the problem is understood. The ID
should not be unconditionally added to the document, instead it should
only be added if it's not already registered. Prior to calling
`xmlAddID()` one should call `xmlGetID()` and test for a NULL result
indicating the ID has not be registered previously.
License: MIT
2015-09-01 John Dennis <jdennis@redhat.com>
add support for automake 1.15
License: MIT
2015-09-01 John Dennis <jdennis@redhat.com>
Fix coverity lasso_get_hmac_key() warning
lasso_get_hmac_key() did not check return value. Now check the return
code, emit a critical message and return early with cleanup.
License: MIT
2015-09-01 John Dennis <jdennis@redhat.com>
Add messageID and idp_list to profile properties
ECP needs a place to store the messageID and idp_list. Normally values
like this would located in a "context" passed to the relevant
routines. But currently there is no such context, the closest thing to
a context we have is the profile so we add them here in the profile
private data using accessors. They are currently not relevant outside
of ECP.
Adds functions:
lasso_profile_get_message_id()
lasso_profile_set_message_id()
lasso_profile_get_idp_list()
lasso_profile_set_idp_list()
License: MIT
2015-08-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac: move test framework detection after pkg-config detection
debian-jessie: add build dependency on pkg-config
Add 'debian-jessie/' from commit 'dc7374e9f41214557dd45735789a7535d6bbe681'
git-subtree-dir: debian-jessie
git-subtree-mainline: 83f6319c01ef633fe17625d9ec8d15f1f9dbfc36
git-subtree-split: dc7374e9f41214557dd45735789a7535d6bbe681
bindings/java: fix test script generation
2015-08-24 John Dennis <jdennis@redhat.com>
add ECP unit test
Test ECP.
3 different variations of the SP provided IDP List are exercised.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Implement PAOS request and response messages
Re-implement lasso_profile_saml20_build_paos_request_msg() and
lasso_saml20_login_process_paos_response_msg() to use the
functionality introduced by earlier patches and to assure they are
functionally complete.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add messageID and idp_list to profile properties
ECP needs a place to store the messageID and idp_list. Normally values
like this would located in a "context" passed to the relevant
routines. But currently there is no such context, the closest thing to
a context we have is the profile so we add them here in the profile
private data using accessors. They are currently not relevant outside
of ECP.
Adds functions:
lasso_profile_get_message_id()
lasso_profile_set_message_id()
lasso_profile_get_idp_list()
lasso_profile_set_idp_list()
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
ECP and PAOS special handling
ECP does not require an SP to know the remote IdP provider. Existing
code made the assumption the remote provider always was
necessary. Determination and setting of the remote consumer URL is
different in the presence of ECP. Rework the logic to reflect
differing requirements.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add function to set protocol conformance
Lasso uses an internal private variable bound to the provider to
indicate which protocol the provider is servicing. It is vital this
value be correctly set because many Lasso routines used it to dispatch
to the appropriate protocol handlers.
Normally the provider's protocol conformance is set as a side-effect
of parsing the XML metadata that describes the provider (e.g. an SP or
IdP). However there are some providers (e.g. an ECP client) which do
not have metadata. For providers lacking metadata it is essential
there be a mechanism to set the protocol conformance otherwise the
library will malfunction.
The function comes with documentation that includes a clear warning
this is to be used only in limited circumstances.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Implement ECP client functionality
Implement everything needed to support a SAMLv2 ECP client.
Re-implement lasso_ecp_process_authn_request_msg() and
lasso_ecp_process_response_msg() to use the Lasso XML serialization
subsystem with the ECP and PASO LassoNode's introduced earlier. This
replaces one-off explicit direct use of the libxml API with Lasso
common code. In the process provide support for 100% of the ECP and
PAOS SAMLv2 parameters, not just a subset. Include support for
receiving an IDPList from the SP in conjuction with selecting an IdP
known to the ECP client. Add extensive documentation.
Modify LassoSamlp2AuthnRequest to preserve it's original XML (enable
keep_xmlnode flag) so that when serializing the SOAP request the
LassoSamlp2AuthnRequest received from the SP is exactly duplicated.
Add the following internal static utility functions:
is_provider_in_sp_idplist()
is_idp_entry_in_entity_id_list()
intersect_sp_idplist_with_entity_id_list()
Add the following exported utility functions:
lasso_ecp_is_provider_in_sp_idplist()
lasso_ecp_is_idp_entry_known_idp_supporting_ecp()
lasso_ecp_set_known_sp_provided_idp_entries_supporting_ecp()
lasso_ecp_has_sp_idplist()
lasso_ecp_get_endpoint_url_by_entity_id()
lasso_ecp_process_sp_idp_list()
Add the following members to the ECP class:
message_id
response_consumer_url
relaystate
issuer
provider_name
is_passive
sp_idp_list
known_sp_provided_idp_entries_supporting_ecp
known_idp_entity_ids_supporting_ecp
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Clean up ECP and PAOS XML generation
Re-implement lasso_node_export_to_ecp_soap_response() and
lasso_node_export_to_paos_request(). Add new function
lasso_node_export_to_paos_request_full() with full functionality which
deprecates lasso_node_export_to_paos_request().
The existing code had two significant deficiencies, it performed
explicit direct xml manipulation using the libxml API rather than
calling into Lasso's extensive XML utilities, this was in stark
contrast the rest of the Lasso library. It also failed to handle a
number of ECP parameters leaving a functionality gap in the API.
The new code makes use of the Lasso XML serialization
subsystem. Rather than hand crafted xml manipulation we use the ECP
and PAOS LassoNode objects introduced in an earlier patch. This is
consistent with the rest of Lasso and because those LassoNodes are
used elsewhere we have a better guarantee of robustness because the
same common code is being called from multiple places. Other Lasso
common utilities (some introduced in previous patches) are invoked
instead of handcrafted xml manipulation, once again common code is
preferred.
Finally lasso_node_export_to_paos_request_full() was introduced to
expose in the Lasso API all ECP
parameters. lasso_node_export_to_paos_request() now trivially calls
into lasso_node_export_to_paos_request_full().
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Server utility returns list of providers supporting endpoint type
Add lasso_server_get_filtered_provider_list() utility.
Iterate over the server providers and build a list of provider EntityID's who
have the specified role and at least one endpoint matching the
protocol_type and http_method. Return a GList list of EntityID's
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add server utility lasso_server_get_endpoint_url_by_id()
Locate the provider in the server's list of providers, then select an
endpoint given the @endpoint_description and return that endpoint's URL.
If the provider cannot be found or if the provider does not have a
matching endpoint NULL will be returned.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add ECP and PAOS to prefix_from_href_and_nodename()
prefix_from_href_and_nodename() did not know about the ECP and PAOS
XML prefixes so add them.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Export LassonNode to SOAP with arbitrary SOAP headers
Add function lasso_node_export_to_soap_with_headers()
Utility function to build a full SOAP envelope message with arbitrary
headers. The LassoNode becomes the body of the SOAP envelope. The
headers are passed as a GList of LassoNode's and are added as header
elements to the SOAP envelope header. This is a flexible way to build
a SOAP envelope that contains headers without constraints on the
headers.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
LassoSamlp2IDPList is not list capable
LassoSamlp2IDPList is supposed to handle a list of LassoSamlp2IDPEntry
but in fact it had no list support. Change the snippet flag
SNIPPET_NODE to SNIPPET_LIST_NODES and add the special list comment on
the struct member so that the binding generator knows what type of
GList it is.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add LassoNode objects for ECP and PAOS
The SAMLv2 protocol defines 5 XML types which we need to map to
LassoNode objectes so thay can be serialized from XML and back into
XML.
ecp:RelayState
ecp:Request
ecp:Response
paos:Request
paso:Response
This patch addes these 5 new LassoNode's and updates the build
configuration to include them.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Enhance process soap response to include processing soap headers
The existing lasso_saml20_profile_process_soap_response() assumed
there were no SOAP headers (prior to ECP none of the SOAP messages
contained headers). A new function
lasso_saml20_profile_process_soap_response_with_headers() was
implemented that serializes from the XML SOAP headers into a
LassoSoapHeader node and optionally will return the LassoSoapHeader
node.
The functionality in lasso_saml20_profile_process_soap_response() was
moved into the new
lasso_saml20_profile_process_soap_response_with_headers() and now
lasso_saml20_profile_process_soap_response() simply calls
lasso_saml20_profile_process_soap_response_with_headers() passing NULL
for the header return.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add new LassoSoapEnvelope constructor, lasso_soap_envelope_new_full()
The existing LassoSoapEnvelope constructors did not populate the node
with it's constituent members, namely a SOAP header (LassoSoapHeader)
and a SOAP body (LassoSoapBody). lasso_soap_envelope_new_full() allows
one to create a SOAP envelope and immediately begin to add header and
body elements.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Fix LassoSoapHeader, was unable to serialize from XML.
The existing Lasso code never made use of SOAP headers because up
until now nothing used them. LassoSoapHeader was unable to serialize
from XML into a GList of LassoNode objects because it was missing one
of the necessary snippet flags. This corrects this omission and now
parsing a SOAP header will yield a sequence of LassoNode's.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add new error codes and their matching error descriptions
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Add lasso_is_in_list_of_strings macro to utils.h
Add macro that tests to see if a string is a member in a list of
strings.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Fix build failure, remove inclusion of xml/private.h in utils.h
The public utils.h header includes the private xml/private.h file
which is not installed. Therefore anyone trying to build against lasso
and include utils.h will fail because xml/private.h cannot be
found. There doesn't seem to be any need to include this file.
License: MIT
2015-08-24 John Dennis <jdennis@redhat.com>
Eliminate _BSD_SOURCE and _SVID_SOURCE deprecation warning
Because all warnings are treated as errors and this warning is emitted:
warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
the build fails.
The fix is to define _DEFAULT_SOURCE in lasso/xml/tools.c
The effect of defining the _DEFAULT_SOURCE macro is equivalent to
the effect of explicitly defining three macros in earlier glibc
versions: -D_BSD_SOURCE -D_SVID_SOURCE -D_POSIX_C_SOURCE=200809C
License: MIT
2015-08-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac: provide fallback for systems where libcheck is not installed with pkg-config
Add checks for failure of an allocation function from libxml (#8070)
g_malloc always trap on allocation errors but not xmlMalloc.
xml: handle failure of xmlSecBase64Decode() (fixes #8070)
Thanks to fpeters for the patch.
FAQ: add section about getting the issuer before parsing the received message (#4378)
profile: add two new class methods, lasso_profile_get_issuer and lasso_profile_get_in_response_to (#4378)
The goal of those two methods is to allow IdP and SP to load metadata
dynamically without processing completely the incoming. Currently it's
impossible as message parsing and signature checking is done in the same
function.
configure.ac: use pkg-config for libcheck
saml-2.0/login.c: change default value of WantAuthnRequestSigned (fixes #8105)
Specification says it should default to FALSE. We comply.
2015-08-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Makefile.am: fix automake warning
It fixes this warning:
warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
it seems INCLUDES is not to be used anymore.
2015-04-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add 'debian-squeeze/' from commit '33d67ddd1352a2db97d252c7d18f7806ec91e616'
git-subtree-dir: debian-squeeze
git-subtree-mainline: 80a2e0ea4763d3f0bc611ab98c8e207b6a82c099
git-subtree-split: 33d67ddd1352a2db97d252c7d18f7806ec91e616
Add 'debian-wheezy/' from commit '0001ab9af1e3a7e19000a65b75ebc3c42f76a739'
git-subtree-dir: debian-wheezy
git-subtree-mainline: 9f99176b3c8dd2d7c9a6ebf9c619d9c7fea2b64b
git-subtree-split: 0001ab9af1e3a7e19000a65b75ebc3c42f76a739
2015-03-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML-2.0: rework on commit 05fe802b8d, improve handling of ProtocolBinding and AssertionConsumerServiceURL
When the same URL was used for many bindings, the current code did not
work. Now we use
lasso_saml20_provider_check_assertion_consumer_service_url() to validate
url and binding are matching, if no binding is suggested we take the
first one defined for this URL.
Using AssertionConsumerServiceIndex and any of the other assertion
consumer designator attributes is still forbidden.
2015-03-23 John Dennis <jdennis@redhat.com>
Fix build failures
Fix a mistake in the documentation markup that prevented the
doc from building, needed to reverse the order of two tags.
Remove the $(PYTHON) from TESTS_ENVIRONMENT, it was causing
python to be invoked passing /bin/sh to it as a script.
License: MIT
2015-03-11 John Dennis <jdennis@redhat.com>
Add Destination attribute for SAML ECP Response
The Destination attribute on SAML Response element was not being set
when handling an ECP response. It is a requirement of SAML 2.0 that
signed values contain a Destination attribute on the root element
otherwise the client will reject the response. This is documented in
the SAML Bindings Specification, Section 3.4.5.2 "Security
Considerations":
If the message is signed, the Destination XML attribute in the
root SAML element of the protocol message MUST contain the URL to
which the sender has instructed the user agent to deliver the
message. The recipient MUST then verify that the value matches the
location at which the message has been received.
Normally on login one calls
lasso_saml20_login_build_authn_response_msg() which then calls
lasso_saml20_profile_build_response_msg() which sets the Destination
attribute on the SAML Response. But when doing ECP you do not call
lasso_saml20_login_build_authn_response_msg(), instead you call call
lasso_saml20_login_build_response_msg() and if it's ECP it then calls
lasso_node_export_to_ecp_soap_response(). Thus the ECP
response never gets the Destination attribute set because of the
different code path, plus for ECP the destination is different, it's
the assertion consumer service.
FWIW this line of code was copied almost verbatim from
lasso_saml20_profile_build_response_msg which also sets the
Destination attribute.
License: MIT
2015-02-26 Jérôme Schneider <jschneider@entrouvert.com>
php5-lasso.prerm: s/phpdismod/php5dismod/
Merge with lasso in Jessie, re-activate java and gen-default-control.sh
control: build depends on dh-python
2015-02-25 Jérôme Schneider <jschneider@entrouvert.com>
python-lasso.install: just install python 2 files
python-lasso.install: python-lasso is for python2 only
liblasso-perl.install.in: fixes path
rules: cleanning clean target
perl; fix build for Jessie
remove java support
control: update build-dependencies for python3
debian/control: like control.in, control must be updated
2015-02-25 EO builder bot <admin@entrouvert.com>
debian: add python3 support
2015-02-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Re-add control for eobuilder
Remove control and add python-six to control.in
Revert "Remove control.in"
This reverts commit 176e0716f8f8593860e0603697db5dec5675f5b3.
2015-02-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Remove control.in
Add dependency on python-six
Update AUHTORS file
Port Java binding generator to Python 3
Port Perl binding generator to Python 3
Port PHP5 binding generator to Python 3
Make python generator scripts and tests run with python >= 3.2
2015-02-12 Houzéfa Abbasbhay <houzefa.abba@xcg-consulting.fr>
Python 3: Fix the pygobject init macro and restore it
Python 3: Fix a string conversion helper
Python 3: Oops (see rev 279959f)
Python 3: Fix Python 2 support (use six.print_)
Mention Python 3 support in the changelog
Python 3: Disable "PyGObjectPtrType" to avoid crashes (needs investigation)
Python 3: Fix a string function
Python 3: Fix module init
Python 3: PyObject_HEAD_INIT(NULL) -> PyVarObject_HEAD_INIT(NULL, 0) (to play better with C strict aliasing rules - see PEP 3123)
Python 3: Defs for int & string related functions
Python 3: - file(...) -> open(...) - print ... -> print(...) - print >> fd, ... -> print(..., file=fd) - basestring -> str - map(...) -> list(map(...))
Python 3: PyObject.ob_type is deeper in the structure; use the Py_TYPE macro instead
Python 3: Fix print calls in configure.ac
Ignore some Perl binding files
Ignore /test-driver
2015-02-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML-2.0: Rework protocol profile selection when parsing AuthnRequest messages
This commit also add tests around authn request parsing.
2015-02-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add support for SHA-2 family of hash functions for RSA and HMAC signatures
2015-01-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Check return value of lasso_session_add_assertion() in lasso_login_build_assertion()
Remove _POSIX_SOURCE declaration as it's not needed
2014-12-09 Simo Sorce <simo@redhat.com>
Fix coverity issue about unchecked return
If find_path() does not find MinorVersion, then no value is changed and
we repeate the search with the values for thr major version.
Check if we have found anything and if not set the minor version to 0.
License: MIT
2014-10-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Improve top level commint in CGI script example
Add simple example of a CGI service provider script written in C
2014-10-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Remove dead code in the PHP5 binding
2014-09-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
xml: modify xschema snippets to handle xsd:choice constructs
xml: support xsd:choices by allowing to rewind or advance after match or miss of a snippet
2014-08-28 Simo Sorce <simo@redhat.com>
Fix header guard
Found by clang
License: MIT
2014-08-28 Simo Sorce <simo@redhat.com>
Assert on missing id
In this function id is required, so just assert if it is missing.
This also silences a warning about "reference" being used unintialized
if "id" is null.
License: MIT
2014-08-28 Simo Sorce <simo@redhat.com>
Missing variable initialization
If name_id s unconditonally dereferenced in the cleanup code.
If it is not initialized it may cause segfaults or other misbehaviors.
License: MIT
2014-08-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix release date of 2.4.1
Release 2.4.1
Add tool gitlog-to-changelog
2014-08-12 Frédéric Péters <fpeters@entrouvert.com>
saml-2.0: set NotOnOrAfter on the Conditions element (#5248)
This is actually required for interoperability with Dropbox SAML support.
2014-08-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
doc: add lasso_server_add_provider2 and lasso_server_load_metadata
2014-08-11 Frédéric Péters <fpeters@entrouvert.com>
debian: don't move perl files
debian: accomodate perl now installing in the right directory
perl: keep on using PREFIX, required for distcheck
reformat gtk-doc function comment to work with gtk-doc 1.21
2014-08-11 Simon Josefsson <simon@josefsson.org>
fix pkg-config typo.
2014-08-06 Niko Tyni <ntyni@debian.org>
Use INSTALLDIRS=vendor for the Perl bindings, as per the Debian Perl policy
Debian packaged Perl modules should be installed into the vendor
directories (currently /usr/lib/perl5 and /usr/share/perl5), but the
upstream default puts the into the 'site' ones (modified with the
PREFIX setting.) Explicitly using INSTALLDIRS=vendor simplifies
the install rules and removes the need for PREFIX, which has
been deprecated in ExtUtils::MakeMaker for a long time.
2014-07-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Restore not-unused code
Clang was wrong on one instance, a value must be initialized to its NULL
state before using any lasso_assign_ macro with it.
Bug introduced in 4789e8d4d68eb.
2014-07-30 Simo Sorce <simo@redhat.com>
One more uninitialized value
encode_key may be release when not initialized if va_args returns null
on the first while loop.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fix potential null dereference errors
Ina number of cases function inputs are not checked for NULL although
values may end up with a NULL value and then they are dereferenced
directly.
Check values in the function (or the caller) if appropriate.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Do not dereference null pointers
Sounds like these should all be boolean 'OR's, otherwise,
if profile is not in fact a lasso profile then profile->private_data
will be dereferenced even if it is NULL.
Found by Clang
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Rearrange case checking to avoid compiler warnings
The compiler was complaining that 'compa' could be uninitialized.
USe this occasion to make the code simpler to understand and assign
actually meaningful values to the variable, even though the proper
actions are not implemented yet.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Properly exit on error
The rc error was being set but then it was being ignored.
Get out immediately if an Issuer can't be found.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Consistently check dsig_reference_ctx
Check if this is not NULL in all cases, to avoid NULL pointer dereference.
Found by clang
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Trim unused code
Clang complains these values are never used, avoid even assigning them.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Trim dead code
These conditions can never be reached as the list is filtered with
and and to the value of 0xff, so just drop them, they are misleading.
(Also silences checkers which were screaming of deadcode, for each and
every unmatchable value ...)
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fix confusing loop test
Coverity was marking the check for tsnippet after the while loop,
confused by the check. Make it more readable, and in the process
make checkers happy too.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fix some uninitialized value
The compiler complain about these values not being initialized.
come of them do not really matter as they are only really used when
later initialized in the code and the code paths would not use them
if not initialized in a previous block, however some of these seem
real issues.
In all cases make the compiler happy so we get less noise in the build
and less false positives in code chckers.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Missing check for Sig_Alg value
Initialize the sig_alg value to NULL (The compilers was complaining it may
be used initialized), but also make sure to check the re is any sig_alg at
all, otherwise return a proper error.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fix boundary check
Coverity was marking this as an array overun as the check would never be
possible and wuld allow any value for query_request_type, including "unset"
wihch is 0.
fix the boundary checks.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fix uninitialized values found by Coverity
These values where being used without being initialized at least in some edge
cases. Make Coverity happy by properly initializing them.
Some of these are real bugs, not just silencing a tool.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fix format check for date
Coverity was complaining that tm was used uninitialized, but the truth is
that a third error condition where the string passed in matches no valid
format was not handled. Just return an error in that case.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fix error checking in xml.c
Coverity was complaining that 'integer' was being used without
initialization (from the caller). Turns out it was erroneously used
to test the result instead of the just sourced 'what'.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Fixes for unchecked return values
Coverity complains that in a number of places errors are not checked.
Some of them are ok not to check so put a silencing (void).
Check errors that need to be checked.
Coverity also complains g_malloc() return is never checked but given it is
never checked anywahere let it be for now.
License: MIT
2014-07-30 Simo Sorce <simo@redhat.com>
Be correct in dealing with varargs
Although in this cases it may be safe to omit va_end() that is not generally
so with an arbitrary compiler on an arbitrary platform.
Quoting from the spec: "Each invocation of va_start() must be matched by
a corresponding invocation of va_end() in the same function."
note the "must"
Checker tools like Coverity complain if va_start() is not always paired with
va_end(), so this patch mutes them.
License: MIT
2014-06-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
bindings/python/tests: session indexes storage preserves order now
tests: add target to Makefile to produce valgrind suppression entries
tests/valgrind: add suppression of all leaks related to initialisation of the GLib type system
tests: fix leaks
saml-2.0/profile: fix leak of xmlSecKey when building signed query strings
id-ff/provider: fix leak of xmlSecKey
xml/samlp2_logout_request: fix leaks around session indexes
server: fix leak of xmlSecKey objects
session: fix leak of _NidAndSessionIndex structures
2014-06-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
saml-2.0/server: fix invalid memory access
GList must never be allocated through malloc as it internally managed
using gslice. Always use Glib constructors and methods.
tests: fix leak in log message checker
tests: do not reuse tc_response_new_from_xmlNode test case
2014-05-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
bindings/python: fix conversion of unicode value to UTF-8 for setters
2014-05-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
login: complete document of lasso_login_process_authn_response_msg on expectable error codes
2014-04-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
website: update links section
website: add news about 2.4.0 release
website: fix HTML grammar errors
xml/xml.c: fix liberal use of casting for the SNIPPET_INTEGER and SNIPPET_BOOLEAN case
Some behaviour are also made more explicit like the optional if equals
to -1 case for integer fields, and the optional if FALSE for boolean
fields.
INSTALL: add php-cli to needed dependencie when compiling on Debian
tests: pass automake CFLAGS when compiling tests2
lasso/xml/tools.c: fix reference to unitialized memory
NEWS: fix wrong date for 2.4.0 release
update website for 2.4.0 release
- remove windows installer reference
- update debian repository configuration
- point to cgit browser and releases directory
2014-04-23 Simo Sorce <simo@redhat.com>
Fix generators for parsing of integer values
All number types including enums are parse as if they were integers,
this breaks in many ways, long and int are not the same size in all
architectures as well as enum may vary in size depening on compiler,
architecture and optimizations.
Always pass an actual long to PyArg_ParseTuple() and rely on the a
cast from long to the destination variable type in the following
assignment.
2014-04-15 Simo Sorce <simo@redhat.com>
Fix java version detection
2014-03-31 Benjamin Dauvergne <bdauvergne@entrouvert.com>
update NEWS
bindings/perl/Makefile: it's difficult to control produced code so disable warning on unused-but-set-variable
2014-03-31 Frédéric Péters <fpeters@entrouvert.com>
perl: get required CFLAGS from $(perl -V::ccflags:)
2014-03-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix: remove warning by not calling g_type_init() with glib > 2.36 as it's deprecated
2014-01-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac: update LASSO_VERSION_INFO
Revert "configure.ac: desactivate the PHP5 binding if no CLI interpreter is available"
This reverts commit a3d53764fa75c30ee9a118088f0a224bc20059e4.
docs: remove section
2014-01-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac: desactivate the PHP5 binding if no CLI interpreter is available
configure.ac: remove checks for SWIG
2013-12-29 Frédéric Péters <fpeters@entrouvert.com>
import 2.3.6-3 changelog entry
use php5enmod and php5dismod
2013-12-29 Moritz Muehlenhoff <jmm@debian.org>
enable hardened build flags
2013-12-29 Frédéric Péters <fpeters@entrouvert.com>
import 2.3.6-2.2 changelog entry
import 2.3.6-2.1 leftovers
2013-12-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac,fedora/lasso.spec: remove expat dependency
INSTALL: add paragraph about build dependencies
more work toward release 2.4.0
2013-12-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
id-ff/providerprivate.h,id-ff/provider.h: make lasso_provider_verify_signature public API
It's necessary for the crudeSAML SASL mechanism.
2013-12-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
bindings/python: automatically encode string into utf-8 when passing unicode string to Lasso methods
fixes #4077
2013-12-10 Jérôme Schneider <jschneider@entrouvert.com>
python-lasso.install: replace site-packages by dist-packages
add python-lasso.install with python files
2013-12-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
id-ff/session.c: fix wrong variable reference in init_from_xml_nid_and_session_index
2013-12-08 Thomas NOEL <tnoel@entrouvert.com>
update control.in with control
2013-12-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
remove the debian directory from the project
2013-12-06 Jérôme Schneider <jschneider@entrouvert.com>
python-lasso.install: don't install old /usr/lib/python*/site-packages
2013-12-06 Frédéric Péters <fpeters@entrouvert.com>
doc: remove broken gtk-doc tests for now
perl: make it compatible with recent libxml2
2013-12-05 Frédéric Péters <fpeters@entrouvert.com>
doc: remove reference to init.xml that is not created anymore
build: replace python $libdir by our own
2013-12-05 Simo Sorce <simo@redhat.com>
Better python detection in configure.ac
License: MIT
Support automake 1.13 and 1.14
License: MIT
2013-12-04 Jérôme Schneider <jschneider@entrouvert.com>
debian: replace dh_pycentral by dh_python
2013-12-03 Simo Sorce <simo@redhat.com>
Fix license boilerplates
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
2013-11-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
jenkins.sh: do not ignore errors
2013-10-23 Frédéric Péters <fpeters@entrouvert.com>
python: do not fail displaying a non-C error (fixes #3866)
The binding does a raise Error('failed to create object') but the local Error
exception class expects a lasso error code, and will thus fail if printed.
File ".../lasso.py", line 54, in __str__
return '<lasso.%s(%s): %s>' % (self.__class__.__name__, self.code,
_lasso.strError(self.code))
TypeError: an integer is required
2013-10-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
saml-2.0/provider: when looking for endpoints take a null role as meanning « take the first one »
2013-10-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
saml-2.0/profile: fix typo in commit 8de55
saml-2.0/profile: add warning message when unable to build an artifact response message due to an unfound artifact resolution endpoint
2013-10-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
web: update mailing list urls
2013-09-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
debian: add a source/format file
debian: add a source/format file
toosl/git-version-gen: use a dot to separate the commit string from the regular version
lasso/xml/tools.c: fix misuse of xmlURIUnescapeString
If the length argument is NULL, the full string is unescaped; the
behaviour we expected is to return a 0 length string.
tools/git-version-gen: keep the g before the git commit number
debian: import current packging for debian wheezy
.gitignore: add more
bindings/perl: fix type of size variable incompatible with 64 bits arch
id-ff/login.c: initialize role status of sp and idp in lasso_login_init_authn_request
2013-09-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
jenkins.sh: build a first time before running distcheck, in order to have the documentation compiled
tests/data/Makefile: regenerate list of files and directories to distribute
docs/Makefile: always set DIST_SUBDIRS
add jenkins.sh script
2013-09-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
saml2/profile.c: add resolving of the endpoint index in artifacts
* lasso/saml-2.0/profile.c: add new argument role to lasso_saml20_profile_init_artifact_resolve()
for looking up ArtifactResolutionService location; extract endpoint index
from artifact and use it to resolve the endpoint location.
* login.c: pass new argument ; force msg_url as it is preinitialized by
lasso_saml20_profile_init_artifact_resolve()
saml2/provider.c: add new function lasso_saml20_provider_get_endpoint_url() for retrieving endpoint locations using the new endpoints list
errors.{c,h}: add new error LASSO_PROFILE_ERROR_ENDPOINT_INDEX_NOT_FOUND for reporting when a recevied artifact does match any declared endpoint
saml2/profile: fix missing ArtifactResolutionService index in artifacts
tests: add non-regression test to check that we correctly provide the ArtifactResolutionService index in artifacts
saml2/login: fix role of providers in process_authn_request() and idp_initiated_authn_request()
It is necessary for endpoint resolution to know the role of providers.
tests: in check_equals() and check_not_equals() macros use long long int as a catchall type for printing compared values
fix compilation errors on 64bits architectures
* sizeof(unsigned int) != sizeof(size_t)
* INT_MAX != LONG_MAX
fix warnings about unused but set variables
2013-08-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Revert "doc: fix EXTRA_DIST definition in reference/lasso/Makefile.am"
This reverts commit a223afc6077528792055def999c29ac5f4d8a418.
It seems to be incompatible with recent version of gtk-doc, I need to
investigate more this problem.
doc: fix EXTRA_DIST definition in reference/lasso/Makefile.am
2013-07-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge remote-tracking branch 'origin/libxml2.9-compat'
2013-07-20 Frédéric Péters <fpeters@entrouvert.com>
website: fix commercial licencee page location
2013-06-19 Tim Newsome <tnewsome@aristanetworks.com>
AM_C_PROTOTYPES is no longer supported in autoconf 1.12.
Add support for automake 1.12.
2013-06-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure.ac: do not passe the full version suffix as the release number
FAQ.rst: start a FAQ file
2013-05-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
configure: generate version number from git revision between tagged release
The script git-version-gen is copied from the autoconf project.
2013-03-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
python: fix logout request parsing test
adapt to new checks done on logout request nodes
tests: comment out dump/restore checks against complex nodes
saml-2.0: fix missing signature on logout responses
2013-03-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
pkgconfig: do not leak lasso dependencies to users
Change Require into Require.private
Thanks to Thijs Kinkhorst and Olav Morken for the suggestion.
2013-01-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
xml-saml-2.0: ManageNameIDRequest must have a NameID
xml-saml-2.0: LogoutRequest must have a NameID
xml: really enforce elements cardinality when parsing messages
- add a new SNIPPET_MANDATORY:
we could only indicate 0-1 and 0-* cardinalities, now we can also
indicate 1-1 and 1-* cardinalities.
- repect cadinalities when parsing an xmlNode tree into a LassoNode
tree.
xml-saml-2.0: add missing namespace declaration for the KeyInfoSujectConfirmationData sub-type
fix memory leak in lasso_node_impl_init_from_xml: release the class_list
utils: add a lasso_release_slist macro
add a lasso_release_slist
fix potential segfault in lasso_node_impl_init_from_xml
Fix distcheck build problem in docs/Makefile.am
Bug introduced in commit e97a36fa
fix warning in docs/reference/lasso/Makefile.am
2012-09-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Rewrite all xmlNode serialization code to be compatible with libxml 2.9.0
Libxml stopped exposing the internal of the xmlOutputBuffer structure;
it was replace by proper use of the API and of the xmlBuffer structure.
There could be regression for older version of libxml as some functions
appeared in recent version of libxml; but the reference API document
does not give any introduction date for functions so it's hard to be
sure.
2012-09-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix segfault in saml-2.0/provider.c:load_endpoint_type2
Thanks to Hiromitsu Fujita for the patch. fixes #1582.
2012-07-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
tests: add a SSO test with DSA keys to python bindings tests
2012-06-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix compilation on solaris
Thanks Wojciech Lichota for the patch.
Fixes #1516
2012-06-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix SIGSEGV when loading metadata files
Thanks Wojciech Lichota for the patch.
Fixes #1516
2012-05-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings/php5] remove redundant check to is_transfer_full
[bindings/php5] add missing release for xmlnodes in return value wrapper
[abi] update for release 2.4.0
[bindings/python] in constructors wrappers build the return value before
[bindings/python] free xmlnode argument owned by the callee
[bindings/python] fix some indentation
[bindings/python] boolean values does not need to be released
[bindings] add a default parameter to is_transfer_full whose default is False
[bindings] improve matching for object types
[xml] fix wrong forward declaration
[xml] add missing include
[xml] fix typos
[lasso] add missing GObjectIntrospection annotations to lasso_node_get_original_xmlnode
[lasso] add missing GObjectIntrospection annotations to lasso_misc_text_node_get_xml_content
[NEWS] improve 2.4.0 release notes
Merge branch 'release-2.4.0'
2012-04-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix wrong EXTRA_DIST in lasso/xml/dsig/Makefile.am
2012-04-26 Thomas NOEL <tnoel@entrouvert.com>
fix compilation error with xmlsec 1.2.18 / freebsd (#1365)
see http://dev.entrouvert.org/issues/1365
2012-04-23 Frédéric Péters <fpeters@entrouvert.com>
Allow building from git without gtk-doc installed
2012-04-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[saml2] modify behaviour of lasso_saml2_assertion_add_attribute_with_node
If an AttributeStatement already exists, we add the new attribute to it.
2012-04-02 Frédéric Péters <fpeters@entrouvert.com>
build: do not include multiple glib headers
2012-03-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] including glib headers directly is deprecated, we must only use <glib.h> now
2012-03-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests] add test cases for the LassoKey class
[key] add methods to send message using SAML 2.0 redirect and post bindings
[saml2] fix handling of SingleSignOnServer in lasso_saml20_provider_get_first_http_method
When checking if a synchronous http method can be used for sending a
request to the SingleSignOnService we must check if the response can
received by the AssertionConsumerService with a synchronous binding not
the SingleSignOnService.
2012-03-05 Frédéric Péters <fpeters@entrouvert.com>
php5: use zend_function_entry, for compatibility with PHP 5.4
2012-03-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings php5] fix missing wrappers for constructors
2012-02-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings php5] improve generation of php call stubs by using type case helpers, raise exception in unknown case
2012-02-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[website] add piwik tracking code to base template
2011-12-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
update NEWS
Add release notes
Add missing abi files
Update files for release 2.4.0
Incompatibility with clang: local functions with closure does not work
2011-12-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'more-datas-in-sessions'
[tests] remove work-around for letting ID-FF 1.2 tests work with the thin-sessions flag activated
But when thin-sessions is activated we use the new way of passing artifact
message content around.
2011-12-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[id-ff 1.2] change websso with artifact binding to work as SAML 2.0
The old way of transmiting the assertion to return via the session is kept,
but a new way more semblable to the one used in the SAML 2.0 code is added.
After lasso_login_build_artifact_msg() you must save the return of
lasso_profile_get_artifact_message() linked to the value of the artifact
obtained via lasso_profile_get_artifact().
In the artifact-resolve endpoint you must find the artifact message
corresponding to the return value of lasso_profile_get_artifact()
reinstall the artifact message using lasso_profile_set_artifact_message()
just before calling lasso_login_build_response_msg().
This change is necessary for ID-FF 1.2 SSO profile to work with the
thin-sessions.
2011-12-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[id-ff 1.2] in lasso_login_build_assertion() always add the assertion to the response
[tests] protect the ID-FF 1.2 test cases from effect of the thin-sessions flag until it is migrated to work also with thin sessions
[doc] do some documentation fixing
[id-ff 1.2] provision the SessionIndex into the assertions
Without it SLO session management is broken.
[id-ff 1.1] add support for multiple SessionIndex to lib:LogoutRequest
Combined with the new LassoSession storage for SessionIndex, it
should fix many bugs when doing SLO.
[saml 2.0] use the new SessionIndex storage for SLO management
It shoulf fix any missing functionnalities regarding missing session indexes
in logout requests sent by identity providers or service providers.
[core] add support for thin-sessions environment flag, to reduce size of LassoSession dumps
[core] add simpler storage for SessionIndexes in the LassoSession
2011-12-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[id-ff 1.2] add lasso_saml_name_identifier_equals() to compare NameIDs
[website] remove the buildbox link for now
[website] target the bug report link to on redmine
2011-12-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[saml2] fix lasso_saml20_logout_validate_request when more than one SessionIndex is sent
[Makefile] add strings.h to the dsig module includes
[xml/saml2] replace magic string by a define
Simplify useless complexity in include paths
[xml] in is_interaction_request.h move new field to the end of the structure fto limit ABI impact
Merge branch 'rewrite-node-impl'
[tests] fix tests to comply with new implementation of parsing
The test around parsing of EncryptedAssertion was wrong since it was
missing the XMLEnc namespace declaration.
2011-12-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[xml] rewrite schema directed serialization/deserialization methods
The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.
Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:
{namespace}attribute_name
an example:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
2011-12-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[xml] add LASSO_XMLENC_PREFIX and LASSO_XMLENC_HREF defines
[xml] add missing nodes to LassoIsInteractionRequest
[xml] change saml_advice.h to declarer the real node type
It also needed a change to bindings.py to parse struct as well as
typedef node classes.
[xml] complete missing namespace declarations for child nodes
To allow lasso_node_impl_init_from_xmlnode to do proper namespace
checking, child node which are not of the same namespace as their parent
in their XSD schema must have an explicit namespace declared in the
XmlSnippet.
[core] mark private_data field of the LassoKey structure as private
[tests] improve checking for log output
- now any non expected log output is considered an error, by setting a
g_log default handler.
- block_lasso_logs()/unblock_lasso_logs() will block logging output at
the DEBUG level
- begin_check_do_log(level, message, endswith)/end_check_do_log() with
check that the only message emitted between the two macros is one
equals to "message" at the level "level", or ending (to work around
variable parts in a log message) with "message" if "endswith" is True.
[tests] rename login test suite, with mentions of ID-FF 1.2 and SAML 2.0
[Makefile] fix missing soap11 nodes when compiling for Mingw
[core] fix uninitialized pointer to a GError structure
[core] move XMLDsig related nodes in their own sub-library, add X509Data node implementation
The goal is to use the KeyInfo structure as a transport format for our cryptographic keys
2011-12-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
remove debugging printf statement
2011-12-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[provider] fix doc comment
[id-ff] move LassoLogout to use LassoSignatureContext
[logging] add an error() macro
[id-ff] move LassoLogin to use LassoSignatureContext
2011-12-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] rename lasso_provider_set_specific_signing_key to lasso_provider_set_server_signing_key
[perfs] add command line options, add option to use shared secret key cryptography
Performance with HMAC-SHA1 is 100x the one with 2048 bits RSA.
[core] add the HMAC-SHA1 shared secret signature method
[core] refactor lasso_query_verify_signature and lasso_saml2_query_verify_signature
This commit introduces lasso_query_verify_helper which factorize
cryptographic operations.
[tests] use helper macros in id-ff test case
[core] add lasso_provider_add_key to add other key for signature validation
The added key can be appended or prepended, depending on the need for the key:
- rollover
- improving performances (using simpler cryptographic algorithmss using shared secret keys)
[core] add method lasso_provider_set_specific_signing_key
Using this method you can specify a signing which will be used for
communication with the specified provider instead of the one configured
on the LassoServer object. The main objective is to allow shared secret
cryptography instead of public key cryptography.
[core] add a new class LassoKey
LassoKey currenly store a LassoSignatureContext inside a
reference-counted and bindable object. It will be used to export API
around key management to bindings.
[core] set the xmlSec log handler globally
The log handler is not set in lasso_init().
[saml2] introduce a lasso_saml2_assertion_get_audirence_restrictions to factorize some code
[core] introduce the LassoSignatureContext context, to pass around signature parameters
This structure is used to pass around the signature algorithm
and the signature key.
[core] add a lasso_base64_decode function
[core] replace explicit allocation of LassoProviderPrivate by use of g_type_class_add_private
The private part is allocated contiguously to the public structure data.
[configure.ac] fix compilation on Mac Os X
[xml] use lasso_node_export_to_query_with_password to implement lasso_node_export_to_query
[tools] fix lasso_sha1 to return a glib allocated string
[id-ff/saml2] add a lasso_server_add_provider2
It allows to add LassoProvider objects directly to a LassoServer object,
without using the metadata loading methods.
[utils] add lasso_crypto_memequal function
This method compare byte strings in constant time.
[tools] add a LassoSignatureContext structure to pass signature parameters around
Signature parameters are mainly a LassoSignatureMethod and a xmlSecKey.
[xml] add an inline function to validate LassoSignatureMethod values
- add also a LASSO_SIGNATURE_METHOD_NONE value
[utils] add lasso_transfer_xml_node macros
[core] simplify lasso_provider_load_public_key
2011-11-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[web] fix link on the download page
Merge branch 'multi-certificates'
Merge branch 'excl-c14n-fix'
[web] add release news for release 2.3.6
[release] 2.3.6
2011-11-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[integration tests] does not use full leak report
[integration tests] show more callers when using valgrind memcheck looking for leaks in authentic and lcs
[tests] add test for rollover on the SP side, i.e. rollover of encryption keys
This test case is the first to abstract the workflow between two
LassoLogin object (for the idp and sp side). This part of the code could
be used to simplify the code of other tests in the future.
2011-11-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] do not emit a warning for expected decryption errors
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
2011-11-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] add a new class of errors for xml encryption errors
add LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA for generic unrecoverable
xml decryption errors.
[leakcheck] fix leaks seen by the unit tests
This commit also improved valgrind suppression file to hide static
allocations done by the GLib type system.
[core] fix wrong XML canonicalization when assertion is extracted without its namespace context
2011-11-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5
- gcc now warns when you compate a typedef to the anonymous enum which
define it.
- some inline function in the zend.h header do compare between signed
and unsigned char.
2011-11-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] multiple decryption keys support
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.
The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:
xmlSecKey *encryption_private_key
became:
GList *encryption_private_keys
All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.
The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
2011-11-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'extension-abi-respecting'
[saml2] add missing extension point for LassoSaml2SubjectConfirmationData
- it can support any content and any attribute without validation
xs:any with processContents="lax"
[xml] allow to store XSchema data into a private stucture
- added new macros SNIPPET_STRUCT_MEMBER and SNIPPET_STRUCT_MEMBER_P
replaces use of G_STRUCT_MEMBER/_P macros.
- we use the GType of the class containing a given XmlSnippet to find
the proper private structure.
- added flag SNIPPET_PRIVATE to state XmlSnippet whose value
should be extracted from the private structure and not the public
one.
[binding python] prevent warning in wrapper_top.c under hardy with gcc 4.2.4
[core] add missing break to switch/case
2011-11-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings] fix bug introduced in last commit
2011-10-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings] fix tree traversal on windows
- The file path separator is not / on all platforms, so do not use it
when matching filenames.
[misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5
- gcc now warns when you compate a typedef to the anonymous enum which
define it.
- some inline function in the zend.h header do compare between signed
and unsigned char.
[xml saml-2.0] add missing annotation for binding generation to header for LassoKeyInformationDataType
2011-10-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[xml saml-2.0] add a class to handle the KeyInfoConfirmationData type
* use a direct mapping to map this class to SubjectConfirmationData
node having the xsi:type attribute.
* overload get_xmlNode method to add the xsi:type attribute on output.
[xml] allow node classes to not defined their nodename, useful for simple Type
2011-10-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[id-wsf2 profile] check provider->private_data->roles instead of provider->role
Fixes #140.
[id-wsf discovery] provider can now contain multiple public keys, only consider the first key for id-wsf token generation
ID-WSF never contemplated the fact that sometimes key roll-over happend
(SubjectConfirmation can only containg on ds:KeyInfo), whatever...
[saml-2.0] augment lasso_saml20_provider_get_first_http_method to verify presence of synchronous bindings
[xml] if a SNIPPET_LIST_NODES as the SNIPPET_ANY flag, allows really any kind of node through LassoMiscTextNode
[xml] allows LassoMiscText.init_from_xml to parse any xmlNode
If the node has no attributes and has a simple string content, we use the
classic embedding by setting, name, ns_href, ns_prefix. Otherwise the complete
xmlNode is copied.
[tests] add non-regression tests concerning the parsing of any xmlNode tree by LassoMiscTextNode when SNIPPET_ANY is used by a LassoNode
[xml] only try to map an xmlNode to a class ame if the node has a namespace
[xml saml-2.0] change AttributeValue snippets to accept any children
An AttributeValue has an XSchema type of xs:any.
2011-10-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[xml] create a static version of lasso_node_new_from_xmlNode_with_type without error logging
When used inside lasso_node_impl_init_from_xml the error logging is
prematurely sent as there is a backup procedure for parsing unknown
nodes inside a SNIPPET_LIST_NODES by creating a LassoMiscTextNode
containing a copy of the parsed xmlNode child.
2011-09-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[configure.ac] default AM_MAINTAINER_MODE to enable
2011-07-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[configure.ac] remove useless semi-colons
Fix wrong version exported in the PHP binding
2011-06-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Change the glob expression to match darwin $host_os
Also use the $DARWIN flag to control the setting of JNI_EXTRA_LDFLAGS.
2011-05-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[java] try to make test works under Mac Os X
[core] finish transition from single encryption key to multiple ones
Some code still reference provider->private->encryption_public_key, this
commit make them use lasso_provider_get_encryption_public_key().
2011-05-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings perl] remove --as-needed from linker flags, it is not supported evrywhere
It can come back if we add proper checking of the support on the
platform, maybe we can leverage tests made by autoconf.
Disable metadata loading test with the UK federation files
2011-05-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'multi-certificates'
2011-05-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings perl] in Makefile.am, gives a default template to mktemp
Thanks to Nathan Sowatskey for the bug report and the fix.
[core] start of support multiple keys for encryption
[tests] add unit test for the provider with multiple key feature
[tests] add sample metadata for testing metadata with multiple key descriptors
2011-05-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] first try at multiple signing keys support
The idea was to replace every use of an xmlSecKey* by a loop over a
GList* of xmlSecKey*.
- In the structure LassoProviderPrivate changed
xmlSecKey*public_key -> GList* signing_public_keys
xmlNode*signing_key_descriptor -> GList* signing_key_descriptors.
- Renamed lasso_provider_try_loading_public_key to
lasso_provider_try_loading_public_keys and chaned its signature
accordingly
- Renamed lasso_provider_get_public_key to
lasso_provider_get_public_keys and changed the signature accordingly.
- Changed lasso_provider_get_encryption_public_key to return the first
signing key from the list as a temporary work around. Multiple
encryption keys will be supported later.
- Changed lasso_provider_load_public_key to load keys from the passed
file on the LassoProvider constructor, from every key descriptors
found for signing and eventually from the key descriptor marked for
encryption.
- Every failure to load from a file or an XML KeyInfo descriptor are
noew reported as warning.
- Query signature checking was completely moved to
lasso_provider_verify_query_signature and
lasso_provider_verify_signature now calls it.
- lasso_provider_verify_signature is now using lasso_verify_signature
from the xml/tools.o module.
- lasso_provider_verify_single_signature was modified to support
multiple signing keys.
2011-05-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[utils] add macros to append to and release a list of xmlSecKey*
[core] make lasso_provider_verify_query_signature use lasso_provider_verify_signature
[bindings perl] in Makefile.am, gives a default template to mktemp
2011-05-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[xml] use g_strndup instead of strndup, as it is more portable
2011-05-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests] fix broken renater metadata file
A modification was introduced which broke the signature, updating to the
last version.
2011-05-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests] move renater metadata files into the metadata/ subdirectory
2011-05-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[saml2] add proper error code for partial logout status code
[saml2] fix build_request_msg for AuthzDecision assertion queries
The servicepoints and roles arrays did not match the provider role
enumerations.
2011-04-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[saml2] if Status is not Success pass continue processing the response
lasso_saml20_login_process_response_status_and_assertion does analyze
the response status code login specific error codes, if the generic
processing from lasso_saml20_profile_process_any_response returns a
status of response is not success, we must continue processing.
[saml2] for any RequestDenied SAML2 response return LASSO_PROFILE_ERROR_REQUEST_DENIED as error
[core] add a generic LASSO_PROFILE_ERROR_REQUEST_DENIED
2011-04-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] make LassoServerLoadMetadataFlag enum a typedef
2011-04-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'load-federation'
[tools] redirect xmlsec errors to lasso error handler
[tools] use LASSO_LOG_DOMAIN instead of magic constant
[Makefile] move lasso/xml/tools.h to public headers
2011-04-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] add flags parameter to lasso_server_load_metadata to tune signature checking on metadata files
The flags parameter allows to control the checking of digital signature
upon EntityDescriptor and EntitiesDescriptor nodes in SAML 2.0 metadata
files.
The default behaviour is to check all found signatures and to inherit
signature from EntitiesDescriptor to their children.
By only enabling checking of EntityDescrtiptor node signatures it's also
possible to only check signature at the EntityDescriptor level and so
only trust individual entities and not the aggregating provider.
2011-04-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] update documentation of lasso_server_load_metadata
2011-04-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] make lasso_server_load_metadata load any metadata file
The new code can load metadata file with a EntityDescriptor root node,
and with nested EntitiesDescriptor.
Idea and prototype by Olav Morken.
2011-04-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[server] in lasso_server_load_metadata do not duplicate checks already made by lasso_verify_signature
lasso_verify_signature already checks that reference is to the given
signed node, be it referenced through an ID or through an empty
reference.
[xml] if signature reference is empty check that signed node is the document root
An empty reference means the complete document, so the signed node is
the root element of this document. We must check that the parameter
signe_node dmatches our assumption.
[core] rename lasso_server_load_federation to lasso_server_load_metadata
The aim of this function is now to load any metadata file, and to
replace completely the use of lasso_server_add_provider.
The metadata content argument is replaced by a metadata file path to
more closely match other APIs.
[web] update download page
2011-03-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] add a loaded_entity_ids output parameter to lasso_server_load_federation
It allows to know which entity has been loaded from the metadata file.
It must be freed by the caller.
[core] add a blacklisted_entity_ids parameter to lasso_server_load_federation
The goal is to prevent loading of provider known to have problems.
2011-03-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests] remove spurious output
[tests] continue improving the lasso_server_load_federation test cases
[tests] test lasso_server_load_federation
The test operates on the metadata file of the french university network
Renater.
[tests] add renater federation metadata file for testing
[core] add a lasso_server_load_federation method
This method allows to load providers in bulk from what is called a
federation file, i.e a SAML metadata file containing declarations for
more than one provider. Those file are usually signed to bind some trust
to its content, so lasso_server_load_federation can take an optional
file path to a certificate chain file used to check the signature on the
given XML content. Only same document signature is accepted (i.e. there
must be only one XML signature reference and it should be to the empty
string meaning the « current » document).
[core] add a private constructor to build LassoProvider object from an xmlNode
I'm not sure of the need outside lasso so I will let this method private
for the moment. It's an helper method for the
lasso_server_load_federation method which traverses an
EntitiesDescriptor node to find all the EntityDescriptor contained
inside.
[saml2] add and internal method to load a federation metadata file
It only loads one kind of provider (idp or sp). It's currently
impossible for a provider to have the two roles at the same time toward
a given LassoServer object, i.e. the current service is a service
provider or an identity provider, it cannot be the two at the same time.
[saml2] improve reporting of errors when loading a provider metadata file
[xml] allow empty reference in XML signature (document signature)
[xml] make id_attr_name parameter optional for lasso_verify_signature
2011-03-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[xml] fix lasso_node_get_xmlnode_for_any_type
xmlCopyPropList does not copy the property list into the target it just
copy it with respect to the target (mainly for namespace references).
This patch adds the real copy into the target node.
2011-03-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[core] add missing namespace definitions to internal objects
Identity, Lecp, Login, Logout, NameIdentifierMapping, NameRegistration,
Session, AssertionQuery, Ecp and NameIdManagement objects were missing a
namespace association to their GObject class. It broke when you try to
dump a node created by lasso_node_new_from_dump.
[tests] add test case for multiple load and dump of the same object
2011-02-08 Frédéric Péters <fpeters@entrouvert.com>
[debian] adapt packaging to official section overrides
[debian] adapt packaging to official section overrides
[debian] sync packaging with official package
[debian] sync packaging with official package
2011-01-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'master' of git@dev.entrouvert.org:lasso
2011-01-25 Jean-Marc Liger <jmliger@athena.siris.sorbonne.fr>
[Fedora RPM] spec file update
2011-01-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests] change perfs to accept a second parameter giving the data files to use
Also add metadata files to check performance with 512 and 1024 bit RSA
keys.
2011-01-14 Frédéric Péters <fpeters@entrouvert.com>
[php5] Comments starting with '#' are deprecated
2011-01-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Remove right column with download, binary packages and source links
It is redundant with other columns.
[web] fix date and version in news 19
[web] fix typo in news for release 2.3.5
Merge branch 'hotfixes-2.3.5'
[ŕelease] Add release notes, update doap files and website
[dist] create Changelog directly from git
2011-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests] adapt Makefile.am to new path of metadata dir
Merge branch 'hotfixes-2.3.5'
[wsf] fix wsf preprocessor conditionals
[bindings python] configure basic logging
[ghashtable] add G_GNUC_UNUSED to remove unused static functions warning
[saml2] when parsing short numbers reinitialize errno
[bindings perl] fix get_hash_of_objects
[bindings php5] remove hardcoding the php5 cli interpreter
The test script did fail under Centos/Fedora because the interpreter for
php5 is named php.
2010-12-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'hotfixes-2.3.5'
[bindings perl] downgrade requirement on perl version to 5 instead of 5.10
[bindings perl] downgrade require on perl version to 5 instead of 5.10
Merge branch 'hotfixes-2.3.5'
[xml] fix null pointer access in lasso_node_get_encryption
2010-12-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[configure.ac] increment version and libtool version info
[saml2] fix errors in lasso)provider_get_first_http_method when a binding is unknown
[saml2 provider] change critical messages to debug messages
[saml2 profile] fix bug in binding_uri_to_http_method with the POST binding
[saml login] suppress unused argument warning
2010-12-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[samlv2 logout] check that the assertion is well formed before accessing the subject nameid
[profile] prefer to lookup the session before the identity for looking up a name identifier;
[samlv2 logout] setup the NameID from the assertion
[samlv2 login] do not setup conditions->notBefore/notOnOrAfter only notOnOrAfter on SubjectConfirmationData
2010-12-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[binding php5] add inline implementation of lasso_log since it is a private function of lasso
[binding php5] add inline implementation of lasso_log since it is a private function of lasso
Merge branch 'hotfixes-2.3.5'
[saml2] make LASSO_SIGNATURE_VERIFY_HINT_FORCE as least as stringent as _MAYBE when checking signature on messages
Merge branch 'hotfixes-2.3.5'
[xml] remove duplicate EncryptedKey around EncryptedData elements
The key is already embedded in the EncryptedData, so there is no need to
also fill the EncryptedKey field of the saml:EncryptedElement object.
[xml] add exportation of the encrypting public key in EncryptedData elements
This commit check if the given is a simple RSA key or a full certificate
and choose the better serialization method between RSAKeyValue and
X509Data.
[tools] fix xml decryption
This commit rewrite the extraction of the EncryptedKey when it is
embedded inside the EncryptedData element, which seem to be the frequent
case.
Merge with new field in custome element
[saml2] use new encryption structure instead for internal field in LassoSaml2Assertion
[xml] add field to contains encryption parameters inside CustomElement structure
[utils] fix typo in lasso_assign_sec_key
[bindings python] make constructor failure raise a lasso.Error exception
2010-12-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[saml2] do not set SPNameQualifier it should be reserved for SP member of an affiliation
2010-12-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'hotfixes-2.3.5'
[tests idwsf2] add missing include for ID-WSF strings
2010-12-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests] include the backward compatibility include for GHashTable
[bindings perl] change ghashtable interface to not use GHashTableIter
[bindings perl] add dependency upon the Makefile.perl for the install target
2010-11-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings] add missing static modifier for g_hash_table_get_values replacement
[tests] include header for backward compatible methods on GHashTable structures
2010-11-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[bindings] fix bad use of lasso_return_if_fail in ghashtable backward compatibility header
2010-10-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'hotfixes-2.3.5'
2010-10-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] fix segfault in has_signature by initializing local variables
2010-10-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'hotfixes-2.3.4'
Merge branch 'hotfixes-2.3.4' into release
Update doap and news file
Update NEWS file
2010-10-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[tests data request] add googleapps sample AuthnRequest
[tests] move metadata directory into data
[tests data] add idp and sp example with 1024 bits RSA keys, for performance testing purpose
[tools] add a repository for semantic patches as reference
[tests metadata] add more examples of metadata files
[tests integration] adapt to string change in lcs/qommon/saml2.ptl
[SAMLv2] delete an unused local variable
Merge branch 'hotfixes-2.3.4'
2010-10-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] user server->signature_method when signing request and response
[tests] add non regression test on assertion consumer endpoints ordering
[core] check type of first argument of lasso_provider_get_assertion_consumer_url
2010-10-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix pardus capitalisation in NEWS file
Merge branch 'hotfixes-2.3.4'
Conflicts:
lasso/xml/xml.c
website/web/download/index.xml
website/web/index.xml
Update release notes and website for release 2.3.4
[xml] fix waring on use of strndup on pardus
2010-10-08 Jérôme Schneider <jschneider@entrouvert.com>
Add missing include <errno.h>
2010-10-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] handle unknown provider in artifact resolve, and also alow to ignore signature validation
In lasso_saml20_profile_process_artifact_resolve, we know take a short
path with an error when the remote provider is unknown and we also
respect the lasso_profile_get_signature_verify_hint() when checking the
signature on the artifact resolve message.
[SAMLv2] fix bad double free bug in lasso_saml20_provider_get_assertion_consumer_service_url_by_binding
[core] adapt lasso_provider_get_assertion_consumer_service_url for SAMLv2
2010-10-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[docs lasso-book] add figures to the tarball
2010-10-06 Jérôme Schneider <jschneider@entrouvert.com>
Add missing include <errno.h>
2010-10-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'hotfixes-2.3.4'
[configure.ac] increment version and libtool version info
2010-10-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[ID-FFv1.2] in lasso_login_process_authn_request_msg() adopt simpler behaviour for checking signatures
There is two sources of advice for signature checking:
AuthnRequestsSigned attribute in service provider metadata files and
value of lasso_profile_get_signature_verify_hint().
If lasso_profile_get_signature_verify_hint() forbid to check signature,
we do not check.
If the SP advise to check signature, we check.
If lasso_profile_get_signature_verify_hint() forces to check signature,
we do not check.
In all other cases we only check if a signature is present, i.e. we
ignore the error LASSO_DS_ERROR_SIGNATURE_NOT_FOUND.
2010-10-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[ID-FFv1.2] make lasso_login_process_authn_request_msg() return LASSO_PROFILE_ERROR_INVALID_MSG if received request is not a lib:AuthnRequest
[SAMLv2] adopt same behaviour as ID-FFv1.2 for invalid AuthnRequest
[SAMLv2&ID-FFv1.2] improve documentation of lasso_login_process_authn_request_msg
[SAMLv2] fix ordering of endpoints
Ordering by binding is wrong, first order by isDefault (as stated in
saml-metadata-2.0.pdf) then by index.
[Core] change isdefault type in EndpointType structure
As integer we can represent the three value of isdefault:
- true
- false
- attribute absent
[docs] update copyright years
2010-10-05 Frédéric Péters <fpeters@entrouvert.com>
[website] "Subversion Status" -> "Git Status"
[website] Only keep two latest news items
[website] Fixed 2.3.3 release date
[website] Update right download box for 2.3.3
[website] Don't duplicate link to git repository in link text
[website] Refer to Git in buildbox title
[website] Updated copyright years
2010-10-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Website] Fix bad date
[Web] chmod +x on convert-to-static.py
[Web] update links for download v2.3.3, add lines to feature matrix
[Web] add news file about 2.3.3
Merge commit 'v2.3.3'
2010-10-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'hotfixes-2.3.3' into release
[Website] add news about 2.3.3 and update doap and main page
[Release] add release notes
2010-10-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] restore setting of SubjectConfirmationData->NotOnOrAfter
This was wrongly removed by me in commit
9d22f29e55524034dfda34c15b76f1b0b78c4413.
This is the responsability of the caller to adjust value on the
Conditions and SubjectConfirmationData independently after.
2010-10-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Binding java] replace use of strcmp by g_strcmp0
[Tests] add annotation to remove compiler warnings
[Core] replace all use of g_strcmp0 by lasso_strisequal and lasso_strisnotequal
Too much human errors with strcmp kind of functions. Also change name os
lasso_is_empty_string to lasso_strisempty.
[Core] add helper API for string comparaison
It should remove most errors when comparing strings.
[SAMLv2] add missing compare to 0 introduced in 7386dc8189
I hate strcmp.
2010-09-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Bindings] change prefix for ignoring soap_binding related files
[SAMLv2] also initialize Destination for response messages
asynchronous bindings needs Destination attribute even for response
messages.
[SAMLv2] when NidPolicy->Format is NULL or unspecified, return transient
Add more default cases.
2010-09-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Tests] update perfs to test each phase of WebSSO separately and use SAMLv2
I removed signature at the message level for the response, it should
simulate apporiately the artifact binding with SSL transport.
[Bindings] restore presence of SOAP nodes
The node to exclude when ID-WSF is disactivated was soap_binding_ ones.
[Core] fix break of lasso_profile_get_request_type_from_soap_msg from commit b9d535625
ManageNameIDRequest is not an ID-WSF kind of request.
2010-09-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Core] add missing annotation to lasso_*_dump functions
The string returned by these functions is newly allocated and must be
freed by the caller.
[ID-WSFv1] fix other misuses of the macro lasso_foreach
[SAMLv2] fix wrong order in use of macro lasso_foreach
The first argument must be the iterator, the second is the iterable.
Also add a non-regression test with Googleapps metadata and and a
typical authn request.
2010-09-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] fix early release of the request when using idp_initiaed login
[SAMLv2] fix memleak of request in lasso_name_id_management_process_request_msg
Add files to .gitignore
[Tests] remove a valgrind suppression on g_log_default_handler
[Tests] add valgrind targets in the Makefile: leakcheck, leakcheck-reachable and massif
[SAMLv2] fix memleak of request in lasso_saml20_login_process_authn_request_msg
[Core] fix leak of provider->private_data->endpoints
[Tests] fix leak of content in test01_server_new
[Tests] fix leak of idpLogoutContext in test04_sso_then_slo_soap
[Core] fix leak of provider->private_data->endpoints
[XML] fix memleak in lasso_node_export_to_soap
[XML] fix memleak of xmlSecKeyMngr when loading a key from a KeyInfo node
[XML] fix memleak in get_xmlNode for LassoSamlp2LogoutRequest
[XML] fix memleak in get_xmlNode for LassoSamlp2Response
[SAMLv2] add missing stack variable initialization
[SAMLv2] fix unused variable warning
[SAMLv2] in profile.c fix uncovered enumeration value in switch
[XML] fix unused variable warnings
[XML] fix mem leak whene releasing CustomElement structures
[Tests] fix mem leaks
[SAMLv2] fix mem leaks
2010-09-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2 NID management] report signature error in response, do not check response signature if forbidden
- build_response_msg will report signature error in response status
code when called without an initialized response (without a call to
validate_request)
- process_response_msg now use
lasso_saml20_profile_check_signature_status to check the signature
status only if permitted.
2010-09-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] move check for signature status to lasso_saml20_build_response_msg
And also handle the signature verification hint. If process_msg fails,
you must just call build_response_msg directly.
Only check the signature on the response if asked, most applications
should not care.
2010-09-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[configure.ac] increment release version and libtool version info
Add files to .gitignore
2010-09-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] apply the LassoProfileVerifySignatureHint when processing requests
The check was missing for processing of logout requests, name id
management request and assertion query responses.
A new internal function lasso_saml20_profile_check_signature_status is
added.
2010-09-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[ID-WSFv1&ID-WSFv2] separate better strings for ID-WSF from other strings
Code in core source file which depend upon ID-WSF symbols have been
conditionalized, and each id-wsf source file now include directly its
need string header.
2010-09-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branches 'master' and 'release' of bdauvergne@xen3.lycope.priv:/var/git/lasso into release
2010-09-08 Frédéric Péters <fpeters@entrouvert.com>
News entry for 2.3.1 & 2.3.2 (combined)
2010-09-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'hotfixes-2.3.2' into develop
Merge branch 'hotfixes-2.3.2'
Increment revision in version
Update files for release 2.3.2
Fix lasso soname change
If new interfaces are added, first and last number must be incremented.
As new enumeration value have been added, this is the case.
Merge commit 'origin/master'
Merge branch 'hotfixes-2.3.1' into develop
Merge branch 'hotfixes-2.3.1'
Update files for release 2.3.1
[SAMLv2] when no artifact message is present, still return a success status
It is mandated by the specification.
2010-09-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Tests integration] fix configuration variable name
2010-09-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Merge branch 'develop' into hotfixes-2.3.1
[Core] fix memory leak in lasso_endpoint_free
[ID-FFv1.2&SAMLv2] add more warning for failure to load metadata file
Report detailf of the failure through warning log.
[SAMLv2] when failing to recreate the content for the ArtefactResponse set a lasso specific status code
2010-09-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] change the way content is stored and loaded for the HTTP-Artifact binding
Previously content was stored as the result of lasso_node_dump method
then reloaded, and then serialized again as part of the ArtifactResponse
message. lasso_node_dump was ignoring all hint to sign node, but keeping
the needed parameters around. That's not what must be done, the
signature should happen at the generation of the artifact and the result
must manipulated as is (i.e. XML content) and never moved back to the
land of LassoNode objects.
Now the content is:
- first removed of any signature at the message level, because the
ArtifactResponse will take care of this, (any signature under this
level (like at the assertion) is kept),
- serialized using lasso_node_export_to_xml,
- reloaded using lasso_xml_parse_memory,
- and put into the ArtifactResponse using a
lasso_misc_text_node_new_with_xml_node.
2010-09-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] make lasso_saml20_profile_generate_artifact a static function
It is only used in lasso/saml-2.0/profile.c anyway.
2010-09-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Core] load signature parameters
Generic signature parameters (attached as qdata to nodes) is now
reloaded when initializing a node from XML for a node type with a
signature snippet in its metadatas.
It fixes the problematic usage of ciphered private keys with the
HTTP-Artifact binding (which needs to keep a copy of the AuthnResponse
around and to sign it later).
2010-09-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Core] add private function to read an integer attribute
This function does integer parsing and range checks, it returns TRUE if
all goes well.
[Core] add LAST enum values to LassoSignatureMethod and LassoSignatureType enumerations
It helps making range checks.
2010-09-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Strings] add string constant for the internal XML attributes used in dumps
Add string constants for signature method, signature type, private key
(file path or content), private key password and certificate (file path
or content).
Add cast for xmlChar constant strings definition in python bindings, it
assumed all constant strings were char*.
2010-08-31 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[DOAP] fix typos
Tags were badly formatted.
2010-08-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] mark Redirect binding as an invalid binding for return AuthnResponse
This is really not supported by the SAMLv2 protocol.
[SAMLv2] fix string in comment
[SAMLv2] replace use of lasso_provider_get_default_name_id_format with direct use of lasso_provider_get_metadata_one_for_role
The first is trying to use provider->role to know which kind of role
descriptor to lookup, but for the server object this field is 0 and when
building authn request we know that we want our default NameIDFormat for
the SP sso descriptor.
2010-08-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] rebuild specialized LassoProvider methods upon new endpoints storage
The new way of storing endpoints allows to keep ordering between
endpoints with respect to the order of the index and isDefault field for
indexed endpoint type, and to the XML node orders for other endpoints.
It also simplifies the code.
2010-08-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Core] add destroy code for new private field endpoints
The contained string must be disallocated if the object is destroyed.
[Core] add structure to store endpoints type for metadata files
This new C structure will allow to filter ID-FFv1.2 and SAMLv2 endpoints
more easily.
[XML] use strtol instead of atoi to parse XSchema integers
This commit also reject negative integers from being parsed (all integers
in SAMLv2 and ID-FFv1.2 schemas are positive integers).
[SAMLv2] when AuthnRequest contains invalid attributes returns INVALID_REQUEST not NO_DEFAULT_ENDPOINT
This is the right status to return.
2010-08-25 Frédéric Péters <fpeters@entrouvert.com>
Fixed underlining of title
2010-08-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Core] fix change of enumeration value
This change broke the API, revert it.
2010-07-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Website] update download link on front page
[Website] fix typos
[Website] fix source and download links
The source repository is now the git repository on dev.entrouvert.org.
Latest source release is 2.3.0. And git browser is included in our
redmine.
2010-07-27 Benjamin Dauvergne <bdauvergne@lupin.entrouvert.com>
[Website] change position of Download block in right bar
[Website] in convert-to-static.py, work around errors in build logs
If Build() constructor fails, keep going.
2010-07-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Website] fix wrong structure for the news file about release 2.3.0
[Website] import convert-to-static.py modification from lupin
[Website] add news file aboute release 2.3.0
2010-07-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Website] fix non escaped ampersand
2010-07-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Release] update libtool version
[Website] update download links
[Release] Update version number from 2.3 to 2.3.0
[Release] update release date in NEWS file
[Release] update ChangeLog
[Release] Lasso 2.3
- update the NEWS file
- add abi-2.3 file
- update DOAP files
- update lasso website template
- add temporary message to download pages, as there are no download
links currently.
[Core] add logos to EXTRA_DIST
[Core] add HACKING to EXTRA_DIST
[Documentation] add missing declaration to lasso-sections.txt
[Tests] change the way tests data is distributed
Instead of using a Makefile.am in each data directory, each data
directoy has been added to the EXTRA_DIST for the parent directory
Makefile.am.
[Core] remove now useless .cvsignore files
[Core] remove now useless .cvsignore files
[Binding perl] move DISCLEANFILES and CLEANFILES outside of the condition clauses
[Tests] move sourceid-2.0beta-data to data directory
[Core] move format-suppressions.py to tools directory
[Core] add README.JAVA and README.WIN32 files to EXTRA_DIST
[Core] complete README.JAVA about later release of gcj
[Core] add lasso.doap to EXTRA_DIST
[Core] add errors.c to EXTRA_DIST
[Core] remove unused build-strerror.pl
[Doc] move style.css to the reference directory, and add it to EXTRA_DIST
[Bindings] improve cleaning and distribution buiding
[Tests java] remove Test.java
Local test file wrongly commited.
[Makefile] add abi to EXTRA_DIST
[Binding perl] add DISTCLEANFILES for Makefile.perl.old file
[Tests] remove debugging printf
[Tests] change the way tests data is distributed
Instead of using a Makefile.am in each data directory, each data
directoy has been added to the EXTRA_DIST for the parent directory
Makefile.am.
2010-07-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Tests] adapt java unit tests to new semantic for list fields
GList fields now return an empty list, not null.
2010-07-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] simplify logic for handling AuthnResponse with binding HTTP-Post
The logic is now simpler:
- first lasso_saml20_profile_process_any_response check the signature
on the message
- then lasso_saml20_login_process_response_status_and_assertion
traverse all the assertions:
- if the message is signed all assertion from the same issuer are
automatically accepted,
- if the message is not signed, or the signature validation failed,
or the assertion has a different issuer than the message, we check
the signature directly on the assertion. If any of the assertions
fails the signature check, the result will be
LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE.
The public field profile->signature_status will contain only the message
level signature status, each assertion signature status is not
accessible. That will change when signature and key handling is
reworked.
2010-07-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Binding perl] fix broken distclean-local target
The TOCOPY files need to be cleaned only for out of source directory
builds.
2010-07-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] comment on SessionIndex support hack
[SAMLv2] remove empty files, wrongly committed
2010-07-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2/SSO] when processing AuthnResponse with binding HTTP-Post only the assertion need to be signed
If the message is signed, the assertion is also covered, but if only the
assertion is signed, there is no error to report. If the caller ask for
forcing the validation of message signature, then we report an error.
This commit also add checking for the binding used, if it is not
HTTP-Post lasso_login_process_authn_response_msg will now report an
error.
2010-07-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Binding java] return empty list for NULL GList value, not null
[ID-FFv1.2] add missing namespace declarations
2010-07-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] add support for encrypted private keys
* support private key with new internal API in signature setting
methods
Plug lasso_node_set_signature into
lasso_profile_saml20_setup_message_signature and
lasso_server_saml2_assertion_setup_signature.
* also use lasso_node_get_signature in has_signature
* add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch
cases
For AuthnResponse checking the semantic is now that if HINT_FORCE is
used we verify message signature *and* assertion signature. If
HINT_MAYBE is used we check the assertion signature if its issuer
differs from the message issuer.
2010-07-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[ID-FFv1.2] move all user of lasso_node_export_to_query to lasso_node_export_to_query_with_password
[Core] Change lasso_apply_signature to use quark stored annotated signature parameters
The node containing signature do not handle the private keys passwords.
As the fields for signature parameters are part of the public ABI we
cannot add the password field to the public structure for those nodes.
Instead we use the new quark annotation accessed through
lasso_node_get/set_signature, and if the sign_type parameter is non-NULL
we use it instead of the parameters stored in the public structure.
This is a gross hack :( but at least it is documented.
[Core] add password parameter to lasso_sign_node
[Code] add a lasso_node_export_to_query_with_password method
[Core] add a password parameter to lasso_query_sign
We force use of the password through a custom OpenSSL password callback.
[Core] dump custom signature parameters in lasso dumps
The signature parameters are serialized as global attributes from the
http://lasso.entrouvert.org/lasso/namespaces/0.0 named:
SignatureType
SignatureMethod
PrivateKey
PrivateKeyPassword
Certificate
[Tests/python] add test case for WebSSO with providers using encrypted keys
[Core] add lasso_node_set_signature and lasso_node_get_signature
Those two methods allows to associate signature parameters to any node.
They keep it inside the CustomElement quark. Using a private structure
may be more performant.
2010-07-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Core] extract signature adding into base class method lasso_node_get_xmlNode
In order to permit subclass to modify the base xmlNode created by
lasso_node_impl_get_xmlNode we must defer the concrete to the virtual
method wrapper, lasso_node_get_xmlNode.
To do that it whas needed to make id_attribute another virtual field of
LassoNode subclasses (it can be accessed through an offset registered in
the class object).
This commit solves signature validation error since the patch for
managing more than one SessionIndex element in samlp2:LogoutRequest.
It also factorize the creation of signatures in one place.
2010-07-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[SAMLv2] if service provider supports logout, add a SessionIndex from the assertion ID
The standard mandate to provide a SessionIndex to service provider
advertaising their support of the logout profile. We follow the
convention of using the assertion ID as a SessionIndex.
[Tests] add a sso then slo soap test
[Core] lasso_check_version does not return a proper error code
lasso_check_version returns 0, 1 or -1 and one is not a proper error
code, so the original int return type is kept.
[Bindings] make is_rc only check for lasso_error_t type
[Bindings php5] simplify is_object in php_code.py
[Core] change return type of all error returning methods
The new return type is lasso_error_t, it should allow to pinpoint easily
methods returning an error code in bindings.
[Bindings java] use is_int instead of custom methods or code
[Bindings perl] add lasso_errot_t to type to map to T_IV typemap (integer types)
[Bindings] add lasso_error_t to return code types
[Binding java] use is_rc to match error return type
[Binding php5] use is_rc to match error return type
[Core] add lasso_error_t to list of integer types
[Core] add a lasso_error_t typedef
This typedef will serve to mark error returning methods.
The ctypes.h header piggyback on export.h to be included in all public
headers.
2010-07-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Provider] Fix loading of provider without a public key
This commit also emit propre warning when loading fails for a provider
*with* a public key.
[Python binding] do not throw lasso.Error for python exceptions
2010-06-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Perl binding] make include from $(srcdir) works in Perl binding
[Bindings] accept simple string in string<->xmlNode converter
Some use case ask for passing simple libxml content node (i.e just an
UTF-8 string) when a method argument or a field of the xmlNode* type.
This commit add a static method in bindings/utils.c named
lasso_string_fragment_to_xmlnode which does this transform by trying to
parse an XML document then by trying to parse a well balanced XML
fragment of only one node (if there is more than one node such as in the
string " xxx <tag/> yyy ", we free the node list and return NULL).
[Core] add macro to release an xmlNodeList object
[ID-WSF2] add idwsf2 test script to test suite
Re-activate ID-WSF 2.0 test script. Fix problem with provider issuing
assertion role. Need to be fixed more generally in the future.
[Core] add macro to release GList of xmlNodeList
[Core] add macros to manipulate xmlNodeList and GList of xmlNodeList
The method to copy them is xmlCopyNodeList and not xmlCopyNode, so we
need another set of macros.
Merge branch 'issue-101'
Merge branch 'issue-88'
Merge branch 'issue-86'
2010-06-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[Tests/integration] add G_DEBUG=gc-friendly env. var to valgrind-wrapper
It should improve valgrind ability to trace memory origin.
2010-06-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
[XML] in lasso_node_export_to_paos_request check return value of lasso_node_get_xmlNode
[XML] in _lasso_node_export_to_base64 check return value of lasso_node_export_to_xml
[XML] in _lasso_node_export_to_xml check return value of lasso_node_get_xmlNode
2010-06-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Comment out custom silent rules if automake < 1.11
[Core] do not ignore keep_xmlnode flag inherited from parent classes
We only looked to the keep_xmlnode flag in the node data of the top
level class, but any parent class can set this flag and in this case we
must honor it too.
2010-06-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Test: add non regression test for reloading a server dump with encrypted keys
2010-06-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: when reloading a dump, use the signing private key password for loading the encryption private key
We currently do not store the encryption private key, instead on reload
of a dump, we try to use the signing private key as the encryption
private key. But we forgot to use the stored private key password.
That's now fixed.
Next step would be to keep the encryption private key around also.
2010-06-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Binding python: fix freeing of list return values for methods with the transfer full flag
The output 'print' were missing, oups :(
2010-06-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Binding python: find a work around for random behaviour of PyImport_ImportModule
* it seems that PyImport_ImportModule is not deterministic. Sometimes it
returns True for modules which we know are present ('logging').
Importing 'sys' first seems to make 'logging' accessible (complete
cargo cult programming).
Core: move logging function and macros to their own module, adapt perl binding
Core: move lasso_strerror declaration to errors.h
add .gitignore file
Tools: add check-makefile.sh script to tools
add abi file for 2.2.91
Tests: add idp6-saml2 data
Test: add python test for attribute requesting
* What's tested:
- request initialization
- adding attribute designators
- building the request message
- processing the request message
- accepting the request
- adding assertion with attributes
- signing the assertion
- building the response
- parsing the response
SAMLv2: rename lasso_saml2_name_id_build_persistent to lasso_saml2_name_id_new_with_persistent_format
* keep the old one for compatibility
* new one will be picked by bindings as a constructor
SAMLv2: when initializing signture on assertion, setup an ID if there is none
* without the ID lasso refuse to sign (it's mandatory)
SAMLv2: in lasso_assertion_query_build_request_msg setup nameid
* lasso_profile_get_nameIdentifier does not return profile->nameIdentifier
,
so we first try to use profile->nameIdentifier and if it is NULL we use
lasso_profile_get_nameIdentifier.
Binding python: fix bad refcounting in get_logger and lasso_python_log
2010-06-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: update lasso_iso_8601_gmt_to_time_t to support milliseconds
* We now support the two possible formats for xsdtime XSchema datatype:
- dddd-dd-ddTdd:dd:ddZ
- dddd-dd-ddTdd:dd:dd.d*Z
Where d denotes a digit, and * is the kleene star.
XSD datetime also supports negative years, but as we cannot represent
them with time_t, we can reject it at the lexical level.
2010-06-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Documentation: add new AssertionQuery methods to documentation
Tests: new python test for setEncryptionPrivateKeyWithPassword
Fix long lines in lasso/id-ff/server.c
Core: add method lasso_server_set_encryption_private_key_with_password
* fixes #91.
SAMLv2: add new methods to class LassoAssertionQuery
* lasso_assertion_query_add_attribute_request:
helper to setup request attribute for AttributeQuery messages.
* lasso_assertion_query_get_request_type:
method to find the type of the last received query.
* fixes #90
SAMLv2: fix initialization of subject in lasso_assertion_query_build_request_msg
Import tools in utils.h
Fix collision between defined symbols in tools.h and private.h
Binding python: if lasso.logger exists use it for logging
* There is now two paths to get a logger in the python binding:
- first try to get an objet from lasso.logger
- if it doesn't exist or is None, the try logging.getLogger('lasso')
2010-06-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Change all logging to use message()
Core: in xml error message handler, escape messages to fit on one line
Core: remove arrow in log messages
Binding python: call lasso_init() first in init_lasso()
Binding python: add GLog handler to redirect logs to Python logger named "lasso"
* fixes #20
Utils: add function to extract/create node in lists
* lasso_extract_gtype_from_list_or_new will help for method with create
or extend nodes in lists.
2010-06-09 Frederic Peters <fpeters@entrouvert.com>
Add new lasso_log_set_handler and lasso_log_remove_handler functions
They are modeled around the g_log... functions of GLib, they just don't
have a domain parameter.
2010-06-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Binding perl: fix test so that it does not raise on add_provider
Bindings: keep retro compatibility for member field names
* Special kludge price go to PHP:
methods name are insensitive so nothing to do here, BUT, if you use
getters/setters then your objects fields can be case insensitive too
;-) (DNS, dns, DnS, dNs all maps to get_dns ).
Bindings: fix camelcasing of id fields
SAMLv2: make role checking inactive for LassoServer
* LassoServer have no role defined, so checking breaks loading of
metadata for LassoServer.
ID-FFv1.2: for idp initiated sso accept any nameIdPolicy
* IdP initiated SSO can be of any kind, no need to limit it.
2010-06-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: add checks for proper loading of role descriptors
* remove warning for descriptors supporting non SAML 2.0 protocols
* checks that at least one descriptor was loaded and that it was for
our assigned role.
SAMLv2: fix error in naming of function in the documentation
2010-05-31 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAMLv2: remove HTTP-Redirect as right binding for AssertionConsumer
SAMLv2: fix bug giving UnuspportedProfile for SingleSignOn with HTTP-POST
* The string constant in lasso_saml20_provider_accept_http_method was
HTTP-Post instead of HTTP-POST.
Core: fix extraction of relaystate when URLs contains only one kind of separators
Integration test: adapt to new behaviour for federation termination
SAMLv2: simplify lasso_saml20_provider_accept_http_method by only checking for remote provider support
* Whatever we do, with asyncrhonous bindings the remote provider can
return the response with any asynchronous binding.
SAML 2.0: in lasso_login_build_assertion set conditions time limit, no SubjectConfirmationData limits
SAML 2.0: in lasso_login_build_assertion do not conflate sessionNotOnOrAfter with assertion condition notOnOrAfter
2010-05-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Website: add quicklinks for download links
Change VCS viewer link to point toward the redmine browser
SAMLv2: conflate Responder and Requester when checking second level status code
* lasso/saml-2.0/login.c:
I'm not sure that most IdP really make the semantic distinction
between those two first level status codes, so just conflate them.
SAMLv2: remove warning message for invalid signature on AuthnResponse messages
* lasso/saml-2.0/login.c:
we already return an error, no need to clutter the output with
warning messages.
2010-05-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Website: add a link to a tarball of the documentation extracted from the SVN
2010-05-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0 Helper: add lasso_saml2_assertion_set_one_time_use
Fix bad initialization of an rc field from revision 4837
Change <p> tags to <para>
Add a lasso_profile_get_signature_status method
2010-04-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Initialize all uninitialized rc variables
Test: only test custom namespace if ID-WSF is enabled
2010-04-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
in lasso_idwsf2_data_service_build_response_msg, allows SOAPFault as responses
Fix uninitialized local variable
in lasso_session_count_assertions, do not emit warning if session is not an object
SAML 2.0: always restart initial request processing in lasso_logout_build_response_msg
* Does it also in process_response_msg if no more assertions are
present.
* Take into account that lasso_saml20_profile_process_any_response
already check for the status code, and so specify finer error code in
the cleanup code.
SAML 2.0: fix lasso_saml20_provider_get_first_http_method
* LassoServer object can have many roles, use the default role of the
remote provider to decide on which to assume.
SAML 2.0 Logout: in init_request, remove the assertion anyway
* lasso/saml-2.0/logout.c:
when initiating a logout, if no problem is found, remove the assertion.
you can always continue by changing profile->http_request_method to
SOAP for example and redo a build_request_msg.
SAML 2.0: lasso_saml20_profile_process_any_response_msg, change status code checking
2010-04-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: lasso_logout_build_response_msg, just verify there is saved data from a previous request before switching them
* lasso/saml-2.0/logout.c:
There is no need to check what the previous remote provider ID was,
just that initial_remote_providerID is not NULL in order to switch
request, response and remote_providerID.
Fix wrong change g_free -> lasso_release inside example code
Provider: fix problem when reusing the same lists nodes in Descriptors
Improve safety by replacing all g_hash_table_destroy use by lasso_release_ghashtable
Improve safety by replacing all g_list_free use by lasso_release_list
Improve safety by replacing all g_string_free use by lasso_release_gstring
Improve safety by replacing all g_free use by lasso_release
Start an example listing for an IdP SingleSignOn endpoint
Free xmlSecKey
Fix potential SEGFAULT in _lasso_node_free_custom_element
Utils: add lasso_assign_list
Add lasso_release_gstring
Utils: add lasso_release_ghashtable
SAML 2.0 Profile: remove unused must_sign variable
First try to check that objects are fully functionals before proceeding
Fix potential SEGFAULT of an unknown provider
2010-04-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: in lasso_saml20_process_federation, only handle the case of PERSISTENT format
* lasso/saml-2.0/login.c:
in lasso_saml20_process_federation:
- if no name id format can be found by the request, use the default from
the metadata file (first declared NameIDFormat)
- instead of checking if format is TRANSIENT, check if it is PERSISTENT,
and proceed with the federation, if not just return 0.
- return LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER instead of
LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
- in any case, check for consent.
SAML 2.0: in lasso_saml20_login_validate_request, do not check signature if not necessary
SAML 2.0: find binding when only AssertionConsumerServiceURL is set, do not check signature on request if asked
SAML 2.0: add internal method to retrieve the binding for an URL
Login: add internal function _lasso_login_must_verify_*signature
2010-04-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Login: remove symbol markers in example code
Fix documentation problems
2010-04-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Ameliorate support for lasso_profile_set_signature_verify_hint
* lasso/id-ff/profile.h:
- add end symbol for enum LassoProfileSignatureVerifyHint
* lasso/id-ff/profile.c:
- fix documentation of lasso_profile_set_signature_verify_hint
- do not allow to set or return invalid value for the
signature_verify_hint attribute.
* lasso/saml-2.0/login.c:
- handle new enum value
* lasso/saml-2.0/profile.c:
- handle new enum value
- fix missing catch of signature error reporting when
signature_verify_hint is IGNORE.
* docs/reference/lasso/lasso-sections.txt:
- export enums LassoProfileSignatureHint and
LassoProfileSignatureVerifyHint
* tests/metadata_tests.c:
- fix test of all Role enumerations
2010-04-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Revert "Core: add XML schemas for SAML 2.0"
This reverts commit 5250c2c89e3983189a3c52cd85ad221ff7b6f64b.
SAML 2.0: add Destination attribute to requests
* lasso/saml-2.0/profile.c:
this change make Lasso respect paragraphs 3.4.5.2 (HTTP-Redirect
binding securit considerations ) and 3.5.5.2 (the same for HTTP-Post)
of the saml-bindings-2.0-os.pdf document, and should allow our Authn
Requests to be accepted by shiboleth IdP.
Tools: add usage statement to check-lasso-sections.py
Docs: add/remove symbols from lasso-sections.txt
ID-WSF 2.0 DST: make lasso_idwsf2_data_service_set_status_code works event if no response is initialized
Tests: add tests for custom namespace functions
ID-FF 1.2 & SAML 2.0: factorize access to role prefix
Tests: make role descriptor loading test less verbose
* tests/metadata_tests.c:
remove printf, add checks
Tests: show actual value in check_equals test macro
XML: add custom namespace definition handling
SAML 2.0: fix default assertion consumer handling when isDefault is missing
* if no default_assertion_consumer value is set after traversing the
list of endpoint, try to find the first one without isDefault="false"
and finally take the first one.
SAML 2.0: fix default assertion consumer handling
* the default one is the first with the attribute isDefault not the
last.
Binding python tests: update idwsf1 to explicitely register PP10 HREF
Binding python: update idwsf2 test for method change dst.initResponse -> validateRequest
XML: do not register any DST namespace by default
XML: add a SNIPPET_COLLECT_NAMESPACES snippet to DstRefResultQuery
ID-WSF 2.0 Data Service: new accessor, fix use of build_unique_id, change init_response to validate_request
Core: add a SNIPPET_COLLECT_NAMESPACE snippet type
* lasso/xml/private.h lasso/xml/xml.c:
add a new primary XmlSnippet type for collecting all namespace
declaration, following parent relation on current node or one of the
child nodes.
Binding python: fix use of raise_on_rc, simplift Node.__setstate__
Revert "Make lasso_node_get_xmlNode return original_xmlnode if there is one"
This reverts commit dfd8f21ab27d2b25a67a52aadd9d4cdce20ebda5.
Binding python: for empty GList return empty tuples, not None
Docs: remove from documentation comments characters outside ASCII for python bindings
Fix return path in lasso_saml20_process_any_response for signatures checking
fix documentation of lasso_node_debug
Make lasso_node_get_xmlNode return original_xmlnode if there is one
* lasso/xml/xml.c:
this change allow session to contain exact copy of received assertion
(and not the one lacking signatures) and also to put those assertions
directly into message, for example as ID-WSF credentials.
But it could have side effect, so for now I will no merge it.
2010-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
update documentation of lasso_login_build_authn_response_msg
update documentation of lasso_login_build_authn_request_msg
improve documentation of lasso_login_build_artifact_msg
use lasso_release_gobject in lasso_login_destroy
update lasso_login_accept_sso documentation
ID-FF&SAML2: complete documentation of lasso_login_build_assertion
Make multiple include loading work in lasso/backward_comp.h
* lasso/backward_comp.h
add missing BACKWARD_COMP_H define.
Binding python: fix test file
SAML 2.0&ID-FF 1.2: simplify and complete metadata loading for multi-role support
Core: add XML schemas for SAML 2.0
Doc: add all missing methods to documentation section file
* add missing LASSO_EXPORT too for functions already present in the
documentation, but not exported previously.
Tools: add script to check for missing functions in lasso-sections.txt
XML: in lasso_node_build_xmlNode_from_snippets only set child name if SNIPPET is not of ANY type
Core: add lasso_set_string_from_prop(char**,xmlNode*,..) function
Core: add method to check whether we are IdP or SP of another provider
* lasso/id-ff/profile.{c,h}:
the method lasso_profile_sso_role_with, evaluate using the current
LassoIdentity content if we are in a relation of IdP or SP toward
another provider. This is based on the existence of a federation with
this provider.
SAML 2.0: add attribute profiles strings
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
XML: add support for setting attribute in any namespace using element tree syntax
Support SignatureVerifyHint in SAML 2.0 SSO profile and common message handling
Add signature_verify_hint accessor methods to LassoProfile
* lasso/id-ff/profile.{c,h}:
add a LassoProfileSignatureVerifyHint enumeration and two accessor
methods:
- lasso_profile_get_signature_verify_hint
- lasso_profile_set_signature_verify_hint
* lasso/id-ff/profileprivate.h:
add private field signature_verify_hint.
Bindings: fix parsing of camelcased ident (Samlp2IDPList -> samlp2,idp,list)
Binding python: fix problem of classes without an initializer
Tests: add macros to test for string equality
Tests: in SAML 2.0 tests, use more check_ macros
Tests: add macros check_equals and check_not_equals
Core: change GObjectAnnotation of lasso_node_export_to_query to state that private_key_file is optional
SAML 2.0 XML: add header listing strings from XML schema
2010-03-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: fix uninitialized variable
ID-WSF 1.0: fix bad header name in all inclusive header lasso/id-wsf/id_wsf.h
2010-03-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Binding PHP5 tests: fix assertion dump test
XML: move registry mapping into the *_get_type() functions
* lassoxml/disco_send_single_logout.c:
* lassoxml/id-wsf-2.0/sb2_user_interaction_header.c:
* lassoxml/id-wsf-2.0/subsref_app_data.c:
* lassoxml/lib_assertion.c:
* lassoxml/saml-2.0/saml2_condition_abstract.c:
* lassoxml/saml-2.0/saml2_encrypted_element.c:
* lassoxml/ws/wsa_attributed_uri.c:
* lassoxml/ws/wsa_endpoint_reference.c:
class_init is only called the first time an object of the given type
is created, registry mappings must exist before this time, so I moved
the registration code to the _get_type() functions.
Core: add a level argument to lasso_node_debug
ID-WSF 2.0: add lasso_soap_envelope_set_relates_to method
Core: add macro to remove gobject from lists
2010-03-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: export lasso_build_unique_id into public API
* lasso/xml/tools.h:
add new header to export lasso_build_unique_id as a public API.
* lasso/xml/Makefile.am:
add tools.h to header list
* lasso/xml/tools.c:
add GObjectIntrospection annotations to exported functions.
2010-03-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: change error code for empty ArtifactResolve response to LASSO_PROFILE_ERROR_MISSING_RESPONSE
Bindings java: do not mask errors from the code generator
Core: add an helper method to build a SOAP response in a LassoProfile object
* lasso/id-ff/profile.{c,h}:
add lasso_profile_add_soap_fault_response(char* code, char *string,
GList *details).
* lasso/id-wsf-2.0/profile.{c,h}:
change signature of lasso_idwsf2_profile_init_soap_fault_response.
* lasso/id-wsf-2.0/data_service.c:
use new function instead of manually intializing soap faults
* lasso/id-wsf-2.0/discovery.c:
init a soap fault when parsed request is of an unknown type, return
proper error.
ID-WSF 2.0 python tests: finish tests for new ID-WSF 2.0 API
* bindings/python/tests/idwsf2_tests.py:
all Discovery service request types are tested, and Data Service
query is tested as well. Data Service testing and API should more
tested, especially failure cases.
ID-WSF 2.0: add service type to response, parse response before using it
Core: in xml_insure_namespace do not segfault if ns is NULL
Binding python: accept a functio as setter, if it has only two arguments
ID-WSF 2.0: in lasso_idwsf2_get_name_identifier, use lasso_saml2_assertion_decrypt_subject
ID-WSF 2.0: in lasso_idwsf2_profile_check_security_mechanism, add common logic for SAML 2.0 secmech, check for presence of a server object,
ID-WSF 2.0: fix MDAssociationQueryResponse handling
* lasso/id-wsf-2.0/discovery.c:
- in lasso_idwsf2_discovery_validate_request, use svcmdids to
intialize response to MSAssociationQuery requests.
- in lasso_idwsf2_discovery_process_response_msg, extract received
svcmdids; use lasso_check_good_rc when needed.
ID-WSF 2.0: change signature of lasso_idwsf2_discovery_add_identity_to_epr
* lasso/id-wsf-2.0/discovery.c:
- in lasso_idwsf2_discovery_add_identity_to_epr, receive an Epr
instead of an EprMetadata node, and use
lasso_wsa_endpoint_reference_add_security_token to add the
assertion token instead of duplicating this logic.
- in lasso_idwsf2_discovery_build_epr change the call site.
ID-WSF 2.0: fix documentation of lasso_idwsf2_data_service_build_request_msg
SAML 2.0: in lasso_saml2_assertion_get_issuer_provider, check type of server argument
Core: add do/while(0) around block of goto_cleanup_with_rc
Core: add PROFILE errors around assertion validation
* lasso/errors.c lasso/errors.h:
- add errors concerning invalid assertion, assertion with invalid
conditions, unknown issuers, or when the issuer is not a provider
we marked as an IdP.
- add error for missing sender id in an ID-WSF message.
Core: add a level argument to lasso_xmlnode_to_string and _lasso_node_export_to_xml
2010-02-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Binding perl: add support for out parameters
* bindings/perl/lang.py:
support GObject out parameters.
SAML 2.0: LassoSaml2ConditionAbstract does not match its element name anymore, add a registry mapping
* lasso/xml/saml-2.0/saml2_condition_abstract.c:
last commit to this file changed the element name from
ConditionAbstract to Condition so the XML parser cannot find the
corresponding GObject class anymore.
SAML 2.0: add more accessors for Conditions
* lasso/saml-2.0/saml2_helper.{c,h}:
distribute code from lasso_saml2_assertion_validate_conditions to
lasso_saml2_assertion_validate_time_checks and
lasso_saml2_assertion_validate_audience.
add lasso_saml2_assertion_allows_proxying and
lasso_saml2_assertion_allows_proxying_to, to respectively check for
proxying of the current assertion, and for proxying to a specific
provider (you must call both of them to test completely the proxying
status of an assertion).
* docs/reference/lasso/lasso-sections.txt:
reference new functions into documentation.
Bindings python: use more accessors from utils.py
* binings/python/lang.py: remove direct access to type tuples in favor
of using accesors from utils.py.
Bindings: make is_int more robust, and fix remove_modifiers
Bindings php5: use accessort from bindings/utils.py
* bindings/php5/wrapper_source.py:
do not handle 'type/variable' tuple directly, use accessors.
Binding python: add pickling support to LassoNode
* bindings/python/lang.py:
support pickling protocol methods __getstate__ and __setstate__
leveraging the lasso_node_dump and lasso_node_new_from_dump methods
from Lasso.
Add lasso_string_to_xsd_integer, to parse xsd:integer values
SAML 2.0: fix bad name of Condition element, keep xmlNode as it is abstract
* lasso/xml/saml-2.0/saml2_condition_abstract.c:
saml2:Condition is an element whose type is abstract, it must be used
as an extension point helped by the xsi:type field. As the content is
unknown before hand we must keep the original xmlNode for later
analysis.
Bindings python tests: update idwsf2_tests.py
Bindings: in utils.py, make clean_type handle None value
ID-WSF 2.0: reorganize EPR minting, add a process_request method to disco service
* data_service.c:
remove dependency on discovery.h
* discovery.{c,h}:
- add a lasso_idwsf2_discovery_process_request_msg to extract request
data before validate request (SvcMDID, SvcMD or RequestService).
- store SvcMDID in a private field, add a setter for it.
- SvcMDID is now used for building response to MDAssociationQuery and
parsing request for MDQuery, MDDelete, MDAssociationAdd and
MDAssociationDelete.
* idwsf2_helper.{c,h}:
- change security mechanism argument of
lasso_wsa_endpoint_reference_add_security_token from a NULL
terminated string array to a GList.
* saml2_login.{c,h}:
- add a lasso_server_create_assertion_as_idwsf2_security_token for
minting assertion for ID-WSF 2.0 security, to be used in Discovery
bootstap EPR creation and EPR minting for Discovery service Query
responses.
- add a lasso_saml2_assertion_get_discovery_bootstrap_epr, and
rewirte lasso_login_idwsf2_get_discovery_bootstrap_epr to use it.
- make lasso_login_idwsf2_add_discovery_bootstrap_epr accept a list
of security mechanisms, not just one.
* tests/idwsf2_tests.c:
- adapt to new argument type of
lasso_login_idwsf2_add_discovery_bootstrap_epr.
Core: add new example to LassoLogout for asynchronous response handling
Support multiline error messages in build_strerror.py
SAML 2.0: add lasso_saml2_encrypted_element_server_decrypt and lasso_saml2_assertion_decrypt_subject
Fix idp5-saml2 metadatas
* tests/data/idp5-saml2/metadata.xml:
we do not have the private key for the encryption public key, so I
copied the signing public key.
Fix lasso_extract_gobject_from_list
2010-02-21 Mikael Ates <mates@entrouvert.com>
2010-02-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Documentation: add example to LassoLogout, fix bad markup in id-wsf-2.0/profile.c
ID-WSF 2.0: also check sender match assertion in lasso_idwsf2_profile_check_security_mechanism
* lasso/id-wsf-2.0/profile.c:
for BEARER mechanism, also check that the SPNameQualifier of the
Subject match the Sender of the request.
ID-WSF 2.0: add lasso_idwsf2_discovery_get_svcmdids to public API
Tests integration: force C locale
* tests/integration/saml2/__init__.py:
authentic now use 'system locale' by default, so force C locale to
get english IHM string to make twill happy.
SAML 2.0: if assertion possess a signed original_xmlnode return it instead of using get_xmlNode
* lasso/xml/saml-2.0/saml2_assertion.c:
assertion in lasso when read are not usable anymore because the
signature is lost, this commit allows to keep assertion unaltered
after reading them if they contained a top level signature (a
signature contained in the Assertion node).
This is useful for reusing assertion kept in a LassoSession object
and for using assertion as security token for ID-WSF.
Core: use lasso_xmlnode_to_string in LassoNode export functions
* lasso/xml/xml.c:
remove duplicate codes and use lasso_xmlnode_to_string instead.
Current state of ID-WSF 2.0 python test
Binding php5: fix generation of list freeing
* bindings/php5/wrapper_source.py:
free_glist wants a GList** as first argument.
Core: add a lasso_xmlnode_to_string function
* lasso/xml/tools.c lasso/xml/private.h:
lots of functions duplicate this code, so we factorized it there.
It has two parameters, the xmlnode and boolean deciding whether to
format the resulting content (good for reading but bad for
signatures).
SAML 2.0: in lasso_saml20_profile_set_session_from_dump_decrypt, really decrypt
* lasso/saml-2.0/profile.c:
dump for already signed assertion containing an EncryptedID as
Subject does not work as before, the decrypted NameID is no more
included in it, so instead of trying to plug it in the NameID field
we resort to really deciphering the EncryptedID.
That could be a performance problem if the session object is stuffed
with a lot of assertions.
Current state of idwsf2 tests
ID-WSF 2.0: fix loading of LassoIdWsf2Discovery dumps
Core: add error exit to lasso_node_new_from_xmlNode
* lasso/xml/xml.c:
if building of the node fails, we must keep the initialization of
custom nodename and namespace.
Binding python: simplify special constructor, use cptrToPy
ID-WSF 2.0: make lasso_idwsf2_profile_redirect_user_for_interaction add the transactionID to the URL
* lasso/id-wsf-2.0/profile.c:
simplify use of lasso_idwsf2_profile_redirect_user_for_interaction by
directly adding the ID of the SOAP response message to the URL.
Report an error if no MessageID can be found.
ID-WSF 2.0: rewrite and document lasso_soap_envelope_sb2_get_redirect_request_url
* lasso/id-wsf-2.0/soap_binding.{c,h}:
fix error in conception of
lasso_soap_envelope_sb2_get_redirect_request_url, RedirectRequest is
part of a SOAP fault not the headers.
Explain in the documentation how to use the RedirectRequest URL.
Change the return type to a const string.
ID-WSF 2.0: add a method to retrieve/create a SOAP Fault to SOAP binding module
* lasso/id-wsf-2.0/soap_binding.{c,h}:
add method lasso_soap_envelope_get_soap_fault which returns/create
the first SOAP fault inside the body of the SOAP envelope.
Binding python tests: adapt test to use TOP_SRCDIR env var
Binding python: factorize value freeing generation code
* lasso/python/lang.py:
extract value freeing generation code to method free_value,
add proper liberation of values at exit of wrapper functions, remove
g_free call from return_value generated code.
Core: add missing return value owner semantic annotations to getters
* lasso/id-ff/provider.c:
fix lasso_provider_get_base64_succinct_id, it returned a libxml
string, copy it with g_strdup before releasing it to stay with GLib
allocated string in return values.
Core: add annotation to getter function about return value owner semantic
* lasso/id-ff/identity.c lasso/id-ff/profile.c:
precise owner semantic of lasso_profile_get_identity,
lasso_profile_get_session, lasso_profile_get_server
* lasso/id-wsf-2.0/saml2_login.c tests/login_tests_saml2.c:
in the same vein add missing release of assertion returned by
lasso_login_get_assertion which return a caller owned object.
ID-WSF 2.0: make lasso_idwsf2_profile_redirect_user_for_interaction choke on missing redirect property on UserInteraction header
* lasso/id-wsf-2.0/profile.c:
if redirect boolean property is false, refuse to return a redirect
request.
automatically create a SOAP fault to signal to the requester that it
needs to support interaction via redirect.
ID-WSF 2.0: add error code signaling that the requester does not support redirect request
* lasso/errors.c lasso/errors.h:
add
LASSO_WSF_PROFILE_ERROR_REDIRECT_REQUEST_UNSUPPORTED_BY_REQUESTER.
ID-WSF 2.0: add a create arg to lasso_soap_envelope_get_sb2_user_interaction_header, add it to public API
ID-WSF 2.0: fix lots of bad usage of g_strcmp0
* lasso/id-wsf-2.0/idwsf2_helper.c lasso/id-wsf-2.0/soap_binding.c
lasso/id-wsf/data_service.:
add missing check for the return value of strcmp, maybe we need a
macro like lasso_strequal.
Tests: in login_tests_saml2.c, add test for lasso_saml2_assertion_validate_conditions
in idwsf2_tests.py, merge test case for metadata registering, add test case for failure
Bindings: parse defines refering to other defines
* bindings/bindings.py:
Allow to build constants using other constants (prefix string), the
constant type is retrieved from the prefix existing record.
in tools.c, add defines to permit import of timegm
SAML 2.0: make lasso_saml2_assertion_validate_conditions really work
Core: fix lasso_iso_8601_gmt_to_time_t, use timegm instead of mktime
* lasso/xml/tools.c:
mktime convert works on local time, we need timegm to work with GMT
time.
ID-WSF 2.0: add strings for Discovery service Actions
ID-WSF 2.0: add serialization code for private properties of LassoIdWsf2Profile
ID-WSF 2.0: fix missing initialization of request field in lasso_idwsf2_discovery_validate_md_register
ID-WSF 2.0 Documentation: update lasso-sections.txt with LassoIdWsf2Profile methods
ID-WSF 2.0: fix lasso_idwsf2_discovery_add_simple_service_metadata
* lasso/id-wsf-2.0/discovery.c:
options is a string list, and security_mech_ids too, so employ the
corresponding macros.
Core: in utils.h, use a temporary to store reference to freed list
ID-WSF 2.0: in lasso_idwsf2_discovery_status2rc, check second level status code too
Website: add a link to the developement version documentation
2010-02-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Binding python: fix leak in string getters
SAML 2.0: fix documentation of lasso_saml2_assertion_validate_conditions
Add signature on EPR secur token
Bindings python: udpate id-wsf 2.0 test file
* bindings/python/tests/idwsf2_tests.py:
Disco Service registering is working, it now needs a bootstrap epr in
all case (before registering could be done without signatures).
ID-WSF 2.0: add signature to Disco produced EPR SAML 2.0 security tokens
ID-WSF 2.0: in lasso_idwsf2_profile_build_request_msg, properly handle the security token
* lasso/id-wsf-2.0/profile.c:
security token is a signed assertion by an IdP or a discovery
service, we must keep as is, that is with the signature, in order to
do that we extract the original xmlNode from the assertion and embed
it in the new message using a LassoMiscTextNode.
ID-WSF 2.0: in lasso_login_idwsf2_get_discovery_bootstrap_epr, better handle attribute content
* lasso/id-wsf-2.0/saml2_login.c:
LassoSaml2AttributeValue can contain many children, so traverse them
all to find the firs LassoWsAddrEndpointReference among them.
ID-WSF 2.0: in lasso_login_idwsf2_add_discovery_bootstrap_epr, initialize ID and Issuer property on bootstrap assertion.
* lasso/id-wsf-2.0/saml2_login.c:
initialization of ID and Issuer properties was missing.
Core: in lasso_verify_signature, fix conditional about single reference
* lasso/xml/toosl.c:
verify that reference is unique if NO_SINGLE_REFERENCE is disabled.
SAML 2.0: in saml2_helper.c, better check issuer element and also test the LassoServer object for issuance, lasso_saml2_assertion_get_issuer_provider
ID-WSF 2.0: in lasso_wsa_endpoint_reference_new_for_idwsf2_service, do not forget to add metadata to epr, fill usage property of token
* lasso/id-wsf-2.0/idwsf2_helper.c:
add missing initialization code.
ID-WSF 2.0: fix bad type checking in lasso_wsa_endpoint_reference_get_idwsf2_security_context_for_security_mechanism
* lasso/id-wsf-2.0/idwsf2_helper.c:
SecurityMechID is a list of strings not LassoMiscTextNode.
ID-WSF 2.0: fix bad conditionnal in lasso_idwsf2_discovery_process_metadata_register_response_msg
* lasso/id-wsf-2.0/discovery.c:
fix check in
lasso_idwsf2_discovery_process_metadata_register_response_msg
fix duplication of service metadatas inside private list of service
metadatas.
in server.c, fix missing loading of public keys in constructors
* lasso/id-ff/server.c:
constructor for LassoProvider load public keys but they are not
called by LassoServer constructors, so we have to explicitely
duplicate calls to lasso_provider_load_public_keys.
ID-WSF 2.0: moved strings to their own header
2010-02-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add saml2_strings.h to dist
Bindings python: remove default argument if there is parameters without default argument following
Use defined symbols instead of magic constants
Add LASSO_SAML2_FIELD_ENCODING
* lasso/xml/saml-2.0/saml2_strings.h:
add another field name from SAML 2.0 specifications.
Fix lasso_get_relaystate_from_query, support semi-colon and parameter at beginning
* lasso/xml/tools.c:
getting first parameter was broken (query_string does not contain '?'
at the beginning) and semi-colon support was missing.
2010-02-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Documentation: fix typos in saml2_strings.h documentation, add new string symbols to lasso-sections.txt
SAML 2.0: move SAML 2.0 strings to their own header, add documentation
* lasso/xml/strings.h:
remove SAML 2.0 strings
* lasso/xml/saml-2.0/saml2_strings.h:
move them here, document useful ones.
Documentation: document LsasoSamlp2NameIDPolicy
Documentation: complete non finished documentation comments
* too much warnings when generating doc, now we can concentrate on
undocumented symbols (in
lasso/docs/reference/lasso/lasso-undocumented.txt).
Bindings perl: prevent unused functio warning for array_to_glist_gobject
Tests perl: raise number of tests
Docs: reorder sections in chapter "Lasso Architecture"
SAML 2.0: separate lasso_saml20_login_process_response_status_and_assertion into multiple functions
* lasso/saml-2.0/login.c:
in lasso_saml20_login_process_response_status_and_assertion, extract assertion
decryption, and issuer checking into their own function.
SAML 2.0: when verifying query signature, do not presume order of field and separator
* lasso/xml/tools.c:
in lasso_saml2_verify_query_signature, extract needed field and order
them appropriately before computing digest, expect ';' as well as '&'
as separator.
* tests/random_test.c:
add non-regression tests for query signature validation.
* tests/Makefile.am:
make tests link agains static version of liblasso, to get access to
private functions.
SAML 2.0: complete list of field names for SAML 2.0
Core: in tools.c, enhance urlencoded_to_string to support semu-colon separator
SAML 2.0: add helper method lasso_saml2_assertion_get_in_response_to
* lasso/saml-2.0/saml2_helper.c lasso/saml-2.0/saml2_helper.h:
add a method to access easily the InResponseTo attribute.
SAML 2.0: in lasso_saml20_login_process_authn_response_msg always report signatures errors
* lasso/saml-2.0/login.c:
- in lasso_saml20_login_process_authn_response_msg keep around all error
codes returned by intermediary steps. At the end report the first one.
SAML 2.0: in lasso_saml20_profile_process_any_response do not stop on missing issuer
* lasso/saml-2.0/profile.c:
Issuer is not a mandatory element of SAML 2.0 response,
but if we do not remember which issuer we sent the request (of if
the response is spontaneous) then we will receive a provider not found
error when trying to check the message signature.
Use new SAML2 strings instead of hardcoding query string field names
Add documentation about runtime flags
* lasso/lasso.c:
add a table to Initialization documentation section about
general runtime flags.
Remove follow-idwsf-stupid-semantic flag
* lasso/lasso.c:
this flag is useless, that's me that is stupid.
Add internal methods to LassoServer to get the signature and encryption private keys
* lasso/id-ff/server.c lasso/id-ff/serverprivate.h:
add methods lasso_server_get_private_key and lasso_server_get_encryption_private_key.
Add complete error code listing for lasso_login_process_response_msg
* lasso/id-ff/login.c:
list all error codes and their semantic with respect to this call.
Update code example for LassoLogin
* lasso/id-ff/login.c:
add code for intializaing request for SAML 2.0, shows how to handler errors codes.
2010-02-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add error codes, update error codes documentation, reduce changes in errors.c by ordering error codes
* lasso/errors.h lasso/errors.c
- add to report non schema conforming XML trees, decyrption
failure due to missing private keys and invalid signatures on assertions.
- update documentation of LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND,
LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH,
* lasso/build_strerror.py:
before outputting switch cases, order error codes
name lexically in order to reduce change lines
when adding new error codes.
2010-02-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add strings for SAML2 field names for POST, Redirect and Artifact bindings
Update documentation of the registry module
Adapt LassoProvider methods to care for protocol profile version when verifying signature
* lasso/id-ff/provider.c:
there is now 2 methods to verify signatures, methods calling the old
one must now choose whether to call the liberty one of the SAML 2.0
one.
Add a function to validate query signatures using SAML 2.0 semantic
* lasso/xml/tools.c:
this new function is a placeholder for the new SAML 2.0 semantic
following query signature validation function. It will start with the
old code of lasso_query_verify_signature.
Propagate change of name for LASSO_PP_ defines
2010-02-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: in LassoServer constructors, test if private_key is loadable
* lasso/id-ff/server.c:
mark private_key as not mandatory as regression tests expect it to
not be mandatory.
test if loading of private key to encryption_private_key private
field worked, if not abort the constructor and return NULL.
* lasso/id-ff/server.h:
fix name of constructors argument to corresponds with comments
(binding generator use this correspondance to apply annotation from
comments to the model obtained by parsing the headers).
in lasso_xmlsec_load_private_key_from_buffer, do not let xmlSecBase64Decode show warnings
2010-02-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix bad operation in bindings.py
2010-02-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: restore ID-WSF constants, improve python getters,
* bindings/bindings.py:
parse idwsf_strings.h to get ID-WSF constants.
* bindings/utils.py:
add an is_rc check function, to check for 'error code' return type.
* bindings/perl/lang.py:
only raise errors for 'int' or 'gint' return type
* bindings/python/lang.py:
- always create a normal function binding.
- for functions starting with 'get' try to create a corresponding
property, but if a corresponding member already exists, fails, and
print a warning about getter function/member field clash.
- make type dispatching on return_type more explicite.
Core: Finish support for all XMLDsig key formats
* lasso/xml/tools.c:
xmlsec is not able to load a certificate public key without checking
it against trusted root certificate, so we must work around and load
the key by hand.
lasso_xmlsec_load_private_key_from_buffer is made more robust in the
same (loading of the key was extracted inside
_lasso_xmlsec_load_key_from_buffer) and now can load certificates and
keys directly embedded inside KeyValue nodes (in total opposition to
the XMLDsig specification but...), with or without PEM headers.
* tests/metadata/Makefile.am tests/metadata/metadata_06.xml
tests/metadata_tests.c:
add test case for RSAKeyValue public keys.
Binding python: fix getter for non-object fields
* bindings/python/lang.py:
transition to bindings/utils.py methods broke getters.
Core: in lasso_xmlsec_load_key_info add flag to let xmlSec load certificates
* lasso/xml/tools.c:
adding the flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS make
xmlSec able to load certificate, the 'hand made' code to load
certificate is then useless.
Tests: add more checking to dump generation code in login_tests.c
Tests: adapt server constructor settings to recent changes
Core: in lasso_profile_get_request_type_from_soap_msg use lasso_xml_parse_memory_with_error
* lasso/id-ff/profile.c: (lasso_profile_get_request_type_from_soap_msg)
use lasso_xml_parse_memory_with_error instead of xmlParseMemory, use
error code output argument to log error reports.
Core: in provider.c, make lasso_provider_load_metadata_from_buffer the main metadata loading function
* (init_from_xml) fail initialization if we cannot load the metadatas,
and log a warning.
* extract _lasso_provider_load_metadata_from_buffer from
lasso_provider_load_metadata_from_buffer, which accept a length
parameter. use it inside lasso_provider_load_metadata, instead of
xmlParseFile.
* (lasso_provider_load_public_key) use lasso_xmlsec_load_key_info and
lasso_xmlsec_load_private_key to load the public keys.
Core: use lasso_xml_parse_file to load affiliation file
Binding java: Makefile.am has multiple target rules, it cannot support parallel builds
Core: in tools.c, add function to load XML files and KeyInfo nodes
* tools.c:
add lasso_xml_parse_file, based on g_file_get_contents and
lasso_xml_parse_memory.
add lasso_xml_parse_memory_with_error which instead of logging
errors, can return the xmlError structure.
add lasso_xmlsec_load_key_info, which allows to load keys from
ds:KeyInfo XML nodes. It also support the "Lasso" bug of using
ds:KeyValue directly to store base64 encoded keys and certificates.
SAML 2.0: in name_id_management.c, rework lasso_name_id_management_new_from_dump
Core: add more memory tracing, add a tracing macro
* lasso/utils.h: add lasso_trace, which as a printf signature.
* xml/xml.c: add more trace to node initialization code.
Tests: in valgrind suppressions file add more GLib suppressions
Tests: in basic_tests.c, re-enable parsing of LassoWsuTimestamp objects
Core: use lasso_node_new_from_dump to implement _new_from_dump methods
* provider.c:
add annotation for nullable arguments (necessary for bindings of
new_from_buffer).
* server.c: add annotations, allow to set encryption_private_key from
buffers
Binding perl: add cleanup for temporary data of trampoline code
* bindings/perl/lang.py:
data type not common to Perl and C must be allocated for the duration
of the call (mainly GList and xmlNode), but after the call they must
be deallocated.
SAML 2.0: in samlp2_response.c, simplify code path for assertion encryption
Fix leaks
* lasso/id-wsf-2.0/profile.c: release private data object.
* lasso/saml-2.0/login.c: free NameID content after construction.
* lasso/xml/tools.c: free algorithm attribute content in
lasso_node_decrypt_xmlnode.
* lasso/xml/xml.c: release cutom_element->nodename in destructor.
remove useless finalize method.
* tests/basic_tests.c: release xmldoc after use.
* tests/random_tests.c: free resut of lasso_node_dump.
Fix leaks, change signature of lasso_provider_get_sp_name_qualifier, make it return a const char*
in lasso/xml/tools.c, remove leaks of xmlSecKey and xmlNode
in lasso_xmlsec_load_private_key, do not leak the file buffer, in lasso_node_encrypt do not leak the keys manager
2010-02-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Binding perl: many improvements
* lang.py: use lasso_unref instead of g_object_unref.
* lang.py: handle 'optional' annotation for more types, needed by
ID-WSF bindings.
* lang.py, gobject_handling.c: check object type before making the C
call
* Makefile.am: improve silent rules, hide all normal output, show
errors, and with V=1 shows everything
* glist_handling.c, gobject_handling.c: make local functions static
* t/Lasso.t: add non regression test for method receiver type checking.
* glist_handlind.c; remove unused convertion functions.
* lang.py: clear the semi-assigned list and croak if all list elements
do not convert to non-NULL values.
Bindings: re-add binding for lasso_session_get_assertions for perl, special case formatting function for WsAddressing namespace
* bindings/utils.py:
type have LassoWsAddr prefix but function have the lasso_wsa_ prefix,
so we have to adjust generated prefix.
Bindings: use lasso_return_xxx macros instead of GLib ones
ID-WSF: remove useless new_from_message methods
Core: in utils.h, add macros to replace verbose g_return_val_if_fail
Core: document return values of lasso_login_validate_request_msg
Utils: lasso_unref, a safe g_object_unref, and add some document about existing family of macros
Core: do not emit messages inside lasso_check_version
Bindings: os.path.relpath is only present since python 2.6, add a local implementation for older python versions
Add a dist-hook to remove .svn directories before taring the dist
Bindings: make binding generation more silent
* bindings/java/Makefile.am bindings/perl/Makefile.am
bindings/php5/Makefile.am bindings/python/Makefile.am:
use AM_V_GEN, or similar variable for all steps of binding
generation, normal output can be activated with the V=1 argument to
the 'make' command.
Binding java: use eager evalutation to get list of sources files
* bindings/java/Makefile.am:
use := to provoke eager evaluation so that java-list mode is not
called many times.
2010-01-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: use 'absolute' header paths to produces bindings
* bindings/bindings.py:
if files from bindings are using absolute instead of relatives header
paths they can be independant of the lasso source.
Bindings perl: simplify Makefile.PL
* bindings/perl/Makefile.PL:
remove as much special casing as possible so that it could eventually
become a CPAN module.
use pkg-config to find lasso libs if no explicit LIBS command line
argument is used.
* bindings/perl/Makefile.am:
pass parameters using command line argument instead of environment
variable, which needed a special Makefile.PL.
Binding perl: special case for lasso_check_version
* bindings/perl/lang.py:
special case lasso_check_version for not raising an error when it
returns 1.
* bindings/perl/t/Lasso.t:
add a non regression test.
Binding perl: remove warning when passing Null to croak
* bindings/perl/gobject_handling.c:
croak is aliased to Perl_croak_nocontext which has a gcc attribute
'notnull'. We use Perl_croak and an explicit perl context object, to
work around this warning.
in bindings.py, change header paths
Update files for a 2.2.91 release
update changelog
Binding python: make a better use of default value annotation for creating method declarations
Binding perl: many improvements
* handle GHashTable of strings and objects.
* report errors with 'croak' as a Lasso::Error object.
* add more basic tests.
* for string arguments, convert undef to NULL, and croak if function
does not accept NULL.
* fix library paths in Makefile.PL.
Bindings: in bindings.py, fix regexp and annotation parsing for optional arguments and their default values
SAML 2.0: fix annotations, documentation and signatures
2010-01-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings python ID-WSF 1.0 tests: update PP HREF symbol
Bindings php5: string hashtable methods are only used by ID-WSF bindings, mark them unused by default
* bindings/php5/wrapper_source_top.c:
only id-wsf has field of type GHashtTable<char*,char*> so when
compiling without --enable-wsf, it give 'unused symbols' errors.
Lets mark de the concerned functions as unused.
ID-WSF 1.0: make LassoServer.services private with respect to the bindings
Bindings java: use utils.py methods, make set_hash_of_objects more robust
Tests: export sp2-la do dist file for dist with id-wsf enabled
Bindings: add time_t to integer types, add unpointerize method
Binding python ID-WSF 2.0 tests: update some tests
Binding Python ID-WSF 2.0: comment out test
ID-WSF: change name of Personal Profile namespace symbols, add symbols for ID-SIS PP 1.1
Bindings: java, php5, python simplify logic in binding generator
* use utils.h macros to manipulate fields.
* use utils.py function to filter variables, argument and return types.
* finish support of hashtables of strings for php5 and python.
Bindings: better parse oftype annotation for hashtable, allow to skip structures
* bindings/bindings.py:
add possibility to skip generating bindings for structures to
overrides.xml.
parse element-type annotation /* of XXX */ for hashtable objects.
output to stderr warning about skipped objects.
parse idwsf_strings.h
* bindings/overrides.xml:
skip more ID-WSF 1.0 functions in java and perl.
skip structure LassoAuthentication.
Core: fix gtk-doc annotations
Core: add new macros to lasso/utils.h, fix lasso_assign_new_list_of_gobjects
* lasso/utils.h:
add:
- lasso_assign_new_xml_node
- lasso_assign_new_list_of_strings
- lasso_assign_new_list_of_xml_node
fix lasso_assign_new_list_of_gobjects, bad naming of release macro.
XML: add missing element-type annotations
Bindings: in bindings/utils.py, augment robustness of matching functions to work with type alone or triples
Binding perl: update to binding
* change extension of typemap files because if conflicts with existing
* support constant list of strings and gobjects, add input rule for
list of gobjects
* fix setter for GList fields
2010-01-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF 1.0 & 2.0: complete lasso-sections.txt, add internal API to access SOAP headers, complete WS-Addressing support
* docs/reference/lasso/lasso-sections.txt: complete documentation of
LassoSoapEnvelope and LassoSoapFault with ID-WSF additions.
* lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/soap_binding.c
lasso/id-wsf-2.0/soap_binding.h:
add internal function _get_node and _get_header to simplify
implementation of accessors for headers.
change signature of lasso_soap_envelope_get_message_id and add new
function lasso_soap_envelope_get_relates_to.
update call points.
add a message id when building a SOAP message.
* lasso/xml/idwsf_strings.h:
add element name for MessageID and RelatesTo WS-Addressing elements.
* lasso/id-wsf/authentication.c lasso/id-wsf/data_service.c
lasso/id-wsf/discovery.c lasso/id-wsf/wsf_profile.c
lasso/id-wsf-2.0/saml2_login.c lasso/xml/disco_description.c:
fix path name of header lasso/id-wsf/wsf_utils.h. make all internal
include path relatives.
2010-01-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core XML: make lasso_node_set_custom_namespace/nodename take const string
* lasso/xml/xml.c lasso/xml/xml.h:
mark argument of lasso_node_set_custom_namespace and
lasso_node_set_custom_nodename as const char* strings.
Core XML: add function to get the namespace of a LassoNode
* lasso/xml/xml.c lasso/xml/xml.h:
if a custome namespace is set, return it, otherwise return the class
namespace (klass->node_data->ns->href).
Binding perl: fix include paths in the makefile, again
in bindings/perl/Makefile.PL, add include path for normal builds
in configure.ac, activate the Perl binding in normal builds
Core: in configure.ac, activate warning when debugging, not in normal build
* configure.ac:
remove -Wxxx flag from AM_CFLAGS, add them if --enable-debugging
is used.
in lasso/saml-2.0/logout.c, fix missing declaration
Core: update errors.c file
in bindings/perl/Makefile.am, change permission to make distcheck works
in bindings/perl/Makefile.am, add files to EXTRA_DIST
2010-01-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: add a new perl binding using the new binding infrastructure
* XS files is autogenerated using bindings/binding.py model of the
Lasso API. All constants are in the Lasso::Constants package, the
LASSO_ prefix is removed.
All classes are now Lasso::ClassName, field accessor also serves as
setters, i.e you can do this:
$name_id = Lasso::Saml2NameID::new();
$name_id->content('coin');
print $name_id->content;
Is still missing:
- a lot of test files,
- support for hashtables,
- and throwing exceptions when return code is non-zero.
2010-01-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: in utils.py, fix is_glist and is_hashtable, make arg_type accept simple string as input instead of triples
in lasso/xml/saml_attribute_value.h, fix typo in content type annotation
in lasso/xml/sa_sasl_response.h, add GList content type annotation to field 'any'
Bindings PHP5: use is_cstring to match string types
Bindings: remove all SWIG bindings and SWIG related files
Add new macro lasso_list_add_new_xml_node
* lasso/utils.h:
fix lasso_list_add_xml_node, it must copy the node before assigning
it.
add lasso_list_add_new_xml_node for keeping the old behaviour.
* lasso/xml/xml.c:
fix use of lasso_list_add_xml_node, because copying the node before
assigning it is a leak now.
2010-01-25 Benjamin Dauvergne <bdauvergne@entrouvert.com>
in bindings/ghashtable.h, Add missing unused argument hints
SAML 2.0 Logout: when in an SP initiated logout, lasso_logout_build_response_msg is the finishing call
* lasso/saml-2.0/logout.c:
when calling lasso_logout_build_response_msg(), if we known that we
are in the middle of an SP initiated logout, i.e. if
initial_remote_providerID is not NULL, then we can restore the intial
response.
Fix name of LASSO_WSSEC_BAD_PASSWORD
* lasso/errors.c lasso/errors.h:
LASSO_WSSE_BAD_PASSWORD -> LASSO_WSSEC_ERROR_BAD_PASSWORD
* lasso/xml/ws/wsse_username_token.c:
update client code.
Bindings java: cast return value of special constructors
* bindings/java/lang.py:
in the JAVA API special constructors are made to return their real
type, but usual GObject constructors return their base type (here
LassoNode) so we have to cast it.
Export more assertion access API for LassoSession
* lasso/id-ff/session.c lasso/id-ff/session.h
lasso/id-ff/sessionprivate.h:
export lasso_session_get_assertion(), lasso_session_add_assertion()
and lasso_session_remove_assertion().
remove them from private header.
* docs/reference/lasso/lasso-sections.txt:
update documentation
2010-01-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: remove useless overrides
* bindings/overrides.xml:
It is no more needed to force return type of constructors to their
real types, the bindings check the type dynamically anyway.
Fix GHashTable backward compatibility header
* lasso/ghashtable.h:
g_hash_table_remove_all_nodes is not a public function, use
g_hash_table_foreach_remove instead.
2010-01-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
in saml2_name_id.c, include utils.h to benefit from replacement for g_strcmp0
Fix LASSO_WSSEC_BAD_PASSWORD error, reformat wsse_username_token.c
* lasso/errors.h:
change error id and error name for LASSO_WSSEC_BAD_PASSWORD
* lasso/xml/ws/wsse_username_token.c:
update reference to LASSO_WSSEC_BAD_PASSWORD.
reformat line longer than 100 characters.
2010-01-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF 2.0: add some annotations
Core: in backward_comp.h, include string.h if g_strcmp0 is used
* lasso/backward_comp.h:
implementation of g_strcmp0 depends upon string.h.
WS-Security: fix typo in name of string symbols
* lasso/xml/idwsf_strings.h:
uppercase define for WS-Securities SOAP faults.
WS: complete support for wsse:UsernameToken
* docs/reference/lasso/lasso-sections.txt:
add new functions and change type name in documentation.
* lasso/errors.h lasso/errors.c:
add an error to report password verification failure
* lasso/xml/ws/wsse_username_token.h
lasso/xml/ws/wsse_username_token.c:
update support for wsse:UsernameToken up to version 1.1, implement
digest and derived keys computations.
* lasso/xml/idwsf_strings.h:
add strings for Username WS-Security Token profile
XML SAML-2.0: AuthnContext content is a xdf:choice so make content optional
- lasso/xml/saml-2.0/saml2_authn_context.c:
<AuthnContext/> can contain at least one node among:
- <AuthnContextClassRef/>
- <AuthnContextDeclRef/>
- <AuthnContextDecl/>
to approximate this possibility, we need to make any of them
optional.
<AuthenticatingAuthority/> should be a list but we cannot change it
without breaking the ABI, so we will wait for this.
make an explicit copy of lasso.doap to website/web/doap.rdf
Reduce news message to fit the news column
2010-01-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
updat download link
ID-WSF 2.0: Add saml2_login.h to list of headers
Documentation: wsse_security.xml is now wsse_security_header.xml
By default make autogen.sh to enable gtk doc
Bindings PHP5: rewire php5 tests to the makefiles, make them pass distcheck
in autogen.sh, move libtoolize and gtkdocize before aclocal
fix typo
Merge EXTRA_DIST declarations in tests/Makefile.am
fix bad commit
tag release 2.2.90
Update changelog
Change again date of release 2.2.90
Add tests/valgrind to dist tarballs
Add autogen.sh and tools to EXTRA_DIST in top Makefile.am
Documentation: distribute stylesheet, fix documentation comments, compelte lasso-sections.txt
Documentation: add empty lasso-overrides.txt, it seems to be necessary
ID-WSF: mark API as Private not Internal
Core: complete documentation on LassoSession
Core: complete documentation on LassoProfile
Core: complete documentation on LassoLogin
fix typo (transfer-none) -> (transfer none)
ID-WSF 1.0: change name of utils.{c,h} file for documentation parsing
* utils.h:
this header has the same name as an other header which is not parsed
by the documentation (lasso/utils.h) and the documentation process
just match by filename, so we rename it.
Website: add news about 2.2.90
2010-01-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add bindings/python/examples to dist file
remove empty directory
remove empty directory
2010-01-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Documentation: update lasso-sections.txt
Update doap file
FIX ABI breakage between 2.2.1 and 2.2.2 in LassoSamlAdvice
* lasso/xml/saml_advice.c lasso/xml/saml_advice.h:
restore fields AssertionIDReference and Assertion, remove field any
to restore state from 2.2.1
* lasso/id-ff/session.c:
use xmlNode stored inside LassoSamlAssertion objects instead of
accessing the 'any' list of xmlNode that was inserted in
LassoSamlAdvice.
2010-01-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
FIX ABI breakage when addning new field to struct LassoSaml2AttributeValue
Fix ABI breakage due to change of constant name from LASSO_SOAP_FAULT_REDIRECT_REQUEST to LASSO_SOAP_ERROR_REDIRECT_REQUEST_FAULT
Fix ABI breakage with respect to 2.2.1
Documentation: add lasso_profile_set/get_signature_hint to lasso-sections.txt
Add files listings the ABI of Lasso
Tools: add script to generate a listing of Lasso ABI
* tools/api.py:
use parser from the binding generator to output a list of symbols
* bindings/bindings.py;
add private flags to not clobber 'private' fields of structures or
methods not exported in bindings like _get_type.
ID-WSF: separate ID-WSF strings into their own header
start NEWS file for 2.2.90
Tests integration: remove save_html hooks, after fed termination logout button should still be there
Bindings python: use is_cstring for matching GList element type
2010-01-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0 Logout: undo some change to when the assertion is removed
* lasso/saml-2.0/logout.c:
- do not remove the assertion in init_request, as before only if all
fails (event REDIRECT is unsupported).
- in process_response_msg remove the assertion if we are the IdP or
if there is no error.
- in validate_request, remove the assertion if there is no error.
I think that there will be more updates to this in the future.
2010-01-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: make is_cstring usable with tuple and with direct type
Core: remove warning emiting macros from lasso_session_remove_assertion
* lasso/id-ff/session.c:
we already return error code, no need to log more warnings.
SAML 2.0: report missing request when creating artifact resolve response, fix typo in lasso_saml20_profile_build_post_response_msg
SAML 2.0: Fix typo in lasso_saml20_login_build_authn_response_msg
ID-FF&SAML2: if use is not defined on a key descriptor use the key for any use
* lasso/id-ff/provider.c lasso/saml-2.0/provider.c: if the "use"
attribute is not set on a KeyDescriptor, use the key for signing and
encryption.
2010-01-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Tests SAML2: use & test encryption
SAML 2.0: add saml2_helper.h to include files to install
Tests: fix inclusion of id-wsf 2.0 tests
Core: add new SAML 2.0 public header to top level header lasso.h
ID-WSF 2.0: remote saml2_login_private.h from Makefile.am
Bindings: add support for time_t to bindings, add support for 'string' type for list in java binding
in saml2_helper.{c,h}, remote const modifier from time_t type
in saml-2.0/name_id_management.c: handle NewEncryptedID, only encrypt if needed
in saml-2.0/logout.c: remove commented code, only encrypt if needed, intialize local variables
in lasso_saml20_login_init_idp_initiated_auhtn_request, do not use init_authn_request, manually create the request.
in lasso_saml20_login_init_authn_request, use saml-2.0/profile.c functions to reduce code size
in saml-2.0/profile.c, in lasso_saml20_build_response_msg, when no url is given, only stop for bindings needing one
in saml-2.0/profile.c, in lasso_saml20_profile_init_response make direct access
in saml-2.0/profile.c, in lasso_saml20_init_request better check for supported bindings, do not check for identity or session, report SESSION_NOT_FOUND only if first_in_session is used, do not stop on missing name_id.
in saml2_helper.c, remove dead code
SAML 2.0: in lasso_saml20_provider_accept_http_method, add HTTP-Artifact-POST case, better check for bad inputs, and handle special SingleSignOn case
Core Profile: remove need for identity in lasso_profile_get_nameIdentifier
Core Server: make default to load signing private key also as encryption private key
Commit to delete
Core: rewrite lasso_assertion_encrypt using lasso_xmlsect_load_key and add recipient argument
Core: add simple function to load key from any format
Core Node: add args to lasso_node_encrypt to set recipient of an encrypted element
Binding python: provide old binding name for set_encryptionMode
SAML 2.0: overhaul for ubuquitous binding support, still need work for HTTP-Artefact
Core: in profile.c, profile.h, profileprivate.h, add a new attribute to express signature needs
Core: in identity.c, do not emit trace when lasso_identity_get_federation fails
XML Core: in xml.c, private.h, add a lasso_node_remove_signature function
XML: fill node_data->{certificate,private_key}_file_offset for nodes with signatures
Core: in xml/private.h, add new field to LassoNodeClassData for private_key and certificate handling
Core: in provider.h, add LASSO_PROVIDER_ROLE_BOTH
Core: in profile.c, make lasso_profile_get_nameIdentifier work for transient federations
* lasso/id-ff/profile.c:
if no LassoIdentity is accessible try to get a name identifier
through the assertion in the LassoSession object. This allows the
logout profile to work without an identity object (which is normal
since logout does not modify the federation status).
Core: in provider.h, add new SAML 2.0 HTTP-Method, PAOS
SAML 2.0: add new function to factorize adding signature to a message
Fix mitm attack using the AssertionConsumerURL property on requests
* lasso/saml-2.0/login.c: check that the URL is know before using it
* lasso/saml-2.0/provider.c lasso/saml-2.0/providerprivate.h:
add a function to check that an URL corresponds to a know
AssertionConsumer of the given provider.
ID-WSF 2.0: fix in documentation
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: simplify GList handling
XML: add element type annotation to all GList fields
Bindings: in bindings/python/Makefile.am, precise generated files dependencies
XML: move SOAP API to its own sub directory
Bindings: in overrides.xml, remove noew useless directives
Python binding: update test scripts to new ID-WSF API
Binding ID-WSF 2.0: do not bind lasso_wsa_endpoint_reference_get_*_token methods
Tests: add idwsf2_tests.c, call from tests.c, update Makefile.am
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF 2.0: in profile.{c,h}, discovery.{c,h}, data_service.{c,h}, overhaul all profiles.
* lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/profile.h:
- lasso_idwsf2_profile_get_name_identifier returns the NameID found
in an assertion used as a WS-Security token when security mechanism
Bearer or SAML are used.
- complete the function lasso_id_wsf2_profile_build_soap_envelope
with construction of the Sender element which is used to transmit
the providerID of the message sender by the SOAP binding ID-WSF 2.0
specification.
- remove useless instance_init function in profile object
- reset some profile fields in process_soap_request_msg (response,
body, nameIdentifier). use
lasso_saml20_profile_name_identifier_decryption for handling NameID
from WS-Security mechanism assertion.
- add private_data
- change signature of lasso_idwsf2_profile_init_soap_request to use
and EPR and a security mechanism specifier when building the SOAP
request.
- change signature of lasso_idwsf2_profile_process_soap_request to
verify security_mech_id of received messages.
* docs/reference/lasso/lasso-sections.txt:
add the function to the documentation.
* lasso/id-wsf-2.0/discovery.{c,h}:
- use utils.h macros instead of g_return_val_if_fail because it
removes useless warning, since it returns an error code. release
acquired resources.
- in lasso_idwsf2_discovery_metadata_register_self, return error code
instead of identifier string for the new service, use an out
parmeter to return the identifier, use utils.h macros.
- in lasso_idwsf2_discovery_init_metadata_register, use utils.h
macros, check return code of lasso_idwsf2_profile_init_soap_request.
- change signature of lasso_idwsf2_discovery_init_metadata_register
to support security_mech_id, try to get URL from an existing
Discovery service EPR (from Session object).
- change signature of
lasso_idwsf2_discovery_process_metadata_register_msg,
lasso_idwsf2_discovery_init_metadata_association_add,
lasso_idwsf2_discovery_process_metadata_association_add_msg,
lasso_idwsf2_discovery_init_query,
lasso_idwsf2_discovery_process_query_msg, to support security
mechanism.
- improve lasso_idwsf2_discovery_build_query_response_eprs.
- add lasso_idwsf2_discovery_get_nth_data_service to acces returned
services.
* lasso/id-wsf-2.0/data_service.{c,h}:
- redo all the API
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF 2.0: in session.c, fix memory handling errors
ID-WSF 2.0&ID-WSF: in profile.c, wsf_profile.c, errors.c, errors.h, and in lasso-sections.txt change LASSO_SOAP_FAULT_REDIRECT_REQUEST to LASSO_SOAP_ERROR_REDIRECT_REQUEST_FAULT
ID-WSF 2.0 Errors: in errors.{c,h}, add new errors code for ID-WSF 2.0
- add LASSO_DST_ERROR_EMPTY_REQUEST
- add LASSO_WSF_PROFILE_ERROR_SECURITY_MECHANISM_CHECK_FAILED
- add new errors codes for generic profiles and disco service
ID-WSF 2.0 XML: in strings.h, add identifiers from ID-WSF 2.0 standards
- add status code for ID-WSF 2.0 DST
- add token usage identifiers
- conform security mechanism identifiers to ID-WSF 2.0 Liberty Sech
Mech specification
- add Discovery Service status codes
- add Soap Binding status codes
- add disco result type and user interaction hint strings
ID-WSF 2.0 XML: in sec_token.c, remove extra SNIPPET_ANY
ID-WSF 2.0 XML: in util_response.{c,h}, add helper functions to idwsf2_util_status
ID-WSF 2.0: in server.c, change annotation of lasso_server_get_svc_metadatas_with_id_and_type.
ID-WSF 2.0: in saml2_login.c, change API
* lasso/id-wsf-2.0/saml2_login.c:
- change private lasso_saml20_login_assertion_add_discovery to public
lasso_login_idwsf2_add_discovery_bootstrap_epr.
- remove lasso_saml20_login_copy_assertion_epr, add
lasso_login_idwsf2_get_discovery_bootstrap_epr.
* docs/reference/lasso/lasso-docs.sgml:
- add sections id_wsf_2_0_login
* docs/reference/lasso/lasso-sections.txt:
- add new functions to section id_wsf_2_0_login
ID-WSF 2.0: in idwsf2_helper.c, add new functions, fix old things
- add lasso_wsa_endpoint_reference_get_service,
lasso_wsa_endpoint_reference_associate_service_type_uri,
ID-WSF 2.0: create idwsf2_helper.{c,h}, new module for manipulating EPR elements
* lasso/id-wsf-2.0/idwsf2_helper.c lasso/id-wsf-2.0/idwsf2_helper.h:
add new functions
lasso_wsa_endpoint_reference_get_idwsf2_service_type,
lasso_wsa_endpoint_reference_get_idwsf2_provider_id,
lasso_wsa_endpoint_reference_get_idwsf2_security_context_for_security_mechanism,
lasso_wsa_endpoint_reference_get_token_by_usage,
lasso_wsa_endpoint_reference_get_security_token,lasso_wsa_endpoint_reference_get_target_identity_token,
lasso_wsa_endpoint_reference_new_for_idwsf2_service,
and lasso_wsa_endpoint_reference_add_security_token.
* lasso/id-wsf-2.0/idwsf2_helper.h:
declare new functions.
* lasso/id-wsf-2.0/Makefile.am:
add new files to source list
ID-WSF 2.0: in soap_binding.{c,h}, add new functions
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF 2.0: add files soap_binding.c, soap_binding.h
* lasso/id-wsf-2.0/Makefile.am
- reference new source files in Makefile.am
* lasso/id-wsf-2.0/soap_binding.c
* lasso/id-wsf-2.0/soap_binding.h:
- add extraction functions lasso_soap_envelope_sb2_get_provider_id,
lasso_soap_envelope_sb2_get_redirect_request_url,
lasso_soap_envelope_sb2_get_target_identity_header,
lasso_soap_envelope_add_action and lasso_soap_envelope_get_action.
- add SOAP security headers accessors
- add lasso_soap_envelope_get_saml2_security_token which simplify
retrieving a SAML 2.0 assertion used as a WS-Security token.
complete documentation of other functions.
* docs/reference/lasso/lasso-sections.txt:
- reference the new functions in a new section soap_binding2
* docs/reference/lasso/lasso-docs.sgml:
- add new section soap_binding2
ID-WSF 2.0: in soap_binding.{c,h}: add function
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF: in id_ff_extensions.c, add SECTION gtk-doc declaration
ID-WSF: in interaction_profile_service.{c,h}, make initialization of a redirect request, part of LassoWsfProfile methods.
ID-WSF: in discovery.c:lasso_discovery_init_resource_offering, add doc annotations, use assignment macros to set output argument
ID-WSF: in discovery.c, update documentation annotations
* lasso/id-wsf/discovery.c:
- add annotations to lasso_discovery_init_query,
lasso_discovery_init_modify, lasso_discovery_process_request_msg.
- initialize response in lasso_discovery_process_query_mesg and
lasso_discovery_process_modify_msg, so that modifications of the
response can be done between _process_ and _build_ calls.
ID-WSF: in data_service.c:lasso_data_service_init_query check absent resource offering, support security_mech_id argument
* lasso/id-wsf/data_service.c lasso/id-wsf/data_service.h:
- in lasso_data_service_apply_modifications, dst_modification
initialization is missing.
- remove lasso_data_service_get_redirect_request_url
- change LASSO_DATA_SERVICE_CANNOT_ADD_ITEM to
LASSO_DATA_SERVICE_ERROR_CANNOT_ADD_ITEM
- in lasso_data_service_init_query, complete documentation, fix mem
leak
- factorize code between lasso_data_service_build_modify_response_msg
and lasso_data_service_build_query_response_msg, create
lasso_data_service_build_response_msg
- in lasso_data_service_get_answer, add out annotation to output
parameter
- simplify API, simplify code path for query and modification
processing
- add lasso_data_service_process_request_msg,
lasso_data_service_build_modify_response_msg,
lasso_data_service_validate_request.
- remove lasso_data_service_process_query_msg and
lasso_data_service_process_modify_msg from public API.
- in lasso_data_service_process_query_msg and
lasso_data_service_process_modify_msg add arg checks, make them
static and move preprocessing of the request in
lasso_data_service_process_request_msg.
- in lasso_data_service_get_answer, fix request/response mismatch.
- add accessors lasso_data_service_set_resource_data and
lasso_data_service_get_resource_data.
- add securit_mech_id arg to data_service_init_modify, export
resource_data accessor methods
- remove lasso_data_service_get_redirect_request_url
- fix missing intializations and leaks
ID-WSF: in wsf_profile.c, fix mem leaks
ID-WSF XML: in dst_modification.c, add SNIPPET_BOOLEAN to overrideAllowed attribute snippet
ID-WSF XML: in dst_modify.{c,h}, remove extra argument to the constructor of LassoDstModify
* lasso/xml/dst_modify.c:
* lasso/xml/dst_modify.h:
remove parameters of the default constructor.
Tests: in tests/login_tests.c, change path of header utils.h
Tests: in basic_tests.c, fix, do not overwrite known elements mappings
* tests/basic_tests.c:
when testing functionality of lasso registries which map namespace
elements to lasso objects, do not use liberty namespace because it
interacts with other tests -- deserialization of lib:Assertion node
was broken by this test -- when running them in CK_FORK=no mode.
Changed namespace LASSO_LIB_HREF, for "coin" which is less dangerous.
WS XML: change signature of lasso_wsa_attributed_uri_new_with_string, add mappings
* wsa_attributed_uri.c:
- constify first argument of
lasso_wsa_attributed_uri_new_with_string.
- add add direct mappings from wsa:Action,wsa:To to
LassoWsAddrAttributedURI and from wsa:From,wsa:ReplyTo,wsa:FaultTo
to LassoWsAddrEndpointReference
SAML 2.0: in login.c, use lasso_server_saml2_assertion_setup_signature
XML: in private.h, remove duplicate declaration of lasso_xml_parse_memory
ID-FF XML: in lib_assertion.c, add registry mapping for lib:AssertionType
* xml/lib_assertion.c:
this object is really a container for lib:AssertionType, so register
it.
Core: in provider.c, add lasso_provider_verify_single_node_signature
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add a new function to check an enclosed single signature on a
LassoNode, given that the LassoNode retained its original xml node
content.
SAML 2.0: in login.c, fix memleaks
* lasso/saml-2.0/login.c:
return value from lasso_provider_get_sp_name_qualifier must be freed.
SAML 2.0: in login.c, remove discovery bootstrap handling
Core Login: in login.c, add assertion accessor
* docs/reference/lasso/lasso-sections.txt:
declare new function
* lasso/id-ff/login.c lasso/id-ff/login.h:
add new function lasso_login_get_assertion.
* lasso/saml-2.0/login.c:
store created assertions
* lasso/id-ff/login.h:
make assertion field private for bindings.
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: in saml2_helper.c, add new methods to manipulate SAML2 assertions
* lasso/saml-2.0/saml2_helper.c lasso/saml-2.0/saml2_helper.h:
- add lasso_server_saml2_assertion_setup_signature, to help in
defining signature upon saml2:Assertion nodes.
- add new symbols LASSO_DURATION_MINUTE, LASSO_DURATION_HOUR,
LASSO_DURATION_DAY, LASSO_DURATION_WEEK.
- add method lasso_saml2_assertion_add_attribute_with_node
* docs/reference/lasso/lasso-sections.txt:
declare new functions in saml2_helper section.
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Tests: in basic_tests.c, check LassoSaml2EncryptedElement handling
SAML 2.0 XML: map EncryptedID, EncryptedAssertion, EncryptedAttribute and NewEncryptedID element to saml2:EncryptedElement
* lasso/xml/saml-2.0/saml2_encrypted_element.c:
add registry mapping from EncryptedID, EncryptedAssertion,
EncryptedAttribute and NewEncryptedID element to
saml2:EncryptedElement
SAML 2.0 XML: in strings.h, add the identifier for the holder of key subject confirmation method
SAML 2.0: in provider.c, add node encryption function and reference it in doc
* lasso/saml-2.0/Makefile.am:
add new header provider.h
* lasso/saml-2.0/provider.c lasso/saml-2.0/provider.h:
add new function lasso_provider_saml2_node_encrypt to encrypt nodes
and encapslutate the XML Enc datas in a LassoSaml2EncryptedElement
node.
* docs/reference/lasso/lasso-sections.txt:
add function to saml2_utils section
WS XML: add forgotten include file to wsa_attributed_uri.c and wsa_endpoint_reference.c
WS Errors: in errors.h errors.c, add new error section for WS-Security handling
Core: in server.c, change signature of lasso_server_get_provider, add anottations on return value
* lasso/id-ff/server.h lasso/id-ff/server.c:
- constify first argument of lasso_server_get_provider
- add annotation about caller owned return value
Core: in tools.c, complete documentation of lasso_verify_signature
Core: in provider.c, add accessors for encryption informations
* lasso/id-ff/provider.c:
add getters for encryption_sym_key_type and encryption_public_key.
* lasso/id-ff/providerprivate.h:
declare new accessors.
Core XML: in xml.{c,h}, add new function lasso_node_get_name to get the element name for an object
Core XML: make first argument of lasso_misc_text_node_new_with_string const
* lasso/xml/misc_text_node.h lasso/xml/misc_text_node.c:
change signature of lasso_misc_text_node_new_with_string, string
argument is const.
Core XML: in xml/tools.c, add conversion method from iso8601 to time_t
* lasso/xml/tools.c:
add function lasso_iso_8601_gmt_to_time_t
* lasso/xml/private.h:
declare new function.
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core XML: in xml.c, keep original node names, handle xsi:type attribute better
* lasso/xml/xml.c lasso/xml/xml.h:
- fix signature of lasso_node_set_original_xmlnode, fix signature in
documentation of lasso_node_set_original_xmlnode;
- add a new API lasso_node_set_custom_nodename to specify the exact
element name to use when serializing a LassoNode to XML.
- rename internal structure _CustomNamespace to _CustomElement, add a
nodename field to it.
- rework internal functions around _CustomElement to be aware of an
existing attached _CustomElement and re-use if needed.
- move application of _CustomElement hints after the serialization of
the node, so that the normal behaviour of the serialization is kept
-- i.e. do not play with the list of parent classes.
- use the full xsi:type content to find a LassoNode subclass when
de-serializaing XML content, factorize QName->GObject class mapping
for the three executions paths inside
_type_name_from_href_and_nodename:
- element QName,
- xsi:type QName,
- element name with xsi:type namespace
- add a long comment expliciting the way the mapping is done.
- remove direct mapping of EncryptedAssertion element, the registry
declaration on the class LassoSaml2EncryptedElement shoud be
enough.
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core XML: in xml.c, parse attributes with namespace checking
* lasso/xml/xml.c:
- use snippet->ns_uri and snippet->ns_name to parse attributes
outside of the parent node namespace.
Core XML: in xml/tools.c, improve lasso_eval_xpath_expression, do not fail when nodeset is empty
* lasso/xml/tools.c:
only check that the query returned a nodeset object, do not check its
content size.
Core: in utils.h, add a macros, fix existing
* lasso/utils.h:
- add macro lasso_ref(object), if object is not null, call
g_object_ref on it, and return the value, otherwise do nothing and
return NULL.
- make a better reporting of bad object release
- change format type for __LINE__ and dest arguments in
lasso_release_gobject warning display.
- add a lasso_check_non_empty_string macro
- add new macro to extract a specific node type from a list of
GObject objects.
- use xmlStrdup not g_strdup for lasso_assign_xml_string
- add lasso_list_add_gstrv and lasso_check_good_rc
- add macro lasso_list_get_first_child
- add inline function to test empty string
- change macro lasso_check_non_empty_string to use the new inline
function and go to cleanup
- fix lasso_check_non_empty_string macro
* lasso/utils.c:
- add lasso_gobject_is_of_type returns 0 if first parameters is a
gobject whose GType is equal to the second parameter, and 1
otherwise.
Core: add new errors LASSO_PROFILE_ERROR_INVALID_RESPONSE, LASSO_PROFILE_ERROR_INVALID_REQUEST.
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: in bindings.py, parse '(in)' gobject-introspection annotation, in utils.py, use it to reverse default annotation for pointer of pointers
Bindings: in bindings.py, improve regular expression for declarations
Bindings: parse gobject-introspection annotation in return value
documentation, add cast to C calls when parameter type is const in java
binding, problem arise with const char ** arrays
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: do not stop on failing to parse a declaration, but skip the function and print a warning
Python binding: add a pyobject->time_t conversion function
Bindings python: in wrapper_top.c, mark internal function as potentially unused
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: make the binding infrastructure understand GObject-introspections annotations
* bindings/bindings.py
* bindings/utils.py:
add convenience function to treat arguments tuple:
(type,name,{annotations}).
introduce new argument options, fix that arguments are 3-tuple of the
form (type,name,annotations), where annotations is a dictionary.
Key of this dictionnary can be:
- optional, wheter the argument is necessary, it means it has a
default value.
- out, means that the pointer is a pointer of pointer, for bindings
that can return exceptions, it will be returned instead of the
integer error code, the only way to access error codes will be
exceptions.
- element-type, contained type of a list or an array,
- key-type, value-type, type of respectively the key and value of a
GHashTable.
- transfer, wheter a the callee(for arguments)/caller(for return
values) owns the values passed, it can be none,container(if the
callee/caller only owns the container not the contained value) or
full.
doc.parameters is now a 3-tuple of (attribute-name,
attribute-description, attribute-annotations) where
attribute-annotations is a string of the form '(option1)(option2
option-arguments) etc.'.
- add predicates for xml, list and time_t values. improve predicates
for cstring and const modifier.
* bindings/overrides.xml:
'out' arguments are not well supported for java, so skip functions
using them.
* bindings/java/lang.py bindings/php5/php_code.py
bindings/php5/wrapper_source.py bindings/python/lang.py:
- update language specifig binding generators for handling new
annotations.
- improve python method declaration, handle optional arguments with
default values, factorize this chode in two methods,
get_python_arg_decl and defval_to_python_value.
* bindings/python/tests/Makefile.am
bindings/python/tests/idwsf1_tests.py
bindings/python/tests/idwsf2_tests.py:
make test work with out of source build dir.
2010-01-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Documentation: in lasso-docs.sgml, add glossary to the index, add book part delimitations
* docs/reference/lasso/lasso-docs.sgml:
add the glossary to the index.
Core: in registry.c, change type cast to compile on amd64 platform
* registry.c:
use ptrdiff_t to cast to integer big enough to receive a pointer,
then apply integer operations, then cast to the pointer type expected
by g_direct_hash.
2009-12-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: in utils.h, change __STRING(x) for #x
* lasso/utils.h:
__STRING(x) does not seem more portable than #x so change, problem
with AIX.
2009-12-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Downgrade version 2.2.90 to make a pre-release
2009-12-08 Benjamin Dauvergne <bdauvergne@entrouvert.com>
in tests/tests.h, Add checks for true and false conditions
Remove beginning of a PHP4 binding
Upgrade version number
Add missing headers to makefile, to pass make distcheck
* lasso/xml/id-wsf-2.0/Makefile.am:
make xml_idwsf2.h appear in the distribution file
* lasso/xml/ws/Makefile.am:
make xml_ws.h appear in the distribution file
2009-12-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
in lasso_saml20_profile_export_to_query, checks return values
* lasso/saml-2.0/profile.c:
in lasso_saml20_profile_export_to_query, check return value of of
lasso_node_build_query and lasso_query_sign.
2009-12-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add SP initiated logout test to SAML 2.0 regression tests
* tests/login_tests_saml2.c:
add logout to first SAML 2.0 login regression test.
* tests/tests.h:
add macros to simplify checking of return value with check macros
(encapsulate fail_unless macro to check for NULL/non-NULL values and
good rc value (0) or expected bad value).
2009-11-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Restore ancient semantic of lasso_profile_is_session_dirty
* lasso/id-ff/profile.c:
lasso_is_session_dirty must return FALSE if session is NULL.
Fix double g_object_unref
* lasso/id-ff/login.c:
status is already freed by lasso_assign_gobject, do not free it first
with lasso_node_destroy.
Restore call to autoheader in autogen.sh
* autogen.sh:
call to autoheader was removed during simplification of the
autogen.sh script.
Remove message level signature on redirect messages
* lasso/saml-2.0/profile.c:
remove message level signatures before building query strings.
Add more check to remove_signature
* lasso/saml-2.0/profile.c:
check for NULL when accessing klass datas.
2009-11-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Augment query string limit for relaystate extraction to 8192 bytes
* lasso/xml/tools.c:
some application transfer relaystate longer thant the specification
advised 80 bytes, try to cater for their needs.
Add documentation for lasso_get_relaystate_from_query
* lasso/xml/tools.c:
add documentation on the internal function
lasso_get_relaystate_from_query
2009-10-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add C defines for SAML 2 'unspecified' authncontext class
* lasso/xml/strings.h:
add C defines for AuhtnContextClassRef,
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified.
Fix bad macro choice, precise error for bad formatted NIDM request
* saml-2.0/name_id_management.c:
use specialized lasso_saml20_profile_set_response_status
set 'MissingNameID' second level error with requester first level
error code when request is missing a name id.
Fix reporting of error in message parsing
* lasso/xml/xml.c:
do not mix the return code from xmlSecBase64Decode and the return
code for lasso_node_init_from_message_with_format.
It fixes a segmentation fault in
lasso_login_process_authn_request_msg.
2009-10-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: factorize code to obtain a SPNameQualifier
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add a method giving the SPNameQualifier for a provider (its entity id
or its affiliation id).
* lasso/id-ff/profile.c:
* lasso/saml-2.0/login.c:
update use sites.
2009-10-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Make php4 and perl binding disabled by default
* configure.ac:
make default for --enable-perl and --enable-php4 to "no". Those
binding will not be maintained in the future.
SAML2 Logout: initialize SessionIndex from the assertion
* lasso/saml-2.0/logout.c:
when creating a logout request message initialize the SessionIndex
element with the correponding content in the stored assertion for
this session.
Tests: fix __FILE__ -> __file__
* tests/integration/saml2/__init__.py:
path to the current python file is __file__ not __FILE__.
SAML2: change lasso_saml20_profile_set_response_status signature
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/profileprivate.h:
make lasso_saml20_profile_set_response_status2 the new implementation
of lasso_saml20_profile_set_response_status.
add helper macros to set success, responder and requester first level
status code.
* saml-2.0/assertion_query.c:
* saml-2.0/login.c:
* saml-2.0/logout.c:
* saml-2.0/name_id_management.c:
adapt consumers to the new signature.
ID-FF: add a partial_logout flag to LassoLogout private_data
* lasso/id-ff/logout.c:
* lasso/id-ff/logout.h:
add a flag to store the status of a partial logout
SAML2: add an equals operator to the NameID class
* lasso/xml/saml-2.0/saml2_name_id.c:
* lasso/xml/saml-2.0/saml2_name_id.h:
add a lasso_saml2_name_id_equals method which return TRUE if two
NameId are equal.
SAML2: use the static get_provider helper method in generic profile methods
* lasso/saml-2.0/profile.c:
instead of accessing directly profile->server use the helper method
get_provider.
SAML2: in logout_build_response_msg do not fail on missing remote_providerID
* lasso/saml-2.0/logout.c:
remote_providerId is verified in build_redirect_simple and is not
necessary for SOAP response with a failure and profile->response
cannot be null (we just created a response if it was missing).
So this error case is now unnecessary.
ID-FF1.2 and SAML2: remove direct access to profile->server->providers
* client of LassoServer should use lasso_server_get_provider.
* LASSO_PROFILE_ERRROR_UNKNOWN_PROVIDER was a mistake, it is
superfluous, use LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
Core: in profile, use lasso_server_get_provider
- lasso/id-ff/profile.c:
replace direct access to server->provider by
lasso_server_get_provider.
2009-09-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Tests: add a test of NameIDFormat extraction
- tests/basic_test.c:
add test11_get_default_name_id_format which parse a metadata file and
try to extract the default name id format.
- tests/data/sp5-saml2/metadata.xml:
add NameIDFormat node for testing.
Core: add const modifier to return value of lasso_provider_get_metadata_list
- lasso/id-ff/provider.c lasso/id-ff/provider.h:
change return type of lasso_provider_get_metadata_list from GList* to
const GList*.
- lasso/id-ff/logout.c lasso/saml-2.0/logout.c
lasso/saml-2.0/provider.c:
change consumers of the API
Core: Add const modifiers to LassoProvider methods
* lasso/id-ff/provider.c lasso/id-ff/provider.h
lasso/saml-2.0/provider.c lasso/saml-2.0/provider.h:
add const modifier where they could be added.
Do not use g_new, use g_new0
* lasso/id-ff/federation.c:
* lasso/id-ff/logout.c:
* lasso/id-ff/profile.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
* lasso/id-wsf/authentication.c:
* lasso/saml-2.0/ecp.c:
* lasso/xml/xml.c:
even for private datas, use g_new0, it is safer.
Change setting of default NameIDFormat for SAML 2.0 login
* saml-2.0/login.c:
in lasso_saml20_login_init_authn_request,
lasso_saml20_login_init_idp_initiated_authn_request, if the service
provider provided a list of supported name id formats, use the first
one as default for new AuthnRequest.
* id-ff/login.c:
modify documentation to report the new way of choosing a default.
Add method to Provider to retrieve default NameIDFormat
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add lasso_provider_get_default_name_id_format, which returns the firs
listed NameIDFormat from the SAML 2.0 metadatas of the provider.
Complete documentation of lasso_login_init_authn_request concerning the NameIDFormat
* lasso/id-ff/login.c:
in lasso_login_init_authn_request, add docbook formatting, add
remarks about the different NameIDFormat for ID-FF 1.2 and SAML 2.0.
2009-09-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix bugs found via coverity (thanks to Bhaskar Jain)
* lasso/id-wsf-2.0/data_service.c: fix uninitialized res variable in
lasso_idwsf2_data_service_process_query_response_soap_fault_msg.
* lasso/xml/saml-2.0/saml2_assertion.c: fix uninitialized rc variable
in get_xmlNode.
* lasso/saml-2.0/login.c:
in lasso_saml20_login_accept_sso check for ni and ni->Format
null-ness before dereferencing, remove idp_ni which is not used
anymore.
remote all use of federation->remote_nameIdentifier, SAML 2.0 only
need one NameID, and it will be local_nameIdentifier.
* lasso/xml/xml.c:
in lasso_node_traversal, check null-ness of node before dereferencing
it, add check for class null-ness also.
* lasso/id-ff/provider.c:
in lasso_provider_get_first_http_method, remove useless check for t2
null-ness -- if found is TRUE, t1 and t2 cannot be null.
* lasso/xml/tools.c:
in lasso_sign_node, add documentation, check for private_key_file and
xmlnode null-ness.
in lasso_get_public_key_from_private_key_file, add a cleanup phase,
check for cert variabl null-ness befor appending, count the number of
certificates added.
in lasso_query_verify_signature, check that URL unescaping and base64
decoding are succesfull before using the decoded strings.
* lasso/saml-2.0/name_id_management.c:
in lasso_name_id_management_validate_request, fix mis-handling of
federation, if federation does not match request name_id, return
UNKNOWN_PRINCIPAL.
ID-WSF: finish unsealing field « is_dirty » of LassoSession
* lasso/id-wsf-2.0/session.c:
remove direct acces to LassoSession private field.
2009-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: unseal LassoSession public field
* lasso/id-ff/session.c:
* lasso/id-ff/session.h:
* lasso/id-ff/sessionprivate.h:
unseal session->is_dirty and session->assertions, remove the mirror
version in the private data structure, and restore direct acces by
methods.
move the "private" comment before those two fields to hide them in
the gtk-doc reference manual, normal access should be done by
get_assertion and is_dirty methods.
2009-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
XML ID-WSF: Fix parsing of most ID-WSF elements
* lasso/xml/disco_send_single_logout.c:
* lasso/xml/id-wsf-2.0/sb2_user_interaction_header.c:
* lasso/xml/id-wsf-2.0/subsref_app_data.c:
* lasso/xml/xml.c:
lots of ID-WSF 1.0/2.0 classes were not passing the new
non-regression test on serialization/deserialization.
The main reason was the absence of mapping for their namespace in the
prefix_from_href_and_nodename function. The other reason is that some
class name does not correspond 1-to-1 to the element name
(SendSingleLogOut vs. SendSingleLogout, notice the capitalised 'O').
The last problem was that mapping from nodes to GObject classes was
done after default mapping ("Lasso<prefix><node_name>"), now it's
done before, to reflect the fact that it is a more specialized
mapping.
2009-09-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: remove warning when lasso_registry_get_direct_mapping fails
* lasso/registry.c (lasso_registry_get_direct_mapping):
g_return_val_if_fail output a warning when condition fails, use a
simple if instead.
Tests: add more assertion to random test
* tests/random_tests.c:
add more assertion testing for various return values or field values.
XML: Fix seg-fault bug introduced in commit 4108
* lasso/xml/xml.c:
lasso_node_get_xmlnode_for_any_type is broken, if no original_xmlnode
is present, return just cur. Also add all missing cases for the state
of the pair (cur, orignal_xmlnode).
* tests/basic_tests.c:
add a non-regression test, testing all dump/restore functions.
Core: add new macros to traverse lists
* lasso/utils.h:
lasso_foreach_full_begin(_type, _data, _iter, _list)
traverse GList* _list, using _iter as iteration variable
extract data field to variable _data of type _type.
Test: fix Makefile.am to work with 'out of source' build directory
* tests/Makefile.am:
rpath must refer to the build directory, not the source directory.
Core: fix extract_symbols regular expression
* lasso/extract_symbols.py:
the regular expression was not matching declaration over multiple lines,
and would catch argument starting with lasso_. Fixed.
XML: add all inclusive header files for id-wsf2, ws, id-wsf XML elements
* lasso/xml/wsf/xml_ws.h:
* lasso/xml/id-wsf-2.0/xml_idwsf2.h:
* lasso/xml/xml_idwsf.h:
new files.
ID-WSF 2.0: add set_request/set_response method to Profile object
* lasso/id-wsf-2.0/profile.c:
* lasso/id-wsf-2.0/profile.h:
add two methods that set the response object and replace the content
of the SOAP message with this object.
XML SOAP: add new soap fault constructor
* lasso/xml/soap_fault.c:
* lasso/xml/soap_fault.h:
add a full constructor allowing to set faultcode and faultstring in
one call.
XML ID-WSF 2.0: make non simple constructor of MiscTextNode return real type
* lasso/xml/misc_text_node.c:
non simple constructor must return the real object type because Java
binding does not work without it.
XML SAML 1.1: fix schema figure for samlp:Request
Docs: remove old lasso-sections.txt file
ID-WSF 2.0: add accessor for field of LassoIdWsf2Profile
* lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/profile.c:
add two accessor to get to soap_response and soap_request object,
next step is to make those two fields really private.
ID-WSF: fix duplication of namespace string declaration, add fault codes for WS-Security
* lasso/xml/strings.h:
namespace of WS-Security 1.0 was duplicated,
add specified fault code linked to WS-Security.
ID-WSF: remove LassoWsseSecurity in favor of LasoWsSec1SecurityHeader
* xml/Makefile.am:
remove the file from the source list
* xml/wsse_security.c:
* xml/wsse_security.h:
remove the files
* xml/xml.c:
use LassoWsSec1SecurityHeader for LASSO_WSSE_HREF namespace also.
ID-WSF 1.0: use the common wsse:Security object
* lasso/id-wsf/wsf_profile.c:
use the common LassoWsSec1SecurityHeader object instead of the
specific LassoWsseSecurity, and set the needed namespace using
lasso_node_set_custom_namespace.
add implementation comments.
WS: register LassoWsSec1SecurityHeader for all namespace associated to WS-Security
* lasso/xml/ws/wsse_security_header.c:
register all namespace that contains a Security header object.
XML: add an API to set namespace on a single instance of a LassoNode
* lasso/xml/xml.h lasso/xml/xml.c:
add a new public API lasso_node_set_custom_namespace(node, prefix,
href). It allows to set the precise namespace of a single object, all
other instance of the same class continue to use the default
namespace for the class.
It should be used for difficult consumer of certain nodes (like
wsse:Security) which only know certain namespace or do not use the
namespace going with the specified version of a specification (like
MSP not following ID-WSF 1.0 specification and using
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
instead of
http://schemas.xmlsoap.org/ws/2003/06/secext.
It also allows to share implementation of schema objects common to
many version of the same specification (wsse:Security between ID-WSF
1.0 and ID-WSF 2.0), without creating too many child classes.
ID-WSF 2.0: remove obsolete FIXME in discovery.h
Core: remove a use of lasso_node_destroy in LassoSession
Bindings: add support for guchar
* bindings/java/lang.py:
* bindings/python/lang.py:
add guchar to list of C types everywhere.
XML: add support for free xml content to LassoMiscTextNode
* lasso/xml/misc_text_node.c:
* lasso/xml/misc_text_node.h:
it is often necessary to be able to put completely determined content
inside lasso generated request (for example when copying an assertion
for a Bearer authentication method). In this case you can use
lasso_node_get_original_xml_node to get at the original content and
lasso_misc_text_node_new_with_xml_node to get a LassNode with the
same content.
There are two additional function to acces this xml payload:
lasso_misc_text_node_get_xml_content and
lasso_misc_text_node_set_xml_content.
2009-08-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: fix commit 4313, restore support for --enable-wsf
* configure.ac:
I throwed the baby with the bathwater..
Core: fix make dist with --enable-wsf
* lasso/id-wsf-2.0/Makefile.am:
* lasso/xml/Makefile.am:
some files were missing from the dist files, add them.
Core: remove SWIG ID-WSF warning from configure.ac
* configure.ac:
as ID-WSF support in SWIG in not maintained anymore we can remove the
warning about using pre-generated SWIG files with a different setting
for the --enable-wsf flag.
Binding: skip lasso_data_service_get_query_item
* bindings/overrides.xml:
bindings do not support out arguments, so skip generating bindings
for lasso_data_service_get_query_item for the moment.
Core: set tar-pax as dist file format
* configure.ac:
we could have more than 99 characters long path in the dist files,
the pax format for tar archives support it.
ID-WSF 1.0: Fixed missing or deprecated functions in public headers
Some new functions were missing from the headers, others were deprecated
some time ago and as the API is not considered stable for ID-WSF, I
removed them definitely.
2009-08-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Bindings: Skip lasso_data_service_get_answers
* bindings/overrides.xml: skip unsupported function.
Tests: add configuration file loading to integration test
* tests/integration/README:
* tests/integration/saml2/__init__.py:
If ~/.config/lasso_integration.conf exists, load it to find path to
authentic and lcs.
Add support for three environement variables:
- LASSO_BUILDDIR, to specify an out of source build directory to
test,
- NO_SILENT, to allow authentic and lcs outputs,
- VALGRIND, to check memory leaks using valgrind.
2009-08-26 Frederic Peters <fpeters@entrouvert.com>
Call gtkdocize before automake
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: errors.c is a generated file, when generating it place it in $(srcdir) not build directory
* lasso/Makefile.am:
the place for errors.c is in the source directory, not the build
directory.
SAML 2.0: Fix bug introduced in commit 4235
* lasso/saml-2.0/login.c:
profile->msg_url is released before being used ;( Restore the code
copying the URL before passing it to
lasso_saml20_profile_build_http_redirect, to free it after.
Core: Fix errors.c generation
XML SAML2: remove typedef of LassoSaml2Assertion in saml2_advice.h and saml2_evidence.h
* xml/saml-2.0/saml2_advice.h xml/saml-2.0/saml2_evidence.h:
the declaration of LassoSaml2Assertion for supposedly preventing
recursive include is useless now.
Core: fix spurious semi-colon inserted in commit 4093
* lasso/errors.h:
remove useless semi-colon
Core: add assertion query to exported profiles
* lasso/lasso.h:
include lasso/saml-2.0/assertion_query.h
XML: Add all including header fil for saml2, id-ff and id-wsf
* lasso/xml/xml_idff.h:
this header file reference all id-ff 1.2 elements
* lasso/xml/xml_idwsf.h:
this header file reference all id-wsf 1.0 elements
* lasso/xml/saml-2.0/xml_saml2.h:
this header file reference all saml-2.0 elements
Core: Remove include of lasso.h in registry.h
* lasso/registry.h:
include of lasso.h is useless, replace by including directly export.h
* lasso/registry.c:
directly include errors.h
ID-WSF: remove OFTYPE usage from header
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Docs: change the doc production and lot of other fixes
* lasso/Makefile.am:
distribute extract_sections.py
* docs/references/lasso/lasso.types.in: add missing class (mainly SAML2
and ID-WSF 1.0/2.0) from docs/references/lasso.types.in
* lasso/xml/strings.h:
add lots of documentation, or at least documentation template to
strings constants.
* id-ff/login.h:
* saml-2.0/assertion_query.h:
* xml/xml.h:
document undocumented enumerations.
* lasso/errors.h:
add proper documentation about error codes.
* lasso/errors.c:
new version of the lasso_strerror function
* lasso/build_strerror.py:
update the script that generater lasso_strerror from the
documentation comments.
Remove usage of OFTYPE
* lasso/id-ff/session.c:
* lasso/id-ff/session.h:
remove usage of oftype, prefer gtk-introspection annotations instead.
* lasso/id-wsf/data_service.h:
* lasso/id-wsf/data_service.c:
do the same.
Add a script to build lasso-sections.txt
* lasso/extract_sections.py:
this script parses header files and generated lasso-sections.txt
content for GObject class descriptions.
Add a template file for the lasso-section.txt file
* docs/references/lasso-sections.txt.in:
this file serves as a base for the generation of lasso-sections.txt
Update docs/references/Makefile.am for generating lasso-sections.txt
* docs/references/Makefile.am:
always rebuild template, using out of source build directory is too
weird without it.
call new script extract_sections.py to regenerate lasso-sections.txt
if header files changed.
Update lasso.sgml file with all missing sections
* docs/reference/lasso.sgml:
add all missing sections, mainly objects from XML schemas.
* docs/reference/lasso-sections.txt: update it
* *.c: add section documentation to some files.
* lasso/xml/strings.h: fix bad usage or docbook markup
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: fix makefile for generating errors.h in out of source dir build
* lasso/Makefile.am:
errors.h is expected to be in srcdir not builddir.
Bindings: for functions that must be totally skiped do it during parsing
* bindings/bindings.py:
parsing of argument type is still not advanced enough, so in order to
remove spurious warnings, skip function directly during parsing just
before the treatment of function signature.
Tests: in integration test do not set the PYTHONPATH
* tests/integration/saml2/__init__.py:
to permit using build directory different from the src directory, do
not force the PYTHONPATH to be relative to src dir to find lasso
python module.
Tests: do not hardcode PYTHONPATH in the valgrind wrapper
* tests/integration/valgrind-wrapper.sh: remove PYTHONPATH setting.
Tests: distribute integration tests
* tests/Makefile.am:
add integration directory to the distdir.
Core: Use automake-1.11 when possible
* Makefile.am:
use new automake-1.11 silent rules if possible
move macros to m4 directory
* m4/gtk-doc.m4:
add gtk-doc macros.
* lasso/Makefile.am:
add missing -f flag to rm, to unbreak make distcheck
* docs/references/Makefile.am:
fix problem between libtool and gtk-doc
* autogen.sh:
update to autogen.sh from gtk-doc, add support for automake-1.11
Tests: Add data files to EXTRA_DIST
* tests/data/Makefile.am:
data file for tests2 were missing (to pass distcheck).
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
XML: remove all useless instance_init functions
* Use Coccinelle semantic patch tool (http://coccinelle.lip6.fr/) to
remove useless instance_init functions, the first patch applied was:
@@
type T,V;
identifier I, J;
parameter list P;
expression E1;
@@
V instance_init(T node)
{
<...
(
- E1 = 0;
|
- E1 = NULL;
|
- E1 = FALSE;
)
...>
}
It removes useless initialization to 0 (GObject already zeroes
allocated objects).
The second one is:
@ rule1 @
type T;
identifier node,fn;
@@
- static void fn(T *node) { }
@ rule2 extends rule1 @
typedef GType, GInstanceInitFunc;
identifier type_constructor;
@@
GType type_constructor()
{
<...
- (GInstanceInitFunc)fn
+ NULL
...>
}
It removes empty instance_init functions.
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
sb2:TargetIdentity can have a content
* lasso/xml/id-wsf-2.0/sb2_target_identity.c:
* lasso/xml/id-wsf-2.0/sb2_target_identity.h:
add support for any content.
All: Rework include files handling, separated ID-WSF code from SAML2/ID-FF code
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
Bindings: skip ID-WSF methods with unsupported signatures
* bindings/overrides.xml:
some functions have output parameters (pointer on pointers) that are
currently not supported by our binding generator, so we skip them.
SWIG: unplug id-wsf support in SWIG
* swig/Lasso.i:
force LASSO_WSF_ENABLED to be undefined.
Tests: allow tests2 to pass distcheck
* tests/Makefile.am
add an SRCDIR symbol.
remove unused include paths.
* tests/tests2.c:
use SRCDIR to find data files.
Tests: remove internal content from data files
* tests/data/response-3:
this dump of a SAML message contains elements and attribute outside
the SAML schema, implementation detail from Lasso. They broke
execution of tests/tests2.
XML&SAML 2.0: add missing include files
* lasso/xml/saml-2.0/saml2_encrypted_element.h:
xmlSecKey is present in a function signature, so include
xmlsec/xmlsec.h.
SWIG: implement change to LassoSession in the SWIG interface file
* swig/Lasso.i:
remove LassoSession::is_dirty attribute and rewrite the
getProviderIds function.
XML: only recurse into xml/id-wsf subdirs if --enable-wsf is true
* lasso/xml/Makefile.am:
put id-wsf and id-wsf2 subdirs under a conditionnal.
ID-WSF 1.0: remove absent header file from the Makefile.am
* lasso/id-wsf/Makefile.am:
remove data_service_private.h from header file list.
Core: SOAP is also used by SAML bindings
* extract_symbols.py, extract_types.py:
export SOAP types whatever the value of the flag --enable-wsf.
It still worked because constructor for GObject calls get_type, but
there is a race condition: if you receive a SOAP message before
sending one, it fails. Only soap_binding types must be removed.
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-FF&Core: Seal public field of LassoSession
* id-ff/session.h: seal public fields.
* id-ff/session.c, id-ff/sessionprivate.h: add accessors for reading
the is_dirty flag and counting store assertions.
* id-ff/logout.c, id-ff/login.c, saml-2.0/login.c, saml-2.0/logout.c,
saml-2.0/profile.c: use the new accessors.
* id-ff/profile.c: include the private header file, use the new
accessors, and remove unnecessary setting of is_dirty to FALSE (it
should be false at instanciation).
* utils.h: add a macro to access private content, prepare for using
G_TYPE_INSTANCE_GET_PRIVATE and the GObject infrastructure for
private structures eventually.
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF 2.0: remove unused variable
- lasso/id-wsf-2.0/discovery.c: remove unused variable in discovery.c
Core: fix bad name of lasso_unlink_and_release_node
* lasso/utils.h:
- rename lasso_unlink_and_release_node to
lasso_release_list_of_xml_node.
- add a GList iteration macro: lasso_foreach.
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-WSF: Lots of modifications
Migrate lots of code to use new utility macros. Try to simplify most
code paths or to factorize with LassoWsfProfile.
* lasso/id-wsf/wsf_profile.c:
Add API:
- lasso_wsf_profile_build_soap_response_msg to build SOAP fault for
Lasso errors,
- lasso_wsf_profile_set_msg_url_from_description, to set the
destination URL using the chosen LassoDiscoDescription (with
respect to the security mechanism),
- lasso_wsf_profile_init_soap_response to initialize a response to
the current request, to use in sub classes,
- lasso_wsf_profile_get_remote_provider_id, retrieve the SOAP
binding corresponding information,
- lasso_wsf_profile_get_remote_provider, simplification of
lasso_wsf_profile_get_remote_provider_id,
- lasso_wsf_profile_get_soap_fault, retrieve the last setted SOAP
fault, used by sub classes,
- lasso_wsf_profile_set_soap_fault, set a SOAP fault, to be returned
by the next call by lasso_wsf_profile_build_soap_response_msg, to
use in sub classes,
- lasso_wsf_profile_set/get_status_code, set/get the stored status
code, to use in the next lasso_xxx_build_response_message, to use
in sub classes.
Change name lasso_wsf_profile_get_description_autos to
lasso_wsf_profile_get_description_auto.
Do not access directly the session is_dirty field (it has been
sealed).
* lasso/id-wsf/wsf_profile.h:
Add helper macro lasso_wsf_profile_helper_set_status to set status
code of an ID-WSF response message containing a Status element using
the stored status code.
* lasso/id-wsf/wsf_profile_private.h:
Add new fields (moved public fields).
Add lasso_wsf_profile_set_msg_url_from_description,
lasso_wsf_profile_build_soap_fault_response_msg.
* lasso/id-wsf/data_service_private.h:
Remove file.
* lasso/id-wsf/data_service.h: Remove all public fields.
* lasso/id-wsf/data_service.c:
Remove private structure. Use the equivalents LassoWsfProfile private
fields. Update documentation. Use LassoWsfProfile generic functions
for initializing requests. Add API lasso_data_service_get_query_item,
lasso_data_service_get_answers, lasso_data_service_get_answer,
lasso_data_service_get_answers_by_select,
lasso_data_service_get_answer_for_item_id,
lasso_data_service_add_modification.
Remove lasso_data_service_need_redirect_user use equivalent function
lasso_interaction_profile_service_build_redirect_response_msg. Remove
lasso_data_service_get_resource_offering,
lasso_data_service_set_offering.
* lasso/id-wsf/discovery.c:
Add documentation. Change some signatures. Remove
lasso_discovery_get_description_auto. Change name of
lasso_discovery_init_insert to lasso_discovery_init_modify. Add a
generic lasso_discovery_process_request_msg.
Add internal function lasso_discovery_init_offering, to get
automatically an offering if possible. Remove useless init_from_xml.
Rework lasso_discovery_build_credential implementation.
overloading. Remove lasso_discovery_destroy.
* lasso/id-wsf/discovery.h:
Remove lasso_discovery_destroy.
* lasso/id-wsf/interaction_profile_service.c:
Add lasso_interaction_profile_service_build_redirect_response_msg.
* lasso/id-wsf/personal_profile_service.c:
Update lasso_personal_profile_service_get_email to use
lasso_data_service_get_answers_by_select.
* lasso/xml/dst_modify.c:
make modification parameter optional to the constructor.
2009-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: Add new error types
* lasso/errors.h lasso/errors.c:
add error types: LASSO_ERROR_CAST_FAILED,
LASSO_DATA_SERVICE_CANNOT_ADD_ITEM,
LASSO_WSF_PROFILE_ERROR_INVALID_OR_MISSING_REFERENCE_TO_MESSAGE_ID,
LASSO_DST_ERROR_QUERY_NOT_FOUND, LASSO_DST_ERROR_NO_DATA,
LASSO_DST_ERROR_MALFORMED_QUERY.
XML: Add time formatting function for ISO 8601 format
* xml/private.h:
* xml/tools.c:
add util function to format time_t values in the ISO 8601 format.
XML: Add any attribute parsing to Saml2AttributeValue
* xml/saml-2.0/saml2_attribute_value.h:
add new public field GHashTable *attributes;
* xml/saml-2.0/saml2_attribute_value.c:
add parsing instructions to populate attributes field.
XML: add documentation for lasso_eval_xpath_expression
* lasso/xml/tools.c: add documentation for xpath helper evaluation
function lasso_eval_xpath_expression.
XML: add string constant for client soap errors
* lasso/xml/strings.h: add new string constant
LASSO_SOAP_FAULT_CODE_CLIENT.
XML: add documentation for lasso_idwsf2_disco_svc_md_register_new_full
* lasso/xml/id-wsf-2.0/disco_svc_md_register.c: add documentation
for constructor function lasso_idwsf2_disco_svc_md_register_new_full.
ID-WSF 1.0: Add new error to signal unknown entry
* lasso/errors.{c,h}: add a new error for the ID-WSF 1.0 module, to
signal unknown entry in discovery responses.
SWIG Binding: reflect changes in the signature of struct LassoIdWsfDiscovery
* swig/Lasso-wsf2.i (LassoIdWsfDiscovery):
add new fields metadatas and svcMDIDS, remove old ones (metadata
and svcMDID).
ID-WSF 1.0: fix off-by one ref counting error in lasso_wsf_profile_init_soap_request
* lasso/id-wsf/wsf_profile.c (lasso_wsf_profile_init_soap_request):
envelope is an argument, increment its ref count
before storing it.
ID-WSF 1.0: improve error recovery in lasso_wsf_profile_comply_with_saml_authentication
* lasso/id-wsf/wsf_profile.c
(lasso_wsf_profile_comply_with_saml_authentication):
reuse existing wsse-security element if present,
remove useless comments, move core code after argument type checks,
return error if enveloppe or header is missing,
fail if any referenced assertion is missing,
correctly handle reference count of wsse_security depending on
the situation (new or reused).
ID-WSF 1.0: fix memory leak
* lasso/id-wsf/discovery.c (lasso_discovery_add_insert_entry):
the rule is that callee is responsible for becoming owner of a resource,
so no g_object_ref before a call on an argument.
ID-WSF 2.0: publicize lasso_idwsf2_profile_build_soap_envelope
* lasso/id-wsf-2.0/profile.c, lasso/id-wsf-2.0/profile.h
(lasso_idwsf2_profile_build_soap_envelope):
as for ID-WSF 1.0 export this function to allow easier implementation
of external ID-WSF 2.0 services. remove FIXME comment and fill
equivalent bugzilla reports.
ID-WSF 2.0: review lasso_idwsf2_discovery_process_metadata_register_response_msg
* lasso/id-wsf-2.0/discovery.c
(lasso_idwsf2_discovery_process_metadata_register_response_msg):
change return code variable to rc, move argument casting after argument
type check, copy all the service metadata ids,
ID-WSF 2.0: review lasso_idwsf2_discovery_process_metadata_register_msg
* lasso/id-wsf-2.0/discovery.c
(lasso_idwsf2_discovery_init_metadata_register):
add documentation comment, move argument casting after type checking,
change return code name to rc to comply with standardisation,
use lasso_build_unique_id instead of duplicating the code,
add iteration over all the registered service, add iteration
to return all the generated service metadata ids, use new assignment
macros.
* lasso/id-wsf-2.0/discovery.h (struct _LassoIdWsf2Discovery):
change field LassoIdWsf2DiscoSvcMetadata metadata to GList* metadatas
and gchar *svcMDID to GList *svcMDIDs in order to support multiple
services in requests.
ID-WSF 2.0: review lasso_idwsf2_discovery_metadata_register_self
* lasso/id-wsf-2.0/discovery.c
(lasso_idwsf2_discovery_metadata_register_self):
Add documentation, add code for getting the service URL.
ID-WSF 2.0: add documentation to lasso_idwsf2_discovery_register_self
* lasso/id-wsf-2.0/discovery.c (lasso_idwsf2_discovery_register_self)
move casting after argument type check, simplify code by using
lasso_build_unique_id, remove useless comments
ID-WSF 2.0: simplify gobject boilerplate
* lasso/id-wsf-2.0/discovery.c: (get_xmlNode, instance_init, class_init)
remove useless method get_xmlNode, remove useless NULLing or
instance fields.
ID-WSF 2.0: use new macros
* lasso/id-wsf-2.0/data_service.c (lasso_idwsf2_data_service_init_query,
lasso_idwsf2_data_service_parse_query_items,
lasso_idwsf2_data_service_init_modify,
lasso_idwsf2_data_service_parse_one_modify_item,
lasso_idwsf2_data_service_parse_modify_items):
add cast, change macros for stealing version, fix name of macro
* lasso/id-wsf-2.0/profile.c: (lasso_idwsf2_profile_init_soap_request)
use list handling macro, add missing casts
* lasso/id-wsf-2.0/discovery.c:
(lasso_idwsf2_discovery_process_metadata_association_add_msg,
lasso_idwsf2_discovery_init_query) add missing casts
ID-WSF 2.0: add a new constructor for UtilStatus
- lasso/xml/id-wsf-2.0/utils_status.h (lasso_idwsf2_util_status_new_with_code):
this constructor allow to construct and fill a UtilStatus node with
one line. It has two arguments to construct nested two level
status objects (with two status codes). If you omit the second
argument you get a one level status object.
ID-WSF 2.0: add initialization of local variables
ID-WSF 2.0: Use new XPath API in DST
- lasso/id-wsf-2.0/data_service.c:
- lasso_idwsf2_data_service_parse_query_items: use the new API to
remove error outputs from libxml, and generate an additional status
code containing newly returned libxml error code.
- lasso_idwsf2_data_service_parse_one_modify_item: use the new API.
XML: add API to simplify evaluation of XPath expressions
* lasso/xml/tools.c,lasso/xml/private.h:
- lasso_eval_xpath_expression(xmlXPathContextPtr xpathCtx,
const char *expression, xmlXPathObjectPtr *xpathObjectPtr,
int *xpathErrorCode) is a boolean returning function handling call
to libxml API to evaluate en XPath expression in the xpathCtx
context. It eventually save the returned nodeset in the variable
pointed by xpathObjectPtr if it is not-NULL
(and eventually deallocate previous value)
and if an error happend it copy its code into the variable
pointed to by xpathErrorCode if it is not NULL.
Tests: Add a fourth data loading test
* tests/data/response-4: test content
* tests/tests2.c: add loading of the new file.
2009-07-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Only recurse into id-wsf if it is enabled
* lasso/Makefile.am:
only add id-wsf and id-wsf-2.0 to SUBDIRS if wsf is enabled.
Fix: backward_comp.h is missing from tarballs.
* lasso/Makefile.am:
add backward_comp.h to EXTRA_DIST
2009-06-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Python Binding: fix bug of uninitialized ppos argument to PyDict_Next
* bindings/pyhton/wrapper_top.c (set_hashtable_of_pygobject):
second argument (int*ppos) of PyDict_Next must be reinitialized to
zero before each traversal (see Python C API
http://docs.python.org/c-api/dict.html).
Patch from Iban Rodríguez of the Desarrollo de Producto Electrónico,
Spain.
2009-06-15 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Update doap file
Do not remove signatures on assertion when using HTTP Redirect
* lasso/saml-2.0/profile.c:
HTTP Redirect binding mandate to remove signature at the SAML message
level, but signatures at the assertion, especially if the SP asked for
it, must be preserved.
2009-05-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix bug in lasso_registry_destroy / shutdown
* lasso/registry.c:
if not initialized, do not free. do not segfault on NULL argument.
Do not respect default semantic of dst:Query
* lasso/id-wsf-2.0/data_service.c:
the specification for data service template indicat that the query
must fail at the first failing query, we think this is a stupid
behaviour so I set the default to keep running query until the last
one and returning a partial result if at least one failed and a
failed result if absolutely no query matched.
* lasso/id-wsf-2.0/private.h:
declare the lasso_flag_follow_id_wsf_supid_semantic flag.
* lasso.c:
declare the lasso_flag_follow_id_wsf_supid_semantic flag, it's
conditionned by the LASSO_WSF_ENABLED preprocessor symbol.
2009-04-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add valgrind support to integration tests
* tests/integration/saml2/__init__.py:
if /usr/bin/valgrind exist, use script valgrind-wrapper.sh to launch
tests, it stores log files in {authentic,lcs}_$ISODATE_pid$PID.log.
Fix leak in python binding
* bindings/python/wrapper_top.c:
keep a pointer on beginning of list to free it.
Fix leak of mapping registry
* lasso/lasso.c:
* lasso/registry-private.h:
* lasso/registry.c:
make the registry be freed in lasso_shutdown.
ID-FF 1.2: Fix leaks, reduce code
* id-ff/login.c:
* id-ff/logout.c:
* id-ff/profile.c:
* id-ff/provider.c:
* id-ff/server.c:
fix leaks by using field setting macros which frees previous values,
it also reduce code length sometimes.
Export the new flag
* lasso/debug.h:
export new flag lasso_flag_sign_messages.
Fix leaks in tests
* basic_tests.c:
* login_tests.c:
* login_tests_saml2.c:
* random_tests.c:
free replaced string, unref used nodes, initialize local variables
when necessary, free newly allocated strings.
Add a script to format suppression file
* tests/format-suppressions.py:
this is the script used to generate valgrind/lasso.supp and
valgrind/glib.supp.
Add a stress test for serializing/deserializing code
* Makefile.am:
add targets
* tests2.c:
this simple makes lots of serializing, deserializing.
* data/response-1:
* data/response-2:
* data/response-3:
data test files
SAML 2.0: Fix many leaks
* lasso/saml-2.0/login.c:
* lasso/saml-2.0/logout.c:
* lasso/saml-2.0/name_id_management.c:
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/provider.c:
do not mix g_malloc strings with libxml strings, use the
string/gobject handling macros as much as possible, be a good memory
citizen, don't put your elbows on the table.
LassoNode: Fix leaks
* lasso/xml/xml.c:
fix more and more leaks.
Add debugging code to lasso_node_impl_init_from_xml
* lasso/xml/xml.c:
add more debugging code for the memory-debug flag.
Add debugging code to lasso_set_orginal_xmlnode
* lasso/xml/xml.c:
add code to trace allocation and deallocation of original xmlnode
associated to LassoNodes.
Remove useless code
* lasso/xml/lib_authentication_statement.c:
* lasso/xml/saml-2.0/samlp2_name_id_policy.c:
* lasso/xml/saml_name_identifier.c:
remove useless initialization code.
Fix leak in lasso_url_add_parameters
* lasso/xml/tools.c:
in lasso_url_add_parameters free intermediate strings.
Fix debug echo on stdout
* lasso/utils.h:
make lasso_mem_debug output on stderr and not stdout
Add new valgrind memleak suppression files
* tests/valgrind/glib.supp:
suppress all "static" allocation by glib, usually for the type
system.
* tests/valgrind/lasso.supp:
suppress allocations from lasso that we cannot actually remove, they
are all from "called only once" code, so it should not really be a
problem for embedded codes.
2009-04-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
More work on signature validation for SAML 2.0
* lasso/saml-2.0/profile.c:
in lasso_saml20_profile_process_any_request and
lasso_saml20_profile_process_any_response do not make signature
validation failure as call failure, just store the result in
profile->signature_status and let the upper level functions handle
what to do with it. also add documentation about those two functions.
* lasso/saml-2.0/logout.c:
* lasso/saml-2.0/name_id_management.c:
handle new signature_status semantic.
* lasso/saml-2.0/login.c:
add internal documentation for
lasso_saml20_login_process_authn_response_msg.
2009-04-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Update signature_status when checking signature on assertions
* lasso/saml-2.0/login.c:
if signature_status is SIGNATURE_NOT_FOUND, check one on the
assertion and keep the result in signature_status.
Increase wait time for integration test
* tests/integration/saml2/__init__.py:
wait 5 seconds for dameons to start.
review later
FIX: verify assertion signature for SAML 2.0 when response is not signed
* lasso/saml-2.0/login.c:
if response was not signed, check the signature on the assertion.
new function lasso_saml20_login_check_assertion_signature()
* lasso/saml-2.0/login.c:
lasso_saml20_login_check_assertion_signature() find the issuer of an
assertion, look it up in the server object and try to validate its
signature. It returns an error code if any of this step fails.
Test: Remove spurious debugging printf
* tests/login_tests_saml2.c:
remove debug code.
Add keep_xmlnode flag to SAML 2.0 req, resp and assertions
* lasso/xml/saml-2.0/saml2_assertion.c:
* lasso/xml/saml-2.0/samlp2_request_abstract.c:
* lasso/xml/saml-2.0/samlp2_response.c:
* lasso/xml/saml-2.0/samlp2_status_response.c:
set keep_xmlnode flag to 1 in class_init.
new function lasso_profile_get_server()
* lasso/id-ff/profile.c:
* lasso/id-ff/profile.h:
in a move to try to remove direct access to object content, add a
function to retrieve the LassoServer object of a LassoProfile.
* bindings/overrides.xml:
it conflicts with direct access to the public field server, so we do
not export it in the binding for now.
fix: in lasso_verify_signature() only look for the first direct child Signature element
* lasso/xml/tools.c:
in SAML message signatures are usually envelopped signatures, so just
lookup for the first direct child which is a Signature node.
fix: handle non-LHS argument for lasso_extract_node_or_fail()
* lasso/utils.h:
create a temporary varaible to store result of second argument
evaluation to prevent spurious side effects.
lasso_saml20_profile_init_artifact_resolve(): check http_method
* lasso/saml-2.0/profile.c:
check the given http_method it must one in
- LASSO_HTTP_METHOD_ARTIFACT_POST,
- LASSO_HTTP_METHOD_ARTIFACT_GET.
lasso_login_init_request(): change error code for invalid artifacts
* lasso/id-ff/login.c:
if artifact is invalid return LASSO_PROFILE_ERROR_INVALID_ARTIFACT as
in lasso_saml20_profile_init_artifact_resolve().
Complete documentation of lasso_login_init_request
* lasso/id-ff/login.c:
add precision on usage. add all possible return codes with meanings.
lasso_login_init_authn_request: complete doc
* lasso/id-ff/login.c:
add all possible return codes and their meaning.
lasso_login_init_authn_request: change error code for missing remote provider ID
* lasso/id-ff/login.c:
change the return code for when no remote provider ID could be
defined (because the argument is NULL and the server object contains
no providers) so that we can distingish the case where the given
provider is unknown or if there is no providers configured.
Add a deprecated tag to lasso_login_destroy doc
* lasso/id-ff/login.c:
all destroy functions are deprecated, g_object_unref() should be used
instead.
Complete documentation of lasso_login_byuld_response_msg
* lasso/id-ff/login.c:
add all possible return codes with meaning.
Complete documentation of lasso_login_build_request_msg
* lasso/id-ff/login.c:
add all possible return codes with meaning.
Complet documentation for lasso_login_build_authn_response_msg
* lasso/id-ff/login.c:
add all possible return codes with meaning.
Complete documentation of lasso_login_build_authn_request
* lasso/id-ff/login.c:
add all possible return codes with meaning.
Complete documentation for lasso_login_build_artifact_msg
* lasso/id-ff/login.c:
add all possible return codes with meaning.
Complet documentation of lasso_login_accept_sso
* lasso/id-ff/login.c:
add all possible return codes.
Complete doc for static function lasso_login_musk_ask_for_consent
* lasso/id-ff/login.c:
precise return value meaning.
Complete document of lasso_login_build_assertion
* lasso/id-ff/login.c:
add possible return codes.
Complete doc of lasso_logout_validate_request
* lasso/id-ff/logout.c:
add description of all possible return codes.
2009-04-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Rework cleanup handling
* lasso/utils.h:
change 'goto exit' for 'goto cleanup'. rename all goto_exit macros to
goto_cleanup_. rename goto_cleanup_if_fail to
goto_cleanup_if_fail_with_rc and add a
goto_cleanup_if_fail for function which do not return an integer
value. add documentation for goto_cleanup macro family.
* lasso/id-ff/login.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
* lasso/saml-2.0/profile.c:
* lasso/utils.h:
* lasso/xml/lib_logout_request.c:
* lasso/xml/tools.c:
* lasso/xml/xml.c:
update name of goto_exit_if_fail macros. rename 'exit' labels to
'cleanup'.
XML: Fix prefix clobbering by xsi:type handling
* lasso/xml/xml.c:
if xsi:type is not able to find a GObject typename for the current
node, then do not erase the actual prefix value. change prefix type
to const char.
SAML 2.0: Use new API lasso_url_add_parameter
* lasso/saml-2.0/profile.c:
use new API lasso_url_add_parameter to handle RelayState parameter
creation.
SAML 2.0: Check http_method in build_artifact_msg
* lasso/saml-2.0/login.c:
if http_method is not among ARTIFACT_GET and ARTIFACT_POST, return an
INVALID_HTTP_METHOD error.
Tests: Add test parsing a Ping Federate assertion.
* tests/basic_tests.c:
load data/response-1 and try to parse it.
Add a new internal API for parameters building
* xml/tools.c:
add lasso_url_add_parameter that concat the string &key=value to an
existing URL where key and value are url-encoded.
* xml/private.h:
declare lasso_url_add_parameter.
Tests: Add a SAML2 login test
* tests/login_tests_saml2.c:
add a C login test for SAML 2.
* tests/Makefile.am:
add the new test to dependencies.
2009-04-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
If no typename could be determined, stop parsing.
* lasso/xml/xml.c:
in lasso_node_new_from_xmlNode if no typename is found for the given
xmlNode, return NULL.
2009-04-17 Jerome Schneider <jschneider@entrouvert.com>
Fix python 2.4 binding build
2009-04-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: Add cast to first argument of isalnum
* lasso/xml/xml.c:
* lasso/xml/tools.c:
isalnum takes a int as first arg.
Core: add an header file for backward compatibility
* lasso/backward_comp.h:
this header will contain substitue function, defines or types for
compatibility with older versions of dependencies.
* lasso/utils.h:
remove declaration of g_strcmp0
* lasso.c:
* tests/login_tests.c:
use backward_comp.h
2009-04-09 Jerome Schneider <jschneider@entrouvert.com>
Fix build issues on amd64 / gcc 4.3
* bindings/java/lang.py:
fix cast issue
* bindings/python/wrapper_top.c
fix type issue
* lasso/registry.c
fix cast issue
2009-04-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Tests&Core: add g_strcmp0 if glib is old
* lasso/utils.h:
if glib is older than 2.16, export g_strcmp0 as part of internal
headers, in order to use it in login_tests.c
* tests/login_tests.c:
include utils.h
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Update website download page
* website/web/download/index.xml:
update link for last release download
* website/web/news/13-release-2.2.2.xml:
add news about release 2.2.2
Update lasso version to 2.2.2
* configure.ac:
* fedora/lasso.spec:
* lasso.doap:
update lasso version to 2.2.2, this commit will be the reference for
the 2.2.2 release.
Makefile: change dependencies to pass distcheck
* lasso/Makefile.am:
source dependencies must refer to $(srcdir) in order to pass
distcheck, I forgot to do it in types.c and symbols.sym target
changes.
ID-FF 1.2: if logout request parsing fails, take a shortcut
* lasso/xml/lib_logout_request.c:
immediately return from init_from_query if overloaded parent method
fails.
SAML 2.0: Update generic relaystate handling
* lasso/saml-2.0/profile.c:
in lasso_saml20_profile_build_redirect_request_msg and
lasso_saml20_profile_build_redirect_response, use new function
lasso_saml20_profile_build_http_redirect.
Core: add a add-signature flag
* lasso/debug.h:
* lasso/lasso.c:
add a lasso_flag_add_signature flag variable (default to TRUE),
and parsing code to change it from LASSO_FLAG environment variable.
("env LASSO_FLAG=no-add-signature test").
ID-FF 1.2: Only verify InResponseTo if strict checking is on
* lasso/id-ff/login.c:
add condition upon checking of the InResponseTo field: checks only if
strict checking is activated as it could stop old code using Lasso
from working.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: Add a flag for enabling more strict checking
* lasso/debug.h:
declare lasso_flag_strict_checking global boolean variable.
* lasso/lasso.c:
add parsing for new option called 'strict-checking'.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
XML: use macro for assignment
* lasso/xml/xml.c: use standardized assignment macros (it takes care of
releasing previous valuesm and other peculiarities associated with
safe pointer usage).
ID-FF 1.2: Add trace in dispose for LassoProfile
* lasso/id-ff/profile.c: add tracing code activaged by
LASSO_FLAG=memory-debug to print release of field values.
Complement the existing code in generic deallocation procedure in
LassoNode.
Core: debug.h need export.h
* lasso/debug.h:
export.h is needed for the LASSO_EXPORT macro.
Core: Macros to print deallocation messages
* lasso/utils.h:
lasso_mem_debug print deallocation message with respect to class and
field.
Core: remove type check equality on gobject macros
* lasso/utils.h:
assignment to the temporary variable allow to check for the typing,
do not use lasso_check_type_equality.
Core: add macros to handle xmlSecKey
* lasso/utils.h:
macros to assign and release xmlSecKey(s).
XML: fix memory leaks
* lasso/xml/tools.c:
* lasso/xml/xml.c:
release xmlDoc, properly steal nodes by using xmlSetTreeDoc(xmlnode, NULL);
ID-FF 1.2: fix style fault
* lasso/id-ff/defederation.c:
* lasso/id-ff/logout.c:
* lasso/id-ff/profile.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
add missings casts, remove useless wrappers
* lasso/id-ff/logout.c:
In lasso_logout_process_request_msg change sequence of "if" for a
"switch".
ID-FF 1.2: fix some real and potential memory leaks
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
use macros to release previous value when necessary,
release object used as parameters to constructors,
free the encryption key associated with a provider,
release the key manager created for a saml signature
verification.
Test: add missing release of objects and memory
* tests/basic_tests.c:
* tests/login_tests.c:
* tests/metadata_tests.c:
* tests/random_tests.c:
* tests/tests.c:
add missing g_free and g_object_unref calls.
Bindings: skip DEPRECATED variables
* bindings/bindings.py: when parsing headers, skipped deprecated struct
fields.
ID-FF 1.2: Add handling of relaystate for logout requests
* lasso/id-ff/logout.c (lasso_logout_process_request_msg,
lasso_logout_validate_request): transfer relaystate from request
message to profile field.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Autoconf: Do not include optimisation flags in AM_CFLAGS
* configure.ac: when --enable-debugging set CFLAGS,
do not modify AM_CFLAGS.
ID-FF 1.2 Tests: Add test for relaystate
* tests/login_tests.c:
- (test02_serviceProviderLogin) add assertion concerning the relaying
of the RelayState parameter during an SP initiated SSO.
ID-FF 1.2 Login: Use allocation macros
* lasso/id-ff/login.c: (lasso_login_init_authn_request) again a passing by
correction, use lasso_assign_string for copying information from
the request to the profile object.
ID-FF 1.2: Handle RelayState inside LassoLogin
* lasso/id-ff/login.c:
- (lasso_login_init_request) catch RelayState in the query_fields and
copy it to msg_relayState
- (lasso_login_process_authn_request_msg) copy RelayState from the
request object to the profile object.
XML ID-FF 1.2 & SAML 2.0: Handle signature failure
* lasso/xml/saml_assertion.c:
* lasso/xml/samlp_response_abstract.c:
* lasso/xml/samlp_request_abstract.c:
* lasso/xml/saml-2.0/samlp2_request_abstract.c:
* lasso/xml/saml-2.0/saml2_assertion.c:
* lasso/xml/saml-2.0/samlp2_status_response.c:
if a failure occur in the signing process, free the xmlnode, return
NULL and print a warning.
XML SAML 2.0: Delete parent_class static variable
* lasso/xml/saml-2.0/samlp2_manage_name_id_request.c,
lasso/xml/saml-2.0/samlp2_manage_name_id_response.c,
lasso/xml/saml-2.0/samlp2_name_id_mapping_request.c,
lasso/xml/saml-2.0/samlp2_name_id_mapping_response.c.
lasso/xml/saml-2.0/samlp2_subject_query_abstract.c:
- remove static variable parent_class
- (class_init) remove intialization of parent_class
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
XML SAML 2.0: Mark RelayState field from SAML 2.0 deprecated
* lasso/xml/saml-2.0/samlp2_authn_request.c,
lasso/xml/saml-2.0/samlp2_logout_request.c,
- (instance_init) remove initialization of relayState field
* lasso/xml/saml-2.0/samlp2_logout_response.c:
- (instance_init) remove empty function, since it
only initialized relayState.
- (lasso_samlp2_logout_reponse_get_type) remove instance_init
from the type initialization structure.
* lasso/xml/saml-2.0/samlp2_authn_request.h,
lasso/xml/saml-2.0/samlp2_logout_request.h,
lasso/xml/saml-2.0/samlp2_logout_response.h:
- (struct _LassoSamlp2*) mark relaystate field as deprecated.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
XML SAML 2.0: Clean query string parsing/building
* lasso/xml/saml-2.0/samlp2_status_response.c:
- (init_from_query) remove useless stub code for parsing RelayState
* lasso/xml/saml-2.0/samlp2_response.c,
lasso/xml/saml-2.0/samlp2_name_id_mapping_response.c,
lasso/xml/saml-2.0/samlp2_logout_response.c,
lasso/xml/saml-2.0/samlp2_manage_name_id_response.c, :
- (class_init) remove overloading of init_from_query, use version
from samlp2_status_response instead.
- (init_from_query) Useless so deleted.
* lasso/xml/saml-2.0/samlp2_request_abstract.c:
- (class_init) add overloaded method for init_from_query virtual
method.
- (init_from_query) generic implementation for SAML 2.0 requests
* lasso/xml/saml-2.0/samlp2_subject_query_abstract.c,
lasso/xml/saml-2.0/samlp2_authn_request.c,
lasso/xml/saml-2.0/samlp2_logout_request.c,
lasso/xml/saml-2.0/samlp2_manage_name_id_request.c,
lasso/xml/saml-2.0/samlp2_name_id_mapping_request.c,
lasso/xml/saml-2.0/samlp2_assertion_id_request.c:
- (class_init) remove overloading of init_from_query, use version
from samlp2_request_abstract instead.
- (init_from_query) Useless so deleted.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
XML: Remove useless parsing of RelayState in lasso_node_init_from_saml2_query_fields
* lasso/xml/xml.c: (lasso_node_init_from_saml2_query_fields) Since parsing
of the relayState is now done inside each "_process_*msg" method of
each SAML2 profile, it is not needed anymore in this function.
XML: Use memory macros inside lasso_node_export_to_query
* lasso/xml/xml.c (lasso_node_export_to_query): use lasso own memory
handling macros.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-FF 1.2: review HTTP-Redirect binding parsing/building
* lasso/xml/lib_authn_request.c, lasso/xml/lib_logout_request.c,
lasso/xml/lib_register_name_identifier_request.c,
lasso/xml/lib_status_resposne.c:
- build_query: remove build_query overloaded virtual method, use
LassoNode new generic implementation.
- init_from_query:
- change direct call to lasso_node_init_from_query_fields to use of
base implementation from LassoNode.
- make use of utils.h memory handling macros like
lasso_release_gobject and lasso_assign_string.
* lasso/xml/lib_federation_termination_notification.c:
- init_from_query: remove parsing of RelayState parameter
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-FF 1.2: Defederation, changes includes for relative paths
* lasso/id-ff/defederation.c: header path should be relative to the
implementation, I will try to do it to most files.
ID-FF 1.2: Defederatopm HTTP-Redirect binding, handle relaystate
* lasso/id-ff/defederation.c: get relaystate directly from the query
string using lasso_get_relaystate_from_query.
SAML 2.0: In login change includes for relative paths
* lasso/id-ff/login.c: changes headers for relatives paths
Core: Remove ending blanks from erros.c.in
* lasso/errors.c.in: errors.c template contains blanks at end of lines.
SAML 2.0: add direct treatment of relaystate for HTTP-Redirect binding
* lasso/saml-2.0/login.c: In
lasso_saml20_login_process_authn_request_msg change handling of
relayState do not rely upon parsing by the node object, but extract
directly from the query string. Use new function
lasso_get_relaystate_from_query.
* lasso/saml-2.0/logout.c: In lasso_saml20_logout_process_request_msg
change handling of relayState do not rely upon parsing by the node
object, but extract directly from the query string.
* lasso/saml-2.0/profile.c: In
lasso_saml20_profile_init_artifact_resolve, add handling of the
relayState transmitted to the assertion consumer URL.
* lasso/saml-2.0/name_id_management.c: In
lasso_name_id_management_process_request_msg change handling of
relayState do not rely upon parsing by the node
object, but extract directly from the query string.
SAML 2.0: simplify redirect binding code path
* lasso/saml-2.0/login.c, lasso/saml-2.0/logout.c,
lasso/saml-2.0/name_id_management.c: simplify code path associated
with generation of the url for the HTTP-Redirect binding using the
rencently introduced function
lasso_saml20_profile_build_http_redirect.
SAML 2.0: remove TODO comment about RelayState
* lasso/xml/saml-2.0/samlp2_status_response.c: do it:)
XML SAML2: Remove unnecessary overloading of build_query in request/respons objects
* lasso/xml/saml-2.0/samlp2_assertion_id_request.c,
lasso/xml/saml-2.0/samlp2_authn_request.c,
lasso/xml/saml-2.0/samlp2_logout_request.c,
lasso/xml/saml-2.0/samlp2_logout_response.c,
lasso/xml/saml-2.0/samlp2_manage_name_id_request.c,
lasso/xml/saml-2.0/samlp2_manage_name_id_response.c,
lasso/xml/saml-2.0/samlp2_name_id_mapping_request.c,
lasso/xml/saml-2.0/samlp2_name_id_mapping_response.c,
lasso/xml/saml-2.0/samlp2_response.c,
lasso/xml/saml-2.0/samlp2_subject_query_abstract.c: remove useless
overloading of build_query virtual method, revert to implementations
in LassoSamlp2RequestAbstract and LassoSamlp2StatusResponse.
XML SAML 2.0: add a build query to request base class
* lasso/xml/saml-2.0/samlp2_request_abstract.c: add a build query
overloaded function to LassoSamlp2RequestAbstract class, the base
class of all saml 2.0 request nodes.
SAML 2.0: Add helper function to implement the HTTP-Redirect binding
* lasso/saml-2.0/profile.c, lasso/saml-2.0/profileprivate.h:
- remove_all_signature traverse a tree of LassoNode objects to unset
all signature_type field in on nodes supporting signature
generation.
- lasso_saml20_profile_export_to_query does the job of generateing
the url containing the message content and the relaystate, then
sign it using lasso_query_sign.
- lasso_saml20_profile_build_http_redirect use those two functions
and the metadatas to build the signed redirect url.
XML: Add const modifiers to lasso_concat_url_query arguments
* lasso/xml/private.h, lasso/xml/tools.c: add const modifier to
lasso_concat_url_query arguments.
XML: Remove static modifier on lasso_node_build_query
* lasso/xml/private.h, lasso/xml/xml.c: remove static modifier to
lasso_node_build_query and export it for use in id-ff profiles.
XML: Tool function to extract relaystate from query
* lasso/xml/tools.c, lasso/xml/private.h: new function
lasso_get_relaystate_from_query to help in relaystate handling.
Core: rename lasso_release_xmlchar to lasso_release_xml_string
* lasso/id-wsf/wsf_profile.c, lasso/utils.h, lasso/xml/xml.c: rename
lasso_release_xmlchar to lasso_release_xml_string.
Core: Fix double instantiation of macro parameters
* lasso/utils.h:
- (lasso_assign_new_string,lasso_assign_gobject) if source parameter
is a function call it could be called two times and have unexpected
side effects. Copy the returned value to a temp variable and use it
instead.
Core: Fix corner case in deallocation macros
* lasso/utils.h: When setting strings using lasso_assing_string or
lasso_assign_new_string, verify that new string is different than the
target value string before deallocating the target.
Add missing intializations
* initialize local variables.
Core: replace direct use of xmlSecSoap function by wrapper
* lasso/xml/xml.c:
In lasso_node_init_from_message_with_format remove direct use of
xmlSecSoap* functions because they emit too much warning by lasso
reimplementations.
Core: remove use of XPath
* lasso/xml/xml.c:
in lasso_node_new_from_soap, instead of using XPath use function
lasso_xml_get_soap_content.
Core: fix comment for lasso_node_init_from_message
* lasso/xml/xml.c:
state the return code type.
Core: remove lasso_node_decrypt implementation
* lasso/xml/xml.c:
remove code for lasso_node_decrypt.
Core: make comment agree with the code
* lasso/xml/xml.c:
change comment about xsi:type handling, we try to honor every
xsi:type.
Core: remove commented code
* lasso/xml/xml.c:
remove commented code to handle a specific lasso extension.
Core: use lasso_xml_parse_memory instead of xmlParseDoc
* lasso/id-ff/provider.c:
use internal wrapper instead of direct call to libxml for parsing.
Core: move parse xml wrapper from xml.c to tools.c
* lasso/xml/xml.c:
remove lasso_xml_parse_memory.
* lasso/xml/tools.c:
add lasso_xml_parse_memory to wrap xmlParseDocument.
* lasso/saml-2.0/name_id_management.c:
use lasso_xml_parse_memory
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0 NameIDManagement: use new generic methods
* lasso/saml-2.0/name_id_management.c:
use new generic methods in lasso_name_id_management_init_request,
lasso_name_id_management_build_request_msg,
lasso_name_id_management_process_request_msg,
lasso_name_id_management_validate_request,
lasso_name_id_management_build_response_msg,
lasso_name_id_management_process_response_msg.
Remove useless boilerplate code.
* lasso/id-ff/server.c:
* lasso/id-ff/serverprivate.h:
last user of lasso_server_nameid_decrypt removed, so remove the code.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0 Logout: use generic methods
* lasso/saml-2.0/logout.c:
use new generic methods in
lasso_saml20_logout_process_request_msg, and
lasso_saml20_logout_process_response_msg.
SAML 2.0 Login: use generic methods
* lasso/saml-2.0/login.c:
use new generic profile methods for saml 2.0 in
lasso_saml20_login_process_paos_response_msg,
lasso_saml20_login_process_authn_response_msg,
lasso_saml20_login_process_response_status_and_assertion.
SAML 2.0: add name id include to login.c
* lasso/saml-2.0/login.c:
add include saml2_name_id.h
XML SAML 2.0: add a decrypt function to Saml2EncryptedElement
* lasso/xml/saml-2.0/saml2_encrypted_element.c:
using new function lasso_node_decrypt_xmlnode implement the new
method, int lasso_saml2_encrypted_element_decrypt(
LassoSaml2EncryptedElement* encrypted_element,
xmlSecKey *encryption_private_key, LassoNode **decrypted_node).
This function is currently not exported by bindings because of the
last ouput argument which is not supported by the binding generator.
SAML 2.0: replace lasso_node_decrypt by lasso_node_decrypt_xmlnode
* lasso/xml/private.h:
* lasso/xml/tools.c:
replace implementation of lasso_node_decrypt by a new one called
lasso_node_decrypt_xmlnode, and use it where old one was used.
SAML 2.0: reduce code in lasso_assertion_query_process_request
* lasso/saml-2.0/assertion_query.c:
use new code in SAML 2.0 profile.c to parse requests and decrypt
nameid, chains calls so that error are kept but all actions are
accomplished anyway (if first call fails, keep the error but continue
the processing, then at end return the first returned error).
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: add internal generic implementation
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/profileprivate.h:
the current effort is to simplify implementation code in saml-2.0 and
much of the other frameworks. Those new methods:
lasso_saml20_init_request
lasso_saml20_profile_process_name_identifier_decryption
lasso_saml20_profile_process_soap_request
lasso_saml20_profile_process_soap_response
lasso_saml20_profile_process_any_request
lasso_saml20_profile_process_any_response
lasso_saml20_profile_setup_request_signing
lasso_saml20_profile_build_request_msg
lasso_saml20_profile_build_response
lasso_saml20_profile_init_response
should help reduce code in login.c, logout.c, name_id_management.c
and assertion_query.c. They should also permit to make all profiles
at the same level of binding support
(GET,REDIRECT,POST,ARTIFACT_GET,ARTIFACT_POST).
Those function centralize error code handling, initialization of
commong class (LassoSamlp2StatusResponse and
LassoSamlp2RequestAbstract) and also the handling of NameID
decryption.
2009-03-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: add new internal macro lasso_extract_node_or_fail
* lasso/utils.h:
this new macro try to extract a field from a structre (or any
left-hand-side value), try to typecheck it using 'LASSO_IS_XXX',
if succesfull, the value is assigned to the variable given as first
argument or we jump to the 'cleanup' goto label, setting the 4th
argument as the current error code (value of variable 'rc').
ID-WSF 2.0: make it work with --enabe-debugging
* lasso/id-wsf-2.0/data_service.c:
* lasso/id-wsf-2.0/discovery.c:
* lasso/id-wsf-2.0/profile.c:
* lasso/id-wsf/data_service.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
when --enable-debugging is activated much more type checking is done
by internal macros, and code do not pass compile anymore.
* bindings/python/tests/idwsf2_tests.py: nameIdentifier packing in SOAP
ID-WSF calls headers is no longer supported, do not test it.
Core: add argument checking to lasso_server_get_provider
* lasso/id-ff/server.c:
In lasso_server_get_provider, return NULL if provider server is not
one, provider is null or 0-length.
Core: add new internal API lasso_provider_verify_query_signature
* lasso/id-ff/provider.c:
try to keep some homgeneity between lasso_verify_signature and
lasso_verify_query_signature functions, by having mirror methods
inside the LassoProvider class. this new methods comes with complete
documentation.
* lasso/xml/tools.c:
add a xmlDoc argument to lasso_verify_signature, in order to
reuse an already built message context, and possible problems with
interned string in parsed xml documents.
Core: add xmlDoc parameter to lasso_provider_verify_saml_signature
* lasso/id-ff/provider.c:
add an xmlDoc parameter to lasso_provider_verify_saml_signature,
reflecting change in lasso_verify_signature.
fix memory leaks of an xmlSecKeysMngr.
complete arguments checking.
* lasso/id-ff/login.c:
update use of lasso_provider_verify_signature in LassoLogin
Core: add a terminating value to enum LassoHttpMethod
* lasso/id-ff/provider.h:
add LASSO_HTTP_METHOD_LAST to enum LassoHttpMethod.
ID-FF 1.2: rework lasso_login_process_status_and_assertion
* lasso/id-ff/login.c:
reword lasso_login_process_status_and_assertion,
remove wrong NameID decryption code (it cannot work),
adapt to new signature of lasso_provider_verify_saml_signature,
Core: new init method with format limit and xmlDoc output argument
* lasso/xml/private.h:
* lasso/xml/xml.c:
lasso_node_init_from_message_with_format permit to initialize a node
and to keep the corresponding xml document, in order for example to
validate a signature.
* lasso/xml/tools.c:
lasso_xml_parse_message is able to parse a message of any type, or of
a given type. If a message of another than the one specified is
found, the call fails, and a LASSO_MESSAGE_FORMAT_ERROR is returned.
Core: add function to extract SOAP message content
* lasso/xml/tools.c:
add lasso_xml_is_soap, to verify that a message is SOAP.
add lasso_xml_get_soap_content, to retrieve the first child of the
SOAP body, whatever the SOAP content version.
SAML 2.0: API for Saml2EncryptedElement decrypt
* lasso/xml/xml_enc.h:
remove old functions
* lasso/xml/private.h:
remove lasso_node_(de/en)crypt from public headers API, they were not
exported anyway. move them to internal header.
* lasso/xml/saml-2.0/saml2_encrypted_element.{c,h}:
add a new decrypt function to convert a EncryptedElement to the
contained encrypted node objects.
* bindings/overrrides.xml:
do not export the new method, wait for implementation of output
arguments.
* lasso/id-ff/server.c:
remove lasso_decrypt_nameid from lasso/id-ff/server.c
Bindings php5: add support for xmlNode arguments
* bindings/php5/php_code.py:
* bindings/php5/wrapper_source.py:
complete error reporting about on documentation treatment.
treat xmlNode* arguments (convert string to xmlNode, give as
argument, then frees it).
Bindings: fix documentation parsing
* bindings/bindings.py:
fix regex to match documentation (remove condition terminating on
'**/')
print error messages to stderr.
* bindings/java/lang.py: remove commented debugging code
Docs: add declaration of missing LassoNode public methods
* docs/reference/lasso-sections.txt:
add missing lasso_node_*() functions.
Docs: fix doc on Attribute related classes
* xml/saml-2.0/saml2_attribute_value.c:
* xml/saml-2.0/samlp2_extensions.c:
* xml/saml_attribute_value.c:
add documentation about the special way of setting those classes
content, that is using lasso_node_set_original_xmlnode.
* docs/reference/lasso-sections.txt:
* docs/reference/lasso.sgml:
add missing declarations for documentation of LassoSamlAttribute,
LassoSamlAttributeValue, LassoSamlAttributeDesignator,
LassoSamlStatement and LassoSaml2AttributeValue.
Fix bug #94: permit any content for AttributeValue
* lasso/xml/private.h:
* lasso/xml/xml.h
* lassoi/xml/xml.c:
add an implementation helper for the AttributeValue objects
implementation of get_xmlNode.
make lasso_node_set_original_xmlnode public API.
* lasso/xml/saml-2.0/samlp2_extensions.c:
* lasso/xml/saml-2.0/saml2_attribute_value.c:
* lasso/xml/saml_attribute_value.c:
implement get_xmlNode for the AttributeValue and Extensions objects.
If the any field is empty, use the original_xmlnode value. In order
to support free-style content, you must use the method
lasso_node_set_original_xmlnode, properties and children are
extracted from the given node and added to the node created by the
generic get_xmlNode virtual method.
XML Core: add new snippet type SNIPPET_KEEP_XMLNODE
* private.h:
add the new constant to the enum type
* xml.c:
fix lasso_node_traversal, add support for the new contanst in
lasso_node_imp_init_from_xmlNode.
Core: add error codes, fix error strings
* lasso/errors.c, lasso/errors.h:
remove useless error code LASSO_SERVER_ERROR_INVALID_XML,
fix string for LASSO_PROFILE_ERROR_INVALID_ISSUER,
add errors codes LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE,
LASSO_PROFILE_ERROR_CANNOT_FIND_A_PROVIDER and
LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY.
Makefile: missing dependencies for built sources
* lasso/Makefile.am:
remove .PHONY declaration on built sources and set appropriate
dependencies.
* lasso/extract_types.py: with new dependencies well defined in
Makefile no need to verify change in the content of the file, just
overwrite it.
Core: Fix argument checking in init_from_xml
* lasso/xml/xml.c:
In lasso_node_impl_init_from_xml if xmlnode is null, return an error
but if no node_data specification is present, do not fail but print a
warning. It is not an error for a class to not have a node_data
private field.
add a comment to fix return code later.
Core: handle g_io_channel creation failure
* lasso/xml/tools.c:
in lasso_load_certs_from_pem_certs_chain_file if
g_io_channel_new_file fails return NULL and print a warning.
If path is NULL or 0-length also returns NULL.
Core: do not mix public and private headers
* lots of files:
explicitely load the internal header xml/private.h where needed.
2009-03-23 Frederic Peters <fpeters@entrouvert.com>
tentative NEWS file
2009-03-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Doc: Update index sgml file to cope with gtkdoc 1.11
* docs/references/lasso.sgml:
change entity path for LassoSamlp2AssertionIDRequest.
SAML 2.0: Fix #90, simplify NameID decryption for NameIdManagement
* lasso/saml-2.0/name_id_management.c:
(lasso_saml2_name_id_management_process_request)
simplify code, remove explicit decryption of nameid and handling of
error cases, delegate to lasso_decrypt_nameid (from xml/tools.c).
Core: add a method to decrypt nameid, handling error cases
* lasso/id-dff/serverprivate.h:
* lasso/id-ff/server.c:
lasso_server_decrypt_nameid handle error case of NameID decryption,
and update passed field pointers.
* lasso/errors.h:
add new error codes:
LASSO_DS_ERROR_DECRYPTION_FAILED -118
- Decryption of an encrypted node failed
LASSO_PROFILE_ERROR_MISSING_SERVER -438
- No server object set in the profile
XML SAML 1.0: fix bug 85
* lasso/xml/lib_logout_request.c: do not break parsing when
NameIdentifier->Format attribute is NULL.
2009-03-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
SAML 2.0: remove NotBefore attribute when not answering an AuthnRequest
* lasso/saml-2.0/login.c:
In specification saml-profile-2.0-os.pdf, in paragraph 4.1.4.3, it is
said that the SubjectConfirmationData node MUST NOT contain a
NotBefore attribute if it contains an InReponseTo attribute,
understanding that the response cannot (it the ID of the request is
sufficiently random) arrive before the request and be valid with
respect to the InResponseTo attribute.
Test: Add test for testing new InResponseTo checking code
* tests/login_tests.c:
after first test of parsing the soap response message in the login
test, try to parse it a second time, after modifying the InResponseTo
id of the assertion and disabling signature checking.
ID-FF 1.2 & SAML 2.0: fix "fix bug 173" match assertion and not the response with authn request id
* lasso/id-ff/login.c:
* lasso/saml-2.0/login.c:
Serialize/Unserialize request_id private field in LassoLogin dumps.
Match InResponseTo assertion attribute (ID-FF 1.2) or
SubjectConfirmationData attribute (SAML 2.0) to original request id
if it is present.
Core: rename LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST
* lasso/errors.h:
* lasso/errors.c:
rename LASSO_LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST to
LASSO_LOGIN_ERROR_ASSERTION_DOES_NOT_MATCH_REQUEST_ID.
Core: fix handling of xsi:type
* lasso/xml/xml.c:
xsi:type handling is broken since commit 3982, restore it.
move prefix/nodename matching in static helper functions, and reuse
them inside xsi:type code path.
Core: enforce flag verify-signature in function lasso_verify_signature
* lasso/xml/tools.c: in lasso_verify_signature always return success if
lasso_flag_verify_signature is FALSE.
* lasso/xml/private.h: change return type to int.
2009-03-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix BSD compatibility bug in configure.ac
* configure.ac: remove GNUism, use -eq and = instead of == with test
tool. (Patch from Emmanuel Dreyfus)
2009-02-17 Benjamin Dauvergne <bdauvergne@entrouvert.com>
ID-FF 1.2 & SAML 2.0: Fix #173, check InReponseTo in authn responses
* id-ff/login.h:
add a string field named request_id in the private part of LassoLogin
to store request id from the original AuthnRequest.
* id-ff/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
* saml-2.0/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
2009-02-06 Damien Laniel <dlaniel@entrouvert.com>
fixed binding generation
removed trailing whitespace
2009-02-05 Damien Laniel <dlaniel@entrouvert.com>
fixed parsing of OFTYPE
2009-01-26 Damien Laniel <dlaniel@entrouvert.com>
added all string constants to the API doc
reorganised string constants definitions
added an index to quickly find symbols
fixed some functions name
documentation-related fixes
added documentation for id-wsf 2.0 functions
added lasso_data_service_new_full and removed lasso_idwsf2_discovery_destroy in api doc
2009-01-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Core: if OFTYPE is already defined, skip
Core: add decorator on GList return value in LassoSession header
* lasso/id-ff/session.h: add the OFTYPE decorator to the return type of
lasso_session_get_assertions.
Java: add assertions
* bindings/java/tests/LoginTest.java: add assertion for the return code
of lasso_logout_process_request_msg.
ID-FF 1.2: review of logout validate request
* lasso/id-ff/logout.c (lasso_logout_validate_request): use new macros.
ID-FF 1.2: review logout_process_request_msg
* lasso/id-ff/logout.c (lasso_logout_process_request_msg): use the
new allocation macros, add checking of the parsed object type, add
validation of some schema constraints before processing, like
presence of the name identifier.
Core: make caller owner of the list, fix refcount leak
Autoconf: new macro AS_COMPILER_FLAGS to check flag support
* macros/as-compiler-flags.m4 configure.ac: add a new files of autoconf macro
to check support of warning flags, add needed line in configure.ac to define
variable WARNING_FLAGS, containing only supported flags.
Core: replace manual reference handling with macros
- lasso/xml/disco_insert_entry.c (lasso_disco_insert_entry_new) :
replace manual g_object_ref with assignment macro.
Core: replace manual handling of references with macros
- lasso/xml/disco_resource_offering.c (lasso_disco_resource_offering_new)
replace manual g_object_ref with assignment macro.
Core: synchronize lasso_verify_signature with new macros
Core: add new error code to lasso_node_init_from_message
- add new return code LASSO_MESSAGE_FORMAT_XSCHEMA_ERROR
- fix SOAP_FORMAT bizarre if conditional
- remove old comments
Core: review of lasso_node_encrypt
- use new memory macros
- copying nodes instead of stealing nodes
ID-FF 1.2: fix leak of instance object
Core: add a new messsage format error for XSchema constraint failure
ID-FF 1.2: review logout_validate_request
* lasso/id-ff/logout.c (lasso_logout_validate_request):
- when signature verification failed in process_request_msg,
do not continue validation of the request, stop immediately and
return the signature status code.
- use utils.h macro for memory allocation handling. Fix potential leak
of the profile->response object.
ID-FF 1.2: validate signatures on responses during the BRWS/Artifact profile
- lasso/id-ff/login.c:
- the lasso_login_process_response_msg is used to process SOAP response
to artifact resolution requests. The answer contains an samlp:Response
that can be signed, and each contained assertion MUST be individually
signed.
- lasso/xml/samlp_response.c:
- set keep_xmlnode flag on the class metadatas to help in signature
validations.
ID-FF 1.2: add validation of assertion signatures
- lasso/id-ff/login.c:
- lasso_login_process_response_status_and_assertion:
- if signature_status is not 0 and an assertion is present, we
validate the signature on this assertion using the
internal API lasso_provider_verify_saml_signature.
Core: add error code LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST
* lasso/errors.h, lasso/errors.c:
- LASSO_LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST is raised when a
samlp:Response contains an attribute inResponseTo when when no
previous request can be found inside the LassoLogin object or if the
given ID is not the as the one fome the previous request.
ID-FF 1.2: fix signature validation in login_process_authn_response_msg
* lasso/id-ff/login.c:
when signature validation fails on a message, then return the
signature status as return code. There is a security fix.
XML: new LassoProvider API to verify XMLDsig signatures
* lasso/id-ff/provider.c, lasso/id-ff/providerprivate.h:
- (lasso_provider_verify_saml_signature) validate a signed
saml Request, Response or Assertion, using the public key
of the given provider.
XML: Make LassoSamlAssertion keep its XML form when created by parsing
* lasso/xml/saml_assertion.c: set the keep_original flag of class
LassoSamlAssertion to true, to keep a copy of the original libxml tree
used to initialize eache instance of this object. We will use it to
validate signature on assertions.
XML: Add internal API to validate XMLDsig signatures
* lasso/xml/tools.c:
- lasso_saml_constrain_dsigctxt() add constraints following SAML
specifications on XMLDsig signatures to an libxmlsec DSig context.
- lasso_verify_signature() this function given an xmlNode and a key or
a keys manager (for a set of AC or AC chains) validate the
envelopped signature set upon this node. It can be instructed to
follow constraints of the SAML 1.0 specification.
Core: add new error codes
* lasso/errors.h: add error codes for,
- out of memory situation,
- excess of references during validation of signature on SAML
protocols message or assertions,
- an invalid reference during validation of signatures on SAML
protocols message or assertions,
- an mismatch between requested assertion issuer and received
assertion issuer.
Autoconf: redirect shell warning in one of configure.ac tests
- configure.ac: when testing if bindings have been already generated
with differents settings do not let grep emit warnings.
All: Fix missing field initializer problems
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
Core: add macros to assign list of things, rename xmlNode related macros
* lasso/utils.h: added new macros, renamed others:
- macros handling xmlNode are renamed from _node to _xml_node,
- new macros for assign GList* of specific objects:
- lasso_assign_list_of_gobjects,
- lasso_assign_list_of_strings,
- lasso_assign_new_list_of_gobjects,
- macros for assigning xmlChar string (we need a specific macros
because, we must use xmlFree to release the destination string),
- macros to add string without duping: lasso_list_add_xml_string,
- macros to add anything non-null (no type cast):
lasso_list_add_non_null.
Core: add references handling macros
* lasso/utils.h:
- add macro lasso_transfer_string and lasso_transfer_gobject,
to transfer ownership of such objects without copying or
their changing reference count. The old containing variable is
NULLed.
- lasso_list_add_gobject,lasso_list_add_new_gobject: test if the added
object is a GObject, if not do not add it and print a warning.
- lasso_check_type_equality: this macro use special builtin functions
only with GCC (typeof and __builtin_types_compatible_p) and do
metaprogramming using anonymous enumeration type to make compile
time assertions. It is used
- add macros to release XPathObject XPathContext, macro constructor to
make reference transfert macros (free dest, nullify dest, copy src
to dest without increasing refcount, nullify src), add a macro to
transfert xpath objects.
Core: new goto_exit macro which produces warnings
* lasso/utils.h:
similar macro to goto_exit_if_fail but also produce a printed warning.
Core: new macros for adding string to GList
* lasso/utils.h:
- lasso_list_add_string, add a copy of a string to a GList
Core: Remove unused macro lasso_warn_deprecated
* lasso/utils.h: remove macros lasso_warn_deprecated, use GCC
attributes and gtkdoc markers instead.
2009-01-22 Damien Laniel <dlaniel@entrouvert.com>
added documentation sections for ID-WSF 2.0 Discovery and DataService
removed unused destroy functions (only defined in .c or .h files)
2009-01-13 Jean-Marc Liger <jean-marc.liger@siris.sorbonne.fr>
Fedora/Redhat spec file
2008-12-18 Frederic Peters <fpeters@entrouvert.com>
correctly check for successful return of DSA_verify
2008-12-16 Damien Laniel <dlaniel@entrouvert.com>
check in lasso_name_id_management_init_request if HTTP method is supported
2008-12-12 Damien Laniel <dlaniel@entrouvert.com>
fixed fault code and use a more precise fault string
if no identity is found while building disco response, create a soap fault response
2008-12-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Use assignment macros in id-wsf 2.0 module
* lasso/id-wsf-2.0/data_service.c, lasso/id-wsf-2.0/discovery.c,
lasso/id-wsf-2.0/profile.c: use assignment macros to maintain proper
reference counting and ownership of object field values.
2008-11-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix lasso.pc.in Cflags field
* lasso.pc.in: cflags must contain include directory
2008-11-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add errors.h.in to EXTRA_DIST
* lasso/Makefile.am: errors.h.in must be distributed.
2008-11-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add me.
2008-11-19 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix refcounting error in SoapEnvelope class
- lasso/xml/soap_envelope.c (lasso_soap_envelope_new): fix forgotten
reference count increase when assigning the body.
2008-11-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix uninitialized local variable
- bindings/java/wrapper_top.c: (gobject_to_jobject_and_ref) initialize
local variable.
2008-11-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add support to in memory private key to lasso_query_sign
- lasso/xml/tools.c: use BIO_new_mem_buf instead of BIO_new_file
if private_key is not an existing file.
2008-11-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add missing intialization
- lasso/id-ff/provider.c,lasso/id-ff/server.c: add missing initialization
of return code variable.
2008-11-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix missing include
Add log message in the metadata loading process
- lasso/id-ff/provider.c, lasso/saml-2.0/provider.c: add critical log
message in each failed loading of metadatas branch cases.
Add new internal function to show safe extracts
- lasso/utils.c, lasso/utils.h:
New internal api lasso_safe_prefix_string that can show any string
taking care of escaping newlines,tabs and non-graphical ou non-ASCII
characters.
Fix uninitialized return code
Thanks Emmanuel Dreyfus
2008-11-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix overwriting of attributes ht by node lists
- lasso/xml/xml.c:
- In lasso_node_impl_init_from_xml fix really old bug seen when
running ID-WSF 2 python tests, when looking for snippet_any
field in the GObject we should not take the any attribute field,
otherwise the field value is gonna be overwritten with new GList
nodes. The problem ca be seen only with classes using the two kind
of snippets (ANY nodes and ANY attributs).
Change style of error and dellocation handling
- lasso/id-ff/provider.c:
- in lasso_provider_verify_signature use standardised memory and
error handling macros, and also standard return code variable name
and exit label.
- in lasso_providerl_load_metadata_from_buffer and
lasso_provider_load_metadata use the standardised macros, exit
labels and return code variable.
- lasso/id-ff/server.c:
- in lasso_server_load_affiliation use standardised allocation and
error handling macros.
- lasso/id-wsf/wsf_profile.c:
- use standardised memory and error handling macros in
lasso_wsf_profile_build_soap_request_msg.
Move xmlDoc release after xmlFreeXPath*
- lasso/xml/xml.c:
- in lasso_node_new_from_soap release xmlDoc (and the contained
nodes) after the XPath objects that can reference them.
Remove use of xmlFreeDoc for lasso_release_doc
- bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c,
bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c,
lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c,
lasso/id-ff/logout.c, lasso/id-ff/name_registration.c,
lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c,
lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c,
lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c,
lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c,
lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c,
lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i:
Remove use of xmlFreeDoc. Use lasso_release_doc instead.
Clean generated files in bindings
* bindings/java/Makefile.am:
* bindings/php5/Makefile.am:
* bindings/python/Makefile.am:
- reformat value and add generated files to the MOSTLYCLEANFILES
variable
Add new utils macros
- lasso/utils.h:
- add goto_exit_with_rc a standardized macro that suppose having an
'int rc' variable and an exit label in the current function.
- add lasso_release_output_buffer macro
Fix lasso_assign_node: wrong xmlFreeNodeList
* lasso/utils.h:
- (lasso_assign_node) This macro wrongly assumes that the destroy
function for xmlNode is xmlFreeNodeList but it's xmlFreeNode.
xmlFreeNodeList is for xmlNode list of children.
2008-11-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Restore ABI compatibility wrt original_xmlNode
* lasso/xml/xml.c:
- use set/get_qdata to store the original xmlnode, modify
init_from_xml and dispose function to cope with this new storage
place.
* lasso/xml/xml.h:
- remove field original_xmlNode from structure LassoNode to keep ABI
compatibility with previous versions.
- declare new API lasso_node_get_original_xmlnode
API to cleanup LassoNode tree of keeped xmlNode
* lasso/xml/xml.c:
- add a new function lasso_node_cleanup_original_xmlnodes to
disallocate all keeped xmlNode inside a tree of LassoNodes.
- add internal function lasso_node_traversal to iterate across a
LassoNode tree (could be used to reimplement lasso_node_destroy)
It is a preorder traversal.
Add support for keep_xmlnode flag
* lasso/xml/xml.c:
- (lasso_node_impl_init_from_xml) When the keep_xmlnode flag is true
for the currently parsed Node class, we copy the parsed xmlNode
and keep inside the LassoNode.
- (lasso_node_dispose) if an original_xmlNode is present, we disallocate
it.
Add original_xmlNode pointer to LassoNode
* lasso/xml/xml.h: add an xmlNode field to base class LassoNode,
to permit retrieving the xmlNode originally parsed when the structure
is the result of parsing. Will be used by signature checking code.
Add keep_xmlnode field to LassoNodeClassData
* lasso/xml/private.h: add a boolean flag named keep_xmlnode to
base class structure LassoNodeClassData.
2008-11-02 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add test case for loading server completely from memory
* tests/login_test.c:
- add generateIdentityProviderContextDumpMemory that first load
metadata, private_key and certificate file using g_file_get_contents
then use the created buffers to initialize a LassoServer object.
- add test03_serviceProviderLogin that use the new function.
LassoServer init_from_xml/new_from_buffer handling
* lasso/id-ff/server.c: (init_from_xml) if load_metadata fail
try load_metadata_from_buffer instead using the content of the dumped
nodes.
Add new constructor lasso_server_new_from_buffers
* lasso/id-ff/server.c, lasso/id-ff/server.h: add new function to build
a LassoServer object holding content of certificate and private key
files intead of loading them everytime signing is needed. You must
instead load them yourself the first time.
Export lasso_provider_load_metadata_from_buffer
* lasso/id-ff/providerprivate.h: add declaration for private function
lasso_provider_load_metadata_from_buffer
Add verification of access before calling libxml loading function
* lasso/id-ff/provider.c: (lasso_provider_load_metadata) libxml emit warning
when trying to parse non-existing or non-accessible file, so verify
that the file is accessible before calling libxml. (the corner
case of having warning when the file become inaccessible between
the two calls is non-interesting)
First try accessing the file before calling key loading functions
* lasso/xml/tools.c: (lasso_sign_node) instead of waiting
for the xmlsec key loading function to fail before trying to load
the key directly from the private_key buffer, test it using
POSIX function.
Add possibility to sign using preloaded keys
* lasso/xml/tools.c:
- (lasso_sign_node) if loading of the private_key or the certificate
file we try to use the filename directly as a key in the PEM format.
2008-10-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add missing initializations.
2008-10-16 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add substitute code for g_strcmp0
2008-10-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Integrate modification from Olav Morken <olavmo@stud.ntnu.no>
It fixes bad url encoding of relaystates for logout
profile. A better fix for all profiles is coming.
add files to nodist_HEADERS to pass distcheck
2008-10-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add functionality to enable debugging flags at runtime
This code permit to set flags, separated by commas, space,
tabulations, or colons. This flags activates debug functions like,
suppressing validations of signatures or print debugging message about
deallocations.
The new flags are defined in /lasso/debug.h they can be set using an
environment variable named LASSO_FLAG or a function named
lasso_set_flag.
There are two flags currently:
- verify-signature:
To deactivate it, pass 'no-verify-signature' inside LASSO_DEBUG.
It desactivate signature verification, inside two functions:
lasso_query_verify_signature and lasso_provider_verify_signature.
- memory-debug:
It enabled reporting of memory deallocation inside generic memory
dellaocator for LassoNode objects and also in bindings.
- lasso/xml/xml.c: do not free a null hash table pointer.
2008-10-01 Damien Laniel <dlaniel@entrouvert.com>
cleaned up some code
fixed docstrings ; added an exported function ; reorganised functions in file
fixed segfaults
fixed xml indentation
2008-09-23 Damien Laniel <dlaniel@entrouvert.com>
If ProviderID isn't found in an AuthnResponse, immediately return a critical error
2008-09-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Many fix to compile with --enable-wsf and --enable-debugging and also to remove valgrind errors through python tests.
1. Rename lasso_wsf_profile_new_full for java bindings (cannot subclass
in overrides of static methods).
2. Add const modifiers to many functon signatures in
bindings/python/wrapper_top.c.
3. add initialisation of private_data->encryption_sym_key_type (to
please valgrind) in instance_init of LassoProvider.
4. Add new macro to assign xmlNode, we consider xmlNode to be an
immutable value, and always use xmlCopyNode for assignment. The
macros is called named lasso_assign_node.
5. Fix segfault, when using xmlSec to encrypt the newly created
encrypted node replace the original node inside the xmlDoc structure,
and the original node is freed automatically. So you cannot borrow
the encrypted if you do not remove it from xmlDoc first.
2008-09-17 Damien Laniel <dlaniel@entrouvert.com>
free xmlDoc only once
fixed docstring
php: added a root class to define generic getter and setter
fixed docstrings which fucked php5 binding
2008-09-16 Damien Laniel <dlaniel@entrouvert.com>
fixed various bugs with new compilation flags
enable optimisation flag when not debugging
2008-09-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* Remove ending blanks
* Reset CFLAGS when --enable-debugging is used (remove -g -O2 value setted by AC_PROG_CC). * Show AM_CFLAGS + CFLAGS in resume when configure finish.
* When --enable-debugging is used, add -Wno-xxx options to AM_CFLAGS so that bindings compile with -Werror (-Werror is activated by --enable-debugging now)
* Add G_GNUC_UNUSED for unused parameter we can't remove (python wrappers).
* Add options when DEBUGGING is activated, i.e. to permit compiling when -Werror is used. It removes some of the warning for code we do not control.
* Select bindings in bindings/Makefile not in bindings/*/Makefile.
* Remove warnings: - remove unused parameter from private function signatures - remove unused variable - initialize variable potentially accessed uninitialized - add G_GNUC_UNUSED if function is public or adhering to an interface, and a parameter is unused. - if ID-WSF is not compiled in, define stubs with G_GNUC_UNUSED on parameters. The goal is to compile with -Werror.
* Add setting of AM_CFLAGS when --enable-debugging is used * Export the AM_CFLAGS variable * Create a conditionnal for automake named DEBUGGING * Show CFLAGS in resume of configuration option
* Add support of lasso_registry to lasso_node_new_from_xmlNode. * Add full support for xsi:type, with lookup of the QName namespace, will only work if lib: namespace is correctly declared in the dumped XML fragment. * Add a test for the new functionnality in lasso_node_new_from_xmlNode.
2008-09-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add a new error code, with the REGISTRY prefix and use it in registry function returning an error code. Fix a typo when retrieving a quark string in the registry modulke. Improve tests for functional mapping.
Fix regression when loading a LassoServer from dump. Fix an error with -rpath setting in last commit, -rpath must always be absolute paths.
2008-09-03 Damien Laniel <dlaniel@entrouvert.com>
don't put registry functions in the bindings
2008-08-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add -rpath to LDFLAGS variable to use the builded lasso and not the local one.
Add functional mappings and test code that goest with it.
Add namespace for federation XML object
Add test of the two public registry functions, lasso_registry_default_add_mapping, lasso_registry_default_get_mapping.
Add new module lasso_registry, to handle mapping from XML tag to GObject classes.
Fix changed name of g_assign_string in wsf_profile.c
Add public function lasso_server_add_provider_from_buffer, to add a provider from an XML string of the metadatas (changed semantic of the second argument compared to lasso_server_add_provider). To support this a new public LassoProvider constructor was added: lasso_provider_new_from_buffer, where the second argument is an XML string. It uses a new private function, lasso_provider_load_metadata_from_buffer.
Add documentation to lasso_server_add_service_from_dump.
Complete documentation of lasso_server_add_service.
2008-08-07 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Move soap_binding files from lasso/id-wsf to lasso/xml.
2008-08-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Add bindings/javaj/__init__.py to EXTRA_DIST
Lookup wrapper_{top,bottom}.c files in the src_dir, useful for VPATH build (i.e. distcheck). Add top_srcdir/binings to python syspath.
$< is already translated to the VPATH in pattern rules, no need to prefix with $(srcdir). Reflect this in the rule that creates variations of svg files for the documentation.
* Fix blanks mismatch (space in *.c and *h files or tabs in *.py files) and formatting
* fix typo with g_hash_table_remove_all * remove unused variable * add GNUC_UNUSED to static functions to pass -Werror
add an __init__.py to make the java subdirectory a python module
exemple of usage of the macro OFTYPE
new empty macro OFTYPE(x) to specify type of GList containers
add moved files to EXTRA_DIST
change dependency with respect to moved files, add moved files to EXTRA_DIST
use new util function to throw exceptions
add moved files to EXTRA_DIST
add TODOs for parsing OFTYPE in other positions
Remove moved files from EXTRA_DIST
Move all files related to java into the java subdirectory
Add a module init file to python directory.
Move all files related to the php5 binding inside the php5 subdirectory.
Move all python binding related files inside the python subdirectory
* Fix typo
* add missing lasso_release_list, add lasso_release_list_of_full, reimplement lasso_release_list_of_* using _full
* removed unused variables, and change FIXME comment.
* add include of utils.h
* remove code to add credentials, it is actually useless.
* remove useless code
* add Deprecated marker to documentation.
* Fix potential memory leaks * id-wsf/wsf_profile.c: add error code path in lasso_wsf_profile_build_soap_request_msg for unsupported security mechanisms.
add macros to release xmlSec context objects
add lasso_release_full to construct other lasso_release_ functions, use it in old definitions
rename g_unlink_and_release_node to lasso_unlink_and_release_node
Add a macro to emit a «Function is deprecated» warning
change last g_* macros to lasso_ prefix
* change g_list_add* to lasso_list_add*
change g_assign_* to lasso_assgin_* and g_release_* to lasso_release_*
* remove blanks (review by F. Peters)
* fix documentation (review by F. Peters)
* bindings/python/tests/Makefile.am: make running of iwsf{1,2}_tests.py conditioned upon --enable-wsf flag of ./configure script
* fix change in SamlAdvice ABI
* lasso/id-wsf/data_service.c: fix my own memleak inside build_modify_response_msg
2008-08-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
polish code in lasso_discovery_build_credential
add macro to assign gobject field, first a simple version
beginning of a pool of macros for mem handling, affectation to fields, etc..
* remove body->id and correlation->id setup, no need to set id on everything.
* add detail node to node with specialised detection in lass_node_new_from_xmlNode
* specialise lasso_node_new_from_xmlNode for soap:detail node
remove useless overriding
Match is:RedirectRequest and set msg_url to the url to redirect to
do not use normal add_assertion method when reconstructing a session, no need to add Advice to assertion_by_id container
Fix wrong node name in SOAP fault
Fix bad SNIPPET_TYPE for attribute maxInteractionTime, it was treated as a string, and provoked a SEGFAULT.
* lasso/xml/xml.c: add support for dgme:Status node.
* lasso/xml/xml.c: in samlNs, compare prefix *AND* href fields of the namespace object
copy node instead of stealing it to xmlDoc object, when parsing session dump if no children is present try to get a base64 encoded assertion.
add assertion_id to TokenSecurityReference
* lasso/id-ff/session.c: fix compilation errors.
* lasso/id-ff/session.c: store ID-WSF assertion in base64 to fix problem of formatting of session dumps.
* lasso/id-wsf/wsf_profile.c: - change return code variable from 'ret' to 'rc' to permit use of standardised macros like goto_exit_if_fail. - add initialization to NULL of lot of variables, to enable error return paths. - adapt to change bo soap:Body id field to its new name 'Id' - fix numerous mem leaks by using assignment macros (g_assign_gobject, g_list_add_gobject) and release macros (g_release_gobject).
* lasso/id-ff/login.c: comment the generation of Advice when ResourceOffering for the DiscoService support a security mechanism needing one. Anyway the generation of Credentials is broken. * lasso/id-ff/session.c: add treatment of saml:Advice on newly added Assertions, keep the transmitted assertions inside the session indexed by their AssertionID.
* lasso/xml/saml_advice.{c,h}: change content to SNIPPET_LIST_XMLNODES.
* lasso/id-wsf/discovery.c: fix macros assign_resource_id to adapt to standard return code name: rc
* lasso/id-wsf-2.0/profile.c, lasso/id-wsf/authentication.c: adapt to change of name of id attribute in LassoSoapBody
* lasso/xml/disco_encrypted_resource_id.{c,h}: add support for any kind of content through a SNIPPET_LIST_XMLNODES marked field.
* lasso/xml/soap_body.h: change name of variable id to Id * lasso/xml/soap_body.c: change attribute id to Id and fix its namespace (wssu) in overloaded get_xmlNode
* lasso/xml/wsse_security.c: fix wrong namespace
* lasso/xml/xml.c: make xmlClean change namespace of properties not just of nodes
* lasso/xml/xml.c: adapt to new prefix of Dgme library
* lasso/errors.h: new error for LassoWsfProfile signal missing Credentials
* bindings/lang_python_wrapper_top.c: add cast to suppress warning about g_list_length argument non-constness. add support for LassoDgme* objects, must find a better way to do this in the future.
* lasso/id-wsf/discovery.c: (lasso_discovery_build_credential, lasso_discovery_add_remove_entry, lasso_discovery_add_requested_service_type) use macro g_list_add, to reduce code size.
* lasso/id-wsf/wsf_profile.c: In lasso_wsf_profile_set_security_mech_id if security_mech_id is NULL, default to LASSO_SECURITY_MECH_NULL. In lasso_wsf_profile_init_soap_request increment ref count of the argument when new reference are created.
* bindings/bindings.py: support const modifier on this argument
* add lasso/lasso_config.h.in because it is not generated anymore since config.h become the normal configuration file.
fix wrong const modifier
* lasso/id-wsf/wsf_profile.c: fix wrong namespace in a call to xmlSecFindNode
* lasso/id-wsf/wsf_profile.c: implement creation of the signature for ID-WSF SAML security mechanism. Implemented many utility function that could be shared with other part of the library.
* lasso/xml/tools.c: In lasso_sign_node suppress useless code to lookup the Signature node.
* lasso/utils.h: add utility macros to releases libxml objects, to check null parameters or badly typed parameters. add a macro that go to an "exit" label and set the return code variable named "rc".
* lasso/id-wsf/wsf_profile.c: add documentation to the function lasso_wsf_profile_set_resource_offering:
* lasso/id-wsf/wsf_profile.c,wsf_profile.h,wsf_profile_private.h: add const modifier to signature when possible
add a const modifier on the argument offering of lasso_discovery_get_description_auto
* lasso/id-wsf/discovery.c: In lasso_discovery_get_resource_offering_auto, do not increment reference count of the returned value, it is not how it is done in the rest of the library. Returned gobject are always not-owned reference, you reference them only to keep them around.
* Update errors.c to last state of errors.h
add an new error for a missing ResourceID inside a ResourceOffering
add const modifier to conversion function on GList*, a problem still remains that g_list_length do not take a const GList*
mark init_modify as deprecated, use init_insert
fix forgottent arg to g_list_foreach
start rework of lasso_discovery_init_request, my intention is to base toher init_ function on this one
fix a reference counting error when building response message
add documentation to lasso/id-wsf/discovery.c
reflects change inside lasso/id-ff/identity.c in assertions
- surrounded declaration of containers for ID-WSF object with ifdef/endif, did the same in initialization/finalization code. - changed storage of resource offering from a list to a hash table - added a counter to create entryIDs for newly added resource offerings - simplify the code around resource offerings management
fix issue #15 "In lasso_data_service_build_modify_response_msg we free a shared xmlNode"
instead of moving assertion from session to new sessions, reference the old session in newly created ID-WSF services proxy
move session storage of assertion for SAML ID-WSF authentication of request to xmlNode instead of LassoNode; add error handling when no description has been found in comply_with_saml_authentication
beginning of signature implementation for SAML authentication
fix naming in documentation of lasso_wsf_profile_set_description_from_offering, add new private function lasso_wsf_profile_set_resource_offering
integrate new errors messages
add a lasso_discovery_new_full function
deprecated lasso_discovery_init_modify
add somme error messages, add new error LASSO_WSF_PROFILE_ERROR_MISSING_DESCRIPTION, when no description can be found for the chosen security mechanism
add matching of Bearer authentication, support ID-WSF 1.1 security mechanisms URNs
fix error of namespace
change content from list of LassoNode to list of xmlNode
changed contents to list of xmlNodes instead of LassoNode
add strings for security mechanism defined in ID-WSF 1.1
forked lasso branch for adeline
add a general error for a badly initialized object and two error for idwsf relating to a missing assertion id and a missing endpoint declaration
Revert " * remove body->id and correlation->id setup, no need to set id on everything."
This reverts commit 832f127760dc074336400531a99f3a03574ffe13.
added functions to release [list]string/gobject/any
add methods to manipulate list of gobjects, and dissociate affectation of fresh object from older objects
add macro to assign gobject field, first a simple version
fix typo in last commit
add soap binding util function to lookup specific SOAP header for ID-WSF SOAP encapsulation
beginning of a pool of macros for mem handling, affectation to fields, etc..
* remove body->id and correlation->id setup, no need to set id on everything.
forked lasso branch for adeline
forked lasso branch for adeline
forked lasso branch for adeline
keep head version
2008-08-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* lasso/id-wsf/discovery.c: - include utils.h - move lasso_wsf_profile_build_key_info_node here - add a comment for future review of lasso_discovery_build_credential - remove direct use of lasso_wsf_profile_build_soap_envelope, use lasso_wsf_profile_init_soap_request instead.
* lasso/id-wsf/utils.{c,h}:
- new file with security mech id matching functions
* lasso/id-wsf/wsf_profile.c:
- remove all credentials related static functions
- empty all credentials related public functions
- move function related to matching security mechanism into utils.{c,h} and
xml/disco_description.h
- add static function lasso_wsf_profile_comply_with_saml_authentication that
tries to add credential to the request to a web service using the SAML
WS-Security mechanism
- add static function lasso_wsf_profile_comply_with_security_mechanism to
dispatch upon the current chosen securirt mechanism.
- extract build_soap_envelope to the static function
build_soap_envelope_internal to remove warning of usage of a deprecated
function.
- remove lasso_wsf_profile_set_public_key
- remove lasso_wsf_profile_set_security_mech_id
- add lasso_wsf_profile_get_security_mechanism
- add lasso_wsf_profile_set_description
- empty function about online status of the principal
- remove all (non-working) handling of the x509 security mechanism
- add a new constructor function
LassoWsfProfile* lasso_wsf_profile_new_full(LassoServer *server, LassoDiscoResourceOffering *offering)
- and a new init function (for subclass):
gint lasso_wsf_profile_init(LassoWsfProfile *profile, LassoServer *server, LassoDiscoResourceOffering *offering)
* lasso/id-wsf/wsf_profile.h:
- mark as deprecated:
lasso_wsf_profile_move_credentials
lasso_wsf_profile_build_soap_envelope
lasso_wsf_profile_set_provider_soap_request
lasso_wsf_profile_principal_is_online
lasso_wsf_profile_add_credential
lasso_wsf_profile_set_principal_status
lasso_wsf_profile_set_principal_online
lasso_wsf_profile_set_principal_offline
* lasso/id-wsf/wsf_profile_private.h:
- remove fields from LassoWsfProfilePrivate structure:
- GList *credentials;
- gchar *public_key;
- add fields:
- char *security_mech_id;
- LassoDiscoResourceOffering *offering;
2008-08-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
include utils.h
fix typo on name of an xmlsec function
change strings for security mechanisms to comply with the spec
* Move error message inside comments in lasso/errors.h * Add a script to autogenerate lasso/errors.c from errors.h * Update errors.c * Add a target to Makefile.am to create errors.c
move and export matching function for disco description into lasso/xml/disco_description.c
fix bad copy/paste
add utils.c and utils.h to file list
move some utility functions out of wsf_profile.c
- lasso/id-wsf/wsf_profile.c lasso/id-wsf/wsf_profile_private.h: extract LassoWsfProfilePrivate structure.
* lasso/id-wsf/discovery.c: repurpose lasso_discovery_process_query_response_msg in order to extract credentials informations and store them into the current session. * lasso/id-wsf/wsf_profile.c: Remove any high-level processing from lasso_wsf_profile_process_soap_response_msg, just parse and setup the corresponding fields into the structure. Eventually signal a SOAP using a return code.
Add an index of assertions by ID and two new function lasso_session_add_assertion_with_id(session, id, assertion) and lasso_session_get_assertion_by_id(session, id) Add to lasso_session_add_assertion a call to add_assertion_with_id, to index all assertions into the index by id.
rebase to trunk
Add disco_description in includes
* add type decl to field GList* any
lasso_wsf_profile_build_soap_request_msg: - add a TODO comment
- lasso_wsf_profile_add_soap_signature: * add documentation * user xmlSec functions for findings nodes * add comments on the work flow * fix memleak * remove enveloped signature transform, it is a detached signature.
- lasso_wsf_profile_verify_saml_authentication: - add comments on the work flow - simplify and centralize cleanup code - loop over all assertion lookup for signature to verif
- lasso_wsf_profile_add_credential_signature: * add documentation * reformat * add comments on the work flow * fix memleak - suppress lasso_wsf_profile_get_public_key_from_credential
- lasso_wsf_profile_verify_credential_signature: * centralize and simplify cleanup code * add comments describing the flow
- Add a const LassoDiscoDescription *lasso_wsf_profile_get_description(LassoWsfProfile *profile) - Add documentation to lasso_wsf_profile_verify_credential_signature
Change formatting
-Use lasso_wsf_profile_is_saml_authentication in lasso_wsf_profile_has_saml_authentication -Add documentation for lasso_wsf_profile_is_x509_authentication ,lasso_wsf_profile_is_saml_authentication and lasso_security_mech_has_x509_authentication.
Use macros instead of custom code, add parameter value verifications
In lasso_wsf_move_credentials use new lasso utils macros
Documentation for lasso_wsf_profile_has_saml_authentication
Documentation for lasso_wsf_profile_get_fault
Documentation for lasso_wsf_profile_get_description_autos
Documentation for lasso_wsf_profile_set_public_key
Documentation for lasso_wsf_profile_add_credential
documentation for lasso_wsf_profile_move_credentials
add new method lasso_wsf_profile_set_description_from_offering
fix typo
add a general error for a badly initialized object and two error for idwsf relating to a missing assertion id and a missing endpoint declaration
Revert " * remove body->id and correlation->id setup, no need to set id on everything."
This reverts commit 832f127760dc074336400531a99f3a03574ffe13.
add function to load a public key from anything
added functions to release [list]string/gobject/any
add methods to manipulate list of gobjects, and dissociate affectation of fresh object from older objects
use g_assign_gobject
add methods to handle the registry of WsfProfile constructors - private: {lookup,remove,set}_registry handle access to the registry - public: lasso_discovery_[un]register_constructor_for_service_type gives access to this registry to other classes.
Conflicts:
add xml dump functionality
import discovery.h, fix name of registered constructor function
change return type of lasso_discovery_get_service (kein direct user in the rest of the code)
polish code in lasso_discovery_build_credential
use lasso_discovery_build_wsf_profile commodity method in lasso_discovery_get_service(s) methods.
add registering of the constructor
add macro to assign gobject field, first a simple version
use g_assign_string to update a string field
fix typo in last commit
add soap binding util function to lookup specific SOAP header for ID-WSF SOAP encapsulation
if messageID is missing return MISSING_CORRELATION
beginning of a pool of macros for mem handling, affectation to fields, etc..
look for the correlation element, do not just take the first one, report proper error if not present
remove useless reset of structure after allocation with g_new0
* set credential to NULL when freed
* remove body->id and correlation->id setup, no need to set id on everything.
2008-07-22 Frederic Peters <fpeters@entrouvert.com>
published news about 2.2.1
bumped to 2.2.1
fixed order of freeing calls (stolen from ec76ae4f7e40e99443ad421a85ec4d3fb7359bf3)
fixed ..._must_authenticate to look for any assertion, not just one from the requester provider.
2008-07-16 Frederic Peters <fpeters@entrouvert.com>
don't copy gtk-doc tmpl/ files that do not longer exists (fixes make distcheck)
2008-07-01 Benjamin Dauvergne <bdauvergne@entrouvert.com>
change bug report link
2008-06-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add build_strerror.py to EXTRA_DIST
2008-06-16 Damien Laniel <dlaniel@entrouvert.com>
set an accurate error code on IdP if session wasn't reloaded
2008-06-05 Frederic Peters <fpeters@entrouvert.com>
check NameIdentifier for existence before strcmp'ing it
2008-05-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
remove perl script for generating lasso_strerror, replace with a python script, do not replace errors.c if generation give the same file as before, add warning to errors.c about autogeneration, add documentation on lasso_strerror to errors.c.in
reformat utils.h
2008-05-30 Damien Laniel <dlaniel@entrouvert.com>
fixed too long lines and remove some blank lines
fixed too long lines and remove some blank lines
fixed tab/space mix
2008-05-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
remove merge markers
* Move error message inside comments in lasso/errors.h * Add a script to autogenerate lasso/errors.c from errors.h * Update errors.c * Add a target to Makefile.am to create errors.c
2008-05-30 Frederic Peters <fpeters@entrouvert.com>
NameIdPolicy must be allocated
2008-05-29 Frederic Peters <fpeters@entrouvert.com>
forbit query strings to be xml signed
provider_id is optional in lasso_session_get_assertions
debian/control is now generated
debian/control is now generated
updated debian packaging
updated debian packaging
2008-05-28 Frederic Peters <fpeters@entrouvert.com>
2.2.0
notes about new bindings
updated release date
2008-05-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add forgottent static modifier
2008-05-28 Damien Laniel <dlaniel@entrouvert.com>
fixed functions returning const GList *
2008-05-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
recognize const GList*
return of lasso_server_get_svc_metadatas so return_owner = False
2008-05-28 Frederic Peters <fpeters@entrouvert.com>
boolean in C are uppercase
2008-05-27 Frederic Peters <fpeters@entrouvert.com>
2.0.0
updated changelog to 2.2.0
noted about 2.2.0
updated copyright info
2008-05-27 Benjamin Dauvergne <bdauvergne@entrouvert.com>
remove obsolete swig binding csharp, php5, python. java stays as long as alain coetmeur needs it php(4) will be superseded by the new bindings/php4 later.
remove ./docs/reference/tmpl during clean-local target
add lasso_config.h.in to MAINTAINERCLEANFILES
add Makefile.in to MAINTAINERCLEANFILES in every Makefile.am
export SWIG_VERSION into Makefile.am handle swig < 1.3.32 and swig >= 1.3.32 with two different versions of the patch script
add -I$(top_builddir) to CFLAGS in first position
surround parameter with quotes permitting filename with spaces
clean *.pyc files in the bindings
Make Makefile.PL use TOP_SRCDIR and TOP_BUILDDIR variables
fix INCLUDES, remove obsolete JDK_INCLUDES definition
fix INCLUDES
#include <lasso.h> => #include <lasso/lasso.h>
fix INCLUDES
quick and dirty fix to support return type «const GList*»
fix INCLUDES var, put top_builddir first
add qualifier for the GList returned by lasso_server_get_svc_metadatas
cleanup include listingm first builddir then srcdir and no need for $srcdir/lasso
Add disco_declaration.h to imported headers
Add $(top_builddir) to include of id-wsf and id-wsf-2.0 Makefile.am to work with distcheck.
2008-05-26 Damien Laniel <dlaniel@entrouvert.com>
allow getting xpath attributes like /node/@attr
2008-05-26 Frederic Peters <fpeters@entrouvert.com>
respect optional args and default values for integer args
last argument to check_version was optional with the SWIG bindings
2008-05-26 Damien Laniel <dlaniel@entrouvert.com>
don't test NULL value before calling gfree + proper list freeing
2008-05-26 Benjamin Dauvergne <bdauvergne@entrouvert.com>
Fix escaping of parenthesis inside a regex
add -fno-strict-aliasing to CFLAGS to remove bad code genereation on amd64 and warnings on all platforms
Re-remove java/Makefile from configure.ac outputs
2008-05-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
re-add swig/java binding to makefile, make it use the JAVA_INCLUDE path, JDK_INCLUDES does not exist
2008-05-23 Frederic Peters <fpeters@entrouvert.com>
fixing a little bit the doap file
removed doap.rdt to lasso.doap to be compatible with moap
mentioning bug database and updated description
bitching about free
2008-05-22 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add a new headers <lasso/utils.h> with macros to handle memory like assigning a gobject field (work flow, is you augment ref of the new value, decrease the one from the old, and then assign), assigning strings, releasing lists of strings, of gobjects,etc.. the free macros are all called g_release_somehting and they set the released variable to NULL. add a macro to validate GObject parameter types
This header is intended to concentre every bit of wisdom for handling pointers
and memory, try to use thoses macros in your code.
They are not intended to work with weak references (references you do not own),
so always g_object_ref in this case (or use g_assign_gobject that does it,
when your variable is not needed anymore to g_assign_gobject(var, NULL));
2008-05-22 Damien Laniel <dlaniel@entrouvert.com>
added some more missing unreference
added some more missing unreference
added some more missing unreference
fixed freeing svcMDID list
added a missing reference
2008-05-21 Damien Laniel <dlaniel@entrouvert.com>
added some more missing unreference
fixed memory management during node decryption
unreference service node after adding it to the server
some comments
free list elements
make return value const instead of copying the list
make return value const instead of copying the list
removed warning when calling lasso_node_destroy with NULL argument
useless variables detroyer; they're already freed by snippets
2008-05-20 Frederic Peters <fpeters@entrouvert.com>
removing unused variable
2008-05-20 Damien Laniel <dlaniel@entrouvert.com>
fixed some reference counting and memory management
avoir function calls in parameter checks
import main test file
some cleanups in id-wsf 1.1 code
added a discovery remove test case
added id-wsf 2.0 tests for new bindings
stronger check on empty string parameters
added some tests for id-wsf 1.1 with new python bindings
2008-05-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add pact for SWIG 1.3.33, need to be tested agains previous and later versions of SWIG
2008-05-19 Damien Laniel <dlaniel@entrouvert.com>
fixed methods with xmlNode* arguments
2008-05-15 Frederic Peters <fpeters@entrouvert.com>
moved gtk-doc inline as is better on so many points; also added schema fragments to published doc
2008-05-14 Damien Laniel <dlaniel@entrouvert.com>
allows querying a list of items with ID-WSF 2.0 data service
2008-05-14 Frederic Peters <fpeters@entrouvert.com>
added lasso_idwsf2_data_service_get_attribute_nodes method
2008-05-14 Damien Laniel <dlaniel@entrouvert.com>
fixed get and set queryItems in bindings
2008-05-13 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* validate input in lasso_profile_is_saml_query
2008-05-09 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* export dummy lasso_init/lasso_shutdown for compatibility * module shutdown must return SUCCESS * verify if returned object is non-null before decrementing its refcount
export dummy lasso_init/lasso_shutdown for compatibility
2008-04-30 Benjamin Dauvergne <bdauvergne@entrouvert.com>
fix indentation III the come back
fix indentation bis
fix indentation
* lasso*login_must_authenticate: (id-ff/login.c,saml-2.0/login.c): do not consider profile->session != NULL as a proof of a previous authentication and search an assertion associated with profile->remote_providerID. That was causing a bug when a previous unsuccesfull request was making profile->session != NULL even if no authentication has been made.
* add string translation for error LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
look for ElementTree in yet another place
updated with 2.1.98 packaging
updated with 2.1.98 packaging
properly quote vars
added build-dep on php5-dev
added build-dep on php5-dev
use new bindings
don't generate "abstract" member for PHP as it causes a problem with SWIG
[project @ fpeters@0d.be-20080426153010-i98np134gtvc03sy] move php extension dir under $(prefix)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-26 17:30:10.185000+02:00
[project @ fpeters@0d.be-20080423153851-70h4ns9mvsncw150] ship lasso.ini
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-23 17:38:51.027000+02:00
[project @ fpeters@0d.be-20080423145930-yekpmusph6oob90d] merge
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-23 16:59:30.377000+02:00
[project @ fpeters@0d.be-20080423100400-sbs984j19ik6dxzi] merge
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-23 12:04:00.477000+02:00
[project @ fpeters@0d.be-20080423095917-mmhdqmpa9i00kuly] remove assert that needs private struct info
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-23 11:59:17.694000+02:00
[project @ fpeters@0d.be-20080416142729-kpuwdj5m75qe5vnc] added php4 binding from benjamin but disabled it
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-16 16:27:29.948000+02:00
[project @ fpeters@0d.be-20080416142356-cl3d6hb3ru62p8xv] Damien Laniel 2008-04-16 added PHPGObject destructors and fixed some memory management
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-16 16:23:56.715000+02:00
[project @ fpeters@0d.be-20080410163456-r6a9flm66nhyap6m] Merge from bdauvergne: factorize the backward compatibility code for GHashTable, fixed placement of declarations.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-10 18:34:56.595000+02:00
[project @ fpeters@0d.be-20080410140255-456kiwqz53exn9vo] removed hash table size checks as they requires access to glib internals
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-10 16:02:55.908000+02:00
[project @ fpeters@0d.be-20080408141937-9ge86l4vyec39lsz] merging damien branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-08 16:19:37.055000+02:00
[project @ fpeters@0d.be-20080408141317-mmjdku5wuegia6o3] merging benjamin
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-08 16:13:17.010000+02:00
[project @ fpeters@0d.be-20080407154605-x6j5u3k1t53vzary] look for alternative ElementTree implementation
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-07 17:46:05.507000+02:00
[project @ fpeters@0d.be-20080406145608-13ngws5566q8jkj9] simplified raise_on_rc
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 16:56:08.973000+02:00
[project @ fpeters@0d.be-20080406145106-b6ywyx9f53w39y0e] fixed returned list of gobject
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 16:51:06.682000+02:00
[project @ fpeters@0d.be-20080406135913-4sxje4sifk407jna] support for methods returning GList* of LassoNode*
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 15:59:13.889000+02:00
[project @ fpeters@0d.be-20080406111623-pf8iq94lrfu2w2un] extended the skip attribute to accept more values
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 13:16:23.574000+02:00
[project @ fpeters@0d.be-20080406110838-j0faaj3x9t3ztbhs] don't output two spaces before =
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 13:08:38.325000+02:00
[project @ fpeters@0d.be-20080406103050-qfvnslshaslcjrj1] improving doc strings
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 12:30:50.311000+02:00
[project @ fpeters@0d.be-20080406100353-gauqob9b1238gw9o] functions that are not owner of their return type
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 12:03:53.304000+02:00
[project @ fpeters@0d.be-20080405225744-bz39keu5co15n5l6] backward compat for ID-WSF buildRequestMsg methods
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 00:57:44.577000+02:00
[project @ fpeters@0d.be-20080405220112-hv62do6qtb8itkxw] optional parameters for LassoDiscovery and LassoDataService
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-06 00:01:12.703000+02:00
[project @ fpeters@0d.be-20080405204919-zlk32ehqmftfwh0c] backward compat for registerIdWsf2DstService
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-05 22:49:19.113000+02:00
[project @ fpeters@0d.be-20080405204856-apdxhkk5pdhmx0nj] support for xmlNode* attributes
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-05 22:48:56.805000+02:00
[project @ fpeters@0d.be-20080405184728-xay3dzjeq41suxav] added remaining optional parameters that were defined in the swig bindings
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-05 20:47:28.881000+02:00
[project @ fpeters@0d.be-20080405184658-1389bbpst9cxhjm6] support for boolean default values
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-05 20:46:58.982000+02:00
[project @ fpeters@0d.be-20080405184638-o2aipd0e2lkd674q] fixed backward compatibility of DiscoDescription to only be enabled when WSF support is on
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-05 20:46:38.168000+02:00
[project @ fpeters@0d.be-20080404131647-lb7jty8pp3tjcmny] added handling of other constructors, and backward compatibility for lasso.DiscoDescription_newWithBriefSoapHttpDescription
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-04 15:16:47.595000+02:00
[project @ fpeters@0d.be-20080403104659-tio35cweqbl32auj] lasso_idwsf2_discovery_metadata_register_self has its last parameter optional
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-04-03 12:46:59.281000+02:00
[project @ fpeters@0d.be-20080328175728-1uv5yyo713uhukck] merging benjamin branch (again)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-28 18:57:28.327000+01:00
[project @ fpeters@0d.be-20080328175710-s4031yloqsdbmvel] merging benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-28 18:57:10.522000+01:00
[project @ fpeters@0d.be-20080326094935-u5wxcw8nd30ckdjw] casting free functions
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-26 10:49:35.397000+01:00
[project @ fpeters@0d.be-20080326094754-cw66nuog62q06ekk] merging benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-26 10:47:54.384000+01:00
[project @ fpeters@0d.be-20080326090203-a0ietdsmp8ec9aef] freeing converted list
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-26 10:02:03.689000+01:00
[project @ fpeters@0d.be-20080326084502-krmekmh7mokemn18] possibility to qualify GList* parameters
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-26 09:45:02.789000+01:00
[project @ fpeters@0d.be-20080325181554-raqz9a721r2vjo5t] return type qualifier to know what is the content of a GList*
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-25 19:15:54.747000+01:00
[project @ fpeters@0d.be-20080325172346-eitu3onvzps4b30z] merging benjamin stuff and adding --enable-id-wsf when id-wsf is asked
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-25 18:23:46.535000+01:00
[project @ fpeters@0d.be-20080321174837-2fneubl3xhlol08w] always raise an exception, to be compatible with previous behaviour
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-21 18:48:37.002000+01:00
[project @ fpeters@0d.be-20080321174813-7pcjuucmw5xw4d4o] declare functions, and make them static
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-21 18:48:13.524000+01:00
[project @ fpeters@0d.be-20080321173628-ufrpdmc23wmhu5ym] removed compatibility to inexisting attribute
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-21 18:36:28.789000+01:00
[project @ fpeters@0d.be-20080314231446-2fess87rf4xe00ar] more compat
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-15 00:14:46.531000+01:00
[project @ fpeters@0d.be-20080314231256-hjz1wljuqrcbuce3] merging benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-15 00:12:56.228000+01:00
[project @ fpeters@0d.be-20080310093300-2iv41ihnuify54po] merging benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-10 10:33:00.592000+01:00
[project @ fpeters@0d.be-20080309152828-pw4gd3lcm7rb7dxd] merging benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-03-09 16:28:28.854000+01:00
[project @ fpeters@0d.be-20080229163949-v7zjjcr3sg5w0wfj] set exception code in raise_on_rc as the same exception can share two different codes (in reality this is only the case for UnknownProfileError), also skip LogoutErroor/UnknownProfileError instead of duplicating and overwriting it, with a long explanation comment.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-29 17:39:49.202000+01:00
[project @ fpeters@0d.be-20080228084331-nnw52qii4xdmz36k] ship files required for tests/
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-28 09:43:31.229000+01:00
[project @ fpeters@0d.be-20080227102117-mbx90lw49ty9vfq9] rename lasso_profile_is_identity_dirty to lasso_profile_has_dirty_identity (and ditto with s/identity/session/) to provide both correct documentation and backward compatibility in Python bindings
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-27 11:21:17.023000+01:00
[project @ fpeters@0d.be-20080227101004-a8tjn21ux8m0md7s] an other rename issue
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-27 11:10:04.420000+01:00
[project @ fpeters@0d.be-20080226163902-kby1si1erxqnvzsm] compatibility with NodeList, StringList and StringDict
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-26 17:39:02.548000+01:00
[project @ fpeters@0d.be-20080226163712-tdqz8v7d3rsdoygt] backward compat for MiscTextNode.text_child
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-26 17:37:12.594000+01:00
[project @ fpeters@0d.be-20080225222041-kixxnphv94z7ld23] fixed function renaming
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-25 23:20:41.510000+01:00
[project @ fpeters@0d.be-20080225132449-kd2tppchh4z47sti] increment refcount of objects returned in tuples
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-25 14:24:49.893000+01:00
[project @ fpeters@0d.be-20080225121334-yi07nl8kefuefhk9] benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-25 13:13:34.475000+01:00
[project @ fpeters@0d.be-20080222101655-1mbomnvhq5d8gxtb] support for accessor returning GObjects
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-22 11:16:55.631000+01:00
[project @ fpeters@0d.be-20080222101641-d32t8a8wtocet4qq] more __repr__ like
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-22 11:16:41.648000+01:00
[project @ fpeters@0d.be-20080222095228-htuqndnaiiazp2qv] backward compatibility for Saml2Subject.nameID
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-22 10:52:28.583000+01:00
[project @ fpeters@0d.be-20080222093656-l6a09ccadxdz9qrs] merging benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-22 10:36:56.421000+01:00
[project @ fpeters@0d.be-20080222093439-0tbhiky3305jroj5] added backward compatibility for Samlp2AuthnRequest.nameIDPolicy
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-22 10:34:39.153000+01:00
[project @ fpeters@0d.be-20080218085519-h4hpx5u9ezvupvbc] com_entrouvert_lasso_LassoJNI.h is built
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-18 09:55:19.662000+01:00
[project @ fpeters@0d.be-20080218085509-t0oktx26t3v393pw] added missing java files to distributed files
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-18 09:55:09.987000+01:00
[project @ fpeters@0d.be-20080217154439-uws87jdru8j3izkj] distribute GObject.java and LassoException_top.java, and fixed distcheck
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-17 16:44:39.322000+01:00
[project @ fpeters@0d.be-20080217154423-svipbb8mktdbs6gz] create source directory if necessary
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-17 16:44:23.418000+01:00
[project @ fpeters@0d.be-20080217144029-zleb5lw82iwcqqvj] space after comma
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-17 15:40:29.819000+01:00
[project @ fpeters@0d.be-20080217143931-r5r87f8m415866z5] fixed (a little bit hacky, slowly getting back) renamed methods in python binding
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-17 15:39:31.583000+01:00
[project @ fpeters@0d.be-20080217115736-u8axfdcztdhvsnj0] removed pyc file
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-17 12:57:36.849000+01:00
[project @ fpeters@0d.be-20080217115557-8qtcrc1vzb75f75c] merged Benjamin branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-02-17 12:55:57.088000+01:00
[project @ fpeters@0d.be-20080118215410-d45drghkhvba7822] merged Damien branch; and fixed PHP5 binding to use GLib memory management functions
Original author: Frederic Peters <fpeters@0d.be>
Date: 2008-01-18 22:54:10.239000+01:00
[project @ fpeters@0d.be-20071122144503-m1ya6db2hzlijhmt] parse docstrings (such as the parsed form is available to all languages) and format them as epydoc in the python binding
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-22 15:45:03.610000+01:00
[project @ fpeters@0d.be-20071122125027-vw48yk2h353ijif8] Don't bind lasso_*_destroy methods since they are just wrappers around g_object_unref which will be called properly from the bindings object destructor support. Also added support for a skip attribute to <func> in overrides (not used at the moment).
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-22 13:50:27.802000+01:00
[project @ fpeters@0d.be-20071120204838-b1q3z1nv4phb1t8r] fixed typo in file to remove
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-20 21:48:38.865000+01:00
[project @ fpeters@0d.be-20071120201438-11ybvaefw3o02p7h] clean built files
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-20 21:14:38.792000+01:00
[project @ fpeters@0d.be-20071120201406-loyt7g5302ztk7er] get srcdir from env variable (set automatically by automake)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-20 21:14:06.537000+01:00
[project @ fpeters@0d.be-20071120151830-wdnobbexiv300ibb] fixed some make distcheck issues (still remaining is access to test data when srcdir != builddir)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-20 16:18:30.814000+01:00
[project @ fpeters@0d.be-20071115162508-ydcoj2rr8zkfxyvy] merged Damien branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-15 17:25:08.524000+01:00
[project @ fpeters@0d.be-20071115161633-6e49xtjy7dgqxm3r] added special support for functions that return a borrowed reference to a GObject*.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-15 17:16:33.298000+01:00
[project @ fpeters@0d.be-20071115102943-ai5s97yj5g9chrv3] added getter for internal GObject* reference count; useful to debug memory allocations.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-15 11:29:43.003000+01:00
[project @ fpeters@0d.be-20071113195326-cd83a1nrlh9l9nbr] added three more tests of bindings
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 20:53:26.406000+01:00
[project @ fpeters@0d.be-20071113192919-3g05qazwjjhivlsh] ported old test cases to the new binding
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 20:29:19.859000+01:00
[project @ fpeters@0d.be-20071113192818-6ysl71n3cg4uvy4l] fixed setting list and object attributes to None
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 20:28:18.519000+01:00
[project @ fpeters@0d.be-20071113172348-8i4mcve247l8ec0k] fixed memory managements issues in Python binding
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 18:23:48.693000+01:00
[project @ fpeters@0d.be-20071113151334-k8v9udlbr5nb2lu7] backward compatibility for isSessionDirty and isIdentityDirty
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 16:13:34.182000+01:00
[project @ fpeters@0d.be-20071113141308-1hr4b009pgx606sa] some backward compatibility with SWIG generated binding
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 15:13:08.467000+01:00
[project @ fpeters@0d.be-20071113140738-l9xdpgnjvx2ekdvr] PyDict_SetItemString doesn't steal the reference, so Py_DECREF(obj); after.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 15:07:38.745000+01:00
[project @ fpeters@0d.be-20071113015838-961yf93m001amgi1] merging Damien branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-13 02:58:38.825000+01:00
[project @ fpeters@0d.be-20071112131601-rxpuzaxkhe2qwdw4] fixed variable type
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-12 14:16:01.913000+01:00
[project @ fpeters@0d.be-20071111224238-k28pyur1kpm2iiyc] added some support for overrided function names to PHP5 binding
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-11 23:42:38.123000+01:00
[project @ fpeters@0d.be-20071111215225-xo2v0iwwjw74rqyp] override lasso_profile_get_nameIdentifier to be renamed to lasso_profile_get_federation_nameIdentifier in bindings, so it doesn't shadow the LassoProfile::nameIdentifier member.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-11 22:52:25.286000+01:00
[project @ fpeters@0d.be-20071111213604-1prv8pyvnwr6gdly] moved is_null check into cptrToPhp function instead of duplicating it in callers.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-11 22:36:04.472000+01:00
[project @ fpeters@0d.be-20071111213455-a7lds8mfily3o9i1] ISO C90 forbids mixed declarations and code; moved xmlString return code into its own code block
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-11 22:34:55.867000+01:00
[project @ fpeters@0d.be-20071106133809-z6qxlw10eooqrkwp] merged damien branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-06 14:38:09.490000+01:00
[project @ fpeters@0d.be-20071103222826-mjowzcuitfc35jpx] removed erroneously duplicated lines
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-03 23:28:26.922000+01:00
[project @ fpeters@0d.be-20071103213505-94itgfwnvinqnhf6] Added warning message on boolean constants, as they are not yet supported but shouldn't cause the build to fail; also fixed a few calls to format_attribute that have been removed in favor of code from utils.py
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-03 22:35:05.918000+01:00
[project @ fpeters@0d.be-20071103211651-8vperiqd97t0987s] support for list of xmlNode* (such as LibAuthnRequest/Extension)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-03 22:16:51.610000+01:00
[project @ fpeters@0d.be-20071102093734-mv4amat73ulcri17] merged Damien branch
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-02 10:37:34.842000+01:00
[project @ fpeters@0d.be-20071101183642-85c94st4sjujh4sr] added special support required for SAML2_SUPPORT and WSF_SUPPORT constants
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 19:36:42.776000+01:00
[project @ fpeters@0d.be-20071101181800-r94oeih0q8hplrxo] added support for standalone functions in lasso wrapper; and added renames for a bunch of them
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 19:18:00.896000+01:00
[project @ fpeters@0d.be-20071101170655-2qi60xpa42u7g310] added (get) wrapper for GHashTable members
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 18:06:55.994000+01:00
[project @ fpeters@0d.be-20071101160226-jj7ou71gblw0uymq] added support for converting xmlNode* as return type to PyString
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 17:02:26.261000+01:00
[project @ fpeters@0d.be-20071101155155-avzyxfeum84mhf7k] don't return a value for methods that do not return a value, and convert returned value to object for methods returning objects.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 16:51:55.007000+01:00
[project @ fpeters@0d.be-20071101154634-m2de3kw7qyl47p39] raise lasso.Error instead of base Exception on constructor error
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 16:46:34.882000+01:00
[project @ fpeters@0d.be-20071101154602-vtgnze1fteggdkvj] always convert identifers from ID to Id
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 16:46:02.686000+01:00
[project @ fpeters@0d.be-20071101154109-l4l5rntsmkrukw3k] raise exception when constructor fails
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 16:41:09.647000+01:00
[project @ fpeters@0d.be-20071101153722-f7053pg8s6x5rpst] added comments to file, and added optional args definition to lasso_provider_new
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-11-01 16:37:22.975000+01:00
[project @ fpeters@0d.be-20071031161615-6azrhw33s96nngr1] fixed setters for object members that are LassoNode
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-31 17:16:15.654000+01:00
[project @ fpeters@0d.be-20071031161008-c5jqe7topkxoaoe0] raise TypeError when assigning a Python list to a member expecting a tuple
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-31 17:10:08.047000+01:00
[project @ fpeters@0d.be-20071031124903-z1k8ywuk1qgrl5gm] added lasso extension dynamic loading, aborting if it fails
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-31 13:49:03.384000+01:00
[project @ fpeters@0d.be-20071031114522-jkrmvbpphcm0rms8] moved identifier name formatting functions to their own module, so they are not duplicated everywhere.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-31 12:45:22.367000+01:00
[project @ fpeters@0d.be-20071030182501-ylv8gu5he0jqlngd] output warnings to stderr
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-30 19:25:01.156000+01:00
[project @ fpeters@0d.be-20071029175534-xyhm1jidpe624m3t] API compatibility with SWIG bindings which didn't have accessors for those methods and used totally pythonified method name instead, such as Logout::getNextProviderId; also improved python method naming converter function to correctly translate ID to Id.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-29 18:55:34.577000+01:00
[project @ fpeters@0d.be-20071029174409-80dztn33kjef8xch] output warning to stderr
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-29 18:44:09.130000+01:00
[project @ fpeters@0d.be-20071028192051-mdp2mgambly3dyxv] fixed two places which had not been converted to new cptr/type
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-28 20:20:51.103000+01:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071028140359-qhawdgrwjhk97y32] added Makefile.am files; to integrate within lasso build tree (under a bindings/ directory), this also requires to add those three lines to configure.ac AC_OUTPUT: bindings/Makefile bindings/python/Makefile bindings/php5/Makefile
also changed generation script to output files in the current directory
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-28 15:03:59.480000+01:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071028134708-gxz10vu031229qi8] undef some #define from php_config.h that are also defined in lasso_config.h
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-28 14:47:08.021000+01:00
[project @ fpeters@0d.be-20071028132849-mlc6yfzl0y3enzbn] merged PHP5 support from Damien
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-28 14:28:49.939000+01:00
[project @ fpeters@0d.be-20071010133236-j76dbt8kh1gojsz2] build without ID-WSF support by default, adding a --enable-id-wsf parameter to enable it. Also some generated C cleaning.
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-10 15:32:36.162000+02:00
[project @ fpeters@0d.be-20071008135840-ujwuza0tqm6cwlzr] added licence header, help text, command-line options and renamed script
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-08 15:58:40.683000+02:00
[project @ fpeters@0d.be-20071008113045-hi02eeinwh7a1703] some support to generate python docstrings (on methods)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-08 13:30:45.285000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071008100008-wd4uyitms1xfz1wv] completed support for get/setters of list of objects
s = lasso.Saml2Assertion()
s2 = lasso.Saml2AuthnStatement()
s2.sessionIndex = 'plop'
s3 = lasso.Saml2AuthnStatement()
s3.sessionIndex = 'plop2'
s.authnStatement = (s2, s3)
print s.authnStatement
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-08 12:00:08.145000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071008094035-jypv3sactdkvkoq7] setting of list of objects
s = lasso.Saml2Assertion()
s2 = lasso.Saml2AuthnStatement()
s2.sessionIndex = 'plop'
s3 = lasso.Saml2AuthnStatement()
s3.sessionIndex = 'plop2'
s.authnStatement = (s2, s3)
print s.dump()
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" SignType="0"
SignMethod="0" EncryptionActivated="false" EncryptionSymKeyType="0">
<saml:AuthnStatement SessionIndex="plop"/>
<saml:AuthnStatement SessionIndex="plop2"/>
</saml:Assertion>
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-08 11:40:35.875000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071008090356-014qg89f2kq667v4] support for getter/setter of list of strings (and partially done of objects)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-08 11:03:56.732000+02:00
[project @ fpeters@0d.be-20071006185817-a2qpisu5x6a4zqef] fixing newFromDump constructors
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-06 20:58:17.081000+02:00
[project @ fpeters@0d.be-20071006183919-bv96kzjkqzho9p5s] added support for non-None optional args
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-06 20:39:19.031000+02:00
[project @ fpeters@0d.be-20071006180132-1t68niy6jyj26k88] bugfix for string members
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-06 20:01:32.249000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071006172452-7ed22uoeqm22gled] support for exceptions, with a complete hierarchy of exceptions; and emulation of swig binding behaviour (access to code via [0] and to error string via [1])
login = lasso.Login(server)
try:
login.initAuthnRequest('plop', lasso.HTTP_METHOD_REDIRECT)
except lasso.Error, error:
print error
# <lasso.ProviderNotFoundError(-201): ProviderID unknown to LassoServer.>
print error.code
# -201
print error[0]
# -201
print error[1]
# ProviderID unknown to LassoServer.
sys.exit(1)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-06 19:24:52.095000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071006155345-ses0l1suzq229qdq] fixed refcounting
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-06 17:53:45.416000+02:00
[project @ fpeters@0d.be-20071006151758-pwrstredrf19b2nw] added repr support for PyGObjectPtr, displaying GObject type name and reference count
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-06 17:17:58.258000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005223906-y27ho960oiiqho19] fixed getters returning objects (getting the appropriate class for the given type) (and a small issue with setter of strings); this is now working:
login = lasso.Login(server)
login.initAuthnRequest('https://idp1/metadata', lasso.HTTP_METHOD_REDIRECT)
login.request.isPassive = False
login.request.nameIDPolicy = 'federated'
login.buildAuthnRequestMsg()
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-06 00:39:06.565000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005200614-dahkk1xuq6pbumbo] wrap constants & enums; is now possible:
login = lasso.Login(server)
login.initAuthnRequest('https://idp1/metadata', lasso.HTTP_METHOD_REDIRECT)
login.buildAuthnRequestMsg()
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 22:06:14.800000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005194234-7b7e39l1x4afi8wf] fixed attribute renaming, login.msgUrl now works
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 21:42:34.345000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005193755-jzlc2gc56thaxqwe] added support for optional arguments and fixed method calls with objects
now working:
server = lasso.Server('../../tests/data/sp1-la/metadata.xml')
server.addProvider(2, '../../tests/data/idp1-la/metadata.xml',
'../../tests/data/idp1-la/public-key.pem')
login = lasso.Login(server)
login.initAuthnRequest('https://idp1/metadata', 4)
login.buildAuthnRequestMsg()
print login.msg_url
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 21:37:55.914000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005171544-ben23itgbrjebwvk] member setters
import lasso
s = lasso.Samlp2AuthnRequest()
s.isPassive = True
print s.dump()
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 19:15:44.095000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005162859-0pf7l8zkie7m9sr5] generate wrapper for get accessors
import lasso
s = lasso.Samlp2AuthnRequest()
print s.isPassive
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 18:28:59.741000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005161337-vh1s4saoywr0u2sa] workaround since assertion must come before advice
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 18:13:37.320000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005155511-13lg9tc7usfht3ud] minimalistic functional module
$ python -c 'import lasso; print lasso.Samlp2AuthnRequest().dump()'
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
SignType="0" SignMethod="0" ForceAuthn="false" IsPassive="false"/>
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 17:55:11.508000+02:00
2008-04-29 Frederic Peters <fpeters@entrouvert.com>
[project @ fpeters@0d.be-20071005125351-543q5fahhrljdmaj] (work in progress) some infra for python wrapper
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 14:53:51.026000+02:00
[project @ fpeters@0d.be-20071005114857-u95fr7hqt6ze2qp9] create constructor for _new functions and class methods for _new_from_dump methods
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 13:48:57.345000+02:00
[project @ fpeters@0d.be-20071005100459-r1mm9241ko41pcfv] python generation (classes, members & methods; missing constructors and layer using python C API)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 12:04:59.172000+02:00
[project @ fpeters@0d.be-20071005082424-d4y1kxyjhenlflsj] ignore get_type functions
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 10:24:24.151000+02:00
[project @ fpeters@0d.be-20071005082412-r41uf26575dubg5l] attach methods to classes
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 10:24:12.840000+02:00
[project @ fpeters@0d.be-20071005081049-u0v99a86515z4ay5] order class hierarchy
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 10:10:49.378000+02:00
[project @ fpeters@0d.be-20071005080353-01t90pe4t68sdmtp] moved binding data to a class
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-05 10:03:53.550000+02:00
[project @ fpeters@0d.be-20071004213555-02snw1q22fgkw3jx] added support for functions
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-04 23:35:55.074000+02:00
[project @ fpeters@0d.be-20071004205916-5ur5t75ht9586n4j] reimplemented to be easier to concatenate lines (necessary for functions spanning multiple lines)
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-04 22:59:16.286000+02:00
[project @ fpeters@0d.be-20071004204927-6j2np9wflrp15tt4] get struct members
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-04 22:49:27.981000+02:00
[project @ fpeters@0d.be-20071004203958-xsegogi4ad0muf0a] get list of structs
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-04 22:39:58.914000+02:00
[project @ fpeters@0d.be-20071004203206-voc7gqczx2usx3c8] ignore private headers
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-04 22:32:06.670000+02:00
[project @ fpeters@0d.be-20071004203137-j6p42c5e48qgc5fq] added support for enums
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-04 22:31:37.240000+02:00
[project @ fpeters@0d.be-20071004185258-quqzvq2tgmbt8u1j] initial work, extracting constants out of source tree
Original author: Frederic Peters <fpeters@0d.be>
Date: 2007-10-04 20:52:58.486000+02:00
updated to current packaging then updated for new bindings
updated to current packaging then updated for new bindings
2008-04-28 Frederic Peters <fpeters@entrouvert.com>
re-added function; but fixed docstrings
removed duplicated function
2008-04-26 Frederic Peters <fpeters@entrouvert.com>
add unprefixed extension dir for php5, and fixed it for php4
2008-04-24 Benjamin Dauvergne <bdauvergne@entrouvert.com>
change g_return_val_if_fail(provider,... from last commit to g_return_val_if_fail(LASSO_IS_PROVIDER(provider)
2008-04-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* add bad argument handling in lasso_provider_* functions
* in lasso_provider_get_key return NULL if provider is NULL
* change /etc -> /etc/php5/conf.d/ in the last commit
* add parameters for php5: --with-php5-include-dir (default to /usr/share/php) and --with-php5-config-dir (default to /etc/php5/cond.f/)
2008-04-23 Frederic Peters <fpeters@entrouvert.com>
that part is broken with PHP 4 only
that part is broken with PHP 4 only
2008-04-23 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* search gzread in zlib1 after trying in libz (win32) * remove critical exit from java macros
2008-04-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* AttributeQuery contains multiple Attribute elements not juste one
* ajout d'un package debian pour le binding php5
* ajout d'un package debian pour le binding php5
2008-04-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* add a finalizer to LassoNode class object
2008-04-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
twill has a debian package now
2008-04-10 Frederic Peters <fpeters@entrouvert.com>
added defederation tests
removed saving page
2008-04-09 Damien Laniel <dlaniel@entrouvert.com>
fixes SLO from IdP with Encrypted NameID in ID-FF
2008-04-06 Frederic Peters <fpeters@entrouvert.com>
fallback to onetime usage if no federation is found
2008-03-28 Benjamin Dauvergne <bdauvergne@entrouvert.com>
add new directory in bindings/php5 to AC_OUTPUT commented lines
const is useless, and LassoIdWsf2UtilTestResult does not exist, breaking the bindings
const gboolean as argument is useless and it disturbs the bindings
2008-03-21 Frederic Peters <fpeters@entrouvert.com>
added sso with ispassive check
fixed missing rename of LASSO_TYPE_PROFILE_SERVICE to LASSO_TYPE_DATA_SERVICE
2008-03-20 Frederic Peters <fpeters@entrouvert.com>
fixed data service macros to refer to data service, not to profile service; and added some parameter checking in init_modify
2008-03-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* fix typo in the last commit :)
* id-wsd/data_service.c: (lasso_data_service_process_modify_response_msg) return an error code if return value from lasso_node_new_from_dump is NULL or invalid.
2008-03-14 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* configure.ac: remove generation of php5/Makefile, it does nothing. add detection of pre-4.1.3 gcj versions. add bindings/python/tests/Makefile in commented AC_OUTPUT code.
2008-03-12 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* change in the sgml documentation files.
2008-03-11 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* fix ticket #1 and #3.
2008-03-10 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* configure.ac: re-add JDK_INCLUDE substs (can be removed when we will move to the new bindings)
* configure.ac,macros/ac_*.m4: add new m4 macros to detect more JAVA related things like junit.jar path to put into the CLASSPATH or desactivate compilation of java bindings test.
2008-03-06 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* configure.ac: remove line for making bindings makefiles.
2008-03-05 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* configure.ac: fix typo, forgot 'sed'.
* configure.ac: add the same option for javac than for gcjh (for target and source java language version).
* configure.ac: change handling of java options. Try to find JAVA_HOME from the link in /usr/bin. Propose more options for java, javac and javah. Set good options for gcj (-ftarget=1.4 -fsource=1.4 mainly to be retro compatible with old VMs).
* login.c: (lasso_login_saml20_validate_request) fix typo.
2008-03-04 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* lasso/saml-2.0/login.c: (lasso_login_validate_request) If consent is not obtained set status code at AUTHN_FAILED (no other status code seems ok).
* lasso/saml-2.0/login.c: lasso_login_saml20_validate_request should define response->status_code no matter what happens, especially when consent is not obtained (lasso_login_saml20_process_federation return an error code in this case but it's a normal event in the SSO workflow so status code is 'Success'). If not buildArtifactMsg fails when looking for the response status code.
2008-03-03 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* lasso_name_id_management_process_requet: verify that request_msg is not null.
2008-03-03 Frederic Peters <fpeters@entrouvert.com>
only get session when remote provider id is not provided
2008-02-29 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* fix syntax error introduced in r3494 :) Bad benjamin commit before compiling.
* id-ff/logout.c: (lasso_logout_init_request) free remote_provider_id before setting it. free profile->request before setting it if LASSO_IS_NODE(request), not just LASSO_IS_LIB_LOGOUT_REQUEST(request). Fix memory leaks.
* name_id_management.c: (lasso_name_id_management_init_request)get the first providerId when remote_provider_id is NULL, free old remote_provider_id string when non null and unref old name_identifier when non null. Fix memory leaks and lacking usual feature of init_request functions.
2008-02-29 Damien Laniel <dlaniel@entrouvert.com>
fixed the prototype of get_type functions to avoid warnings on windows
2008-02-28 Damien Laniel <dlaniel@entrouvert.com>
fixed php version checks
2008-02-26 Frederic Peters <fpeters@entrouvert.com>
misc text node attributes are not private
2008-02-25 Frederic Peters <fpeters@entrouvert.com>
initialize twill before servers, and pass over crashed servers on cleanup
keep NameIdPolicy/Format in login->nameIDPolicy, as in ID-FF 1.2; use it not to look for federations when transient is requested.
removed debugging visit to idp
removed debugging saving
added integration tests to repository
2008-02-21 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* reflect in the documentation of lasso_server_new the fact that metadata is optional
2008-02-20 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* Add lasso_ds_* API to the general build of lasso (was enable only with id-wsf before)
2008-02-18 Benjamin Dauvergne <bdauvergne@entrouvert.com>
* Suppression de #define doublons. * Ajout d'un commentaire déclaratif /* of LassoXXX */ à une déclaration d'un membre de structure de type GList*.
2008-02-18 Frederic Peters <fpeters@entrouvert.com>
proper casting
fixed assertion refcounting in lasso_login_build_assertion, changed lasso_session_add_assertion to refcount the assertion it gets
2008-02-17 Frederic Peters <fpeters@entrouvert.com>
added missing Saml2AttributeValue.java to distributed files
removed obsolete file from Makefile.am
fixed gcj version regex
2008-02-01 Frederic Peters <fpeters@entrouvert.com>
register all known prefixes to xpath context
2008-01-23 Frederic Peters <fpeters@entrouvert.com>
warns when signing saml2 elements would fail because private key is missing
rewording (hopefully without adding bug)
removed unnecessary double call to export_to_soap
proper casts of xmlChar*
2008-01-17 Damien Laniel <dlaniel@entrouvert.com>
updated download links for Windows installers
2008-01-15 Damien Laniel <dlaniel@entrouvert.com>
each value of an multi-valued-attribute go in a different AttributeValue node
2008-01-15 Frederic Peters <fpeters@entrouvert.com>
removed broken php rename
removed unused variable
2008-01-14 Damien Laniel <dlaniel@entrouvert.com>
loop on attributeStatement and childs lists
fixed mixing epr assertion attribute with other custom attributes
added swig binding for Saml2AttributeValue + tests
2007-12-27 Frederic Peters <fpeters@entrouvert.com>
added missing underscore in lasso_samlp2_assertion_idrequest_new
renamed samlp2_assertion_idrequest.i to /samlp2_assertion_id_request.i
added preliminary support for the Assertion Query and Request profile.
renamed files according to their contents
renamed samlp2:AssertionIDRequest with an underscore between id and request.
2007-12-06 Damien Laniel <dlaniel@entrouvert.com>
handle name identifier formats : email and unspecified
added all missing name identifier formats
2007-12-05 Damien Laniel <dlaniel@entrouvert.com>
break ABI less than before
added support for encrypting name identifiers with id-ff 1.2
2007-12-03 Frederic Peters <fpeters@entrouvert.com>
store ProtocolProfile even when it is Redirect
support for HTTP-Redirect binding being explicitely specified
2007-11-28 Frederic Peters <fpeters@entrouvert.com>
added support for sending SAMLv2 AuthnResponse over HTTP-Redirect (which shouldn't be used because the assertion within makes for a very big message)
2007-11-27 Frederic Peters <fpeters@entrouvert.com>
include serverprivate.h since lasso_server_get_first_providerID is used.
2007-11-22 Frederic Peters <fpeters@entrouvert.com>
format list in docstring with paragraphs, as this form is known by the new binding generator
fixed parameter name that differed between docstring and function
fixed parameter names that different between header and source file
fixed comments pointing to the wrong function
removed direct usage of g_object_unref from lasso_*_destroy methods
formatting fix in docstring
don't shout a critical error when there is no session and logout get_next_providerId is called.
2007-11-13 Frederic Peters <fpeters@entrouvert.com>
added sample identity dump
fixed wrong type for SamlpRequest->RespondWith (list of strings, was declared as list of nodes)
2007-11-13 Damien Laniel <dlaniel@entrouvert.com>
removed the * from the GList item type as other GList items are commented with no *
added item types for GHashTable
2007-11-12 Damien Laniel <dlaniel@entrouvert.com>
allow a NULL first parameter in init_notification
2007-11-11 Frederic Peters <fpeters@entrouvert.com>
fixed copyright comment header
2007-11-06 Damien Laniel <dlaniel@entrouvert.com>
added OrganisationName in the metadatas of the first test
2007-11-05 Damien Laniel <dlaniel@entrouvert.com>
removed a useless tab
2007-11-03 Frederic Peters <fpeters@entrouvert.com>
annotate GList* of xmlNode*
changed GList* of xmlNode* annotation, to include the *
2007-10-30 Frederic Peters <fpeters@entrouvert.com>
updated annotations to use '/* of strings */' instead of '/* of char* */' as it is more readable
added annotation about GList items type
2007-10-19 Frederic Peters <fpeters@entrouvert.com>
error checking when processing artifact response.
2007-10-11 Damien Laniel <dlaniel@entrouvert.com>
fixed modifyng root node
added an idwsf1 test
fixed a syntax error
2007-10-10 Damien Laniel <dlaniel@entrouvert.com>
fixed memory management
fixed a memory error
fixed error code
added missing error codes in swig bindings
run idwsf tests only if lasso has idwsf support
fix error code
removed an usused variable
2007-10-04 Frederic Peters <fpeters@entrouvert.com>
cosmetic issue, set parameter name in function declaration
2007-10-04 Damien Laniel <dlaniel@entrouvert.com>
changed the way status code is handled to make code simpler
2007-10-04 Frederic Peters <fpeters@entrouvert.com>
added lasso_data_service_get_resource_offering method to get LassoDiscoResourceOffering of a DataService
2007-10-03 Frederic Peters <fpeters@entrouvert.com>
returns SOAP fault with approriate value when need_redirect_user is called inbetween dataservice modify stuff.
2007-09-21 Frederic Peters <fpeters@entrouvert.com>
indentation fixes
fixed indentation in generation script
2007-09-21 Damien Laniel <dlaniel@entrouvert.com>
fixed tabs
removed whitespaces
added checks on soap messages type
fixed id-wsf 1 data service modify
split the discovery query test and added data service query and data service modify tests
fixed service_type in lasso_data_service_process_modify_msg
fixed service_type in lasso_data_service_process_modify_msg
some error checks and some coding style
2007-09-20 Frederic Peters <fpeters@entrouvert.com>
added missing session accessor
2007-09-20 Damien Laniel <dlaniel@entrouvert.com>
reordered methods so it's easier to read
fixed data_service_init_modify method
reordered methods so it's easier to read
fixed personal profile constructor in bindings
2007-09-20 Frederic Peters <fpeters@entrouvert.com>
added knowledge about automake-1.10
2007-09-19 Damien Laniel <dlaniel@entrouvert.com>
added a unit test for id-wsf 1
2007-09-18 Damien Laniel <dlaniel@entrouvert.com>
check if (Encrypted)ResourceID is null
fixed setting of resource offering datas into a data service
check soap enveloppe to prevent segfaults
removed useless line
lasso_discovery_add_resource_offering doesn't exist, remove it completely from the binding this time
added missing method
2007-09-12 Frederic Peters <fpeters@entrouvert.com>
adds support for text as answer to dst queries (instead of forcing answers to be full nodes)
2007-08-28 Damien Laniel <dlaniel@entrouvert.com>
fixed dll files path for installer
set svn property to use Windows-style line endings for Windows files
restored windows-style line endings in visual studio configuration files so they can be loaded
updated visual studio main configuration file for new lasso version
fixed missing character for macro
updated links to version 2.1.1 for windows
2007-08-27 Frederic Peters <fpeters@entrouvert.com>
RPMs for 2.1.1 are now available
2007-08-21 Frederic Peters <fpeters@entrouvert.com>
updated website with 2.1.1
bumped to 2.1.1
fixed bad casting on get/set lists
removed LassoSignatureType
fixed usage of set|get_node_list and set|get_string_list
added binding for LassoSignatureType which is just an enum but SWIG creates such ugly things.
2007-08-13 Frederic Peters <fpeters@entrouvert.com>
added pointers to 2.1.0 tarball
updated changelog for 2.1.0
bumped to 2.1.0
updated SAML2 bindings with all attributes; and added copyright / licence notice.
updated with current list of swig generated files
remove reference to inexistent file
fixed reference to metadata files
added a wrapper around xmlParseMemory to avoid network and DTD
2007-08-08 Damien Laniel <dlaniel@entrouvert.com>
processModifyResponseMsg
2007-08-06 Damien Laniel <dlaniel@entrouvert.com>
swig binding for parse modify items
parse modify items
added ModifyResponse as custom namespace
2007-08-02 Damien Laniel <dlaniel@entrouvert.com>
added some missing Makefiles to configure.ac
2007-07-30 Damien Laniel <dlaniel@entrouvert.com>
added a missing END_THROW_ERROR
added first functions for ID-WSF 2 attribute modification
increased the number of allocatable objects
2007-07-30 Frederic Peters <fpeters@entrouvert.com>
added script to generate idwsf2 low level classes to repository
DstRefAppData is just a template, don't consider it a string but a container for anything
2007-07-27 Damien Laniel <dlaniel@entrouvert.com>
changed abort message when too many objects are allocated
changed abort message when too many objects are allocated
use a constant for node_infos size
abort when node_infos array has reached its limit
2007-07-27 Frederic Peters <fpeters@entrouvert.com>
access to saml2 attribute statement
2007-07-26 Frederic Peters <fpeters@entrouvert.com>
python2.3-lasso was package for old policy
python2.3-lasso was package for old policy
updated packaging to current sid package
updated packaging to current sid package
2007-07-16 Damien Laniel <dlaniel@entrouvert.com>
added one error message
some more data service tests
data service query tests + one more test for discovery + some fixes to previous code
2007-07-11 Damien Laniel <dlaniel@entrouvert.com>
discovery query test suite
moved common function to a super class
test suite for metadata association add
split id-wsf 2 tests in smaller functions
2007-07-10 Damien Laniel <dlaniel@entrouvert.com>
some unit tests for id-wsf 2
fixed prefix changes for soap binding and ws security
renamed some files
added saml2 metadatas and keys for 1 idp and 2 sp
2007-07-10 Frederic Peters <fpeters@entrouvert.com>
don't call lasso_node_destroy on a NULL variable
initialize global variables
adds all classes from ID-WSF 2 required schemas; with appropriate changes to other files.
2007-07-09 Damien Laniel <dlaniel@entrouvert.com>
_new function have no parameters and added some _new_full function instead
changed metadata_list attribute to SvcMD
2007-07-06 Frederic Peters <fpeters@entrouvert.com>
added namespaces used by other parts of id-wsf 2
2007-07-05 Damien Laniel <dlaniel@entrouvert.com>
check enveloppe existence in case lasso functions are called in wrong order
2007-07-03 Frederic Peters <fpeters@entrouvert.com>
hack around swig not declaring functions by declaring it ourself here, but it may break in a future swig version, this is just to get a clean build without any warning of the Python binding with SWIG 1.3.31...
get_node_info_with_swig may not be used by the python binding, but it sure is used by other bindings (and if we were only concerned by python we wouldn't use swig).
2007-07-02 Damien Laniel <dlaniel@entrouvert.com>
commented out an usused function to fix another swig warning
cleaned methods definitions to fix swig warnings
fixed a swig warning in LassoServer
fixed swig warnings for ID-WSF 1
removed no more existing methods from id-wsf 1 swig bindings
moved type attribute which isn't herited
added service.queryItems + some attributes initialisation and destruction
2007-06-29 Damien Laniel <dlaniel@entrouvert.com>
added lasso.SOAP_FAULT_REDIRECT_REQUEST eception when WSP needs user consent + service.redirectUrl
added one soap error and text for other soap errors
added SoapBinding2 prefix to handle RedirectRequest
added initRedirectUserForConsent
2007-06-19 Frederic Peters <fpeters@entrouvert.com>
fixed class hierarchy, with ID-WSF 2 specific stuffs going into LassoIdWsf2Profile (which now inherits from LassoProfile).
2007-06-18 Damien Laniel <dlaniel@entrouvert.com>
moved soap_envelope_request and soap_envelope_response to ProfilePrivate to avoid ABI breackage
2007-06-14 Damien Laniel <dlaniel@entrouvert.com>
rephrase a meaningless sentence
fixed spelling mistake
changed responseMsg to answer for consistency
added 2 lines to get the
added keys and metadata creation
added a line to tell to restart Apache 2
2007-06-13 Damien Laniel <dlaniel@entrouvert.com>
moved epr free from finalize to dispose
fixed EncryptedID usage ; last commit was a mistake
use nameIdentifier attribute of LassoProfile for IdWsf2 profiles
uncomment a useful line
use nameIdentifier attribute of LassoProfile for IdWsf2 profiles
initialise and destroy new attributes
removed IdWsf2Profile and use LassoProfile instead
removed IdWsf2Profile and use LassoProfile instead
fixed gcj warnings + added 2 checks
fixed tabs and spaces mix
fix documentation for getting nameIdentifier content
fix for getting nameIdentifier content
renamed Wsf2Profile to IdWsf2Profile
changed buildQueryResponseMsg to parseQueryItems + buildResponseMsg
coding style
changed buildQueryResponseMsg to buildQueryResponseEprs + buildResponseMsg
replaced two strings with a constant
better error handling + some refactoring
removed a duplicate
2007-06-12 Damien Laniel <dlaniel@entrouvert.com>
split lasso_idwsf2_discovery_process_query_msg for the SP to get the name_id and load the identity dump in between
decrypt nameId in identity token
encrypt nameId in profile identity token
coding style
added comments
coding style + comments
save provider encryption in dumps and reload it from dump + reloads the keys after loading a dump
moved xmlenc.h include where it is really needed
2007-06-11 Damien Laniel <dlaniel@entrouvert.com>
get the identity token from the current epr
added a security token in all eprs (only disco eprs had one before)
fixed warnings
removed a duplicate line
various error checks, coding style and refactoring
removed a useless line
2007-06-09 Frederic Peters <fpeters@entrouvert.com>
fixed LassoIdWsf2DiscoSvcMetadata binding constructor
2007-06-08 Frederic Peters <fpeters@entrouvert.com>
differentiate between id-wsf 1 & 2 since this is what is expected in other places (won't work as easily for DST)
recognize ID-WSF 2 disco query messages
2007-06-08 Damien Laniel <dlaniel@entrouvert.com>
various error checks, coding style and refactoring
removed useless arguments for lasso_idwsf2_discovery_init_metadata_association_add
removed lasso_idwsf2_data_service_get_personal_profile_email
if the user wasn't yet associated to a discovery metadata, associate it + added some commments
if a user hasn't been associated to a discovery metadata, give him a default disco epr
added lasso_idwsf2_discovery_metadata_register_self and lasso_idwsf2_data_service_get_personal_profile_email
2007-06-07 Frederic Peters <fpeters@entrouvert.com>
noted about memleak to be fixed later
properly allocate memory for svcMDID
2007-06-07 Damien Laniel <dlaniel@entrouvert.com>
check all function arguments in session and identity
check session existence
2007-06-07 Frederic Peters <fpeters@entrouvert.com>
be robust, check for possible NULL variables.
2007-06-07 Damien Laniel <dlaniel@entrouvert.com>
memory management in lasso_idwsf2_data_service_get_attribute_string
small fixes in lasso_idwsf2_data_service_get_attribute_string
one more argument check + free node memory
added some checks on arguments
added lasso_idwsf2_data_service_get_attribute_string
added lasso_idwsf2_data_service_get_attribute_node
fixed gcc warnings
2007-06-07 Frederic Peters <fpeters@entrouvert.com>
extended xml_insure_namespace so it creates the namespace itself, after having looked for a preexisting namespace; the function was previously called with ns == NULL, which caused namespace to be *removed* from elements (ns was NULL because xmlNewNs will return NULL when the namespace is already defined).
first snippet member is a name; looking for an element named "any" won't work that often...
copied note from LIST_NODES to LIST_XMLNODES since the same behaviour is present in both.
2007-06-06 Damien Laniel <dlaniel@entrouvert.com>
removed useless line
DST processQueryResponseMsg
changed QueryResponse items data from string to xmlNode
added missing files
2007-06-05 Frederic Peters <fpeters@entrouvert.com>
fixed Python scripts Damien broke when he updated copyright without checking.
2007-06-05 Damien Laniel <dlaniel@entrouvert.com>
added service.data and lasso_idwsf2_data_service_build_query_response_msg
remove a print
Copy session form discovery to data service object
added dst profile registration
cosmetics
2007-06-04 Damien Laniel <dlaniel@entrouvert.com>
use profile namespace for dst queries + added server as parameter to basic IdWsf2DataService constructor
moved identity token code from discovery to wsf2_profile
make some queryItem attributes optional
2007-06-04 Frederic Peters <fpeters@entrouvert.com>
returned objects must go through the binding; fix ID-WSF2 disco.getService
2007-06-04 Damien Laniel <dlaniel@entrouvert.com>
removed useless code
swig binding for some ID WSF 2 functions + changed some types
2007-06-01 Damien Laniel <dlaniel@entrouvert.com>
added lasso_idwsf2_data_service_init_query and lasso_idwsf2_data_service_add_query_item
added some node class for id-wsf-2.0 DST
2007-05-30 Damien Laniel <dlaniel@entrouvert.com>
updated Copyright dates in some more remaining files
updated Copyright dates in some more remaining files
revert copyright changed by mistake
updated Copyright dates in remaining files
updated Copyright dates in all files
added data service class and lasso_idwsf2_discovery_get_service function
2007-05-09 Damien Laniel <dlaniel@entrouvert.com>
fixed usage of an identity without federation
in lasso_idwsf2_discovery_register_metadata, create idenity if it doesn't exist
filled msgUrl in initMetadataAssociationAdd
fixed memory management
don't use misc_text_node
don't use g_return_if_fail here
moved session check to where it's really needed
added LassoIdentity_getSvcMDIDs method to swig
added a forgotten file
replaced svcMDs with svcMDIDs in identity and moved EPRs from identity to session
2007-05-08 Frederic Peters <fpeters@entrouvert.com>
also keep lasso prefix in PHP5 binding
2007-05-03 Damien Laniel <dlaniel@entrouvert.com>
fixed attribute name and name format
added LASSO_EXPORT for a function in a public header
changed function names to match binding function names
don't use lasso_node_dump to create xml soap messages
fixed SecMechID
changed registerMetadata prototype + small fixes
split processMetadataAssociationAddMsg into processMetadataAssociationAddMsg + registerMetadata - new API
2007-05-02 Damien Laniel <dlaniel@entrouvert.com>
get assertion from disco epr and put this assertion into soap header for metadata_association_add
2007-05-02 Frederic Peters <fpeters@entrouvert.com>
SNIPPE_ALLOW_TEXT doesn't have to be handled, but Damien gcc is warning-happy.
2007-05-02 Damien Laniel <dlaniel@entrouvert.com>
replaced status codes with constants
don't segfault when receiving bad soap request or response
replaced LASSO_WSF2_PROFILE(discovery) with profile everywhere
wrap too long line
fixed function name
added assertion identity token into disco EPR
added method to get an assertion security token from an EPR
fixed spaces
2007-05-02 Frederic Peters <fpeters@entrouvert.com>
don't put text nodes in list nodes unless SNIPPET_ALLOW_TEXT is set
fixed xmlCleanNs on recursing namespaces
hardened id-wsf1 disco detection against misc nodes
SNIPPET_LIST_NODES can now host LassoMiscTextNode, also useful now to directly embed a text element (instead of a node with a text element as content)
whitespace cleaning
binding for LassoLogin->assertion
binding for LassoMiscTextNode
2007-05-01 Damien Laniel <dlaniel@entrouvert.com>
added identity token into metadata_association_add messages
2007-04-30 Frederic Peters <fpeters@entrouvert.com>
xml_enc.h should have been public; so much for QA.
2007-04-25 Frederic Peters <fpeters@entrouvert.com>
const'ified a bunch of parameter that are immutable
2007-04-25 Damien Laniel <dlaniel@entrouvert.com>
fixed gcc warning
added id-wsf 2.0 request types + added a missing include
removed const warning from gcc
2007-04-25 Frederic Peters <fpeters@entrouvert.com>
new server.addServiceFromDump method, and extended addService to work for both id-wsf 1 and 2; also necessary to add quick hack in new_from_xmlnode to map SvcMD to SvcMetadata.
2007-04-25 Damien Laniel <dlaniel@entrouvert.com>
fill profile->request in init_metadata_register + added soap_endpoint parameter
fill profile->request in init_metadata_register
2007-04-24 Frederic Peters <fpeters@entrouvert.com>
added getSvcMetadatas method to lasso.Identity, to bind lasso_identity_get_svc_metadatas().
2007-04-24 Damien Laniel <dlaniel@entrouvert.com>
coding style fixes
coding style fix
implemented discovery query
2007-04-19 Frederic Peters <fpeters@entrouvert.com>
a little bit of imagination to avoid new classes for each and every simple element with a different name.
2007-04-19 Damien Laniel <dlaniel@entrouvert.com>
Build a Disco EPR within saml 2 login assertion
2007-04-19 Frederic Peters <fpeters@entrouvert.com>
cleaning warnings signaled by gcc
2007-04-19 Damien Laniel <dlaniel@entrouvert.com>
fixed gcc warnings
minor fixes
2007-04-18 Damien Laniel <dlaniel@entrouvert.com>
completed metatada_register and metadata_association_add
2007-04-17 Damien Laniel <dlaniel@entrouvert.com>
added saml_attribute_value.[ch] to Makefile.am
2007-04-16 Damien Laniel <dlaniel@entrouvert.com>
typo
fixed typo (no idea how long it had been there)
start writing an ID-WSF EPR in saml 2 assertions
md_association_add xml nodes
identity + session in discovery + SvcMDAssociationAdd
2007-04-14 Frederic Peters <fpeters@entrouvert.com>
new StringDict to map GHashTable of strings to a structure similar to a python dictionary (necessary to support mapping of "any" attributes)
updated liberty document uris
updated with version from a newer generator (initialize anyAttribute hash table and correctly set content to 0 instead of NULL)
add profileprivate.h header for lasso_profile_clean_info function declaration
add missing profileprivate.h header for lasso_profile_clean_info function declaration.
optimize type autodetection in lasso_node_new_from_xmlNode by reordering namespace matches and stopping at first success
added reference to WsAddr
implemented support for SNIPPET_ATTRIBUTE | SNIPPET_ANY (using GHashTable).
removed useless glib/glist.h include
fixed last commit author in buildbox
2007-04-13 Damien Laniel <dlaniel@entrouvert.com>
disco.processMetadataRegisterResponseMsg(soap_answer) and disco.svcMDID + renamed Idwsf2 to IdWsf2 to make it work with new classes
2007-04-13 Frederic Peters <fpeters@entrouvert.com>
don't include wsu_ symbols in non-id-wsf builds
2007-04-13 Damien Laniel <dlaniel@entrouvert.com>
disco.processMetadataRegisterMsg(soap_answer) and disco.buildResponseMsg()
2007-04-12 Damien Laniel <dlaniel@entrouvert.com>
implemented disco.metadata.dump()
changed disco classes and methods names + make lasso_idwsf2_discovery_process_metadata_register_msg work
removed useless check
removed useless headers
added wsu_timestamp class
removed id-wsf 1 soap headers and added wsu_timestamp id-wsf 2.0 element
2007-04-11 Frederic Peters <fpeters@entrouvert.com>
only include wsa_ when ID-WSF is enabled
added WS-Addr classes
2007-04-11 Damien Laniel <dlaniel@entrouvert.com>
removed useless g_object_ref
fixed include
implementing lasso_idwsf2_discovery_process_metadata_register_msg, not working yet
2007-04-11 Frederic Peters <fpeters@entrouvert.com>
target namespace for disco would better be disco, not ds, to avoid confusion
renamed disco_service_metadata to disco_svc_metadata
2007-04-10 Damien Laniel <dlaniel@entrouvert.com>
renaming + removed some useless casts
some more work on metadata registration
2007-04-08 Frederic Peters <fpeters@entrouvert.com>
adding all ID-WSF 2.0 namespaces
2007-04-07 Frederic Peters <fpeters@entrouvert.com>
fixing figures from cvs2svn conversion
2007-04-06 Frederic Peters <fpeters@entrouvert.com>
keep a single --enable-wsf configure option, for both ID-WSF 1 and 2.
2007-04-05 Damien Laniel <dlaniel@entrouvert.com>
removed useless comments and wrap too long lines
'service metadata register' message construction
moved and renamed attributes
2007-04-04 Frederic Peters <fpeters@entrouvert.com>
fixed segfault on invalid input passed to lasso_wsf_profile_process_soap_response_msg
fixed usage of constant strings in Perl binding
2007-04-03 Damien Laniel <dlaniel@entrouvert.com>
ID-WSF 2.0 : basix swig support
build configuration for id-wsf 2.0
new strings declarations
ID-WSF 2.0 Discovery query : not yet working classes
2007-04-03 Damien Laniel <Damien Laniel@localhost>
ID-WSF 2.0 Discovery Query : not yet working classes
ID-WSF 2.0 Discovery : Some XML nodes
2007-03-29 Frederic Peters <fpeters@entrouvert.com>
website update; Lasso is now managed in Subversion
2007-03-26 Frederic Peters <fpeters@entrouvert.com>
website import
2007-03-24 Frederic Peters <fpeters@entrouvert.com>
Attic shouldn't have been imported during the switch to svn
2007-01-16 Frederic Peters <fpeters@entrouvert.com>
updated changelog for 2.0.0
fixed memory leaks
updated version number and required swig version
2007-01-09 Frederic Peters <fpeters@entrouvert.com>
added section for ECP (and titled LECP)
2007-01-08 Frederic Peters <fpeters@entrouvert.com>
reordered some elements in index and added short descriptions to all elements
fixed docstring parameter name
added all classes for SAMLv2 schema elements
un-idff'ied docstrings (and fixed a few comments)
added documentation about SAMLv2 Name Id Management profile; and by the same time updated all tmpl/ files with a newer gtk-doc
2007-01-07 Frederic Peters <fpeters@entrouvert.com>
fixed provider->private_data->encryption_public_key memory leak and removed duplicate freeing for public_key and ca_cert_chain
mitigate memory leak (?)
fixed memory leak occuring near SNIPPET_SIGNATURE
fixed memory leak in Extension to query string conversion
fixed memory leak
unfixed memory leak, because strange manipulations to xmlnode structures could cause memory corruption
2007-01-06 Frederic Peters <fpeters@entrouvert.com>
removing white space lost in a tab
removing white spaces on blank lines
fixing indentation
removing white space on blank line
removing spaces from otherwise white lines
fixed indentation & param checking
fixed memory leak
fixed little memory leak
2007-01-05 Frederic Peters <fpeters@entrouvert.com>
replace some xmlFree that should have been g_free and added some xmlFree where required.
even more memory leak tracking
new lasso_profile_clean_msg_info function used to clean msg_url and msg_body (free()ing and setting to NULL) in functions where those variables are later set.
fixed some memory leaks (tracked with valgrind)
cleaning up memory allocated for tests; so valgrind logs are cleaner
memory management, avoid leaking xmlDoc*
2007-01-04 Frederic Peters <fpeters@entrouvert.com>
directly include headers from xmlsec/openssl/; at least required to compile on Fedora Cora 6.
bumped version to 1.9.9 (and updated libtool version accordingly) and disabled PHP5 support by default.
misc fixes for 1) memory leaks around XPath usage and 2) potential segfaults from untested pointers
new LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_IDENTIFIER error code
2007-01-03 Frederic Peters <fpeters@entrouvert.com>
make ID-FF SLO works even when there are SAMLv2 assertions in the session
insure sso and slo from SAML2 work even when there are active ID-FF sessions.
removed memory leak (GPtrArray was not freed) by directly accessing assertions from their hash table instead of an intermediary GPtrArray.
2007-01-02 Nicolas Clapies <nclapies@entrouvert.com>
Updated metadata saml2 saming files. Fixed protocol binding setting when initiating sso.
2006-12-28 Frederic Peters <fpeters@entrouvert.com>
removed XXX comment about SessionIndex since it is handled in the application, not in Lasso
harmonized LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ and LASSO_PARAM_ERROR_INVALID_VALUE usage
extra checking for wrong or NULL parameters
more fixes for optional arg support in PHP
optional args are handled differently in newer SWIG versions
notice when building deflated query fails, and don't include (null) as query component in this case.
fixed crashed added when changing find_path return type
coding style improvements
replaced remaining LASSO_ERROR_UNDEFINED by appropriate error codes
new error codes and coding style
missing include, typo in comment and coding style
coding style
replaced LASSO_ERROR_UNDEFINED by appropriate error codes in all of xml/ and id-ff/
coding style: added spaces at appropriate places
replaced most LASSO_ERROR_UNDEFINED by appropriate error codes (two occurences are remaining)
fixed all occurences of returning a negative number unspecified in errors.h
replaced all usage of UNDEFINED error code in logout profiles (both ID-FF and SAMLv2) by appropriate error codes
2006-12-27 Frederic Peters <fpeters@entrouvert.com>
new LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS error code
typo fix
changed test against assertions which could yield a useless LASSO_ERROR_UNDEFINED
avoid segfaults when passing NULL to *_new_from_dump
fixing a bunch of possible segfaults (NULL passed to strlen)
fixing a bunch of undeclared functions and possible segfaults; also removed some debugging printf. (ID-WSF is now warning-free (but char signedness))
fixing some usage of unitialized variables in SAMLv2 support
correctly initialize req at top of function and don't try to get the deflated samlv2 query if the parameter was not present
moved find_path and set_value_at_path from returning int to returning gboolean; this gets rid of ugly and useless LASSO_ERROR_UNDEFINED in thos functions.
default encryption type is AES-128, rearranged code so that is clearer (let default handling be at the end)
fixed gtk-doc for some enums
Adding Damien to developers
fixing minor typo
added libgcj7-dev for gcj 4.1
2006-12-21 Frederic Peters <fpeters@entrouvert.com>
fixed a few (harmless) warnings detected when compiling with -Wall -Wmissing-declarations -Wdeclaration-after-statement
set return type
2006-12-20 Frederic Peters <fpeters@entrouvert.com>
fixed used of unitialized variable
2006-12-20 Nicolas Clapies <nclapies@entrouvert.com>
Added SAML2 PHP documentation. Need to complete with some Login and Logout details. Need to add description of Name Id Management profile.
2006-12-20 Damien Laniel <dlaniel@entrouvert.com>
Allow the choice of the encryption algorithm to use
2006-12-19 Frederic Peters <fpeters@entrouvert.com>
include all testing metadata
2006-12-18 Frederic Peters <fpeters@entrouvert.com>
fix rst syntax
2006-12-16 Frederic Peters <fpeters@entrouvert.com>
Added (and documented) new members to snippet, necessary to fix namespace for saml:AuthnContextClassRef used in samlp:RequestedAuthnContext
2006-12-08 Frederic Peters <fpeters@entrouvert.com>
testing metadata files are in $(srcdir)
include tests metadata subdir
ship metadata files used in tests
fixed php configure options indentation
added support for PHP5
compile PHP5 binding fine (using PHP_VERSION_ID to see if this is PHP 5)
try to avoid detecting php5 as a compatible php version
tarball have to ship two new Java file
ship xml_enc.h
2006-12-07 Frederic Peters <fpeters@entrouvert.com>
removed -dlname argument which disappeared in SWIG 1.3.31 and was already optional in 1.3.29
abstract is a reserved java keyword
different code path for SWIG >= 1.3.31 for downcast in java
added (required in swig 1.3.31) methodmodifiers for javadestruct delete typemap
abstract attribute breaks php binding with SWIG 1.3.31
fixed PHP4 #ifdef
binding for new error code
ECP fixes
SAMLv2 compliance fix (mostly RelayState and affiliations related)
use Location when ResponseLocation is not available
minimal support for EncryptedID in federation termiation
2006-12-06 Damien Laniel <dlaniel@entrouvert.com>
Better parse xml to find and EncryptedKey
2006-12-06 Frederic Peters <fpeters@entrouvert.com>
if signature element is not found, look for it in an assertion element (this is not perfect since it should be possibly to check *both* signatures and we don't care for the moment)
new logout error code
relaystate handling
set Destination and handle relayState
fixed ecp attribute name
2006-12-05 Nicolas Clapies <nclapies@entrouvert.com>
Added paos response message process support in LassoLogin object.
2006-12-05 Frederic Peters <fpeters@entrouvert.com>
look up harder for encypted stuff
avoid segfaults looking for decryption key
return missing assertion error on missing assertion
removed conflicting change
use 128-bit AES which seems better supported by other applications
fixed casing for all saml2 attribute members
2006-12-04 Nicolas Clapies <nclapies@entrouvert.com>
Moved ECP protocol binding detection from to PAOS.
2006-12-04 Damien Laniel <dlaniel@entrouvert.com>
Verify message signature in lasso_saml20_login_process_authn_response_msg
2006-12-04 Frederic Peters <fpeters@entrouvert.com>
look up for the right federation based on affiliation in logout
use federation from affiliation if necessary in logout
correctly rename attributes to camelCase
fixed signature element position
binding for authnStatement
2006-12-02 Damien Laniel <dlaniel@entrouvert.com>
Fixed memory management
Fixed memory management problems
Fixed a few warnings with -Wall
2006-12-01 Frederic Peters <fpeters@entrouvert.com>
(stupid me) initialize and destroy correctly affiliation variables
achieved support for using affiliations
fixing case for NameIdPolicy binding
include id-wsf/identity.h to get identity_get_offerings prototype
2006-12-01 Damien Laniel <dlaniel@entrouvert.com>
Added an error code in bindings
2006-12-01 Frederic Peters <fpeters@entrouvert.com>
on logout response, if responder then look inside for real value
2006-12-01 Damien Laniel <dlaniel@entrouvert.com>
Fixed a memory problem (was double free)
2006-11-30 Damien Laniel <dlaniel@entrouvert.com>
Fixed logout request signature
Initialise and destroy correctly provider private datas
2006-11-30 Frederic Peters <fpeters@entrouvert.com>
only call into lasso_saml20_login_process_paos_response_msg if PAOS namespace is visible; this avoids parsing three times the same message for the common case of *not* PAOS.
removed side effects in samlp2_response/get_xmlNode
fixed case when not using encrypted assertion
fixing memory leaks, side effects and more in EncryptedAssertion
2006-11-30 Nicolas Clapies <nclapies@entrouvert.com>
Uncommented xml free.
Fixed memory use.
2006-11-30 Frederic Peters <fpeters@entrouvert.com>
naming lists "item" is confusin
2006-11-30 Nicolas Clapies <nclapies@entrouvert.com>
Added missing ecp private header file.
Added private structure for LassoEcp to keep relayed data.
2006-11-30 Frederic Peters <fpeters@entrouvert.com>
use appropriate functions for g_list_
re-enabling saml2 signature check
2006-11-29 Damien Laniel <dlaniel@entrouvert.com>
Moved assertion encryption code out of saml2_response.c to tools.c
Encrypt Assertions at the last moment, so that the assertions should be fully built before that
2006-11-28 Damien Laniel <dlaniel@entrouvert.com>
Don't include the internal datas of the nodes in encrypted elements
Added an error type when there is no key to decrypt some encrypted elements
2006-11-28 Frederic Peters <fpeters@entrouvert.com>
fixed references to SWIGPHP4
extra checks to pass negative testing steps
2006-11-27 Frederic Peters <fpeters@entrouvert.com>
include header file for lasso_saml20_profile_set_session_from_dump
removed unused variable and added check for identity before accessing it
removed unused variable
removed debugging output
2006-11-27 Damien Laniel <dlaniel@entrouvert.com>
Support for name-id:format:encrypted in NameIdPolicy in Authnrequest
2006-11-24 Damien Laniel <dlaniel@entrouvert.com>
return -1 was not cute
2006-11-23 Damien Laniel <dlaniel@entrouvert.com>
Added an original node to encrypted elements, only in dumps, for the dump to be readable
Removed useless headers
Encrypt and decrypt NameID in logout requests
Coding style fix
2006-11-23 Frederic Peters <fpeters@entrouvert.com>
removed use of unallocated variable
style and missing header
fixing indentation
2006-11-23 Nicolas Clapies <nclapies@entrouvert.com>
Added missing updates about LassoEcp object.
2006-11-22 Nicolas Clapies <nclapies@entrouvert.com>
Updated binding for LassoEcp object.
2006-11-22 Damien Laniel <dlaniel@entrouvert.com>
Binding for setEncryptionMode
Changed setEncryption(boolean) to setEncryptionMode(enum mode)
Binding for setEncryption method
changed provider->private_data->encryption name to provider->private_data->encryption_enabled
Fix LassoSaml2EncryptedElement name
Added lasso_provider_set_encryption method to activate or desactive encryption
2006-11-22 Frederic Peters <fpeters@entrouvert.com>
reduced memory allocation (and loc)
2006-11-22 Damien Laniel <dlaniel@entrouvert.com>
Changed xmlGetNoNsProp with xmlGetProp in lasso_decrypt
2006-11-21 Frederic Peters <fpeters@entrouvert.com>
fixed pkey memory leak
2006-11-21 Damien Laniel <dlaniel@entrouvert.com>
coding style fixes
Free bio on error in lasso_get_pem_file_type
Fixed -Wall warnings and replaced a LASSO_ERROR_UNDEFINED
Coding style fixes + removed the obsolete comment about set_nodename in LassoSaml2EncryptedElementClass
Set nodename "EncryptedElement" in LassoSaml2EncryptedElementClass
updated comments
- Can use AES EncryptedKey as well as DES to decrypted the EncryptedData - Encrypt nodes with 256-bit AES
2006-11-21 Frederic Peters <fpeters@entrouvert.com>
in LIST_NODES, if snippet->name is set; use it.
##any nodes needs empty snippet name
2006-11-21 Damien Laniel <dlaniel@entrouvert.com>
Encrypt and decrypt Assertion
2006-11-21 Frederic Peters <fpeters@entrouvert.com>
check for identity before accessing it
2006-11-20 Nicolas Clapies <nclapies@entrouvert.com>
Restored immutable attribute msg_relayState in LassoLogin object.
Moved SOAP value as last element in lists.
2006-11-20 Frederic Peters <fpeters@entrouvert.com>
new server method, for saml2 affiliations
saml2 server private functions
2006-11-19 Frederic Peters <fpeters@entrouvert.com>
added loading of affiliation metadata (not yet acted upon)
const'ified some char*
rewritten in a shorter form
s/file_name/filename/
don't include * in %rename() statements
2006-11-16 Damien Laniel <dlaniel@entrouvert.com>
- Moved the EncryptedKey to the same level as EncryptedData in xml - Changed the prototype for lasso_node_encrypt and lasso_node_encrypt - Moved lasso_node_encrypt and lasso_node_encrypt declaration to xml_enc.h - Added a GList for EncryptedKey in EncryptedElement
2006-11-16 Frederic Peters <fpeters@entrouvert.com>
process_authn_response_msg for saml2; this is similar to id-ff even if the underlying messages are different
correctly looks up assertionconsumerservice url, even with just the binding
2006-11-15 Frederic Peters <fpeters@entrouvert.com>
binding for SAML2 binding uri; and fixed SAML20 to SAML2 for coherence
2006-11-15 Damien Laniel <dlaniel@entrouvert.com>
Decryption of EncryptedID in Assertion
2006-11-15 Frederic Peters <fpeters@entrouvert.com>
fixed up lasso_saml20_logout_process_response_msg function name; and remove assertion on SP when initiated on SP.
2006-11-14 Frederic Peters <fpeters@entrouvert.com>
random fixage of warning displayed with -Wall
2006-11-14 Nicolas Clapies <nclapies@entrouvert.com>
Fixed big mistake about PAOS naming. Added more strict check when trying to process PAOS response in login.c.
Fixed declaration line ending.
Added ecp files.
2006-11-14 Frederic Peters <fpeters@entrouvert.com>
downcast soapenvelope to LassoNode
include header from xmlsec to get xmlSecCreateTree declaration
2006-11-14 Nicolas Clapies <nclapies@entrouvert.com>
Added ecp.h in public declarations.
Added binding for ECP. Modified binding in Lasso.si to allow setting LassoProfile's msg_relayState.
Added ECP profile (client, SP and IDP parts).
Added functions to export to PAOS request and ECP response.
2006-11-14 Damien Laniel <dlaniel@entrouvert.com>
Replaced some LASSO_ERROR_UNDEFINED with real error codes
Test on a possibly NULL pointer to avoid seg fault
2006-11-13 Damien Laniel <dlaniel@entrouvert.com>
Read SNIPPET_XMLNODE from XML
Added documentation for SNIPPET_XMLNODE
Added EncryptedID as SNIPPET_XMLNODE in Subject in Assertion
Header for lasso_node_encrypt
2006-11-13 Frederic Peters <fpeters@entrouvert.com>
also dump private data; necessary for saml2 artifact support
2006-11-13 Damien Laniel <dlaniel@entrouvert.com>
Added lasso_node_encrypt to encrypt a Lasso node
2006-11-10 Frederic Peters <fpeters@entrouvert.com>
don't set inResponseTo if there is no request
include http request method in profile dumps
2006-11-09 Damien Laniel <dlaniel@entrouvert.com>
moved encryption key loading from id-ff to saml-2.0
properly initialise encryption_private_key
Use xmlSecKeyDestroy to free the key in lasso_server_set_encryption_private_key
Fix a possible memory leak in lasso_server_set_encryption_private_key and add a comment
binding for lasso_server_set_encryption_private_key
changed prototype for lasso_server_set_encryption_private_key and added error handling
2006-11-09 Frederic Peters <fpeters@entrouvert.com>
Change from string to list in requestedAuthnContext.
AuthnContextClassRef is a list; treat is as such
only compare saml1 assertion
2006-11-09 Damien Laniel <dlaniel@entrouvert.com>
load encryption private key
2006-11-09 Frederic Peters <fpeters@entrouvert.com>
filled login_must_authenticate with intelligence about authncontext
2006-11-08 Frederic Peters <fpeters@entrouvert.com>
support for RequestAuthnContext in must_authenticate (incomplete but not likely to do much more here; I'll do it better in SAML2)
changed lasso_session_get_assertions not to g_object_ref assertions, so they don't have to be freed.
spec refers to signing/encryption so use that vocabulary (even if I don't like it)
minor changes & fix to coding style for enc public key loading
encryption_public_key will always be set from metadata; no need for filename stuff and to touch the public struct.
2006-11-08 Damien Laniel <dlaniel@entrouvert.com>
load encryption key from metadatas
2006-11-08 Frederic Peters <fpeters@entrouvert.com>
more appropriate error code
error on sso initiated by idp and no endpoint defined as default for sp
saml2 sso initiated by idp
2006-11-07 Frederic Peters <fpeters@entrouvert.com>
can get assertion consumer service url from that very same attribute
fixed url/query construction for endpoints with query part (zxid)
2006-11-07 Damien Laniel <dlaniel@entrouvert.com>
fix metadata test
tests for loading certs and keys from metadata
2006-11-07 Frederic Peters <fpeters@entrouvert.com>
fixed dump/restore from dump for name id management profile
2006-11-06 Frederic Peters <fpeters@entrouvert.com>
fixing saml2 sso error cases (on ispassive)
spelling
better loading of public key from metadata; full support for embedded PEM, and suppressed output when not base64.
keep a copy of assertion easily accessible for further changes
added LASSO_SAML2_CONFIRMATION_METHOD_BEARER
set subject confirmation method and recipient; to be conformant.
error code for missing assertion
2006-11-05 Frederic Peters <fpeters@entrouvert.com>
implementation of lasso_name_id_management_process_response_msg
appropriate return code
detection of SOAP name id management
2006-11-04 Frederic Peters <fpeters@entrouvert.com>
bindings for new LassoNameIdManagement profile
empty _process_response_msg
LassoNameIdManagement is first class profile -> included in lasso.h
dump handling
invert args
fixed new id param format
name id management saml2 profile (lacks process_response)
fixed small memory leak in saml2 slo
2006-11-03 Frederic Peters <fpeters@entrouvert.com>
fix saml2 artifact decoding
2006-11-02 Frederic Peters <fpeters@entrouvert.com>
if node was not base64, use its original value for key loading.
set provider role; so mixed sp/idp metadata is ok.
2006-11-02 Damien Laniel <dlaniel@entrouvert.com>
Added back LASSO_PROFILE_ERROR_MISSING_ARTIFACT
2006-11-02 Frederic Peters <fpeters@entrouvert.com>
new lasso_profile_is_saml_query function
uncomment xmlsec output directives; that should not have been commented
already set remote_provider_id in process_request
2006-11-02 Damien Laniel <dlaniel@entrouvert.com>
Replaced return -1 with return LASSO_ERROR_UNDEFINED
Added some error cases
tests on possibly null pointers
2006-11-02 Frederic Peters <fpeters@entrouvert.com>
coding style
downcast nameidentifier to LassoNode* in LassoLogout; so that it works with both ID-FF (LassoSamlNameIdentifier) and SAML2 (LassoSaml2NameID)
2006-10-31 Damien Laniel <dlaniel@entrouvert.com>
changed LASSO_LIB_NAME_ID_POLICY_TYPE_FEDERATED to LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED according to the code
2006-10-30 Frederic Peters <fpeters@entrouvert.com>
removed XXX comments after Damien looked at them
include authentication statement in saml2 assertion
saml2 artifacts include an endpoint index; fill it with 0 for the moment.
2006-10-29 Frederic Peters <fpeters@entrouvert.com>
deal with default assertion consumer service url
use new error code for missing artifact
new error code for missing artifact
correctly clean memory
fixed reference to length when inflating
default value set to -1 and marked as optionals
saml-2.0 more POST support
s/SAMLArt/SAMLart/ (+ check for remote provider)
handle "1" as well as "true" in booleans
started support for AssertionConsumerServiceIndex (as alternative to ProtocolBinding) (used by zxid)
saml2 query strings are often limited to one single arg
accept PAOS binding
2006-10-28 Frederic Peters <fpeters@entrouvert.com>
finished saml2/sso/post
note about memory leak
standard .cvsignoe
handle saml2/sso/post (almost)
handle saml2/sso/post (almost, need to fix return url)
initialize private_key_file and certificate_file properly
formatting
use external stylesheet
rest2html is now shipped as rst2html, also looks for this one
return defined error code
cast function reference
standard .cvsignore for saml-2.0/ dir
marked maxInteractTime as optional
LassoDiscoServiceInstance are freed through lasso_node_destroy
fixed deflate, tested against lightbulb(opensso-php)
2006-10-27 Nicolas Clapies <nclapies@entrouvert.com>
Added documentation about writing a sp in java.
2006-10-26 Frederic Peters <fpeters@entrouvert.com>
use zlib compress2 instead of lowlevel functions, this fixes inflate.
don't automatically fallback to redirect, this breaks some cases....
checking pointers...
2006-10-25 Frederic Peters <fpeters@entrouvert.com>
return NULL; not an error code
check for response before accessing it
check for query before accessing it
2006-10-12 Frederic Peters <fpeters@entrouvert.com>
nameIdentifier is now a LassoSamlNameIdentifier; which should help Java
2006-10-09 Frederic Peters <fpeters@entrouvert.com>
revert to SNIPPET_LIST_NODES; which is required for ID-WSF to work
2006-10-02 Frederic Peters <fpeters@entrouvert.com>
ds_* are now also used out of id-wsf
2006-09-29 Frederic Peters <fpeters@entrouvert.com>
check session is not NULL even in functions where it shouldn't happen; since developer may always call functions out of order.
2006-09-28 Frederic Peters <fpeters@entrouvert.com>
better error handling in slo
2006-09-21 Damien Laniel <dlaniel@entrouvert.com>
updated documentation for lasso server creation prototype change
2006-09-19 Frederic Peters <fpeters@entrouvert.com>
fixed lasso_server_new prototype
2006-08-03 Frederic Peters <fpeters@entrouvert.com>
use specific error messages
fill LassoDataService provider_id member on process_request
define and use specific error codes
2006-05-16 Frederic Peters <fpeters@entrouvert.com>
SWIG 1.3.28 is required.
be more specific in role
support for SNIPPET_LIST_XMLNODES (very old patch)
2006-05-11 Frederic Peters <fpeters@entrouvert.com>
added missing comma
error message
2006-05-10 Frederic Peters <fpeters@entrouvert.com>
don't say undefined when it is, just lacking a description string, bugger.
looking up NameIdentifier in AttributeStatement (old patch)
2006-03-21 Frederic Peters <fpeters@entrouvert.com>
ship Lasso-saml2.i; part of 0.6.5
updated to 0.6.5
fixed doc
note about 0.6.5
note about 0.6.5
try to find nameidentifier in alternative location; for compatibity with some idp
Helps building outside srcdir
fixed a few win32 versioning issues
2006-03-20 Frederic Peters <fpeters@entrouvert.com>
killed a chicken to restore swig voodoo; hope it is enough, I'm running out of virgins.
2006-03-20 Damien Laniel <dlaniel@entrouvert.com>
changed contact address for php documentation to mine
2006-03-19 Frederic Peters <fpeters@entrouvert.com>
update copyright year, add Damien to the php doc authors, run a spellchecker on the doc
unified braces on if line, spaces between if and parenthesis and indentation; also use the same $server variable name everywhere
2006-03-19 Damien Laniel <dlaniel@entrouvert.com>
fixed doc writing-a-php-sp.txt
2006-03-19 Frederic Peters <fpeters@entrouvert.com>
removed hardcoded php dependency, added php:Depends substvar
removed hardcoded php dependency, added php:Depends substvar
2006-03-17 Frederic Peters <fpeters@entrouvert.com>
fixed RSA_SHA1 constant name
2006-03-08 Frederic Peters <fpeters@entrouvert.com>
fixed underline
updated changelog to 0.6.4
update to 0.6.4
update to 0.6.4
fixing python test.
ignoring generated saml2 files
info about 0.6.4
updated (c) years and gforge url
updated FSF address
releasing 0.6.4
don't ship c# in this release
2006-03-06 Frederic Peters <fpeters@entrouvert.com>
new error check test
ship logoutprivate.h
ship style.css
don't ship fedterm-redirect.svg for now
updated generated java files list
missing brace
adding braces
don't unref/affect the same pointer; this will cause segfaults (seen in java)
ignoring generated Makefile and Makefile.in
SWIG upgrade (->1.3.28) broke once again bindings; this time thanks to macros that are now required to have args (looks like that anyway, nothing is documented); fixing this.
2006-03-04 Frederic Peters <fpeters@entrouvert.com>
fixed variable type; how bad
cast strings to xmlChar* for correct signedness
added comment about why not to use memset
2006-02-21 Frederic Peters <fpeters@entrouvert.com>
added short desc for lasso.h
added short descriptions to every lib: classes
more doc
documentation fixes
2006-02-06 Frederic Peters <fpeters@entrouvert.com>
don't g_object_ref what can be NULL
2006-01-25 Frederic Peters <fpeters@entrouvert.com>
own style for reference doc
fixing redirect example
fix memory management for ID-WSF ResourceId
2006-01-23 Frederic Peters <fpeters@entrouvert.com>
check for remote provider id before looking it in GHashTable
don't segfault when lasso_logout_build_request_msg is erroneously called without lasso_logout_init_request before
2006-01-21 Frederic Peters <fpeters@entrouvert.com>
fix swig id-wsf disco for new version of swig
2006-01-12 Frederic Peters <fpeters@entrouvert.com>
duplicate key to fix consecutive calls to xmlsec
2006-01-05 Nicolas Clapies <nclapies@entrouvert.com>
Fixed symbol error about LassoDiscoDescription_newWithBriefSoapHttpDescription.
Fixed node prefix from interaction service namespace element.
2005-12-10 Frederic Peters <fpeters@entrouvert.com>
bindings working with swig 1.3.27
2005-12-06 Nicolas Clapies <nclapies@entrouvert.com>
Fixed missing declaration and settings.
AP now verify SP signature.
*** empty log message ***
*** empty log message ***
Only KeyValue in KeyInfo. Added KeyValue and RsaKeyValue element.
2005-12-05 Frederic Peters <fpeters@entrouvert.com>
fixed host specific architecture changes
dont parse files in id-wsf/ when not compiled with id-wsf support (required for mac os x nmedit)
2005-11-22 Frederic Peters <fpeters@entrouvert.com>
missing saml 2 file
Completed first go of SAML 2.0 single logout and added some missing files
2005-11-21 Frederic Peters <fpeters@entrouvert.com>
starting SAML 2 logout
2005-11-20 Frederic Peters <fpeters@entrouvert.com>
swig inheritance for SAML 2 elements
removing xmlsec debug code
SAML 2.0 support (only web-sso for the moment)
2005-11-15 Nicolas Clapies <nclapies@entrouvert.com>
Little modif about SAML authentication verification
Renamed lasso_data_service_need_user_interaction() to lasso_data_service_need_redirect_user().
Only add lasso_ds_* for id-wsf.
Added binding for user interaction in data service.
Added some user interaction support : lasso_data_service_need_user_interaction() sets soap response with a soap fault asking redirect request. lasso_data_service_get_redirect_request_url() retrieves the redirect request url. DataService raises a redirect request warning exception if a fault was found in soap response after a lasso_data_service_process_query_response_msg().
Added soap fault code server.
Fixed snippet type and name of Detail attribute.
Fixed snippet type of redirectURL from content to attribute.
Check if a soap fault is found in response message. If no fault found, then set response.
Added a first soap fault code error.
Added soap Detail element.
2005-11-14 Frederic Peters <fpeters@entrouvert.com>
SAML 2.0 string constants
2005-11-14 Nicolas Clapies <nclapies@entrouvert.com>
Now discovery service includes a key value in credential added to disco:QueryResponse.
2005-11-13 Frederic Peters <fpeters@entrouvert.com>
starting to commit SAML 2 changes; minor changes (and bugfix) to lasso_node_new_from_xmlNode as well as code to recreate SAML2 object from SAML2 query string.
2005-10-14 Nicolas Clapies <nclapies@entrouvert.com>
Fixed signature template problem : now if metadata's service provider has AuthnRequestsSigned set to false and HTTP method is POST, then template is not added anymore to AuthnRequest xml message.
2005-10-13 Nicolas Clapies <nclapies@entrouvert.com>
Fixed optional param of processModifyMsg().
2005-10-11 Nicolas Clapies <nclapies@entrouvert.com>
Fixed getServiceWithProviderId method.
2005-10-10 Nicolas Clapies <nclapies@entrouvert.com>
Removed useless discovery method lasso_discovery_get_service_with_providerId(). Removed useless Swig binding of LassoWsfProfile class.
Removed useless discovery method lasso_discovery_get_service_with_providerId(). Removed useless Swig binding of LassoWsfProfile class.lasso/id-wsf/discovery.c
2005-10-06 Frederic Peters <fpeters@entrouvert.com>
updating ignored files with new packages
updating ignored files with new packages
remove old and never necessary debhelper generated files
remove old and never necessary debhelper generated files
new liblasso-java package
new liblasso-java package
removed mono packages from build-depends
removed mono packages from build-depends
updated debian changelog with uploaded packages.
updated debian changelog with uploaded packages.
don't build wsf; touch swig files so they are not rebuilt even if swig is detected.
don't build wsf; touch swig files so they are not rebuilt even if swig is detected.
updated FSF address
updated FSF address
2005-10-06 Nicolas Clapies <nclapies@entrouvert.com>
Added binding to set more than one security mecanism authentication in DiscoDescription.
Added check by AP if it wants X509 authentication of SP. Does not work yet, need to fix retrieving public key from credential before.
Set server attribute in LassoPersonalProfileService
Added support of principal state : now it is possible a SP informs an AP if principal is considered to be online or not. To tell principal is online, just add a call to lasso_wsf_profile_set_principal_online() after lasso_data_service_init_query(), and offline a call to lasso_wsf_profile_set_principal_offline(). At AP, to known if principal is to be considered online just test if lasso_wsf_profile_principal_is_online() returns TRUE or FALSE.
2005-10-05 Nicolas Clapies <nclapies@entrouvert.com>
A first attempt to include a KeyInfo in credential.
Verify if a saml security authentication is available.
Added LassoDsKeyInfo oject. It allows to add it to LassoSamlSubjectConfirmation object.
2005-10-05 Frederic Peters <fpeters@entrouvert.com>
don't patch a lasso_wrap.c that was not just generated by swig.
no session on idp -> requestdenied -> removing no longer valid session on sp.
added error string for LASSO_LOGOUT_ERROR_REQUEST_DENIED (...)
2005-10-04 Frederic Peters <fpeters@entrouvert.com>
handle new error code
returns LASSO_LOGOUT_ERROR_REQUEST_DENIED if appropriate.
2005-10-03 Nicolas Clapies <nclapies@entrouvert.com>
Fixed the way getting description in lasso_data_service_init_query().
2005-09-30 Nicolas Clapies <nclapies@entrouvert.com>
A little comment to note that some code is needed to add KeyInfo in Assertion when returning it to SP from IDP / Disco service.
Added private function lasso_wsf_profile_has_saml_authentication() to know if a saml authentication mecanism exists in current description.
lasso_discovery_build_credential() adds ConfirmationMethod element.
Updated comments.
Added reference binding when signing soap messages.
Updated data service with service_type parameter.
Added a g_object_ref on private attribute description in lasso_wsf_profile_set_description().
If a service found in server object, retrieve needed description depending on an optional security mechanism id.lasso/id-wsf/data_service.c
2005-09-30 Frederic Peters <fpeters@entrouvert.com>
the "how could I not curse those adding files without checking them in Makefile.am?" commit.
I'm so glad for tests; another emergency change.
last emergency fix: wsf_profile_private.h must be included in .tar.gz
updated ChangeLog for 0.6.3
new upstream release
new upstream release
updated news and doap.rdf with 0.6.3 release data
2005-09-29 Frederic Peters <fpeters@entrouvert.com>
fixed typo in docstring
minor automated changes
removed c# dir from distribution
2005-09-28 Frederic Peters <fpeters@entrouvert.com>
security mech id is optional
2005-09-28 Nicolas Clapies <nclapies@entrouvert.com>
Fixed local variable declaration.
Uncomment lasso_wsf_profile_build_soap_response_msg() in lasso_discovery_build_response_msg().
2005-09-28 Frederic Peters <fpeters@entrouvert.com>
80 cols for docstrings
2005-09-28 Nicolas Clapies <nclapies@entrouvert.com>
Added x509 certificate file tests.
Added private function lasso_wsf_profile_get_fault().
2005-09-27 Nicolas Clapies <nclapies@entrouvert.com>
Added a first support of soap binding Fault wsf response.
Added soap Fault element.
2005-09-27 Frederic Peters <fpeters@entrouvert.com>
disabled mcs test and updated version to 0.6.3
swig files were split, dependencies needed to be updated
fixed spelling
acknowledge new lasso_sec_ category, only used for wsf.
fixed typo
2005-09-27 Nicolas Clapies <nclapies@entrouvert.com>
Added missing wsf_profile_private.h. fixed error while attempting to include non existing private header discovery_private.h
Updated binding for new optional security mecanism parameter.
Discovery and DataSerivice can pass X509 authentication mecanism if needed.
Added X509 authentication mecanism.
2005-09-26 Nicolas Clapies <nclapies@entrouvert.com>
Added private method lasso_provider_get_public_key() to get public key info.
2005-09-20 Nicolas Clapies <nclapies@entrouvert.com>
Added private method.
Ordered methods.
lasso_data_service_add_credential() is not a public method.
lasso_discovery_build_credential() is not a plublic method.
lasso_discovery_build_credential() adds AuthenticationStatemet element in Assertion.
2005-09-19 Nicolas Clapies <nclapies@entrouvert.com>
Fixed code typing.
Added optional param security_mech_id for wsf methods.
First attempt to implement authentication security mechanism. Only SAML is implemented and it needs improvement.
Added id attribute in Body element.
Fixed snippet definition of Credentials object.
Added compilation of resource access statement.
Added security namespace for resource access statement.
Added ResourceAccessStatement element from wsf Security.
2005-09-16 Frederic Peters <fpeters@entrouvert.com>
getOfferings without parameters will return all of them
2005-09-12 Frederic Peters <fpeters@entrouvert.com>
disabled c# support for the time being
generation of lasso.types so it only includes wsf classes if wsf is compiled in.
updated java note
erroneously disabled symbols.sym
2005-09-11 Frederic Peters <fpeters@entrouvert.com>
possibility to register new dst services.
2005-09-10 Frederic Peters <fpeters@entrouvert.com>
data_service_init_query may be called without parameters.
2005-09-07 Nicolas Clapies <nclapies@entrouvert.com>
lasso_data_service_get_answer() : verify response->Data is not NULL before accessing it.
lasso_discovery_get_resource_offering_auto() : verify LASSO_WSF_PROFILE(discovery)->session is not NULL before looking for a resource offering.
2005-09-06 Nicolas Clapies <nclapies@entrouvert.com>
Fixed typing code error.
Updated ignored java files.
Removed XmlNode binding in swig. Not used anymore.
Added lasso_discovery_get_services() method documentation
2005-09-05 Nicolas Clapies <nclapies@entrouvert.com>
Missing attributes in the last commit.
Added attributes provider_id and abstract_description in lassoDataService.
Added method lasso_discovery_get_services() : it returns a list of available services offering resource of principal.
Updated lasso_discovery_build_modify_response_msg() : now it sets status code to OK only if every remove entry are possible.
2005-08-29 Nicolas Clapies <nclapies@entrouvert.com>
Added lasso_discovery_get_service_with_providerId()..
Splitted existing Lasso-wsf.i in several files for eache wsf namespace (disco, dst, sa, is, soap)
2005-08-26 Frederic Peters <fpeters@entrouvert.com>
check the query response is of the correct type
2005-08-25 Frederic Peters <fpeters@entrouvert.com>
new modify things for LassoPersonalProfile
2005-08-25 Nicolas Clapies <nclapies@entrouvert.com>
complete last commit.
Now an AP can process a Modify request and return an updated data resource to application.
2005-08-25 Frederic Peters <fpeters@entrouvert.com>
added getAnswerForItemId binding
restore prefix and href for dst:Modify and dst:ModifyResponse
2005-08-25 Nicolas Clapies <nclapies@entrouvert.com>
Updated lasso_data_service_init_modify(). Now it takes a select (a String type) and a String xml as parameters.
2005-08-25 Frederic Peters <fpeters@entrouvert.com>
added lasso_data_service_get_answer_for_item_id
added missing ;
added lasso_data_service_get_answer_for_item_id
marks public structure memebers in LassoDiscovery and LassoDataService
continuing on disco example, use the service to retrieve principal name.
explicit cases where item_id may be NULL.
2005-08-25 Nicolas Clapies <nclapies@entrouvert.com>
Replaced ProfileService.java by DataService.java
2005-08-25 Frederic Peters <fpeters@entrouvert.com>
add_query_item must checks the query has been created.
Do not use SWIG_UnknownError but SWIG_RuntimeError so it is translated to a catchable exception in Java. Use SWIG_ValueError for value errors (things like invalid args)
it is no longer possible to add providers with unknown public keys
moved private_data erroneously placed in class to object; this breaks ABI for classes inheriting from LassoDeferation; nobody does that, ignoring.
last bit of LassoProfileService got renamed
renamed ProfileService to DataService
include xmlsec errors.h header to get function declaration; a return in the middle of load_public_key got a FALSE argument.
2005-08-24 Frederic Peters <fpeters@entrouvert.com>
documentation for discovery
don't output xmlsec errors when trying to get a working public key but fails with a message if it can't find a key.
doc for discovery and profile_service
2005-08-24 Nicolas Clapies <nclapies@entrouvert.com>
Updated swig binding for latest id-wsf udpates.
Removed lasso_personal_profile_service_init_modify().
Removed prefix and href in lasso_profile_service_init_modify, lasso_profile_service_process_modify_msg, lasso_profile_service_process_response_msg, lasso_profile_service_validate_modify
2005-08-24 Frederic Peters <fpeters@entrouvert.com>
don't check for remote provider id before checking for possible empty answer.
2005-08-24 Nicolas Clapies <nclapies@entrouvert.com>
Removed prefix and href in lasso_profile_service_init_modify, lasso_profile_service_process_modify_msg lasso_profile_service_process_response_msg, lasso_profile_service_validate_modify
Removed lasso_discovery_new_from_dump, lasso_discovery_dump, lasso_discovery_add_resource_offering, lasso_discovery_init_query_full
2005-08-24 Frederic Peters <fpeters@entrouvert.com>
sync arg name in header file with real arg names
documented api
documented all discovery functions used by authentic / candle / unwind
fixed add_requested_service_type declaration to match code
2005-08-19 Frederic Peters <fpeters@entrouvert.com>
tries various key format before giving up
2005-08-16 Frederic Peters <fpeters@entrouvert.com>
build_response_msg called while there was no connection will build a failure message.
check for remote_provider_id
2005-08-14 Frederic Peters <fpeters@entrouvert.com>
reference correct identity header
reinitialize assertion provider id list only on reset_provider_id_index
counter providers that do not support any single logout; they are now skipped and a correct response is nevertheless sent to the originating provider
correctly reset list before rebuilding it
2005-08-13 Frederic Peters <fpeters@entrouvert.com>
fixed comment
functions got moved from id-ff/ to id-wsf/
identity/resourceoffering functions are now declared publically in id-wsf/
expose identity/resourceoffering functions to developer
2005-08-12 Frederic Peters <fpeters@entrouvert.com>
private profile service functions
following-up on PersonalProfileService cleaning; but I can't get getService to dynamically cast to that class :(
return LassoPersonalProfileService from disco->getService if appropriate
cleaned up PersonalProfileService
cleaning and documenting profile service
fixed lasso_profile_service_add_query_item so it accepts a item_id parameter (since they are mandatory once there is more than one). also allows init_query to specify item_id. this gives:
service = disco.getService()
service.initQuery('/pp:PP/pp:CommonName'), 'name')
service.addQueryItem('/pp:PP/pp:MsgContact'), 'email')
soap_answer = liberty.root.soap_call(service.msgUrl, service.msgBody)
print service.getAnswer('/pp:PP/pp:CommonName')
print service.getAnswer('/pp:PP/pp:MsgContact')
2005-08-12 Frederic Peters <fpeters@entrouvert.com>
API after the pp:query has been sent,
server:
service = lasso.ProfileService(server)
service.processQueryMsg(soap_message)
identity = get_identity_by_resource_id(service.request.resourceId)
service.resourceData = identity.get_pp_view()
service.buildResponseMsg()
return service.msgBody
client:
service.processQueryResponseMsg(soap_answer)
service.getAnswer()
# or service.getAnswer('/pp:PP/pp:CommonName')
2005-08-12 Frederic Peters <fpeters@entrouvert.com>
idwsf/pp on the attribute provider side; sth like
service = lasso.ProfileService(server)
service.processQueryMsg(soap_message)
identity = get_from(service.request.resourceId)
service.resourceData = identity.convert_to_pp_xml()
first steps towards id-wsf/dst; something like this, in Python:
service = disco.getService()
service.initQuery('/pp:PP/pp:CommonName')
service.buildRequestMsg()
-> service.msgUrl and .msgBody
added LASSO_ERROR_UNIMPLEMENTED error code
disco:queryResponse missed namespace definition
2005-08-10 Frederic Peters <fpeters@entrouvert.com>
disabled c# in debian apckage
disabled c# in debian apckage
return LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL after unsuccessful logon
2005-08-09 Frederic Peters <fpeters@entrouvert.com>
another id-wsf step, disco:query, looking up for resource offerings in identity
handle the case where logout request is done while there are no session; that means direct call to build_response_msg, creating a status: requestdenied.
disco.processQueryMsg now sets disco.resourceId
new remove entry; correctly restore resource offerings from identity dump
renamed crunch to build since it doesn't look like there is a need for an intermediate function for the moment. process remove entries. create correct answer (when everything goes ok, no support for failure yet)
2005-08-08 Frederic Peters <fpeters@entrouvert.com>
lasso_discovery_crunch_modify_msg() (waiting for another name) process disco modify insertEntries and adds them to active identity
sets ResourceId (or EncryptedResourceId) in LassoDiscovery object for easy usage
provide resource_offering as argument to not diverge too much from existing work
first function towards easy disco api
get_assertions() called with NULL will return every assertions
added session and identity to LassoWsfProfile, much like LassoProfile. Exposed them via SWIG inherited into LassoDiscovery object
2005-08-05 Nicolas Clapies <nclapies@entrouvert.com>
Fixed setting of attribute, int not NULL pointer.
Added getXmlNode() method to LassoProfileService class.
Added getEmail() method in LassoPersonalProfile class.
Fixed som warning about char signedness. Added swig binding to getEmail() method in LassoPersonalProfile.
Added class LassoPersonalProfile. It allows to load a xml doc representing PP data and to process query requests. Need to complete WSC PP part.
2005-08-04 Frederic Peters <fpeters@entrouvert.com>
fixed typo in error constant name
2005-07-31 Frederic Peters <fpeters@entrouvert.com>
char signedness for gcc 4 (id-wsf part has not been done)
2005-07-08 Frederic Peters <fpeters@entrouvert.com>
signedness change to lasso_query_sign (does not break API/ABI)
2005-07-08 Nicolas Clapies <nclapies@entrouvert.com>
Now lasso_profile_service_add_data() returns a LassoDstData object, so it is possible to set optional attributes.
2005-07-07 Frederic Peters <fpeters@entrouvert.com>
fixed signedness differences signaled by gcc 4.0 (lots of others yet to do)
2005-07-07 Nicolas Clapies <nclapies@entrouvert.com>
Use lasso_wsf_profile_process_soap_request_msg() to build soap response messgae.
Removed unused declared method name : lasso_profile_service_build_request_msg().
Fixed swig binding on ProfileService's buildResponseMsg().
2005-06-27 Nicolas Clapies <nclapies@entrouvert.com>
Fixed mistake about prototype of lasso_session_dump().
Now lasso_identity_new_from_dump() and lasso_session_new_from_dump() return NULL if the root element name is wrong.
2005-06-15 Emmanuel Raviart <eraviart@entrouvert.com>
Removed now useless sed script (now done by Swig).
In Swig, Use g_free instead of free for strings, to avoid segfault when used in Java Windows.
2005-06-03 Frederic Peters <fpeters@entrouvert.com>
checks identity exists before referencing it
updated debian packaging wrt new cli policy
updated debian packaging wrt new cli policy
2005-06-02 Frederic Peters <fpeters@entrouvert.com>
new mono packages no longer have this tool
new mono packages no longer have this tool
2005-05-30 Frederic Peters <fpeters@entrouvert.com>
Give LassoServer access to (LassoProvider)self->role
2005-05-26 Frederic Peters <fpeters@entrouvert.com>
update ChangeLog for 0.6.2
sync docs with code
no more php zts
no more php zts
new upstream
new upstream
this file is generated
this file is generated
0.6.2 release date
2005-05-25 Frederic Peters <fpeters@entrouvert.com>
preparing for 0.6.2; removes swig files if moving from non-wsf to wsf or otherwise.
bring wsf files on make dist
properly initialize key node to NULL
allows overriding of infile keydescriptor with argument to add_provider
load public key from metadata file
2005-05-18 Frederic Peters <fpeters@entrouvert.com>
fixed docstring to use entities for < and >
oops missing |
fixed usage of DESTDIR and PREFIX
2005-05-17 Frederic Peters <fpeters@entrouvert.com>
perl now installs and uninstalls correctly (with thanks to p.g.o)
fixed case when consent was first refused then given (failure status code remained in the user session).
(debugged thanks to Authentic Debug Pane (tm) (r) (patent pending))
planning 0.6.2 for May 23rd.
2005-05-16 Nicolas Clapies <nclapies@entrouvert.com>
Set liblasso-id-wsf.la only when WSF support set.
Set response attribute when processing WSF SOAP response message.
Updated discovery to SOAP binding.
Mistake about last add.
Added WSF SOAP binding layer.
2005-05-16 Frederic Peters <fpeters@entrouvert.com>
fixed memory leak in loadDescriptor
2005-05-12 Frederic Peters <fpeters@entrouvert.com>
allows fake brws-lecp profile (introduced by Nicolas) to be used in lasso_login_build_authn_response_msg, so LECP works again.
documented that previous change
fixed the case of idp-initiated rni with no sp defined name identifier
fixing lasso_name_registration_init_request with regards to profile->nameIdentifier (hopefully)
fixed lasso_name_registration_process_request_msg so that it ends with profile->nameIdentifier being the local name identifier.
profile->nameIdentifier set to local name identifier
profile->nameIdentifier should always points to *local* name identifier. (not yet tested for federation termination)
use remote name identifier if available for login->nameIdentifier
2005-05-11 Frederic Peters <fpeters@entrouvert.com>
don't check other endpoint for supported profile since *they* initiated it that way and it seems allowed for them not to have it in their metadata.
2005-05-11 Nicolas Clapies <nclapies@entrouvert.com>
Fixed header included.
2005-05-10 Frederic Peters <fpeters@entrouvert.com>
InResponseTo must be part of the redirect answer
1 is a valid boolean value
\r may be hiding in base64
2005-05-10 Nicolas Clapies <nclapies@entrouvert.com>
Fixed lecp profile : added case when lecp profile is used when building assertion.
2005-05-10 Frederic Peters <fpeters@entrouvert.com>
don't lasso_node_destroy list items that may be NULL
allows \n in base64 strings
NameQualifier is optional
don't fail if there is no signature on Logout Response
2005-05-02 Frederic Peters <fpeters@entrouvert.com>
reworked query string signature verification to better handle cases where the signature algorithm is not fully url-encoded; also deals with the corner case where there are query params past the signature.
wsse is only for wsf
2005-05-02 Nicolas Clapies <nclapies@entrouvert.com>
Added process of Wsse prefix in lasso_node_new_from_xmlNode().
wsse:Security class.
Added a FIXME to list missing element in credential.
Added wsse:Security element.
Added access to saml:Assertion in saml:Advice element.
2005-04-26 Frederic Peters <fpeters@entrouvert.com>
fixed Darwin case so it compiles on Mac OS X
2005-04-26 Nicolas Clapies <nclapies@entrouvert.com>
For now Make only one credential for every description end points of the Discovery IDP. Fixed Minor Version of credential included in Advice element to Saml Minor Version. Added Audience restriction to Discovery IDP ProviderID.
2005-04-25 Frederic Peters <fpeters@entrouvert.com>
allocate memory for string; don't use it static
2005-04-25 Nicolas Clapies <nclapies@entrouvert.com>
lasso_login_assertion_add_discovery() adds credentials if security mechanisms want it.
Added copy constructor to duplicate LassoDiscoDescription and LassoDiscoServiceInstance objects.
2005-04-25 Frederic Peters <fpeters@entrouvert.com>
use proper confirmation method saml identifiers
added saml artifact confirmation method identification (from SAML 1.1 spec)
loads public key into xmlSecKey on LassoProvider instanciation; this merges signature verification in XML messages and in query strings.
conscientiously overwrite memory used by the private key password
renamed secret_key to private_key_password since it was badly named and unused (so no API breakage)
2005-04-23 Frederic Peters <fpeters@entrouvert.com>
return error message if name registration profile is used on an empty identity (was segfaulting)
2005-04-22 Nicolas Clapies <nclapies@entrouvert.com>
Added missing optional attributes AttributeName and AttributeNameSpace in Attribute element. When adding a ResourceOffering element in Assertion, they are set.
DiscoResourceOffering is required in DiscoInsertEntry.
2005-04-22 Frederic Peters <fpeters@entrouvert.com>
SNIPPET_LIST_NODES
<Parent>
<Value-1/>
<Value-2/>
<Value-n/>
</Parent>
[note: if there are no other nodes; it is possible to leave snippet name as
the empty string; nodes will then be constructed looking at their names and
namespaces (this is useful for xs:any)]
(from docs/reference/snippet-types.rst)
2005-04-22 Nicolas Clapies <nclapies@entrouvert.com>
Added binding of lasso_new_from_message() for DiscoModify.
2005-04-20 Frederic Peters <fpeters@entrouvert.com>
binding to lasso_provider_get_organization; converts xmlNode into string
API addition; lasso_provider_get_organization
set pointer to NULL as a protective measure
2005-04-19 Nicolas Clapies <nclapies@entrouvert.com>
Added support of choice between WsdlRef and BriefSoapHttpDescription in LassoDiscoDescription object : 2 new constructors, lasso_disco_description_new_with_WsdlRef() and lasso_disco_description_new_with_BriefSoapHttpDescription(). lasso_disco_description_new only returns a simple empty object.
2005-04-18 Frederic Peters <fpeters@entrouvert.com>
bails out with an error if lasso_login_must_authenticate is called while login has no request; this probably means it was called before lasso_login_process_authn_request_msg.
2005-04-18 Nicolas Clapies <nclapies@entrouvert.com>
Added discovery directives in inheritance.h
2005-04-15 Nicolas Clapies <nclapies@entrouvert.com>
Added ref count in addDescription() method.
Added addDescription method.
2005-04-11 Nicolas Clapies <nclapies@entrouvert.com>
Liberty wsf SOAP binding.
Fixed lasso_discovery_init_modify() : added missing code for liberty wsf soap binding.
Completed discovery with support of liberty wsf soap binding.
Updated Discovery : now it binds his messages in liberty wsf SOAP envelope.
2005-04-01 Nicolas Clapies <nclapies@entrouvert.com>
Fixed removed code in previous commit. Fixed some rules from liberty spec : mutli mechanism, null mechanism. Added namespace for service authentication.
2005-03-29 Frederic Peters <fpeters@entrouvert.com>
don't set status to constant string in samlp:Response
properly multiply sizeof(char*) to avoid buffer overflow
free up Status if not NULL.
checks for Status before Assertion; so lasso doesn't restore an old assertion.
bring back LassoSamlAssertion
don't add assertion in samlp:Response if the signature check failed
2005-03-24 Frederic Peters <fpeters@entrouvert.com>
deals with incorrect AssertionConsumerServiceID
include AssertionConsumerServiceID in query strings
2005-03-22 Frederic Peters <fpeters@entrouvert.com>
session may exist beforehand, store status nevertheless
no success won't set Success
2005-03-21 Nicolas Clapies <nclapies@entrouvert.com>
Added REQUEST_TYPE_SASL_REQUEST returned by lasso_profile_get_request_type_from_soap_msg().
Renamed properly attribute acces in DiscoServiceInstance object.
Updated authentication service : fixed error when parsing data from client. Removed hard code to build soap envelope by call to common function from wsf_profile.h.
Added function to build generic liberty wsf soap envelope.
2005-03-19 Frederic Peters <fpeters@entrouvert.com>
removed erroneously commited tests Makefile
2005-03-18 Frederic Peters <fpeters@entrouvert.com>
docstring to errorchecking tests
include lasso_config.h since LASSO_WSF_ENABLED is used
added missing lasso_config.h include (necessary for LASSO_WSF_ENABLED definition)
since wsf is no longer compiled it is no longer necessary to check or isolate sasl check variable.
don't compile id-wsf files when wsf is disabled; this cuts down build time by a nice margin.
2005-03-18 Nicolas Clapies <nclapies@entrouvert.com>
Updated lasso_discovery_add_insert_entry() prototype : now it only takes a LassoServiceInstance and a LassoDiscoResourceID.
2005-03-18 Emmanuel Raviart <eraviart@entrouvert.com>
Renamed LASSO_WSF_SUPPORT to WSF_SUPPORT in SWIG.
2005-03-18 Nicolas Clapies <nclapies@entrouvert.com>
Updated authentication service : now it has hard coded collbacks. developer must use LassoUserAccount to inform sasl about login and password.
Fixed dump of attribute.
Fixed any attribute in snippet.
Fixed process of dump for soap envelope message.
2005-03-17 Romain Chantereay <rchantereau@entrouvert.com>
First version of the "Writing a Libety PHP SP".
Almost all adapted copied/pasted from "Writing a Liberty C SP".
2005-03-15 Frederic Peters <fpeters@entrouvert.com>
detect liberty QName and add appropriate namespace (closes: #416)
added non-regression test for bug #416 (missing namespace in some samlp:Response)
2005-03-11 Frederic Peters <fpeters@entrouvert.com>
warning: ISO C90 forbids mixed declarations and code
2005-03-11 Nicolas Clapies <nclapies@entrouvert.com>
Complete liberty soap binding.
Added liberty soap binding extension.
2005-03-10 Nicolas Clapies <nclapies@entrouvert.com>
Added missing security mechanism.
Restore ResourceID and EncryptedResourceID attributes in discovery and modify. Added security mechanism id.
Added comments about security mech rules.
Added comment about Options rules.
Added comments about status rules.
resourceId is for LassoResourceID and LassoEncryptedResourceID.
Fixed resourceID to resourceId. Added some param tests.
Added disco status codes.
Added discovery directive elements.
2005-03-07 Frederic Peters <fpeters@entrouvert.com>
removed debugging output
use fail_unless since fail_if didn't exist in check 0.8.x
only use xsi:type on elements that have a saml: ancestor (and added test to not regress)
return LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND in lasso_login_process_authn_response_msg when liberty status is samlp:Responder/lib:FederationDoesNotExist
only use LASSO_SIGNATURE_TYPE_WITHX509 (including a <KeyInfo/> in message) if we have a certificate to use; use LASSO_SIGNATURE_TYPE_SIMPLE otherwise.
2005-03-04 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected MinorVersion of samlp:Response.
2005-03-02 Nicolas Clapies <nclapies@entrouvert.com>
Added credentials and resource offerings if authentication is OK.
Added credentials and resource offerings if authentication is OK.
Use gchar instead of char.
Renamed LassoSaSaslRequest to LassoSaSASLRequest. Idem to LassoSaSASLResponse.
soap envelope / binding support.
Added soap swig binding, liberty soap binding swig binding, authentication service swig update
Added soap envelope object to embed specific data from id-wsf.lasso/id-wsf/authentication.c
Added soap envelope and soap binding. It is useful for id-wsf but could be used in other parts later.
2005-03-01 Frederic Peters <fpeters@entrouvert.com>
fixed links to API reference
2005-02-24 Frederic Peters <fpeters@entrouvert.com>
don't require sasl if wsf is not wanted; allow sasl2 dir to be passed to configure; include <sasl/sasl.h> instead of <sasl.h> since mutt does it that way.
2005-02-24 Nicolas Clapies <nclapies@entrouvert.com>
Removed odd printf().
Added support of cyrus libsasl in id-wsf authentication service.
Added support of cyrus libsasl in id-wsf authentication service.
Added support of cyrus libsasl. Currently it disables wsf if not found.
2005-02-22 Frederic Peters <fpeters@entrouvert.com>
updated ChangeLog for 0.6.1
told about 0.6.1
wsf support include file
MessageType.cs was removed
2005-02-21 Frederic Peters <fpeters@entrouvert.com>
updated <20><> information in reference manual
more hateful Makefile.am to work with both swig 1.3.22 and 1.3.24; perhaps.
LassoRequestType disappeared
LassoMessageFormat enum is now documented incode
typo fix and longer description
enum documentation
documented enums
removed LassoMessageType from doc
documented LassoRequestType and killed unused LassoMessageType (it was already unused in 0.6.0 so I allow this as not breaking api)
gtkdoc comment formatting
documented new version check mode
hacking against swig 1.3.24
2005-02-19 Frederic Peters <fpeters@entrouvert.com>
generated files are best ignored by cvs
janitored configure.ac; it shouldn't have been batardized this way.
missing csharp swig generated file
removed long useless file
define LASSO_WSF_ENABLED
provide wsf support activation status to swig binding; note to Romain: wtf was LASSO_WSF_ENABLE ? (it appears in rev1.129 of configure.ac without any comment about its purpose) (I removed it)
2005-02-18 Romain Chantereay <rchantereau@entrouvert.com>
Use MSVC binaries.
2005-02-18 Frederic Peters <fpeters@entrouvert.com>
corrected enum CheckVersionMode binding (didn't work for c# and java)
2005-02-17 Romain Chantereay <rchantereau@entrouvert.com>
Changed the output file directory to nsis.
Added python NSI script.
2005-02-17 Frederic Peters <fpeters@entrouvert.com>
lasso numeric check enum
added dumb numerical mode to checkVersion; added swig binding for this function; generating Lasso.i considered bad idea, cleaned and removed.
2005-02-17 Romain Chantereay <rchantereau@entrouvert.com>
Escape the $ as begin of a variable name adding another '$'. Now the '$$' pass '$' to sed and '$' is end of line and no more begin of variable name.
2005-02-16 Romain Chantereay <rchantereau@entrouvert.com>
Updated MSVC projects.
Now lasso_config.h for MSVC is generated with configure substitutions.
Added the temporary files for "int res = 0;" declaration to local cleanning rule.
Added the automake makefile for the MSVC lasso-java project.
Added DLL filename subsitution.
Distribute generated nsi files too in order to permit non-autotools users to create lasso installers.
Include lasso project input file and java subdirectory in distribution and automake system.
Now Lasso MSVC Project is dynamicaly generated.
The produced resource file is distributed too in order to permit MSVC users to compile LASSO.
Now Resource file is generated from configure variable (for versionning and file name).
No more Lasso.i in the repository, it is generated from Lasso.i.in.
The SWIG input file is distributed too.
Now The SWIG interface is "generated" by configure.
The following constants are set and exported to bindings:
- LASSO_VERSION_MAJOR
- LASSO_VERSION_MINOR
- LASSO_VERSION_SUBMINOR
- LASSO_WSF_ENABLE
result have to be freed with g_free. corrected a incode declaration. As regexp does not manage multiline expressions, the comment is replaced by the res integer declaration.
Fix a syntax error only reported by MSVC.
Create a void pointer in an empty structure declaration.
Now some version information are propagated in order to perform substitions.
New files are not dynamicaly generated.
Put swig sub directory before bindings directories.
2005-02-15 Romain Chantereay <rchantereau@entrouvert.com>
Set only used constants.
No more lasso_config.h constants export in LASSO bindings.
Added java project to lasso workspace.
Updated Lasso workspace.
Added a Windows configured lasso_config.h.
Perhaps we have to transform it into a special lasso_config.h.in in order to
have the version number dynamicaly configured, and only this value (not the
HAVE_FOO).
2005-02-15 Frederic Peters <fpeters@entrouvert.com>
ship msvc project files
2005-02-14 Frederic Peters <fpeters@entrouvert.com>
use g_free(), not free() (so it works under windows)
2005-02-14 Romain Chantereay <rchantereau@entrouvert.com>
Included xml.h for better lasso_strerror export declaration.
2005-02-14 Nicolas Clapies <nclapies@entrouvert.com>
Added status code constants for wsf authentication service.
2005-02-14 Frederic Peters <fpeters@entrouvert.com>
added missing authentication.c to Makefile.am
2005-02-14 Nicolas Clapies <nclapies@entrouvert.com>
Added high level of authentication service : standard methods of a lasso service. Must be improved depending on the needs from souk implementation.
Added duplication of mechanism string parameter in constructor.
Added missing status parameter in lasso_sa_sasl_response_new() method. Added lasso_sa_sasl_response_new_from_message().
2005-02-13 Emmanuel Raviart <eraviart@entrouvert.com>
Added Lasso error strings to SWIG exception messages.
Added two missing ID-WSF functions to LECP binding.
2005-02-11 Romain Chantereay <rchantereau@entrouvert.com>
Update MSVC workspace and projects.
2005-02-11 Frederic Peters <fpeters@entrouvert.com>
checks provider has been found
if g_hash_table_find doesn't find anything, check twice to be sure to return NULL.
2005-02-11 Romain Chantereay <rchantereau@entrouvert.com>
g_vsnprintf taked the place of vsnprintf.
2005-02-11 Frederic Peters <fpeters@entrouvert.com>
check param for NULL
cflags_save ate my breakfast; removed.
2005-02-10 Nicolas Clapies <nclapies@entrouvert.com>
Added low level classes for wsf authentication service. SASLResponse is only tested with required Status element.
2005-02-10 Frederic Peters <fpeters@entrouvert.com>
removed unecessary vsnprintf declaration
we don't need yet another implement of vsnprintf, we can use glib
use glib version of vsnprintf
use gtk-doc style function comment for DllMain
autofill nsi files with lasso version number
2005-02-10 Nicolas Clapies <nclapies@entrouvert.com>
Now lasso_lib_request_authn_context_new() returns LassoLibRequestAuthnContex* instead of LassoNode*.
2005-02-10 Frederic Peters <fpeters@entrouvert.com>
reworked a bit documentation build system and added detection of inkscape and xsltproc in configure
2005-02-08 Romain Chantereay <rchantereau@entrouvert.com>
Removed XMLSEC_DYNAMIC_LOADING because it is a non-sense. We are using xmlsec-openssl specific functions in code, so there is no choice, we have to use openssl. (Fix a build warning).
Fixed type error.
2005-02-08 Frederic Peters <fpeters@entrouvert.com>
allocate query fields memory with glib g_malloc (and free it with g_free)
memory allocated by libxml2, freed by xmlFree
replaced free() by xmlFree() when freeing strings created by libxml2
replaced free() with correct libraries function (glib and libxml2)
do not include wsf functions when not using wsf
step.xsl is in $(srcdir)
updated debian packaging to what has just been uploaded to sid
updated debian packaging to what has just been uploaded to sid
that inline should be ok everywhere
ultra magic swig search&replace; compiles with new debian php packages (and old ones too)
2005-02-08 Romain Chantereay <rchantereau@entrouvert.com>
Removed bad build configuration.
Added MS VC worspace and projets. Currently two projects:
- Lasso DLL
- PHP binding
Added the vsnprintf function code of Patrick Powell for MS Visual C users.
If vsnprintf is not available, the function is declared in the private.h header file.
2005-02-08 Frederic Peters <fpeters@entrouvert.com>
another php api change bites the dust
2005-02-08 Romain Chantereay <rchantereau@entrouvert.com>
__inline under MSVC.
2005-02-08 Frederic Peters <fpeters@entrouvert.com>
first fix for debian php package abi changes; zend_register_internal_class_ex gained a mysterious parameter
obviously static
distribute patch_swig_output; it might come handy
variables and functions shouldn't have the same names
fixed variable name
detect when it is possible to use variadic macros and fall back to inline functions when it is not the case.
2005-02-08 Emmanuel Raviart <eraviart@entrouvert.com>
Added missing snippet for element "any" in dst:NewData.
2005-02-05 Frederic Peters <fpeters@entrouvert.com>
use new figures in documentation
New figures for documentation; automake and makefile stuffs to generate png out of svg (with inkscape) out of template svg (with xsltproc). Needs to check for those tools in configure.ac
removed all %s escaping sequences from lasso error strings; as a side effect this simplifies critical_error macro, porting to non-gcc compilers should be easier. Along the way I also fixed the long standing bug #256.
marked types.c and symbols.sym as phony targets so they are rebuilt every time
more appropriate error code
removed remaining compiler warning (unused variable) from id-wsf/
correctly use id-ff 1.1 xml namespace in backward compatibility mode
Updated documentation files nobody cared about.
2005-02-04 Frederic Peters <fpeters@entrouvert.com>
added tests to fix bug #407 and avoir similar ones
added testcase for bug #407
all query fields are restored to the same lib:Extension; there are no other way.
restore a <lib:Extension> from unknown query string elements; all of them are merged in the same <lib:Extension>
use c99 construct for variadic macros when not using gcc (still missing a third alternative for non-(c99||gcc) compilers
2005-02-03 Emmanuel Raviart <eraviart@entrouvert.com>
Lasso requires glib and gobject >= 2.4.0 (when compiled with glib 2.2.3, it generates an error: undefined symbol g_hash_table_find).
2005-02-02 Emmanuel Raviart <eraviart@entrouvert.com>
Added a test converting an AuthnRequest with an extension to and from a query. It fails.
2005-02-02 Frederic Peters <fpeters@entrouvert.com>
correctly deals with RequestAuthnContext when rebuilding AuthnRequest from query string
2005-02-01 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected typo in constant. Added test for AuthnContext in AuthnRequest.
2005-01-30 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected SIS namespaces.
2005-01-30 Frederic Peters <fpeters@entrouvert.com>
doesn't mention wsf files for now; a better solution will be devised in time
2005-01-29 Frederic Peters <fpeters@entrouvert.com>
removed extraneous liberty namespace registration and noted a future fix to LECP to do.
2005-01-29 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Use WSF_SUPPORT instead of WSF_ENABLED as constant in bindings.
Typo correction.
Reverted previous replacement of #if LASSO_WSF_ENABLED with #ifdef LASSO_WSF_ENABLED.
2005-01-29 Nicolas Clapies <nclapies@entrouvert.com>
Replaced #if LASSO_WSF_ENABLED by ifdef LASSO_WSF_ENABLED to enable wsf in bindings.
Removed old comment.
Removed optional option parameter in lasso_discovery_add_insert_entry().
2005-01-29 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Added Attribute to AttributeStatement.
Added binding for saml:AttributeValue. Corrected use of constant LASSO_WSF_ENABLED in binding.
SWIG: Added constant WSF_ENABLED and VERSION_DECIMAL to bindings.
2005-01-28 Frederic Peters <fpeters@entrouvert.com>
compatibility with previous liberty specifications; still missing support for old elements in lib:AuthnRequest (requires some deep thought) but it may already be working as is.
2005-01-28 Romain Chantereay <rchantereau@entrouvert.com>
Updated to lasso 0.6.0 with soname 3. Updated dependencies too.
2005-01-28 Frederic Peters <fpeters@entrouvert.com>
initializes AuthnResponse in process_authn_request_msg; it is necessary since intermediary function may want to set status code. (fix a crasher bug when using isPassive and POST)
2005-01-28 Romain Chantereay <rchantereau@entrouvert.com>
SONAME:3 no more 1.
2005-01-28 Frederic Peters <fpeters@entrouvert.com>
produce 1.1 requests and notifications when interoperating with previous liberty implementations
include missing identityprivate.h
liberty 1.1 metadata were in another namespace "http://projectliberty.org/schemas/core/2002/12"
store liberty 1.2 conformance when loading metadata; it will allow to deal with previous liberty implementations
samlp:Request Major and Minor versions are saml, not lib
If the element or its type is in a SAML namespace
(urn:oasis:names:tc:SAML:1.0:assertion or urn:oasis:names:tc:SAML:1.0:protocol),
then the values MUST be 1 and 1 respectively.
abort configure if python is not found
Document new functions; pretty please. Fixed memory leak introduced in lasso_profile_get_request_type_from_soap_msg; moved wsf chunk from build_assertion to its own function.
2005-01-28 Emmanuel Raviart <eraviart@entrouvert.com>
Merged wsf-api-change-not-for-0-6 branch with trunk.
2005-01-27 Frederic Peters <fpeters@entrouvert.com>
updated ChangeLog for 0.6 with gazillion things.
wsf activation status in configure summary output
configure flag to enable ID-WSF (off by default)
don't use wsf for now
late 0.5 fixes to documentation
correctly deals with multiple elements for the same query part
2005-01-27 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected name of element AuthnContextComparison. Added missing constants.
2005-01-26 Frederic Peters <fpeters@entrouvert.com>
removed .bak file on clean
prepare for 0.6.0
take ntoe of function changes in doc
lasso-src-config is generated
ignore more and more files
reworded
blah blah in reference manual introduction
removed functions that are now private from documentation
2005-01-26 Emmanuel Raviart <eraviart@entrouvert.com>
Removed obsolete Python sample code.
Updated ColdFusion examples.
Added SWIG binding for lasso_session_get_assertions. Also added Java code to test it.
2005-01-26 Frederic Peters <fpeters@entrouvert.com>
lasso_identity_{add,remove}_federation went private
new lasso_session_get_assertions, returns GList* of (incref'd) assertions
every morning I distcheck and fix java and csharp classes; oh yeah.
moved lasso_identity_{add,remove}_federation to private
use python as found by configure
2005-01-26 Emmanuel Raviart <eraviart@entrouvert.com>
Updated Java LoginTest and test metadata.
2005-01-25 Frederic Peters <fpeters@entrouvert.com>
Empty node name is allowed for LIST_NODES; this allows nodes to be reconstructed looking at their names and namespaces. This is useful to implement xs:any
2005-01-25 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Corrected Java enums. Renamed enum types. Corrected constant name.
2005-01-25 Frederic Peters <fpeters@entrouvert.com>
documented memory management for lasso_identity_add_federation
no more php/examples/ subdir
2005-01-25 Christophe Nowicki <cnowicki@easter-eggs.com>
remove php samples
Remove php samples from the lasso repository I'm still working on it. I will release an independant Pear package for Lasso 0.6.
The pear package repository is here:
https://meuh.dyndns.org/cgi-bin/viewcvs.cgi/lasso_pear/
2005-01-25 Frederic Peters <fpeters@entrouvert.com>
updated swig generated files list for C#
updated swig generated file list
fixed DowncastableNode.java filename
"hope you paid attention to API/ABI".
2005-01-24 Emmanuel Raviart <eraviart@entrouvert.com>
Cosmetic changes to SWIG Lasso.i #ifdefs.
2005-01-24 Romain Chantereay <rchantereau@entrouvert.com>
Added a special section for PHP4 SWIG execeptions.
Now positive lasso errors will not produce a E_ERROR PHP error but simply a
E_WARNING PHP error.
2005-01-24 Emmanuel Raviart <eraviart@entrouvert.com>
Added Lasso version numbers to bindings.
Removed service from ID-FF. It was obsolete and will be replaced with a new API, once Lasso 0.6 is out.
2005-01-23 Emmanuel Raviart <eraviart@entrouvert.com>
Completed ID-WSF SWIG binding. Added attribute server to binding of LassoProfile. Small corrections to declarations of ID-WSF objects.
Quick fix so that Lasso bindings work till SWIG WSF part is fully updated.
2005-01-22 Emmanuel Raviart <eraviart@entrouvert.com>
Updated binding of all "discovery" nodes.
Work in progress: improving ID-WSF SWIG binding.
Updated Copyright and authors.
Updated Copyright and authors.
SWIG: Renamed constants from camelCase to UPPER_CASE.
SWIG: Added missing renaming of constant LASSO_HTTP_METHOD_NONE.
SWIG: Very preliminary clean-up of Lasso-wsf.i.
Renamed SWIG module name to "lasso" instead of "Lasso" for every language.
2005-01-22 Frederic Peters <fpeters@entrouvert.com>
don't get remote provider id out of request if it was initiated by provider
2005-01-22 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Added binding for new_full constructors.
2005-01-21 Frederic Peters <fpeters@entrouvert.com>
fixed missing provider error code (and used it in other places)
don't segfault on missing remote provider id
removed lib:Scoping, optional
reordered lib:authnRequest elements
new SNIPPET_OPTIONAL_NEG which allow to skip integer elements when set to -1 (useful for proxycount)
moved samlp qname conversion to lib_status_response
adds samlp: prefix to statuscode qname if necessary
2005-01-21 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Added yet another correction in generated PHP lasso_wrap.c for handling of optional arguments.
SWIG: Added patch for PHP lasso_wrap.c to correct handling of optional arguments in methods.
2005-01-21 Frederic Peters <fpeters@entrouvert.com>
if existing, use SessionIndex from assertion in lib:LogoutRequest.
removed out of place int caused by dubious docstring copy/paste
documented remaining functions in xml/; looks like all the functions are done.
done with documenting if-ff/* functions
removed lasso_server_add_service from reference api since it is for wsf
2005-01-21 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Removed method dump of NameIdentifierMapping.
2005-01-20 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Every function that may raise an exception, also returns the errorCode.
2005-01-20 Nicolas Clapies <nclapies@entrouvert.com>
Fixed saml attribute tag define.
2005-01-20 Frederic Peters <fpeters@entrouvert.com>
don't output licensing comment when starting perfs.php
corrected spelling of optionally.
documented name_identifier_mapping.c; removed its unused dump functions; fixed a few docstrings
documented #LassoNameRegistration and fixed some docstrings in #LassoLogout
2005-01-19 Emmanuel Raviart <eraviart@entrouvert.com>
Improved C# binding.
2005-01-19 Frederic Peters <fpeters@entrouvert.com>
added SNIPPET_LIST_XMLNODES support (mostly the same thing as SNIPPET_EXTENSION for the moment)
2005-01-18 Frederic Peters <fpeters@entrouvert.com>
restored documentation I wrote before (and lost in enum name change)
documented a few things
2005-01-18 Christophe Nowicki <cnowicki@easter-eggs.com>
create a isDBError function update sso code for the new lasso api
change idp and sp fqdn (add .lasso.lan)
update metadata
update metadata
change constants name
fix LassoServer call
add a gen_keys.sh script for generating automatically ssl keys
2005-01-18 Emmanuel Raviart <eraviart@entrouvert.com>
Extracted the inheritance of nodes from SWIG in a separate file, to remove its duplication in Lasso.i.
Reorganized Lasso.i.
2005-01-17 Emmanuel Raviart <eraviart@entrouvert.com>
Improved Java .cvsignore.
Completed Java binding tests.
SWIG: Corrected constant name: SWIG macros are not accessible inside %{ %}.
SWIG: Ported dynamic casting to all type of nodes. Not fully tested yet.
SWIG: Added support for dynamic casting in Java. It works, but it has been only implemented for SamlpRequestAbstract. It will soon be generalized to LassoNode.
2005-01-15 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG: Renamed getitem to getItem. Idem for setitem. Java: Added a third binding test. PHP: Corrected header of binding test.
Added first 2 binding tests for Java. Corrected help for Java login test.
Updated authors. Changed authors & copyright in SWIG and unit tests headers. Extracted binding_tests.py from profiles_tests.py, so that each language has a binding specific test.
2005-01-14 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected Perl binding and added test program.
2005-01-14 Frederic Peters <fpeters@entrouvert.com>
check for correct exception
handle non-soap messages in new_from_soap
2005-01-14 Romain Chantereay <rchantereau@entrouvert.com>
Added NameQualifer definition paragraph and added a meta info on the LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENCRYPTED.
2005-01-14 Emmanuel Raviart <eraviart@entrouvert.com>
Added a new test that generates a segfault in new_from_soap.
2005-01-13 Nicolas Clapies <nclapies@entrouvert.com>
Started to bind class LassoIsInteractionRequest to process it in interaction profile service class.
2005-01-13 Frederic Peters <fpeters@entrouvert.com>
don't pass prefix to install-perl
2005-01-13 Nicolas Clapies <nclapies@entrouvert.com>
Removed class LassoAbstractService.
2005-01-13 Emmanuel Raviart <eraviart@entrouvert.com>
Swig PHP: Added test to accept NULL for dynamic arguments.
Added program to test PHP binding.
Corrected patch to SWIG PHP output.
2005-01-13 Frederic Peters <fpeters@entrouvert.com>
safe against unfound strings
2005-01-13 Emmanuel Raviart <eraviart@entrouvert.com>
Swig PHP: Corrected LassoNode conversion for input arguments.
2005-01-13 Nicolas Clapies <nclapies@entrouvert.com>
Fixed error in xmlNewNs() call : first param must be xmlnode instead of NULL.
Removed pp_msg_contact.c pp_msg_contact.h.
Removed LassoPPMsgContact class. Updated binding too.lasso/xml/Makefile.am
Removed specific class LassoPersonalProfileService. Added generic web service class LassoProfileService.
2005-01-13 Emmanuel Raviart <eraviart@entrouvert.com>
PHP Binding: Added support for NULL return value.
2005-01-13 Frederic Peters <fpeters@entrouvert.com>
removed uncommited profile_service.[ch] from Makefile.am
2005-01-13 Nicolas Clapies <nclapies@entrouvert.com>
Added support of interaction profile service.
Started to implement interaction service profile.
Added lasso_*_new_from_message() method to rebuild objects from xml dump.
2005-01-12 Frederic Peters <fpeters@entrouvert.com>
forgotten commit of new is* classes to Makefile.am.
removed unused variable
moved errors.[ch] up; as requested.
2005-01-12 Nicolas Clapies <nclapies@entrouvert.com>
Added low level classes for interaction service specification.
Added name space constant for interaction service. Added interaction rule constants for interaction service UserInteraction element.
2005-01-12 Frederic Peters <fpeters@entrouvert.com>
remove duplicate declaration of namespace (bug#398)
2005-01-12 Emmanuel Raviart <eraviart@entrouvert.com>
Swig: Removed attribute responseStatus (now private). Corrected LassoProfile request and response attributes. Corrected handling of NULL pointers in dynamic casting.
Added Python tests for XML lists and nodes inside nodes.
2005-01-12 Frederic Peters <fpeters@entrouvert.com>
sync documentation sections with current functions
made lasso_profile_set_response_status into a private function
removed lasso_check_version_exact and lasso_check_version macros; renamed lasso_check_version_ext to lasso_check_version.
install and uninstall correctly files (distcheck once again ok)
added a new bunch of files to ignore
replaced malloc by strdup; that was stupid.
no longer allows NULL to get the first known remote provider id
define check variables
don't use am_path_check since it fails when check is not available (while it should continue and disable the test suite)
added support for SNIPPET_OPTIONAL (for use with SNIPPET_INTEGER or SNIPPET_BOOLEAN) (not that really tested)
updated list of java swig generated files
2005-01-12 Emmanuel Raviart <eraviart@entrouvert.com>
Python: Added tests for list of nodes.
2005-01-12 Frederic Peters <fpeters@entrouvert.com>
use snippts in #LassoProvider and #LassoServer
2005-01-12 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected SWIG PHP output patch to be pre-C99 compatible.
Swig: Cancel a %newobject getitem, because a %newobject getitem applies to every method getitem in every classes below. This caused an "interesting" memory handling bug.
Beginning to add binding specific tests. The objective is to port these tests to every binding. Discovered a binding bug in list handling.
2005-01-11 Frederic Peters <fpeters@entrouvert.com>
homogenous quoting for "x" comparisons
even more files to ignore
include new java files (note that I also modified the buildbox, it was not checking lasso.jar file, it does now and will therefore fail, too bad)
2005-01-10 Frederic Peters <fpeters@entrouvert.com>
documented lasso_node_get_xmlNode
Reserved space for private_data expansion, so it will be possible to maintain ABI compatibility if changes are needed. Documented some functions (and switched some destroy to use lasso_node_destroy).
integrate patch_swig_output.py in PHP swig module build process
changed php swig patch script to use stdin and stdout
2005-01-10 Emmanuel Raviart <eraviart@entrouvert.com>
Swig: Added a patch to PHP, so that it handles correctly dynamic cast of function results. [Note: Patch is not integrated in Makefile.am.]
2005-01-09 Frederic Peters <fpeters@entrouvert.com>
fixed comment about gcc 2.95
removed hack to get to lib; it doesn't seem to work elsewhere.
2005-01-09 Emmanuel Raviart <eraviart@entrouvert.com>
Swig: Corrected LassoNode node_info.
Swig: Removed login & lecp authnRequest & authnResponse attribute. Now uses attributes request & response, like C. Added dynamic casting to AuthnRequestAbstract & AuthnResponseAbstract.
2005-01-09 Frederic Peters <fpeters@entrouvert.com>
replaced strncpy calls by g_strlcpy
deals with lines ending with \; compile regex only once.
ends lines with \ so they get caught by extract_symbols.py
2005-01-09 Emmanuel Raviart <eraviart@entrouvert.com>
Swig: Beginning to add a kind of inheritance mechanism to LassoNode.
Swig: Added missing classes.
2005-01-08 Emmanuel Raviart <eraviart@entrouvert.com>
Swig: Added several GList items.
Swig: Added SamlpRequestAbstract inheritance.
2005-01-08 Frederic Peters <fpeters@entrouvert.com>
reserve abi-space for unsupported elements in saml:Assertion
2005-01-08 Emmanuel Raviart <eraviart@entrouvert.com>
Renamed NodeArray (resp. StringArray) to NodeList (resp. StringList).
Renamed LassoStringArray to LassoStringList.
Corrected a typo.
Corrected a copy/paste error.
Swig: Renamed LassoNodeArray to LassoNodeList, because, although it is physically an array, it is the Swig binding of a GList.
Swig: Added Assertion attribute in samlp:Response.
2005-01-08 Frederic Peters <fpeters@entrouvert.com>
moved remaining unbounded elements to GList* (samlp:Response/Assertion being part of that bunch)
2005-01-08 Emmanuel Raviart <eraviart@entrouvert.com>
In SWIG, enclosed %init code inside braces to preserve gcc 2.95 compatibility.
In SWIG added support for conversion to and from LassoNode. Not implemented for C# nor Java yet.
2005-01-08 Frederic Peters <fpeters@entrouvert.com>
turned a bunch of unbounded elements into GList*
only give xsi namespace to nodes with xsi: attributes
fixed maintainer-clean target for Perl binding
port of perfs.c to PHP (it is surprisingly faster than the C version).
check for identity in build_assertion
2005-01-07 Frederic Peters <fpeters@entrouvert.com>
beginning of a C# version of perfs.c
updated simple C# example
put c# binding in a lasso namespace
2005-01-05 Frederic Peters <fpeters@entrouvert.com>
properly creates lasso-src-config from lasso-src-config.in
mark sameNs as inline since it is short and often called (thanks to kcachegrind for profiling details)
2005-01-04 Frederic Peters <fpeters@entrouvert.com>
fixed element name for SubjectConfirmation
fixed order of samlp:Response elements
clean some state and uri escape artifact
correctly allocates memory for nameidentifier attributes
removed individual debug() statements in dispose() and finalize(); replaced by a single statement in xml/xml.c; surrouded that one by LASSO_DEBUG so --enable-debugging prints those memory-management debugging data.
added missing ;
completely handle memory management for sessions
properly allocates memory for constant strings used in messages (or readonly memory would be freed and segfaults would happen)
created serverprivate.h for two private #LassoServer methods
rewrote lasso_login_init_idp_initiated_authn_request using lasso_login_init_authn_request to avoid duplication.
don't care about NameFormat and NameQualifier in comparaison
makefile perl magic to get distcheck running (disabled installation)
2005-01-03 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG binding helper functions are now static. Added binding for saml:Attribute.
2005-01-03 Frederic Peters <fpeters@entrouvert.com>
added include of #LassoSamlAttribute header file for #LassoSamlAttributeStatement
updated swig generated java files list to have a working make distcheck
build and ship html documentation; distcheck runs ok.
fixed succint typo
copy version.xml from the right location for make distcheck to work
updated swig output files list for make distcheck
more perl files to ignore
2005-01-03 Emmanuel Raviart <eraviart@entrouvert.com>
Adding SWIG support for GList of LassoNodes. Not finished.
2005-01-02 Frederic Peters <fpeters@entrouvert.com>
use choosen CC and CFLAGS when compiling the perl module
Perl module builds and links correctly.
2005-01-02 Emmanuel Raviart <eraviart@entrouvert.com>
Improved SWIG binding for assertions.
2005-01-02 Frederic Peters <fpeters@entrouvert.com>
building the perl binding
2005-01-02 Emmanuel Raviart <eraviart@entrouvert.com>
Improved Extension support in SWIG. Corrected use of %newobject in SWIG.
2005-01-02 Frederic Peters <fpeters@entrouvert.com>
first step to perl bindings (they still need to be compiled and installed correctly)
2005-01-01 Frederic Peters <fpeters@entrouvert.com>
accounts for changes in lasso_node_dump
Removed second and third parameters of lasso_node_dump since @encoding is always UTF-8 and @format is always to indent XML in lasso dumps.
removed lasso_federation_set_local_name_identifier and lasso_federation_set_remote_name_identifier; they were no longer necessary.
2005-01-01 Emmanuel Raviart <eraviart@entrouvert.com>
Removed %rename for attributes in PHP binding, because they currently don't work.
2005-01-01 Frederic Peters <fpeters@entrouvert.com>
applied esaracco patch for check configure test
2005-01-01 Emmanuel Raviart <eraviart@entrouvert.com>
Changed the way %extend was used in SWIG.
Removed binding for functions lasso_federation_set_local_name_identifier and lasso_federation_set_remote_name_identifier: the are useless.
SWIG binding now uses only lasso_node_destroy for LassoNode: no more g_object_unref nor lasso_xxx_destroy.
SWIG binding: Added Federation; updated Identity.
Back to camelCase for attributes in SWIG binding.
2004-12-31 Emmanuel Raviart <eraviart@entrouvert.com>
Updated LassoServer SWIG binding.
2004-12-31 Frederic Peters <fpeters@entrouvert.com>
replaced enum name in methods added between two cvs runs
moved remaining lasso[A-Z].* enums to Lasso[A-Z].*
2004-12-31 Emmanuel Raviart <eraviart@entrouvert.com>
Updated SWIG binding for LassoProvider.
Spelling correction: succint -> succinct.
In SWIG, added constructor, destructor and dump to "lib:" objects.
Improved SWIG bindings of "lib:" objects.
2004-12-31 Frederic Peters <fpeters@entrouvert.com>
moved lasso_strerror to public interface
removed obsolete (since move to structure) lasso_node_verify_signature (but lasso is still lacking signature check for assertion)
sets InResponseTo in samlp:Response
ret > 0 no longer happens
if AuthnRequestsSigned is missing assume it as TRUE
removed obsolete comment
error on missing <Status>
memory management in #LassoLogout (actually already done with snippets; nothing to do but removing old FIXME comments)
it sure must be set to NULL
memory management in #LassoProvider
don't output memory management debug strings
ignore version.xml
added new saml classes and removed private functions from #LassoProvider
fixed spelling in lasso_provider_new_from_dump description
moved some lasso private functions to new providerprivate.h; insure it is included properly in other files (as well as some sessionprivate.h that were missing)
documented lasso_server_get_providerID_from_hash, reaching: 60% symbol docs coverage (151 symbols documented, 101 not documented)
fixed parameter name in constructor
fixed function name in docstring for #LassoLibAuthnResponseEnvelope constructor
documented a bunch of LassoSaml* classes _new functions
documented a bunch of other xml base objects
forgot a parameter in lasso_login_validate_request_msg docstring
documented remaining #LassoLogin function, lasso_login_validate_request_msg
fixed parameter names in some #LassoLogin docstrings
documented #LassoLogin
2004-12-30 Frederic Peters <fpeters@entrouvert.com>
more memory management for #LassoServer
memory management for #LassoIdentity and #LassoSession (partial)
implemented _destroy for LassoService (WSF thing, but that's just a call to lasso_node_destroy)
documented more functions, reaching 50% symbol docs coverage (126 symbols documented, 126 not documented)
set members to NULL to be sure
request and response fields are handled by snippets; they must not be freed manually
2004-12-30 Emmanuel Raviart <eraviart@entrouvert.com>
Added missing g_object_ref for Logout et Lecp request and response in SWIG binding.
Removed unused GLib types from SWIG. SWIG now uses errors.h.
2004-12-30 Frederic Peters <fpeters@entrouvert.com>
added refcounting of server to other profiles
fixing object refcounting in login/logout and proper object destruction to profile
documented #LassoProfile identity and session methods
documented some new/destroy/dump/... functions
added some missing functions to documentation
moved lasso_node_build_query to private functions
merged tools.h and internals.h in new private.h, excluded from API reference.
added lasso_session_is_empty method to documented functions
Do not remove tmpl/ directory; it holds real hand-written documentation there. Copy lasso.sgml to build/ directory before calling gtkdoc-mkdb so it is found by gtkdoc-mkdb and xml prologues are not added everywhere.
documenting lasso_{login|lecp}_init_authn_request
include LassoLibAssertion details into swig bindings.
Moved #LassoSession private functions (limited to Lasso internal use) to a new sessionprivate.h file.
2004-12-30 Emmanuel Raviart <eraviart@entrouvert.com>
Added handling of GObject reference counting to SWIG binding. Fully revamped SWIG binding.
Corrected result type of lasso_saml_assertion_new.
2004-12-29 Frederic Peters <fpeters@entrouvert.com>
check for libtool and pkg-config m4 files (thanks again to gnome-autogen.sh)
don't use $< since it fails with BSD make.
only set Status in session on failure
Store status in session to be restored for samlp:Response usage. This means the session *must* be saved in single sign-on service url and will be dirty.
(so souk, libertyidentity.py line 1076 failIf(login.isSessionDirty) will fail)
2004-12-28 Emmanuel Raviart <eraviart@entrouvert.com>
Added StatusCode binding in Logout. Reorganized objects in swig Lasso.i file.
2004-12-28 Frederic Peters <fpeters@entrouvert.com>
revamped autogen.sh so it works on FreeBSD (with many thanks to gnome-autogen.sh)
only set samlp:Success in samlp:Response if assertion was found; fall back to samlp:RequestDenied in other cases since there is currently no way to be more precise.
added LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS error code
set error to lib:UnknownPrincipal if authentication_result is FALSE
don't crash if session was not set
removed old signature code from LECP
2004-12-28 Emmanuel Raviart <eraviart@entrouvert.com>
Added Status to AuthnResponse.
Added SamlpStatus & SamlpStatusCode to SWIG. Beginning to use same case in SWIG for XML elements as in C.
2004-12-28 Frederic Peters <fpeters@entrouvert.com>
return LASSO_LOGIN_ERROR_REQUEST_DENIED if that's the response Status
fixed dependency on xmlsec1-openssl
generate xmlsec signatures in get_xmlNode; this should allow envelopes (in LECP) to work properly.
lasso requires xmlsec >= 1.2.6
2004-12-27 Emmanuel Raviart <eraviart@entrouvert.com>
Added cast to remove compile time warning.
2004-12-27 Frederic Peters <fpeters@entrouvert.com>
Fixed lasso_lecp_build_authn_request_envelope_msg, lasso_lecp_process_authn_request_envelope_msg and lasso_lecp_build_authn_request_msg to properly deal with signatures (and, generally, to work)
support for <lib:Extension> elements in query (not yet reconstructed); enabled for <lib:AuthnRequest>
Moved back Extension support from xmlNode* to GList*; "SP login using post/artifact (testing Extension); SP logout using SOAP." test now works.
2004-12-26 Emmanuel Raviart <eraviart@entrouvert.com>
Replaced calls of lasso_provider_get_metadata_one with lasso_provider_get_assertion_consumer_service_url in lecp.
Corrected SWIG binding for LECP methods inherited from Login.
2004-12-25 Emmanuel Raviart <eraviart@entrouvert.com>
Changed lib:Extension handling in SWIG lib:AuthnRequest binding, to ensure that each lib:Extension element has a valid namespace.
2004-12-24 Emmanuel Raviart <eraviart@entrouvert.com>
Added SWIG support for "Extension" elements in lib:AuthnRequest.
2004-12-24 Frederic Peters <fpeters@entrouvert.com>
added lib:Extension support to dst classes.
Added missing declaration for lasso_name_identity_mapping_new_from_dump (and moved dump type to const char*).
errata2 makes SPProvidedNameIdentifier optional; changed schema snippet accordingly
errata2 adds a NotOnOrAfter attribute to LogoutRequests
removed obsolete comment
Do not store metadata in provider dumps; only store the filename. Handle AssertionConsumerServiceID in <lib:AuthnRequest>; this allows to have more than one AssertionConsumerServiceURL in a single service provider.
more <lib:AuthnRequest> documentation
2004-12-23 Frederic Peters <fpeters@entrouvert.com>
removing lasso_config.h from scanned header files
Moved <lib:Extension> to xmlNode* since the developer can use xmlAddNextSibling to add other nodes. (not tested)
a few words about lib:AuthnRequest
documented #LassoSamlNameIdentifier
removed all old setter methods and other removed functions from documentation.
dot at the end
Removed _new functions for abstract classes; added _new functions for classes that only had _new_full functions. Documented a little bit; marked public members in structures as such.
removed cut'n pasted doc from oasis
removed liberty-alliance entity;
documented #LassoLogout; actually most docstrings were already there but are way too much going into Lasso internals. Not fixed yet.
remove angle brackets around elements in doc strings so they can now be considered as docbook (necessary to produce itemized lists in docstrings)
removed copy/pasted OASIS documentation
Removed docstring copy/pasted from OASIS documentation (looks like BSD so it should be allowed if they are cited but I prefer to have full copyright over Lasso code)
documented #LassoSession. Removed lasso_session_get_authentication_method and lasso_session_get_first_providerID methods that were obsolete and unused.
Commited Nicolas SWIG binding for WSF since he is on vacation.
create namespace in the air not to disturb xmlnode
disco:Status doesn't exist; once again fall back to UtilityStatus
pp:Status are not DstStatus but UtilityStatus; acknowledge.
fixed QueryResponse get_xmlNode function.
2004-12-22 Nicolas Clapies <nclapies@entrouvert.com>
Added missing header.
Updated get_xmlNode().
Added missing headers.
Added set of request in lasso_personal_profile_process_query_msg() and lasso_personal_profile_process_modify_msg().
Removed use of GList for Options. Use only a Options pointer.
2004-12-22 Frederic Peters <fpeters@entrouvert.com>
documenting #LassoIdentity and #LassoFederation
copyright and license in <bookinfo> are ok
assertion consumer *service* URL
documented service provider assertion consumer service url
close parenthesis
documenting single sign-on; Service Provider Login URL done with example.
commented out <copyright>; not handled by gtk-doc.xsl
Switched documentation to docbook XML.
titles for id-ff 1.2 profiles
minor adjustments to documentation
Minimal documentation for #LassoProfile and #LassoLogin
documented #LassoServer
Started organizing Lasso Reference Manual; documenting LassoProvider.
2004-12-21 Frederic Peters <fpeters@entrouvert.com>
fixed symbols.sym case
added lasso_provider_get_base64_succint_id method to LassoProvider to facilitate Identity Provider Introduction implementation.
moves back <ds:Signature> to the place the schema gave them.
refined symbol regex
removed declaration of inexistant function
removed unused variable
ignoring some more swig generated files
Updated list of files generated by SWIG in C# and Java bindings; fixed PHP Makefile.am; use $(srcdir) to get correct directory in code generation python scrips. make distcheck works after that.
only exports symbols declared with LASSO_EXPORT (experimental)
2004-12-21 Nicolas Clapies <nclapies@entrouvert.com>
Fixed call to constructor of LassoDiscoQueryResponse and LassoDiscoModifyResponse.
2004-12-21 Frederic Peters <fpeters@entrouvert.com>
added random suites with random tests
2004-12-21 Nicolas Clapies <nclapies@entrouvert.com>
Added lasso_disco_query_response_new_from_message() constructor.
fixed name space in dump message of LassoDiscoQueryResponse and LassoDiscoModifyResponse : every element children inerit the discovery name space.
2004-12-21 Frederic Peters <fpeters@entrouvert.com>
don't use xmlSecFind to look up signature
2004-12-21 Frederic Peters <fpeters@entrouvert.com>
Severe libxml2 and xmlsec riot.
Always put <ds:Signature> as the last node since it looks like the right thing
to do (and even if the schema seems to say otherwise).
Try to clean xml messages and remove redundant xml namespace declarations.
Behind libxml2 back and cleaning memory properly.
We<57><65><EFBFBD>re off the streets now / And back on the road / On the riot trail.
2004-12-21 Frederic Peters <fpeters@entrouvert.com>
define correct namespace on QueryResponse
2004-12-20 Frederic Peters <fpeters@entrouvert.com>
removed unnecessary xmlReconciliateNs
correctly sets namespace on Query and QueryResponse Personal Profile nodes.
2004-12-20 Nicolas Clapies <nclapies@entrouvert.com>
Fixed method declarations : lasso_personal_profile_service_process_query_msg() and lasso_personal_profile_service_process_query_msg_response().
Removed GList type in lasso_discovery_add_insert_entry() params. Instead use simple type pointer until list support is implemented in swig binding. Added missing method lasso_discovery_process_query_response_msg().
2004-12-20 Frederic Peters <fpeters@entrouvert.com>
don't include in a second-level status code samlp error status
Refactored signature code so it is now shared between requests/responses and artifacts.
2004-12-19 Frederic Peters <fpeters@entrouvert.com>
Added differentiation between creating xmlnode for lasso use (the _dump functions) and creating xmlnode for the wire (export_to_soap...). This was necessary to keep track of private_key_file to use on an Assertion while it was kept in a lasso session dump and restored later.
This means the get_xmlNode functions have now a second parameter, gboolean
lasso_dump, TRUE when dumping for lasso internal use.
On the bright side assertions are now signed (that signature is not yet
checked).
2004-12-19 Frederic Peters <fpeters@entrouvert.com>
removed minitests from tests Makefile.am
little tests benchmarking AuthnRequest creation and AuthnResponse processing.
add nodes in reverse class order to get them in schema order
Moved signature template stuff into xml.c and use XmlSnippet for them; this should insure proper validation against Liberty XML schemas and should help adding missing signature support to <Assertion>
cleaning up process files
if available, use profile->msg_relayState to init request in init_request functions.
2004-12-18 Frederic Peters <fpeters@entrouvert.com>
Moved LassoProfile->nameIdentifier from char* to LassoSamlNameIdentifier*, gaining back access to the nameFormat added late before 0.5.
There are no bindings for LassoSamlNameIdentifier; as a temporary and
compatible measure; profile->nameIdentifier in bindings continues to
return a char* (profile->nameIdentifier->content).
At the same time the same change has been done for
LassoNameRegistration->oldNameIdentifier.
2004-12-17 Frederic Peters <fpeters@entrouvert.com>
Isolated CFLAGS to be used when compiling Lasso in LASSO_CORE_CFLAGS; don't use those when compiling tests in order to catch errors in headers. (continuing)
Isolated CFLAGS to be used when compiling Lasso in LASSO_CORE_CFLAGS; don't use those when compiling tests in order to catch errors in headers. Also moved a few things in header files; need more thinking about that.
define LASSO_INTERNALS in lasso/
don't export functions defined in tools.h
<samlp:Status> created by Lasso should now be compatible with SAML requirements [SAMLCore11].
[SAMLCore11] Maler, Eve, Mishra, Prateek, Philpott, Rob, eds. (27 May 2003).
"Assertions and Protocol for the OASIS Security Assertion Markup Language
(SAML) V1.1," OASIS Committee Specification, version 1.1, Organization for the
Advancement of Structured Information Standards
deal with missing Status in LogoutResponse
Done with the new query snippets system (everything but the IDPEntries in <lib:AuthnRequest>). It has nested <samlp:StatusCode> support but ID-FF layer must still be updated to produce them.
new (draft) query snippet mechanism to generate query string; deployed in <lib:RegisterNameIdentifier/>
2004-12-16 Frederic Peters <fpeters@entrouvert.com>
merged new error codes in SWIG and used one of them in the Python tests
(almost) done with errors in ID-FF; remaining "return -1" have been converted to LASSO_ERROR_UNDEFINED (there are forty-three of them).
LASSO_ERROR_UNDEFINED was redefined from -999 to -1 so it is easier to add new
sequences of errros.
added minimal support (only XML, no mapping to URL yet) for <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
added memory management to list* XmlSnippet
2004-12-15 Frederic Peters <fpeters@entrouvert.com>
pointers are %p in format strings, not %x
memory management work
moved federation to XmlSnippet
no longer play fool mixing pointers and integers; they are not always the same size and this bites quite hard on AMD-64 (shame on me).
2004-12-15 Nicolas Clapies <nclapies@entrouvert.com>
Reordered function declarations. Added check of server param.
2004-12-15 Frederic Peters <fpeters@entrouvert.com>
fixed a few "variable might be used uninitialized in this function" detected with gcc-3.4 -O3.
2004-12-15 Nicolas Clapies <nclapies@entrouvert.com>
Added support of modify request from a SP to AP : updated element's class in level 1 (Modify and ModifyResponse) and implemented modify request in level 2 id wsf.
2004-12-15 Frederic Peters <fpeters@entrouvert.com>
added new standard error code LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED
new LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND error code
coherent error handling for "identity not found" and "federation not found" cases.
2004-12-14 Frederic Peters <fpeters@entrouvert.com>
replaced unknown error by 2 LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD in Name Identifier Mapping profile.
new LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL profile error and replaced a bunch of 'return -1;' with that one.
fixed some missing or wrong prototype declarations
fixed function declared as returning int that didn't return anything
API change in Single Sign On profile (IdP side) to allow the developer to mess with <lib:Assertion/>
Outlined in http://lists.labs.libre-entreprise.org/pipermail/lasso-devel/2004-December/001119.html
more error code harmony, now with a new critical_error macro
status code has been set in lasso_lib_logout_respone_new_full
properly sign samlp:Response
properly check signature on soap samlp:Request (login/artifact)
properly verify signatures and return code appriopriately (closes: #362)
updated test to new api
updated test to new API
ignore generated files
ignore html rendition
process files taken from lasso 0.5 (not uptodate)
got uptodate documentation about single sign on (I think)
[API Change] For consistency with the other profiles, remote_providerID has been moved from build_authn_request_msg to init_authn_request in both Single Sign-On and LECP profiles. [details on lasso-devel@]
2004-12-13 Frederic Peters <fpeters@entrouvert.com>
error codes handling in LassoLogin
use XmlSnippet for LassoLogout dump/restore
reenabled lasso_session_destroy()
more error code harmonization.
sign AuthnResponse and harmonous use of LASSO_PROFILE_ERROR_INVALID_MSG
removed obsolete comment
harmonized remote_provider tests (check and error code set to LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND)
replaced error_code macro with a function since that macro didn't work with gcc 2.95
error message for LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED
removed trailing ; in macro
dealing with errors; now like this: return error_code(G_LOG_LEVEL_CRITICAL, LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED);
2004-12-12 Frederic Peters <fpeters@entrouvert.com>
properly sign soap messages in name identifier mapping profile.
got top-of-file license spaced the same way as in other files (+ fixed editor typo)
removed error message when java was not found
2004-12-10 Valery Febvre <vfebvre at easter-eggs.com>
Added LassoDiscovery class
Added lasso_server_add_service() method
Added LassoService class
Fixed the attribute name of the dump version
2004-12-10 Nicolas Clapies <nclapies@entrouvert.com>
Added lasso_personal_profile_service_add_data() method : it allows to add response elements corresponding to the requested attribute values.
Removed params of constructor : id and itemIDRef are not required attributes.
Added support of MsgContact PP service.
Initial version : support of personal profile msg contact. It is very experimental and only supports msg account and msg provider part.
2004-12-10 Valery Febvre <vfebvre at easter-eggs.com>
Removed useless LassoDiscoResourceIDGroup class
2004-12-10 Frederic Peters <fpeters@entrouvert.com>
Added back xmlsec signature check (and disabled it in name identifier mapping profile since it is buggy there). The signature check requires another call to xmlParseMemory; this makes them 3 per SOAP message (sign check + lasso_profile_get_request_type_from_soap_msg and lasso_node_init_from_message). I'll think further about this.
2004-12-10 Nicolas Clapies <nclapies@entrouvert.com>
Fixed type mistake in snippets of LassoDstQueryItem.
Added support of DST modify / modify response.
Replaced LassoDiscoResourceIDGroup with old ResourceID and EncryptedResourceID.
Updated lasso_personal_profile_service_init_query() method : now it takes a LassoDiscoResourceOffering* resourceOfferring, a LassoDiscoDescription* description and a char* select, init a Query object, set the soap url from ResourceOffering, and return a QueryItem* to optionaly set attributes. Now it is possible to add extra QueryItems with lasso_personal_profile_service_add_query_item(). It returns the new QueryItem'pointer to set optional attributes;
Removed ResourceOffering and ResourceIDGroup class's attributes. Only keep data and queryItem attributes. Removed old unused private methods (dispose() and finalize() )
Updated lasso_wsf_profile_build_*_msg() : now they only set msg_body class's attribute with a soap message (request / response).
Added DST Modify part level 1.
2004-12-10 Frederic Peters <fpeters@entrouvert.com>
overridden spelling fix caused alignment wreckage
removed XmlSnippetObsolete, no longer used anywhere. lasso_node_build_xmlNode_from_snippets made static and documented some new functions.
reenabled signature checking on query strings (xml messages still to do)
moved NameRegistration to XmlSnippet
removed unnecessary namespace declaration
removed unnecessary private_data in LassoFederation; consequence being instance_init, class_init, dispose and finalise have also been removed.
removed struct LassoLoginPrivate declaration
Moved LassoLogin to XmlSnippet; not completely since an enum is converted in string and I'm not sure it is a good idea to 1) store them as integer or 2) adds the mapping value->string to xml.c. Also removed unused LassoLoginPrivate variable/struct/
2004-12-09 Frederic Peters <fpeters@entrouvert.com>
use xml snippet in LassoProfile; better faster stronger.
don't sign query if not asked to; and fixed SNIPPET_NODE_IN_CHILD support
2004-12-09 Nicolas Clapies <nclapies@entrouvert.com>
Removed code with ResourceIDGroup in lasso_personal_profile_service_init_query() : will be updated soon.
2004-12-09 Valery Febvre <vfebvre at easter-eggs.com>
Yet another modification about ResourceID and EncrytpedResourceID elements
2004-12-08 Frederic Peters <fpeters@entrouvert.com>
force role as service provider in lasso_login_build_authn_request_msg (closes: 382)
forgot to get query when AuthnRequestsSigned was not set
2004-12-08 Nicolas Clapies <nclapies@entrouvert.com>
Fixed support of ResourceIDGroup : updated class of level 1 and id-wsf with this new class.
Removed process of ResourceOffering param. Need to be reactivated when ResourceID process in level 1 will be completed.
2004-12-08 Emmanuel Raviart <eraviart@entrouvert.com>
For Swig, corrected server providerIds. Added providerIds to identities and sessions.
2004-12-08 Valery Febvre <vfebvre at easter-eggs.com>
Fixed bad XML schema interpretation of ResourceIDGroup element in: LassoDiscoModify, LassoDiscoQuerya and LassoDiscoResourceOffering
2004-12-08 Nicolas Clapies <nclapies@entrouvert.com>
Updated with support of disco_resource_id_group.
Initial version : complex class to manage ResourceID and EncryptedResourceID choice.
2004-12-08 Frederic Peters <fpeters@entrouvert.com>
new snippet type, SNIPPET_NODE_IN_CHILD, and documented all of the types.
2004-12-08 Valery Febvre <vfebvre at easter-eggs.com>
Added LassoDiscoResourceID and LassoDiscoEncryptedResourceID classes
2004-12-08 Frederic Peters <fpeters@entrouvert.com>
reviewed code marked with XXX
2004-12-08 Emmanuel Raviart <eraviart@entrouvert.com>
In SWIG: - Improved ProviderIds. - Removed LassoProviders structure (too complex to handle with SWIG). - Added attribute providerIds and method getProvider to LassoServer. - Replaced xmlChar with gchar.
2004-12-07 Emmanuel Raviart <eraviart@entrouvert.com>
The past participle of "to override" is overridden. see http://en.wiktionary.org/wiki/Overridden
2004-12-07 Frederic Peters <fpeters@entrouvert.com>
another round on snippets; no longer multiply types for content transformation (CONTENT_BOOLEAN, ATTRIBUTE_BOOLEAN, CONTENT_INTEGER, ATTRIBUTE_INTEGER...), instead does something like this: SNIPPET_ATTRIBUTE | SNIPPET_INTEGER (other combinations allowed)
2004-12-07 Nicolas Clapies <nclapies@entrouvert.com>
Fixed #ifndef __LASSO_LIB_DISCO_QUERY_H__ to #ifndef __LASSO_DISCO_QUERY_H__
Replaced template_service.* with abstract_service.*
2004-12-07 Valery Febvre <vfebvre at easter-eggs.com>
Added AttributeStatement element support in Saml:Assertion (required for id-WSF). Fixed constructor's required params of Disco classes. Updated Disco classes with new snippet. Updated some schema fragments.
2004-12-07 Nicolas Clapies <nclapies@entrouvert.com>
Initial version : class to manage Personal profile service. Currently, only support initiating, processing and building of Query and QueryResponse messages.
Initial version : abstract class to store ResourceID, ResourceOfferings, QueryItem.
Removed unused old code.
Added support of specific service : now QueryResponse element can be used by services and inherits their name space.
Fixed required params of constructor lasso_dst_query_item_new() : QueryItem's attribute itemID is optional.
Added support of specific service : now Query element can be used by services and inherits their name space.
2004-12-07 Frederic Peters <fpeters@entrouvert.com>
updated informative files with data about Lasso 0.5.0.
2004-12-07 Valery Febvre <vfebvre at easter-eggs.com>
Updated LassoUtilityStatus with new snippet
2004-12-07 Nicolas Clapies <nclapies@entrouvert.com>
Fixed namespace of Status element : Status is included by schemas so no default name space.
2004-12-06 Frederic Peters <fpeters@entrouvert.com>
removed obsolete doc args
2004-12-06 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a stupid copy/paste
Fixed SNIPPET_LIST_NODES and SNIPPET_LIST_CONTENT snippet type support in lasso_node_init_from_xml()
2004-12-06 Frederic Peters <fpeters@entrouvert.com>
removed debugging fprintf
fixed xpath expressions for id-ff 1.1 compatibility
fixed metadata
added (untested) compatibility with ID-FF 1.1 metadata files
2004-12-06 Nicolas Clapies <nclapies@entrouvert.com>
Renamed LASSO_LIB_SERVICE_TYPE_ID_SIS_* to LASSO_*_HREF.
Oups ... bad, bad copy / paste.
Removed service types defines. Added prefix and href for personal profile and employee profile.
2004-12-06 Frederic Peters <fpeters@entrouvert.com>
added dst support
dealt with namespaces in a manner compatibler with libxml2 2.6.11 and 2.6.16
2004-12-04 Frederic Peters <fpeters@entrouvert.com>
more on documentation compilation; ok now.
removed obsolete classes so the doc compiles again
Won anther automake battle. Thanks to Matthias Andree and Be Plouvier.
added types.c generation to Makefile and to .cvsignore
added types (classes) extraction on build and registration in lasso_init
removed gmodule from libs; I failed to get class registration dynamic
formatted for easier processing
link to gmodule (part of glib)
2004-12-03 Frederic Peters <fpeters@entrouvert.com>
consistency: comment stars are aligned; parent_class is no longer necessary; struct indentation only use one tab; trailing \ are not necessary.
2004-12-03 Nicolas Clapies <nclapies@entrouvert.com>
Removed old FIXME.
Updated LassoDstQueryItem with new snippet feature in class instance. Moved schema comment from .h to .c
2004-12-03 Frederic Peters <fpeters@entrouvert.com>
added xml boolean attribute snippet support
2004-12-03 Nicolas Clapies <nclapies@entrouvert.com>
Updated LassoDstQueryResponse with new snippet feature in class instance. Moved schema comment from .h to .c
Updated LassoDstQuery with new snippet feature in class instance. Moved schema comment from .h to .c
2004-12-03 Frederic Peters <fpeters@entrouvert.com>
removed memory management debugging fprintf
cvs ignore for id-wsf/ files
memory management for XmlSnippets; xml/*.c should no longer leak
do not share memory between profile->remote_providerID and response->ProviderID
2004-12-02 Valery Febvre <vfebvre at easter-eggs.com>
Added 22 DST status code constants
2004-12-02 Frederic Peters <fpeters@entrouvert.com>
updated version to 0.5.9 and libtool version to 3.0.0
last(?) iteration on XmlSnippet; now attached to classes, get_xmlNode and init_from_xml are no longer necessary in many cases. Previous XmlSnippet renamed to XmlSnippetObsolete to keep compatibility (id-wsf classes have not yet been converted).
indent using tabs
2004-12-01 Romain Chantereay <rchantereau@entrouvert.com>
Update NSIS scripts. Install zlib, intl.dll instead of libtoolized name. Install correctly in the lasso-lite installer.
2004-11-30 Nicolas Clapies <nclapies@entrouvert.com>
Added a first support of id-wsf high level. Only the base class is defined : LassoWsfProfile is intended to be inherited by future service classes. It is still very incomplete.
Added support of DISCO and DST element classes.
Fixed wrong param in lasso_dst_query_item_new() : LibDstSelect doesnt exist, it is a specific element of attributes services.
Initial version : added DST part of WSF for sis specific attribute services.
2004-11-29 Frederic Peters <fpeters@entrouvert.com>
extra consistency check in lasso_session_get_provider_index
fixed error checking in lasso_server_new
added error checking in lasso_server_new
added proper error checking where xpath is used.
removed unnecessary include
remove erroneous (my bad) XXX comment
2004-11-29 Valery Febvre <vfebvre at easter-eggs.com>
Added LassoSamlAttribute, LassoSamlAttributeDesignator & LassoSamlAttributeStatement classes
2004-11-29 Frederic Peters <fpeters@entrouvert.com>
cut on some line lengths
reduced line length and aligning some #define
harmonize schema fragment comments (indentation, in .c, no space between namespace and element name)
2004-11-29 Nicolas Clapies <nclapies@entrouvert.com>
Initial version of wsf query / query response discovery part files.
2004-11-29 Frederic Peters <fpeters@entrouvert.com>
harmony in snippets declaration
harmony in schema fragment comments
cut on line length (along a fix to commitinfo script to check this automatically)
fixed protocolProfile handling when NULL in request in lasso_login_process_authn_request_msg
map server->providers to a kind of list (should be dict)
2004-11-29 Valery Febvre <vfebvre at easter-eggs.com>
Minor fixes after the snippets changes
2004-11-29 Frederic Peters <fpeters@entrouvert.com>
added RelayState support in federation termination notification (used only in redirect mode)
updated lasso_login_process_authn_request_msg to lasso 0.5 code
2004-11-29 Valery Febvre <vfebvre at easter-eggs.com>
Added 8 classes for discovering identity services (ID-WSF) They provide methods to build Modify & ModifyResponse messages.
Added 2 constants: LASSO_DISCO_HREF and LASSO_DISCO_PREFIX
2004-11-29 Frederic Peters <fpeters@entrouvert.com>
check error and free memory in lasso_node_new_from_soap
elsif'ing
2004-11-28 Frederic Peters <fpeters@entrouvert.com>
error checking in lasso_profile_get_request_type_from_soap_msg()
cleaned up useless affectation
2004-11-26 Frederic Peters <fpeters@entrouvert.com>
moved xml snippet stuffs into new internals.h; those should not be exposed; changed snippet type from character to enum (defined in internals.h)
signature for FederatationTerminationNotification; preparation for AuthnResponse.
cut some long lines
formatting
added attribute snippet support to <saml:SubjectLocality>
added attribute xml snippet support to <samlp:StatusCode>
signature support in <lib:FederationTerminationNotification>, <lib:NameIdentifierMappingRequest> and <lib:NameIdentifierMappingResponse>
added attribute xml snippet support to <saml:Conditions>
use xmlsnippets in <saml:AuthorityBinding>
fixed comment formatting
use attribute xml snippet support in <saml:AuthenticationStatement>
use attribute xml snippet support in <lib:NameIdentifierMappingRequest>
use attribute xml snippet support in <lib:LogoutRequest>
use attribute snippet support in <lib:FederationTerminationNotification>
fixed comment formatting
use attribute xml snippet support in <AuthenticationStatement>
woke up to remove tutorials from configure.ac
2004-11-25 Frederic Peters <fpeters@entrouvert.com>
indentation leftovers
removed examples/ and docs/tutorial directories (obsolete stuffs)
indentation work
restore spaces in front of author name
limit line length to 100 characters.
cut down on line length; removed unnecessary cast, implemented 't' snippet handling.
2004-11-25 Valery Febvre <vfebvre at easter-eggs.com>
added xml complex and simple elements sequences support to xmlsnippet
2004-11-25 Frederic Peters <fpeters@entrouvert.com>
don't loop twice on xmlsnippets
removed some unused #define
use new xml attribute support for saml:Assertion
added xml attribute support to xmlsnippet
2004-11-22 Frederic Peters <fpeters@entrouvert.com>
renamed private struct member to private_data (gtk+ does it like that)
fixed emacs mode
Note about lasso-c-mode for Emacs users
added error checking on query strings; python tests should now pass
sync python tests with lasso 0.5
don't dump empty file path in server dumps
merged late 0.5 changes to java/ and csharp/ Makefile.am
2004-11-18 Frederic Peters <fpeters@entrouvert.com>
unused variables
include appropriate file so saml_name_identifier_new is defined
removed unnecessary lasso_node_impl_init_from_query
fixed signed/unsigned mismatch
server is not part of <profile> dump
use same "xmlsnippets" (name will probably change) to build xml nodes
2004-11-17 Frederic Peters <fpeters@entrouvert.com>
refactored init_from_xml functions (lasso is now less than 20000 lines)
2004-11-16 Frederic Peters <fpeters@entrouvert.com>
more header cleaning
cleaning #includes
support for samlp:StatusCode in samlp:StatusCode in ... ad vitam.
2004-11-15 Frederic Peters <fpeters@entrouvert.com>
tests are ok
renamed lasso/environs/ to lasso/id-ff/
new tests
updated tests
2004-11-09 Frederic Peters <fpeters@entrouvert.com>
return value on init_from_xml; and minor tweaks to code style
2004-11-04 Frederic Peters <fpeters@entrouvert.com>
Fixed value of SingleSignOnProtocolProfile metadata : added support of artifact and post. [lasso-orig rev1.2]
2004-11-03 Frederic Peters <fpeters@entrouvert.com>
move debug functions with other tools functions in tools.c
we're missing AuthenticationContextStatement support
Fixed 2 bugs in lasso_node_add_signature_tmpl() * the transform method "exclusive C14N" was missing in Transforms element * removed useless KeyInfo element in Signatures without X509 data
[from lasso-orig revision 1.95]
2004-11-01 Frederic Peters <fpeters@entrouvert.com>
cleaning files
LECP converted to new tree
set RemoteProviderID has <federation> attribute instead of text child to be a little more compatible with lasso (still incompatible since they put all the federation in a global <federations> while I put them directly in the <identity>).
sign message in name registration
fixed previous lasso-head port
Corrected lasso_logout_process_response_msg so that it works for proxies.
- Added Swig access to attribute role in LassoProvider (needed for proxies). - Renamed TargetNamespace (without uppercase 'S').
2004-10-30 Frederic Peters <fpeters@entrouvert.com>
xmlsec for logout requests and responses
ds:Signature in <samlp:request/> (in login) (and the signature is not verified yet)
2004-10-29 Frederic Peters <fpeters@entrouvert.com>
cleaning up
read over lasso_login_process_request_msg
syncing other functions
lasso_samlp_response_abstract_fill to initialize responses with id, time and versions.
synced lasso_login_build_authn_response_msg
synced lasso_login_build_authn_request_msg; added has_protocol_profile function.
synced lasso_login_build_artifact_msg
synced (not much to do) lasso_login_accept_sso
not much on lasso_login_process_response_status_and_assertion
cleaned up lasso_login_process_federation
no space before :
sync unknown error value with lasso
reformatted lasso_get_pem_file_type
apply optimization to build_random_sequence (and use it in build_unique_id)
change function signature
2004-10-28 Frederic Peters <fpeters@entrouvert.com>
style
fixed lasso_get_current_time to return UTC time
removed unused lasso_g_ptr_array_index
2004-10-27 Frederic Peters <fpeters@entrouvert.com>
removal of \n at end of error messages
removed useless casts
indented lasso.c
cleaning up
removed unused code
[2004-10-26 19:36 rchantereau] configure.ac: Some configuration variables and configure options in order to compile php.
Done with the move to structures and the removal of protocols/ (lasso branched on October 2nd; occasional merges since then).
- Compatible with current souk test suites.
- Missing memory management for everything in xml/
- Missing xmlsec support for SOAP messages.
2004-10-03 Emmanuel Raviart <eraviart@entrouvert.com>
Removed wrong test and changed a comment.
Added RegisterNameIdentifier request and response to SWIG binding.
Corrected error in exception generation for non-Python bindings.
Removed SWIG_Warning which doesn't exist in Swig.
Updated Python tests.
2004-10-02 Emmanuel Raviart <eraviart@entrouvert.com>
Integrated scalp_is_liberty_query into Lasso. Consequently, LASSO_PROFILE_ERROR_INVALID_QUERY is now a negative error code and a critical message is displayed when this error occurs.
Removed function lasso_login_process_without_authn_request_msg. It has been replaced with: lasso_login_init_self_addressed_authn_request(remote_providerID); /* ...Set protocolProfile, isPassive, consent, relayState here... */ lasso_login_process_authn_request_message(NULL, lassoHttpMethodSelfAddressed); This change was needed because there was no way to set isPassive, consent, etc, before.
Standardized some error codes and messages.
2004-10-02 Emmanuel Raviart <eraviart@entrouvert.com>
Homogeneized error handling for HTTP methods in requests.
Reworked error codes, so that positive and negative numbers don't overlap:
It will be easier to change the sign of an error code without break API.
Realigned error codes definitions.
2004-10-02 Emmanuel Raviart <eraviart@entrouvert.com>
Removed consent from fake authnRequest created by lasso_login_process_without_authn_request_msg: Since the nameIDPolicy is "any", must_ask_for_consent must return true and if the user doesn't give its consent, a one-time nameidentifier should be used.
In lasso_login_process_without_authn_request_msg, set the isPassive flag of the fake authnRequest to false, so that must_authenticate() returns true.
Corrected handling of NULL remote_providerID in lasso_login_process_without_authn_request_msg.
2004-10-02 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_login_process_without_authn_request_msg() and lasso_login_build_assertion() When Identity provider initiates SSO, response assertion MUST not include an InResponseTo attribute.
Fixed a bug in lasso_query_to_dict() function It occurred when a parameter didn't have a value.
2004-10-02 Emmanuel Raviart <eraviart@entrouvert.com>
Added login method processWithoutAuthnRequestMsg to SWIG bindings.
2004-10-02 Valery Febvre <vfebvre at easter-eggs.com>
Added documentation
Modified lasso_login_process_without_authn_request_msg() The 'remote_providerID' param is now optional (can be NULL).
2004-10-01 Valery Febvre <vfebvre at easter-eggs.com>
Added methods comments
Fixed a bug in lasso_login_accept_sso()
2004-10-01 Emmanuel Raviart <eraviart@entrouvert.com>
Removed federation test, because for one-time single sign-on, there is no federation.
Correction in consent handling for login when testing IsPassive.
2004-10-01 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_login_ask_for_consent() Some cases had been forgotten.
2004-10-01 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected #define syntax in SWIG.
Added consent constants in SWIG.
Use #define instead of xmlChar for string constants in SWIG.
2004-10-01 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in instance_init() methods of LassoIdentity and LassoSession classes is_dirty flag was initialized to TRUE instead of FALSE.
2004-10-01 Emmanuel Raviart <eraviart@entrouvert.com>
camelCased argument name in SWIG.
English correction.
Synchronized SWIG error codes with those in errors.h (Shame on the developper who forgot to update them in Lasso.i :-)
2004-10-01 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_query_verify_signature() It was impossible to verify queries signed with the DSA-SHA1 algorithm.
Added one error code
2004-09-30 Emmanuel Raviart <eraviart@entrouvert.com>
Updated login C tests to new API for obtaining consent.
Added mustAskForConsent to login in SWIG.
camelCased a parameter name.
2004-09-30 Valery Febvre <vfebvre at easter-eggs.com>
Added a param 'is_consent_obtained' in method: lasso_login_build_artifact_msg(), lasso_login_build_authn_response_msg(), lasso_login_process_federation(), lasso_lecp_build_authn_response_envelope_msg() AuthnRequest message accepts now all possible values for the NameIDPolicy: none, onetime, federated, any
Added lasso_login_must_ask_for_consent() method
This method must be called after lasso_login_process_authn_request_msg()
Added lasso_login_process_without_authn_request_msg() method
This method is useful to initiate SSO from IDP.
Lasso.i was updated according to the changes.
2004-09-30 Nicolas Clapies <nclapies@entrouvert.com>
Updated registation profile : now it supports multiple registration from SP and IDP. This profile has been tested only with SOAP method in souk. Test must be added with Redirect method.
Fixed a critical segfault bug when parsing an invalid SOAP message in private method lasso_{protocol_type}_new_from_soap().
2004-09-30 Emmanuel Raviart <eraviart@entrouvert.com>
Added directory for sample SourceID messages.
2004-09-30 Nicolas Clapies <nclapies@entrouvert.com>
Fixed critical bug when parsing an invalid SOAP message in private method lasso_name_identifier_mapping_response_new_from_soap()
2004-09-30 Valery Febvre <vfebvre at easter-eggs.com>
Added 3 error codes
Added 3 lassoLibConsent
2004-09-30 Nicolas Clapies <nclapies@entrouvert.com>
Fixed critical bug when parsing an invalid SOAP message in private method lasso_name_identifier_mapping_new_from_soap()
2004-09-30 Valery Febvre <vfebvre at easter-eggs.com>
Added a parameter 'content' (optional) in lasso_federation_build_local_nameIdentifier() and lasso_federation_build_remote_nameIdentifier() methods
Added lasso_federation_build_remote_nameIdentifier() and lasso_federation_build_local_nameIdentifier() methods
2004-09-30 Emmanuel Raviart <eraviart@entrouvert.com>
Updates Python tests to new Lasso API.
2004-09-29 Emmanuel Raviart <eraviart@entrouvert.com>
Updated C tests to lasso_server_new new API.
2004-09-29 Nicolas Clapies <nclapies@entrouvert.com>
Added better support for name registration. There is still problem with multiple registration needed to be fixed
2004-09-29 Valery Febvre <vfebvre at easter-eggs.com>
Replaced 2 lassoLibMinorVersion by 2 lassoSamlMinorVersion and 2 lassoLibMajorVersion by 2 lassoSamlMajorVersion
2004-09-28 Nicolas Clapies <nclapies@entrouvert.com>
Added comments in lasso_register_name_identifier_response_new()
Added support of RelayState. Now if the requester wants to get back th RelayState, it has to acces to profile->msg_relayState
2004-09-27 Valery Febvre <vfebvre at easter-eggs.com>
Added an error code: LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED
Improved lasso_node_verify_signature() method The 'public_key_file' param can now be either a public_key or a certificate
2004-09-27 Nicolas Clapies <nclapies@entrouvert.com>
Added dump support in name registration. Fixed a bug in lasso_process_request_msg() : removed a free of node
2004-09-27 Valery Febvre <vfebvre at easter-eggs.com>
Fixed bug #303
lasso_profile_set_session_from_dump() and lasso_profile_set_identity_from_dump() methods log now a critical message if dumps are NULL.
2004-09-27 Valery Febvre <vfebvre at easter-eggs.com>
Renamed 'ca_certificate' property of LassoProvider object to 'ca_cert_chain'
Added a new property 'secret_key' in LassoServer object
Changed prototype of lasso_server_new() method
BEFORE:
LassoServer *
lasso_server_new(gchar *metadata,
gchar *public_key,
gchar *private_key,
gchar *certificate,
lassoSignatureMethod signature_method)
AFTER:
LassoServer *
lasso_server_new(const gchar *metadata,
const gchar *private_key,
const gchar *secret_key,
const gchar *certificate)
public_key param was removed because it was useless.
secret_key was added to decrypt private_key
signature_method was removed (default value is lassoSignatureMethodRsaSha1).
2 new methods was added to access 'signature_method' property of LassoServer:
lasso_server_get_signature_method() and lasso_server_set_signature_method()
Update Lasso.i
2004-09-27 Nicolas Clapies <nclapies@entrouvert.com>
Fixed bug #294 : memory leak on name identifiers local variables in lasso_name_registration_init_request().
2004-09-27 Valery Febvre <vfebvre at easter-eggs.com>
Removed lasso_node_verify_x509_signature() method. This method isn't useful anymore. lasso_node_verify_signature() can now verify signatures with or without X509Data. Added a new param "ca_cert_chain_file" in lasso_node_verify_signature()
2004-09-27 Nicolas Clapies <nclapies@entrouvert.com>
Fixed bug #293 : memory leak on content local variable in lasso_logout_init_request().
2004-09-27 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_load_certs_from_pem_certs_chain_file() function
2004-09-27 Nicolas Clapies <nclapies@entrouvert.com>
Fixed bug #292 : memory leak on content attribute.
2004-09-25 Nicolas Clapies <nclapies@entrouvert.com>
- Removed lassoLibProtocolProfileNimSpSoap macro.
- Removed odd private method : lasso_name_identifier_mapping_response_new_from_query is not useful, Liberty Alliance does't implement Redirect method in name identifier mapping profile.
- Added lasso_name_identifier_mapping_response_set_status_code_value() to define status code of the response.
- Removed odd private method : lasso_name_identifier_mapping_request_new_from_query() has no sense. Liberty Alliance doesn't define Redirect method for name identifier mapping profile.
2004-09-25 Nicolas Clapies <nclapies@entrouvert.com>
- Fixed mistake in the API : restored the second param (provider type). Added a new attribute. Now targetNameIdentifier is used to get the target name identifier of the remote Service Provider. Later it will be used to request an attribute of a principal at this SP.
- Updated code of name identifier mapping object :
lasso_name_identifier_mapping_build_request_msg() : builds the name identifier mapping SOAP request message.
lasso_name_identifier_mapping_process_request_msg() : parse a SOAP request message.
lasso_name_identifier_mapping_validate_request() : now this method verify federation of the principal.
and get the name identifier of this principal from federation with the remote service provider.
lasso_name_identifier_mapping_build_response_msg() : build the name identifier mapping SOAP response message.
lasso_name_identifier_mapping_process_response_msg() : parse the SOAP response message and veriy the status code value.
If Success, then it sets the targetNameIdentifier attribute.
2004-09-25 Nicolas Clapies <nclapies@entrouvert.com>
Fixed mistake in LassoNameIdentifierMapping() : restored the second param (provider type). Added a new attribute in NameIdentifierMapping object. Now targetNameIdentifier is the name identifier of the target Service Provider. Later will be used to request an attribute.
2004-09-23 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
Major update of code in lasso_name_identifier_mapping_init_request(), lasso_name_identifier_mapping_process_request(), lasso_name_identifier_mapping_validate_request(). Added binding in swig for name identifier mapping profile
Removed old commented code
2004-09-23 Christophe Nowicki <cnowicki@easter-eggs.com>
Group misc functions into misc.php on the idp and sp Add Federation Terminaison metadata on the idp and sp Add view off federation on the sp Add cancel federation button on the sp and idp Defederation is not working yet
2004-09-23 Nicolas Clapies <nclapies@entrouvert.com>
Added definition of name identifier mapping protocol profiles
2004-09-23 Valery Febvre <vfebvre at easter-eggs.com>
Moved 'signature_status' private property from LassoLogin to LassoProfile
2004-09-23 Christophe Nowicki <cnowicki@easter-eggs.com>
Add Federation Federation Termination metadata
2004-09-23 Valery Febvre <vfebvre at easter-eggs.com>
Removed a ';' in excess
2004-09-22 Valery Febvre <vfebvre at easter-eggs.com>
Update
Ooops, signature_status type must be gint, not gboolean
Changed returned values and added some error messages in lasso_query_verify_signature()
2004-09-22 Emmanuel Raviart <eraviart@entrouvert.com>
Updated to new API (but it doesn't work yet).
2004-09-22 Nicolas Clapies <nclapies@entrouvert.com>
Added a test on the remote provider id param in lasso_name_registration_init_request() method
2004-09-22 Valery Febvre <vfebvre at easter-eggs.com>
Minor fixs
2004-09-22 Nicolas Clapies <nclapies@entrouvert.com>
Added method lasso_lib_name_identifier_mapping_request_set_targetNameSpace() in lib_name_identifier_mapping_reques.c / h files. Added support of target name space in lasso_name_identifier_mapping_new() in name_identifier_mapping_request.c / h files. Added support of target name space in lasso_name_identifier_init_request() in name_identifier_mapping.c / h files
2004-09-22 Christophe Nowicki <cnowicki@easter-eggs.com>
fix problem with the sso, now the user can do more than one sso session.
2004-09-22 Frederic Peters <fpeters@entrouvert.com>
forgotten commit; /insert const keyword explanation here/
2004-09-22 Nicolas Clapies <nclapies@entrouvert.com>
fixed a lot of bug, added a new attribute oldNameIdentifier. Now after the process of the identity object ( or dump), nameIdentifier holds the new name identifier and oldNameIdentifier holds the old name identifier
lasso_federation_set_local_nameIdentifier() and lasso_federation_set_remote_nameIdentifier() remove the old value before setting local_nameIdentifier of remote_nameIdentifier
*** empty log message ***
Added lasso_identity_get_federation_ref : it returns the reference of the asked federation object
2004-09-22 Christophe Nowicki <cnowicki@easter-eggs.com>
Added ProfileBrwsPost
2004-09-22 Valery Febvre <vfebvre at easter-eggs.com>
update
2004-09-22 Emmanuel Raviart <eraviart@entrouvert.com>
Removed assertion from login in SWIG.
2004-09-22 Valery Febvre <vfebvre at easter-eggs.com>
Renamed lasso_lecp_init_from_authn_request_msg() into lasso_lecp_process_authn_request_msg()
BEWARE : this change breaks the API
Removed response_dump and assertion properties in LassoLogin object Added an attribute (remote_providerID) in lasso_login_build_response_msg() Renamed lasso_login_add_response_assertion() into lasso_login_build_assertion() Renamed lasso_login_init_from_authn_request_msg() into lasso_login_process_authn_request_msg() Removed lasso_login_get_assertion(), lasso_login_set_assertion and lasso_login_set_assertion_from_dump() methods
BEWARE : these changes break the API
Added 8 SamlStatusCode
Added lasso_profile_get_remote_providerID() method
2004-09-22 Emmanuel Raviart <eraviart@entrouvert.com>
New API pour artefact handling.
2004-09-20 Valery Febvre <vfebvre at easter-eggs.com>
update
2004-09-20 Emmanuel Raviart <eraviart@entrouvert.com>
Made argument remote_providerID optional for Defederation.initNotification, in SWIG binding.
2004-09-20 Nicolas Clapies <nclapies@entrouvert.com>
Added binding for new name registration type
2004-09-20 Christophe Nowicki <cnowicki@easter-eggs.com>
PHP session are stored in the database
PHP session are now stored in the database A now table was added 'sso_session' for storing information about the PHP Session, it's possible to view logged user Logout destroy the PHP session in the IdP Bug : user can't sso twice ;(
2004-09-20 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-09-20 Emmanuel Raviart <eraviart@entrouvert.com>
Made remote_providerID optional in lasso_lecp_build_authn_request_msg and in SWIG
Corrected SWIG handling of metadata.
Added attribute providerIds to Session in SWIG.
2004-09-20 Nicolas Clapies <nclapies@entrouvert.com>
Fixed big mistake when updating name registration type in lassoRequestType : moved type at the end to preserve API, sorry.
2004-09-20 Frederic Peters <fpeters@entrouvert.com>
repair API/ABI; thanks you very much.
2004-09-20 Nicolas Clapies <nclapies@entrouvert.com>
Added name registration declaration and definition
Added name registration type in lassoRequestType enum. added test in function lasso_profile_get_request_type_from_soap_msg()
2004-09-20 Frederic Peters <fpeters@entrouvert.com>
I wanted to login /But it was too long/ So I logged out /It was not much shorter/
2004-09-20 Nicolas Clapies <nclapies@entrouvert.com>
Added tests in lasso_register_name_identifier_response_new_from_query(). Now return NULL if a required key value is not found
Added test lasso_register_name_identifier_request_new_from_query(). Verify if SPProvidedNameIdentifier exists in query (As specified in IDFF 1.2 errata, SPProvidedNameIdentifier is optional)
2004-09-20 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_get_public_key_from_pem_cert_file() and lasso_get_pem_file_type() functions
2004-09-20 Nicolas Clapies <nclapies@entrouvert.com>
Replaced call to lasso_identity_get_next_federation_remote_providerID() with lasso_identity_get_first_providerID()
2004-09-20 Valery Febvre <vfebvre at easter-eggs.com>
the remote_providerID parameter of lasso_login_build_authn_request_msg() method is now optional. If it's NULL, the providerID of the first provider of login->server is used.
2004-09-20 Nicolas Clapies <nclapies@entrouvert.com>
Added lasso_identity_get_first_providerID(). Now it replaces lasso_identity_get_next_federation_remote_providerID() wich still exists to keep API / ABI compatibility
2004-09-20 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_server_get_first_providerID() method
2004-09-18 Emmanuel Raviart <eraviart@entrouvert.com>
Added SWIG bindings for metadata, providers and providerIds.
Reworked PHP4 binding for Identity.providerIds => PHP API has changed.
2004-09-17 Frederic Peters <fpeters@entrouvert.com>
fixed typo
use g_strdup_printf to avoir buffer size calculations and g_snprintf to avoir buffer overrun.
use g_strdup_printf to avoid buffer size calculation; and free() the uri once it has been used.
strncpy won't add a trailing \0 to the string if it has over 512 characters; only copy 511 and add a zero manually.
2004-09-17 Christophe Nowicki <cnowicki@easter-eggs.com>
log viewer for the Service Provider and the Identity Provider added logger for in many files updated idp1 metadata, added .php extension added session viewer for the sp (you will be able to view online users)
2004-09-17 Frederic Peters <fpeters@entrouvert.com>
removed remaining parenthesis on return statements
lasso_sha1 doesn't return a string but a buffer
2004-09-17 Romain Chantereay <rchantereau@entrouvert.com>
Uptaded NSI scripts: * Set version to 0.4.1-2 (filename is set too) * Updated files modules documentation. * Added intl.dll (part of gettext project) to dependencies installation.
PS: Gettext is not included, just intl.dll
2004-09-17 Frederic Peters <fpeters@entrouvert.com>
remove removed code
alloc xmlChar with xmlMalloc in lasso_build_unique_id; alloc one more character in lasso_sha1; remove some removed code
use memcpy to copy memory; also fixed type of samlArt.
2004-09-16 Christophe Nowicki <cnowicki@easter-eggs.com>
New logging system with a web interface.
2004-09-16 Valery Febvre <vfebvre at easter-eggs.com>
Disabled "consent" attribute checking when NameIDPolicy is set to federated in the AuthnRequest (in lasso_login_process_federation method)
2004-09-16 Christophe Nowicki <cnowicki@easter-eggs.com>
For multiple virtual hosts with certificat you need to set the CN. It's fixed in the PHP sample README.
README for the PHP samples is now complete. Can someone try it?
2004-09-15 Christophe Nowicki <cnowicki@easter-eggs.com>
Added sample xml metadata in the distribution Added a README file, this file explain howto setup a PHP IdP/SP, it's not fully documented yet. Work in progress.
New logging system based on Pear::Log package. Every actions on the idp, sp will be logged inside the database, syslog a file.
2004-09-14 Nicolas Clapies <nclapies@entrouvert.com>
Added binding for LassoNameRegistration C object
Little indentation
Added tests if required attributes in lasso_register_name_identifier_request_new_from_query() are not found.
2004-09-13 Christophe Nowicki <cnowicki@easter-eggs.com>
now the user list show federations
bind property providerIDs for LassoIdentity added typemap, convert GPtrArray to PHP indexed string array
split source code of singleSignOn.php in many functions added support for http basic authentification remove useless "?SID=" values
2004-09-10 Christophe Nowicki <cnowicki@easter-eggs.com>
change header("Location $url\n\n") to header("Location $url\r\n\r\n")
Use header("Location: $url\n\n") instead of header("Location: $url") Secure every SQL query with the quoteSmart methode. Completely rewrite singleSignOn.php, now the code is more easy to understand and more clean.
2004-09-10 Frederic Peters <fpeters@entrouvert.com>
Fixed ABI and API breakage. Please don't modify function signatures (even more so when the new arg is not used).
2004-09-10 Nicolas Clapies <nclapies@entrouvert.com>
A lot of Updates ... currently it is unusable : lasso_name_registration_validate_request(), lasso_name_registration_process_response_msg(), lasso_name_identifier_mapping_validate_request() and lasso_name_identifier_mapping_process_response_msg() need to be completed
Moved lasso_name_registration_validate_request() method at the end of definition order
Moved lasso_name_registration_validate_request() at the end of declaration order
2004-09-10 Frederic Peters <fpeters@entrouvert.com>
Moved assertion to private part of LassoLogin* (use lasso_login_get_assertion to get it). Without breaking ABI. Classy.
2004-09-10 Nicolas Clapies <nclapies@entrouvert.com>
Updated name registration object's methods code to have the same structure as the other profiles. It still needs to be tested before to be souked :)
Changed comment if error when building query logout request message
Added entry for logout method lasso_logout_dump(), lasso_logout_init_request() and lasso_logout_reset_providerID_index()
Added lasso_provider_get_registerNameIdentifierServiceReturnURL() method in LassoProvider object
2004-09-09 Christophe Nowicki <cnowicki@easter-eggs.com>
I've forget to add lasso/php/examples/sample-idp/Makefile in the autoconf script.
2004-09-08 Christophe Nowicki <cnowicki@easter-eggs.com>
Improve setup system : edit metadata and allow the administrator to select the authentification methode (HTTP Basic or HTML Form).
2004-09-08 Frederic Peters <fpeters@entrouvert.com>
please use spaces between variable names and values
2004-09-08 Christophe Nowicki <cnowicki@easter-eggs.com>
added edit sp metadata to the setup system
nice user browser
oups ;(
SOAP request read problem fixed SSO is now working much better
2004-09-08 Emmanuel Raviart <eraviart@entrouvert.com>
Restructured ColdFusion code. Added single logout code. Both single sign-on and single logout work.
2004-09-07 Emmanuel Raviart <eraviart@entrouvert.com>
Added files that I forgot to commit for 0.4.1
Improved ColdFusion.
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Corrected install-java-lite nsi script.
2004-09-07 Emmanuel Raviart <eraviart@entrouvert.com>
Created ChangeLog using cvs2cl -f ChangeLog --FSF
Replaced Sign On with Sign-On.
Login skeleton for ColdFusion is now fully working.
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Updated NSI scripts.
Set Lasso DLL windows resources filename to liblasso-1.dll.
Add windows linker --add-stdcall-alias in order to permit failsafe use of DLLs.
2004-09-07 Christophe Nowicki <cnowicki@easter-eggs.com>
IdP PHP : logout is working
ZVAL_STRING macro for PHP
2004-09-07 Frederic Peters <fpeters@entrouvert.com>
fixed error output in configure when no java has been found (was: ./configure: line 20612: NULL: command not found )
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Firsts fixes in order to compile Python binding under Darwin.
Another way to test, ugly, but safe.
2004-09-07 Nicolas Clapies <nclapies@entrouvert.com>
Comments miss in some last commits, so : the 4 last commits fixed a bad bug in lasso_logout_get_next_provideID() and a bug in the setting of status code value in logout response
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Ok, now a module undex Win32, and a lib under Linux (and other OS).
2004-09-07 Nicolas Clapies <nclapies@entrouvert.com>
Fixed a seg fault in lasso_logout_get_next_providerID()
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Now module is a module.
2004-09-07 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Now 0.4.1 and 1:1:0.
2004-09-07 Nicolas Clapies <nclapies@entrouvert.com>
Added entries for missing methods of logout object documentation : lasso_logout_init_request() and lasso_logout_reset_providerID_index()
Updated the API developer documentation
Updated the API developer documentation
2004-09-07 Christophe Nowicki <cnowicki@easter-eggs.com>
SWIGPHP4 is not a defined in the wapper source code, use PHP_VERSION
remove swig -noproxy option for PHP
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
RTM :)
Now good and proper test on swig version.
2004-09-07 Frederic Peters <fpeters@entrouvert.com>
filled NEWS file
removed note about bindings in README
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
For compatibility with SWIG < 1.3.22, test the swig version before using the new java enum handling way.
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Specificly use original approach java enums binding method.
http://www.swig.org/Release/CHANGES
05/20/2004: wsfulton
[Java] Java enum support added. There are now 4 ways in which enums
can be wrapped:
1) Proper Java enums - use %include "enums.swg"
2) Typesafe enums - use %include "enumtypesafe.swg"
3) Type unsafe enums (constant integers) - use %include "enumtypeunsafe.swg"
4) Simple constant integers (original approach) - use %include %"enumsimple.swg"
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Added php sample-sp to the distribution.
2004-09-07 Frederic Peters <fpeters@entrouvert.com>
updated debian packaging
updated debian packaging
2004-09-07 Romain Chantereay <rchantereau@entrouvert.com>
Better java sun jdk support on Windows plateforms.
NOTE: Use good PATH environment variable and set JAVA=java, JAVAC=javac &
JAR=jar. It is very important.
Fixed php-config help typo.
No need to define package and version constants, there are already defined in the lasso_config.h file. This file is included in the generated wrap C source code.
Windows java installer includes now lasso.jar. Usefull isn't it ?
2004-09-07 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected Lasso minor version in SWIG binding.
2004-09-06 Frederic Peters <fpeters@entrouvert.com>
added 0.4 to doap.rdf
a bit late; fixed use of unitialized variables (-Wuninitialized needs -O)
2004-09-06 Romain Chantereay <rchantereau@entrouvert.com>
Updated installer file names.
Added NSI java script file to distribution.
Updated NSI file and added java NSI.
2004-09-06 Christophe Nowicki <cnowicki@easter-eggs.com>
PHP Idp Sample : - form for creating metadata - sso support - small README with installation instruction
2004-09-06 Romain Chantereay <rchantereau@entrouvert.com>
No more trace of macros if the distribution.
pkg-config-path= becomes pkg-config=
Removed check.m4 from distribution.
2004-09-06 Nicolas Clapies <nclapies@entrouvert.com>
Removed old methods declaration
2004-09-06 Frederic Peters <fpeters@entrouvert.com>
removd extraneous output about gtk-doc
2004-09-06 Romain Chantereay <rchantereau@entrouvert.com>
Really added check macros to the distribution.
Corrected java test.
Args are string.
2004-09-06 Romain Chantereay <rchantereau@entrouvert.com>
Revision to 0.4.0
Libtool: 1:0:0
Java is not activated when no jar program.
2004-09-06 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
2004-09-06 Romain Chantereay <rchantereau@entrouvert.com>
Some typo, and variables corrections.
2004-09-06 Nicolas Clapies <nclapies@entrouvert.com>
Added lasso_logout_dump() to logout.h
Renamed methods lasso_logint_set_assertion*() to lasso_login_set_assertion*()
Oups, little mistake : now attribute version is added only in lasso_profile_dump() instead of lasso_login_dump() or lasso_logout_dump()
Added version attribute in lasso dump messages
2004-09-06 Romain Chantereay <rchantereau@entrouvert.com>
Now, we use the detected JAR program instead of an harcoded 'jar' command.
Now Lasso distribution includes the check macros allowing people to generate Makefile and configure without check-xml installed.
PS: The distribution is not checked yet.
2004-09-05 Emmanuel Raviart <eraviart@entrouvert.com>
Changed Python exceptions generated by SWIG.
2004-09-04 Emmanuel Raviart <eraviart@entrouvert.com>
Half a day of work for this prodigious result: ColdFusion redirects the AuthnRequest to the IDP.
Corrected a mistake in Java binding.
2004-09-04 Frederic Peters <fpeters@entrouvert.com>
missing includes, unusued variables, usual saturday stuff.
2004-09-04 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
Fixed a lot of bugs in the logout from a SP to others SPs : now it remove each of the assertions SPs at IDPs and IDP returns the real LogoutResponse
2004-09-04 Frederic Peters <fpeters@entrouvert.com>
Pierre Cros improvements
2004-09-04 Emmanuel Raviart <eraviart@entrouvert.com>
Made the sample Java code work.
Added new object Assertion to C# & Java bindings.
Corrected Java.
Converted C login test to new login API.
Added defines neededfor Java binding.
2004-09-03 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
Fixed problem when checking all remote SP from IDP in lasso_logout_validate_request() : replaced lasso_provider_get_singleLogoutProtocolProfile(provider, lassoProviderTypeIdp, NULL) with lasso_provider_get_singleLogoutProtocolProfile(provider, lassoProviderTypeSp, NULL)
Updated of lasso_logout_validate_request() : now it returns a code error of -301 (unsupported profile) if an IDP receiving a LogoutRequest via SOAP detects other SPs dont support SOAP method.
Updated process of artifact : now the IDP generates an artifact either or not the user authentication succeeded. When the SP resends the artifact to the IDP in a samlp:Request, it builds a samlp:Response message with Success status code value. If an assertion is found from artifact, then it adds it to the response. Finally, the IDP responds to the SP with the SOAP message
2004-09-02 Frederic Peters <fpeters@entrouvert.com>
another serie of ignored files
ignore some files
ignore a bunch of things
2004-09-02 Emmanuel Raviart <eraviart@entrouvert.com>
Added missing .cvsignore in tests/data/
2004-09-02 Frederic Peters <fpeters@entrouvert.com>
things were overcomplicated; simplify a bit (for example the DEPDIR dirty things was necessary because variables were overused; ask me for details if you want)
new classes -> new files
disable xmlsec version check
2004-09-01 Nicolas Clapies <nclapies@entrouvert.com>
Removed lasso_session_remove_assertion() in lasso_logout_init_request() at IDP with HTTP Redirect method, added remove of assertion if at IDP and HTTP redirect
*** empty log message ***
Removed in python test, hard coded logout dump test, fixed a bug in lasso_logout_new_from_dump() when setting provider id index
2004-09-01 Christophe Nowicki <cnowicki@easter-eggs.com>
PHP IdP Sample : - setup system is working - user management (add, delete, etc ...) - sso login in progress
2004-09-01 Nicolas Clapies <nclapies@entrouvert.com>
Moved support of provider index from session to logout. Now only the logout knows the current index of the provider id to request, and the session can only return the provider id from an index
Added support of index ProviderID in lasso_session_dump() and lasso_session_new_from_dump()
Fixed bug when getting relay state in lasso_logout_process_response_msg()
2004-09-01 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected Request and Response for Logout and request for Federation Termination Notification in SWIG.
2004-09-01 Frederic Peters <fpeters@entrouvert.com>
removed extra parentheses after return statements;
2004-09-01 Nicolas Clapies <nclapies@entrouvert.com>
Added free of temporary node object in lasso_logout_new_from_dump()
Added parse support of xml message in lasso_logout_response_new_from_export(), added private method lasso_logout_response_new_from_export()
Fixed bug when parsing from an export message in lasso_logout_request_new_from_xml() : call to lasso_node_destroy() at the wrong place
2004-09-01 Emmanuel Raviart <eraviart@entrouvert.com>
LassoSession.getAuthenticationMethod argument is now optional.
2004-09-01 Christophe Nowicki <cnowicki@easter-eggs.com>
Fix addProvider bug
2004-09-01 Nicolas Clapies <nclapies@entrouvert.com>
Replaced lasso_session_get_next_providerID() with lasso_session_get_first_providerID()
Removed set of msg_relayState in lasso_logout_process_request(), it has no meaning here, but set the msg_relayState in lasso_logout_process_response_msg()
2004-08-31 Emmanuel Raviart <eraviart@entrouvert.com>
Added a new Python logout test: Make the same Logout.newFromDump enough times => segfault.
Corrected request and respond for profiles others than login.
Added relayState attribute to LogoutRequest, but it doesn't work. I believe,
this is a Lasso bug.
2004-08-31 Nicolas Clapies <nclapies@entrouvert.com>
Added method lasso_session_get_first_providerID(). Now to get the first providerID use it instead of lasso_session_get_next_providerID()
fixed bug in lasso_logout_dump() and lasso_logout_new_from_dump()
2004-08-31 Emmanuel Raviart <eraviart@entrouvert.com>
Added setting of isPassive to False in doc.
2004-08-31 Frederic Peters <fpeters@entrouvert.com>
strcmp is used; string.h must be included
g_sprintf is used; gprintf.h must be included
default: in switches
removed unused variables
g_sprintf is used; glib/gprintf.h must be included
strlen is used; string.h must be included
properly cast request to needed type
default: to set descriptor to NULL; so it won't be undefined on the next line where it was tested.
xmlSecBase64Encode is used; xmlsec/base64.h must be included
g_sprintf is used; gprintf.h must be included; default: statement in switch.
2004-08-31 Nicolas Clapies <nclapies@entrouvert.com>
Added support of code error LASSO_PROFILE_ERROR_MISSING_REQUEST in lasso_logout_build_response_msg()
Added code error : LASSO_PROFILE_ERROR_MISSING_REQUEST. It indicates that lasso needs a request to process a task. For example, when building a response message
2004-08-31 Frederic Peters <fpeters@entrouvert.com>
cvs must ignore cil and dev packages directory
cvs must ignore cil and dev packages directory
php4 packaging and renamed liblasso0-python2.3 to python2.3-lasso
php4 packaging and renamed liblasso0-python2.3 to python2.3-lasso
2004-08-31 Emmanuel Raviart <eraviart@entrouvert.com>
Typo correction.
2004-08-31 Nicolas Clapies <nclapies@entrouvert.com>
Fixed bug when attempting to parse a query message : now if a key / value with = is incomplete, it skips it and completes the process of the list
Added in parse of query a test if the data list is not NULL
2004-08-31 Emmanuel Raviart <eraviart@entrouvert.com>
Added Lasso version constants to SWIG.
Testing logout.processResponseMsg with a really bad URL. => red alert.
2004-08-31 Christophe Nowicki <cnowicki@easter-eggs.com>
new version of the PHP service provider made with the new Swig PHP binding
2004-08-31 Nicolas Clapies <nclapies@entrouvert.com>
Fixed missing feature in lasso_process_request_msg() and lasso_logout_process_response() : now if the parse of the query message is wron, then it returns LASSO_PROFILE_ERROR_INVALID_QUERY code error
Fixed bug in lasso_logout_response_new_from_export() : now if a query message and if an attribute or element key / value is missing, return NULL
Fixed bug in lasso_logout_request_new_from_export() : now if a query message and if an attribute or element key / value is missing, return NULL
2004-08-30 Emmanuel Raviart <eraviart@entrouvert.com>
New logout test => Red alert!
Removed low-level bindings from SWIG.
In PHP, error constants keep their LASSO_ prefix (because PHP4 doesn't have
the notion of namespaces).
2004-08-30 Nicolas Clapies <nclapies@entrouvert.com>
Little lean of the code
2004-08-30 Christophe Nowicki <cnowicki@easter-eggs.com>
PHP Binding : PHP does not handle namepaces, added lasso_ prefix for all functions.
2004-08-30 Nicolas Clapies <nclapies@entrouvert.com>
Fixed problem when validating the notification : test the remote provider type to get the return url
Added a test in lasso_defederation_build_notification_msg() to test if the federation termination service url exists
Fixed call of lasso_session_remove_assertion() in the right place in init_request() and process_response_msg()
Fixed error in method name : renamed lasso_provider_get_singleLogoutServiceURL() to lasso_provider_get_registerNameIdentifierServiceURL()
Added comment in lasso_defederation_validate_notification() : indicate that query is not signed because of the crypted optional relay state
Added building of federation termination notification return url with QUERY if a RelayState is in the notification
Added lasso_logout_new_from_dump(). Need to be tested
Added parsing of status code value in lasso_logout_response_new_from_query(). Now it sets the Status, StatusCode and his Value attribute in logoutResponse
Fixed bug when dumping and loading from dump server with no metatadata. Now if metadata of the server exists, it adds a ServerMetadata node and embbeds it
2004-08-30 Emmanuel Raviart <eraviart@entrouvert.com>
A few corrections to SWIG binding (a quick commit, so that Christophe can work on it).
2004-08-30 Frederic Peters <fpeters@entrouvert.com>
swig generate new objects/filenames
returns 0 on success
2004-08-30 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG high-level binding now uses camelCase.
Updated SWIG binding to support Java high-level classes.
Simplified java/Makefile.am (but now, it needs to be reworked by an
autotools expert).
ColdFusion simple Java test compiles ok.
2004-08-29 Emmanuel Raviart <eraviart@entrouvert.com>
SWIG should now generate a high-level binding with classes, so I have removed the -noproxy option.
2004-08-29 Frederic Peters <fpeters@entrouvert.com>
updated c# binding for new class names
some tests do not have descriptions
corretly escape xml
2004-08-29 Emmanuel Raviart <eraviart@entrouvert.com>
Removed obsolete Python doc.
When Lasso doesn't recognize the URL query, it now throws a SyntaxError exception.
2004-08-28 Emmanuel Raviart <eraviart@entrouvert.com>
Removed references to lassomod in .cvsignore.
SWIG now produces high-level bindings.
(python/Makefile.am needs some cleaning IMHO, but I don't understant it).
2004-08-28 Frederic Peters <fpeters@entrouvert.com>
renamed API reference to API reference (was reference manual)
xml encoding of special characters (&, <, >)
new URLs and version info for 0.3.0
2004-08-28 Emmanuel Raviart <eraviart@entrouvert.com>
Converted Identity & Session to real objects in SWIG bindings.
Hide LibAuthnRequest attributes from SWIG binding.
Added preliminary error throwing in SWIG binding.
Replaced simple object methods whith #define.
Converted SWIG Server into a high-level class with new_from_dump static method and default value for some arguments.
Renamed login_tests.py to profiles_tests.py.
Added Server tests (=> discovered bug #265).
Transformed LassoAuthnRequest as a true SWIG class with attributes and methods for all bindings.
2004-08-27 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
2004-08-27 Emmanuel Raviart <eraviart@entrouvert.com>
Added method Logout.reset_session_index in Python high-level binding.
2004-08-27 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-08-27 Emmanuel Raviart <eraviart@entrouvert.com>
Added support for "invalid query" errors in Python high-level binding.
2004-08-27 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
Renamed method name lasso_session_get_next_assertion_remote_providerID to lasso_session_get_next_providerID
Added return of code error LASSO_PROFILE_ERROR_INVALID_QUERY when an error occurs while parsing a federation termination notification message query in lasso_defederation_process_notification_msg()
Added code error LASSO_PROFILE_ERROR_INVALID_QUERY, returned when an error occurs while parsing a query message
2004-08-27 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected SWIG binding.
Corrected Python tests.
2004-08-27 Nicolas Clapies <nclapies@entrouvert.com>
Added index attribute (session->index_providerID) of next provider id returned when a call to lasso_session_get_providerID(), added lasso_session_reset_index_providerID() to reset the index to the first provider id of assertion list. the index is decremented when removing assertion. lasso_get_next_providerID() returns NULL if there is no assertion anymore or if the index point is at the end of the list. Added lasso_logout_get_next_providerID() lasso_logout_reset_index_providerID() to wrap session method
2004-08-27 Emmanuel Raviart <eraviart@entrouvert.com>
Replaced SWIG specific functions to access "request" and "response" attributes of profiles, with SWIG read-only attributes.
2004-08-27 Nicolas Clapies <nclapies@entrouvert.com>
Removed g_assert in samlp_request_abstract object when setting required attributes and elements. Added tests in federation termination notification building from QUERY export for required elements, return NULL if error, notification object if ok
2004-08-27 Emmanuel Raviart <eraviart@entrouvert.com>
Removed SWIG Lasso.c file.
Added a Python test for defederation (currently it aborts).
2004-08-27 Frederic Peters <fpeters@entrouvert.com>
more on single sign on
2004-08-26 Frederic Peters <fpeters@entrouvert.com>
searches all text files for unknown functions
improvement
2004-08-26 Emmanuel Raviart <eraviart@entrouvert.com>
Forgot to declare a parameter as optionnal.
Added constant lassoHttpMethodAny.
Added error constants to SWIG (and one to Python).
2004-08-26 Frederic Peters <fpeters@entrouvert.com>
new parameter to lasso_logout_init_...
fix included file name
2004-08-26 Nicolas Clapies <nclapies@entrouvert.com>
Added a param to method lasso_defederation_init_notification(). Now if it is set, lasso can choose a specific defederation protocol profile depending on the http method value of this param
Replaced xmlFree with g_free in lasso_logout_get_next_providerID() for current_provider_id
*** empty log message ***
Renamed register_name_identifier.* to name_registration.* files
Oups, missing commit of the new Lasso.i swig file :p
Added a param to method lasso_logout_init_request(). Now if it is set, lasso can choose a specific logout protocol profile depending on the http method value of this param
2004-08-26 Frederic Peters <fpeters@entrouvert.com>
removed revision
More on sso profile; sp-side
2004-08-26 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
Rename constant LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILLE to LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE, now can be use by all profiles
2004-08-26 Frederic Peters <fpeters@entrouvert.com>
new lasso documentation
2004-08-26 Nicolas Clapies <nclapies@entrouvert.com>
Added remove of assertion in lasso_logout_init_request(), and lasso_logout_process_response_msg() if there was an error while processing a LogoutResponse with HTTP SOAP method, added a returned code error for Unsupported profile status code
2004-08-26 Emmanuel Raviart <eraviart@entrouvert.com>
Moved SWIG constructors and destructors from Lasso.c to Lasso.i.
2004-08-25 Nicolas Clapies <nclapies@entrouvert.com>
Added tests to verify if the request message is a LogoutRequest in lasso_login_process_request_msg() and if the response message is a LogoutResponse in lasso_logout_process_response_msg()
Added a test in lasso_login_init_from_authn_request_msg() to verify if the request message is an AuthnRequest message, if not, returns a code error
added include for string.h
Added in lasso_login_process_authn_response_msg() setting of msg_relayState from lib:RelayState of AuthnResponse message if exists, else msg_relayState is set to NULL
*** empty log message ***
fixed bug : at a done label, use to remove a provider got with lasso_provider_get_ref()
2004-08-25 Emmanuel Raviart <eraviart@entrouvert.com>
Added a --source-dir option to tests.
Removed obsolete Python test framework.
2004-08-25 Nicolas Clapies <nclapies@entrouvert.com>
Added missing private attribute, private variable and desallocation methods : LassoDefederationPrivate *private in LassoDefederation object, static GObjectClass *parent_class in C file, lasso_defederation_dispose() and lasso_defederation_finalize() in LassoFederation object
2004-08-25 Frederic Peters <fpeters@entrouvert.com>
ignore new class
added Defederation profile; workaround lasso-sharp.snk
2004-08-24 Nicolas Clapies <nclapies@entrouvert.com>
added test if identity is set before removing federation
removed federation and assertion
*** empty log message ***
*** empty log message ***
2004-08-24 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected SWIG Defederation binding.
Created Python high-level class for Defederation.
2004-08-24 Nicolas Clapies <nclapies@entrouvert.com>
updated doc conf files for defederation
2004-08-24 Emmanuel Raviart <eraviart@entrouvert.com>
Continue to rename FederationTermination into Defederation.
2004-08-24 Nicolas Clapies <nclapies@entrouvert.com>
renamed lassoFederationTermination to lassoDefederation in lassoRequestType enum
update, now use GError object for each lasso_server_get_provider_ref()
renamed lasso_federation_termination_get_type to lasso_defederation_type
*** empty log message ***
renamed lasso/environs/federation_termination.* to lasso/environs/defederation.*
2004-08-24 Emmanuel Raviart <eraviart@entrouvert.com>
Created SWIG bindings for Defederation (new name of FederationTermination).
2004-08-24 Nicolas Clapies <nclapies@entrouvert.com>
use lassoProviderType instead of gint for provider_type params
*** empty log message ***
Set the nameIdentifier attribute after a call to init_notification()
updated process of logout response msg at SP. Now if the initial requester is a SP and the HTTP method is SOAP and if the logout request fails, then lasso builds a new logout request for HTTP Redirect method and set only msg_url
*** empty log message ***
fixed bug in lasso_federation_termination_build_notification_msg() : now it gets the remote provider real service url
updates
minor updates
fixed bug in lasso_logout_get_next_providerID() when looking for a remote provider id when session attribute is NULL
2004-08-24 Romain Chantereay <rchantereau@entrouvert.com>
Corrected configure option help.
Told to use with-pkg-config= and no with-pkg-config-path wich it the good option
name.
2004-08-24 Nicolas Clapies <nclapies@entrouvert.com>
fixed problem of finding the remote provider type in build_request_msg()
added error messages if invalid attributes in logout object while setting building request and message
2004-08-23 Romain Chantereay <rchantereau@entrouvert.com>
Serious rewrite of the automake file.
The php extension is now named lasso.
The LTLIBRARIES if for 'php_extension' and no more 'lib'.
The swig command invokation is updated to use the new php extension name.
2004-08-23 Romain Chantereay <rchantereau@entrouvert.com>
Completed autoconf files output directive with win32 directories Makefile.
Rewritent the lasso win32 resource file dependency on the top_srcdir and not relative parent directory.
2004-08-23 Romain Chantereay <rchantereau@entrouvert.com>
Cleaned a little the automake files.
Proper use of $(top_srcdir).
Proper use of $DEPDIR.
Added $(top_srcdir)/swig/Lasso.c to java shared object compilation.
2004-08-23 Romain Chantereay <rchantereau@entrouvert.com>
Re added win32 directory in the distribution.
2004-08-23 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
verify if session and identity are set in logout object
2004-08-23 Romain Chantereay <rchantereau@entrouvert.com>
Removed php subdirectories Makefile generations.
2004-08-23 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-08-23 Romain Chantereay <rchantereau@entrouvert.com>
REmoved now useless binding files.
See attic for more information.
Now PHP Binding is handled by SWIG.
2004-08-23 Nicolas Clapies <nclapies@entrouvert.com>
updpated process of protocol profile
added support of URI identifier in signature
2004-08-22 Valery Febvre <vfebvre at easter-eggs.com>
Added a new param "use_xsitype" (gboolean) in constructors of classes: LassoLibSubject, LassoLibAssertion, LassoLibAuthenticationStatement
Added lasso_node_new_ns_prop() method in LassoNode class
2004-08-21 Frederic Peters <fpeters@entrouvert.com>
updated debian package description; added packaging of the C# assembly.
updated debian package description; added packaging of the C# assembly.
updated example with correct path to certificates
more C# fun. dll is now registered with gacutil. But it needed a StrongName; this is sort of a cryptographic signature for DLL; not clear about this. The key is in csharp/lasso-sharp.snk
2004-08-21 Emmanuel Raviart <eraviart@entrouvert.com>
Bug correction in last PHP changes.
2004-08-21 Frederic Peters <fpeters@entrouvert.com>
forgot to distribute lasso.dll.config
C# example
some files were renamed
I don't know the purpose of this file.
working lasso c# binding. next step is to figure how mono manages the directories (currently it looks like CLASSPATH mess but gacutil may be useful).
2004-08-21 Emmanuel Raviart <eraviart@entrouvert.com>
Updated "Writing a SP" doc & PHP binding to Lasso API change.
2004-08-21 Valery Febvre <vfebvre at easter-eggs.com>
Moved param 'http_method' of lasso_login_build_authn_request_msg() method in lasso_login_init_authn_request() BEWARE : this change breaks the API
Added checks not to do copies of NULL objects.
Changed LASSO_PARAM_ERROR_INVALID_VALUE error message
Fixed a mistake: the signature template should be added before the ProviderID
2004-08-21 Frederic Peters <fpeters@entrouvert.com>
getting there; it builds and installs correctly but I'm still trying to separate assembly name and file name. (no, I don't know what is an assembly name)
a few files to ignore
usable lasso c# bindings; liblassosharpglue.so is installed in libdir and lasso.dll in /usr/share/dotnet/lasso/
compile with mcs -g -nologo -r:lasso.dll -out:runme.exe runme.cs
2004-08-21 Valery Febvre <vfebvre at easter-eggs.com>
Removed lassoLibProtocolProfileSSOGet, lassoLibProtocolProfileSSOPost Added lassoXsiHRef, lassoXsiPrefix
2004-08-21 Frederic Peters <fpeters@entrouvert.com>
added c# binding; I'm not sure how all of this works and a little program compiles and run:
using System;
public class runme
{
static void Main()
{
Console.WriteLine("lasso_init");
int rc = lassomod.lasso_init();
Console.WriteLine(String.Format("sortie de lasso_init: {0}", rc));
LassoServer server = new LassoServer(
"../tests/data/idp1-la/metadata.xml",
"",
"../tests/data/idp1-la/private-key-raw.pem",
"../tests/data/idp1-la/certificate.pem",
lassomod.lassoSignatureMethodRsaSha1);
Console.WriteLine("lasso_shutdown");
lassomod.lasso_shutdown();
}
}
2004-08-21 Frederic Peters <fpeters@entrouvert.com>
Fixed lasso_server_new parameter type.
When you make change in header files (such as [1]) think about the bindings and
adapt them; thanks.
[1] http://cvs.labs.libre-entreprise.org/cgi-bin/cvsweb.cgi/lasso/lasso/environs/server.c.diff?r1=1.54;r2=1.55;cvsroot=lasso
2004-08-21 Frederic Peters <fpeters@entrouvert.com>
replaced lots of const char* wasting memory and a treat to binary compatibility with lots of #define wasting nothing at all.
doesn't fail on second run
I prefer it that way
reenabled tests since the swig binding is ok now
2004-08-21 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_login_accept_sso() Updated gtk-doc
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
Modified PHP bindings in an attempt to add new argument to method lasso_build_authn_request_msg.
Updated the documentation to reflect API change.
Added new argument to lasso_login_build_authn_request_msg.
2004-08-20 Valery Febvre <vfebvre at easter-eggs.com>
Added a new param 'http_method' in lasso_login_build_authn_request_msg() BEWARE : this change breaks the API
2004-08-20 Romain Chantereay <rchantereau@entrouvert.com>
The local clean rule now remove the package sub directory (com).
The dirty rule now have a little goldy spray that test the existence of the
com/entrouvert/lasso/lasso.java source file before trying to copy it from the
distribution.
Modified PHP extension installation directory, now it is prefixed.
2004-08-20 Romain Chantereay <rchantereau@entrouvert.com>
Created unprefixed PHP_UNPREFIXED_EXTENTION_DIR in order to prefix it with the supplied configure prefix. Is it useful in this PHP special case ? I do not think so, but, the user is the master.
Moved the libtool bad versionning computation after program tests in order to
use the founded sed program ($SED) and not just 'sed'.
Every calls to 'sed' use the founded 'sed' ($SED).
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
talking about idpProviderID
file moved
fixed function name
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
In Python high-level binding, constants are now defined using 2 forms: as a global variable and as a dict item. For example: libNameIDPolicyTypeFederated and libNameIDPolicyTypes['federated'].
2004-08-20 Romain Chantereay <rchantereau@entrouvert.com>
Use libtool generated la instead of human -llasso and -Ldir...
Removed an useless inclusion directory.
Coded mechanisms in order to permit distcheck to work cleanly.
It is a little dirty, but... Perphas using libtool facilities.
Removed an useless inclusion directory.
Now include <lasso/lasso.h> and <lasso/lasso_config.h> instead of <lasso.h> and <lasso_config>h>
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
Corrections in Python high-level binding:
- Added missing self in previous commit.
- Server default constructor allows again to give no arguments.
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
I have always wanted that Python bindings for GTK, libXML, etc, allow the user to override the classes they define. So I did it for Lasso Python high-level bindings.
2004-08-20 Valery Febvre <vfebvre at easter-eggs.com>
Update and 2 fixs
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
cleaned Makefile.am (I'm curious about the NULL= idiom; where did it come from ?)
2004-08-20 Christophe Nowicki <cnowicki@easter-eggs.com>
new setup system
2004-08-20 Valery Febvre <vfebvre at easter-eggs.com>
Removed useless files ds_signature.c & ds_signature.h
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
removed the remaining ds_signature stuffs
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
Added method get_authentication_method to session in high-level Python binding.
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
install lasso.py (and cleaned a bit the Makefile.am)
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
Removed trash from SWIG binding.
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
typo
errors propagate; fixes follow them.
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
Ignore some files in swig.
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
Also look for include files in top_src_dir/lasso. As for the python binding. I actually think this is a bug; why should lasso_wrap.c include lasso.h and not <lasso/lasso.h> ?
get your act on ds_signature; please.
include top source dir
fixed includes
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
Removed a "s".
Updated .cvsignore.
Removed old Python binding.
Updated Python high-level binding and tests.
May all the lights be green!
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
ignore build; no longer need to ignore a bunch of other files
gtkdoc example was misleading; caused confusions between what was generated and what was not, etc. Improved things a bit.
cleanup and remove result.xml
2004-08-20 Emmanuel Raviart <eraviart@entrouvert.com>
Created a high-level API above SWIG Python API.
Removed a trailing "s" from an enum.
2004-08-20 Frederic Peters <fpeters@entrouvert.com>
fixed python path
2004-08-19 Frederic Peters <fpeters@entrouvert.com>
install python in $prefix/lib/python2.3/ instead of $pyprefix/...
certs are not in builddir; take care of that
include a bunch of ssl thingies in release (make distcheck goes further)
2004-08-19 Frederic Peters <fpeters@entrouvert.com>
Copy the examples but when the examples are wrong you are screwed.
Too bad.
Never write to srcdir.
2004-08-19 Emmanuel Raviart <eraviart@entrouvert.com>
Commented parts of the SWIG bindings that is not done yet.
Note: This commit includes a secret gift.
2004-08-19 Frederic Peters <fpeters@entrouvert.com>
the quest for a working distcheck; don't be miserable, use make features (directed to me; I never remember $?, $@ and family)
the quest for a working make distcheck; part 1: srcdir is not always builddir.
TODO was removed dude
an empty TODO file was misleading
removed CVS tag lines that were scattered all around the file (kept as empty comments since they were marks of file change)
Makefile.am in swig directory so that make clean and make dist works properly
set docdir as datadir/doc/lasso
2004-08-19 Emmanuel Raviart <eraviart@entrouvert.com>
Removed signature functions whose arguments have changed from SWIG binding. They are not for public use anyway.
Java & Python binding should now compile correctly => 2 green lights.
2004-08-19 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a mistake with name identifiers of the assertions
Removed debug messages
2004-08-19 Emmanuel Raviart <eraviart@entrouvert.com>
Deeply reworked SWIG bindings for the Lasso objects we currently use.
Note: Python high-level bindings are not yet updated to use these SWIG
bindings.
2004-08-19 Romain Chantereay <rchantereau@entrouvert.com>
Reformated some lines in python Makefile.am
Added -I.. to java Makefile.am CFLAGS.
Some modifications.
The rules generating the C wrapper is defined generating the python wrapper too.
Use JDK_INCLUDE if jdk is Kaffe's or Sun's.
2004-08-19 Frederic Peters <fpeters@entrouvert.com>
disabled tests that do not really need really quick fixing. (with the hope to get a full green line)
2004-08-19 Christophe Nowicki <cnowicki@easter-eggs.com>
Setup PHP Interface in progress ;0)
2004-08-19 Romain Chantereay <rchantereau@entrouvert.com>
Completly recoded the java detection and configuration framework.
Now compile very well with kaffe and GNU Java compiler.
Should compile without any complain with sun jdk if --with-java-home is used.
2004-08-19 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_node_verify_signature() & lasso_node_verify_x509_signature()
Replaced a HRef by NULL
Commented some incorrect lines of code
2004-08-19 Christophe Nowicki <cnowicki@easter-eggs.com>
more logical comparaison
logout
2004-08-19 Valery Febvre <vfebvre at easter-eggs.com>
Removed ds_signature.c & ds_signature.h
2004-08-19 Romain Chantereay <rchantereau@entrouvert.com>
Java binding is no more activated when:
- Java compiler is gcj
- jni.h is not compilable.
2004-08-19 Valery Febvre <vfebvre at easter-eggs.com>
Update python binding
2004-08-19 Valery Febvre <vfebvre at easter-eggs.com>
Splited lasso_node_verify_signature() (LassoNode class) in 2 methods: lasso_node_verify_signature(), lasso_node_verify_x509_signature()
Added 2 private methods in LassoNode:
add_signature_tmpl(),
sign_signature_tmpl(),
Removed 'err' param in all methods for signing
2004-08-19 Valery Febvre <vfebvre at easter-eggs.com>
Added 2 methods: lasso_samlp_response_abstract_set_signature_tmpl(), lasso_samlp_response_abstract_sign_signature_tmpl()
Removed err param in lasso_samlp_response_abstract_set_signature()
Added 2 methods: lasso_samlp_request_abstract_set_signature_tmpl(), lasso_samlp_request_abstract_sign_signature_tmpl()
Removed err param in lasso_samlp_request_abstract_set_signature()
Added a '_' character at the begining of all ids generated by lasso_build_unique_id()
Update codes
Added a signature template in lasso_request_new()
Added 2 params in lasso_authn_request_new() sign_type & sign_method are used to build the signature template
Changed type of signature_method guint -> lassoSignatureMethod
2004-08-19 Nicolas Clapies <nclapies@entrouvert.com>
fixed bug in lasso_logout_build_response_msg() : build the response message depending on the HTTP method requester
2004-08-19 Romain Chantereay <rchantereau@entrouvert.com>
Added ds_signature in the Makefile sources and headers declarations.
2004-08-19 Christophe Nowicki <cnowicki@easter-eggs.com>
PHP Binding : Added lasso_profile_set_session_from_dump Now lasso_cast_to_profile take to different reources Sample SP : Logout in progress
2004-08-19 Romain Chantereay <rchantereau@entrouvert.com>
If swig not present: SWIG=echo
python automake use $SWIG instead of swig.
2004-08-19 Frederic Peters <fpeters@entrouvert.com>
removed logout part from C test 2; it would work now. But http://buildbox.entrouvert.org/logs/20040818/lupin.1820.changelog.xml
2004-08-19 Emmanuel Raviart <eraviart@entrouvert.com>
Bug correction.
__str__ should not have arguments.
2004-08-19 Romain Chantereay <rchantereau@entrouvert.com>
The old subdirs python Makefile generation is no more needed.
Include swig Interface file in the source distribution.
Now python binding is handled by SWIG. Manou takes the following parts.
All the file in the python directory except Makefile.am are useless now; but I
do not remove it.
2004-08-18 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
federation termination updates
little register name identifier udpates
2004-08-18 Romain Chantereay <rchantereau@entrouvert.com>
Oups.
Reverted to 1.7 for lasso-sections.txt
maintainer-clean do not remove it anymore.
Java now distributes itself well and compile well too. (SWIG not needed when compiling sources distribution.)
Added generation and clean of lasso-references.txt
2004-08-18 Valery Febvre <vfebvre at easter-eggs.com>
Removed ds_signature.c & ds_signature.h
Added a '%s' in LASSO_DS_ERROR_SIGNATURE_FAILED message
2004-08-18 Frederic Peters <fpeters@entrouvert.com>
warning about the total uselessness of lasso_server_dump
2004-08-18 Christophe Nowicki <cnowicki@easter-eggs.com>
Rename install.php to setup.php
2004-08-18 Frederic Peters <fpeters@entrouvert.com>
section about lasso_server_dump and lasso_server_new_from_dump
2004-08-18 Christophe Nowicki <cnowicki@easter-eggs.com>
Service Provider written in PHP (login is working and logout will work soon ;0)
Add environ/lasso_logout.c
Add logout functions : lasso_logout_new, lasso_logout_init_request, lasso_logout_build_request_msg
2004-08-18 Frederic Peters <fpeters@entrouvert.com>
properly use libtool convenience libraries (intend is to build correctly on hppa)
2004-08-18 Romain Chantereay <rchantereau@entrouvert.com>
Update interface (moved _bla to bla).
2004-08-18 Nicolas Clapies <nclapies@entrouvert.com>
udpate of logout and federation profiles
added private attribute http_request_method in profile class to know the HTTP method in defederation, name registration, logout and name mapping used by the requester
renamed federationTerminationReturnServiceURL to federationTerminationServiceReturnURL
2004-08-18 Frederic Peters <fpeters@entrouvert.com>
properly don't enable python if it was not detected
2004-08-17 Frederic Peters <fpeters@entrouvert.com>
shortened title a bit
this script checks a documentation file for functions that do not exist
they may talk about correctness but won't make it
2004-08-17 Romain Chantereay <rchantereau@entrouvert.com>
Updated Interfaces. Commented out all .*Class$.
2004-08-17 Frederic Peters <fpeters@entrouvert.com>
typo
2004-08-17 Nicolas Clapies <nclapies@entrouvert.com>
updated error checkings with ret / goto done method
2004-08-17 Emmanuel Raviart <eraviart@entrouvert.com>
I presume that the writer of the documentation "Writing a Liberty Alliance service provider in C" has never coded such a SP in C.
2004-08-17 Christophe Nowicki <cnowicki@easter-eggs.com>
rename lasso_login_set_identity_from_dump to lasso_profile_set_identity_from_dump
fix cvs sticky state problem.
Added lasso_session_dump
added lasso_login_set_identity_from_dump
fix cvs sticky state ;(
2004-08-17 Nicolas Clapies <nclapies@entrouvert.com>
added UnsupportedProfile constant
updated doc in logout, fixed Feature Requests item #253, must be tested, added doc to federation termination notification
removed unwanted code
removed unwanted attribute in logout object
2004-08-16 Nicolas Clapies <nclapies@entrouvert.com>
added API doc comments
2004-08-16 Christophe Nowicki <cnowicki@easter-eggs.com>
Add lasso_profile_get_identity, lasso_profile_is_identity_dirty, lasso_profile_get_session, lasso_profile_is_session_dirty
2004-08-16 Frederic Peters <fpeters@entrouvert.com>
where is the name identifier
detect and use rest2html
signature
2004-08-16 Christophe Nowicki <cnowicki@easter-eggs.com>
Added lasso_login_process_response_msg and fix a minor bug in lib_authn_request (bool)
2004-08-16 Frederic Peters <fpeters@entrouvert.com>
last one
cast Login et Logout to Provider
2004-08-16 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-08-16 Emmanuel Raviart <eraviart@entrouvert.com>
Improved session deletion in Python simulator.
Removed comments.
2004-08-14 Frederic Peters <fpeters@entrouvert.com>
format the metadata to avoid an horizontal scrollbar
lasso_provider_get_assertionConsumerServiceURL now returns a glib-allocated string (instead of libxml2-allocated) since it was already declared to return gchar*. Moreover it strips the returned string so that is is possible to have some spacings in the metadata file.
<AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">
https://service-provider:2003/liberty-alliance/liberty-alliance/assertionConsumer
</AssertionConsumerServiceURL>
won't no more cause a redirect to Location:\n https://...
missing parameter
trying to fix login test 2
get away from G_LOG_LEVEL_ERROR since they cause abort()
test for xmlParseMemory success
// are not in ISO C90
include <xmlsec/base64.h> since xmlSecBase64Decode is used
%F is only defined in C99 and %T in the Single Unix Specification; use more conservative "%Y-%m-%dT%H:%M:%SZ"
2004-08-14 Emmanuel Raviart <eraviart@entrouvert.com>
Added logout to sample Liberty proxy, but it fails because of Lasso bug #259.
2004-08-13 Frederic Peters <fpeters@entrouvert.com>
include xmlsec/base64.h since it uses one of those functions
declarations first (and s/lenght/length/)
2004-08-13 Emmanuel Raviart <eraviart@entrouvert.com>
Added client flag to SSL servers, because each server is also a SOAP client.
2004-08-13 Frederic Peters <fpeters@entrouvert.com>
missed an arg
2004-08-13 Emmanuel Raviart <eraviart@entrouvert.com>
Removed certificates that are no more used.
Improved lasso/.cvsignore.
Updated Python sample sites to use new certificates.
Added forgotten LECP public keys.
2004-08-13 Valery Febvre <vfebvre at easter-eggs.com>
Added error checks and error messages
Added signature element in lib:AuthnRequest (POST method)
and in samlp:Request
lasso_server_add_provider returns now a -202 error when it fails
*** empty log message ***
Modified 4 error codes Added one
Added comments
2004-08-13 Emmanuel Raviart <eraviart@entrouvert.com>
Added metadata corresponding to new certificates.
Updated non regression tests to use these certificates and metadata.
2004-08-12 Emmanuel Raviart <eraviart@entrouvert.com>
Added sample X.509 certificates and keys.
2004-08-12 Frederic Peters <fpeters@entrouvert.com>
worth a table of contents
2004-08-12 Christophe Nowicki <cnowicki@easter-eggs.com>
remove all debug messages.
2004-08-12 Frederic Peters <fpeters@entrouvert.com>
workaround xmlsec bug
links to API; at best.
shuffling notes
new section on compilation/linkage; new section on return code checking; fixes to the code samples.
2004-08-12 Christophe Nowicki <cnowicki@easter-eggs.com>
fix bool value in lasso_lib_authn_request_set_forceauthn
fixed wrong args num for lasso_login_init_authn_request
2004-08-12 Emmanuel Raviart <eraviart@entrouvert.com>
Added .cvsignore to lassobook.
2004-08-12 Valery Febvre <vfebvre at easter-eggs.com>
Added tests for errors reporting and to avoid some malicious segfaults
2004-08-12 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected comment.
Create a new test Proxy server (a server between a SP and an IDP, which acts as an IDP for the SP and as a SP for the IDP): login works.
2004-08-11 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_provider_get_providerID
Replaced lasso_str_hash by lasso_sha1
Removed Base64 encoding of result in lasso_build_unique_id() funct
Renamed 4 error codes and added one
Added param 'type' in set_debug_info()
Fixed GError* bugs
Added tests for errors reporting and to avoid some malicious segfaults
Fixed a bug with metadata ProviderID attribute is "providerID" instead of "ProviderID"
Removed param 'err' in lasso_provider_get_providerID
Added a param 'err' in 2 methods of LassoServer class: lasso_server_get_provider, lasso_server_get_provider_ref for errors reporting
Changed return type for 5 methods in LassoNode: lasso_node_dump, lasso_node_export, lasso_node_export_to_base64, lasso_node_export_to_query, lasso_node_export_to_soap
2004-08-11 Frederic Peters <fpeters@entrouvert.com>
style
more on database section
style
section about database
2004-08-11 Emmanuel Raviart <eraviart@entrouvert.com>
Better handling and checking of Liberty-Enabled header.
2004-08-11 Frederic Peters <fpeters@entrouvert.com>
section about LassoServer
2004-08-11 Emmanuel Raviart <eraviart@entrouvert.com>
Removed server public key in tests: it seems that it is no more used.
In Python simulator, redirect now accepts partial URLs.
In python/tests, there are now a sample IDP (sample-idp.py) and a sample SP (sample-sp.py). The two applications are real servers.
2004-08-11 Frederic Peters <fpeters@entrouvert.com>
more code in the documentation
2004-08-10 Frederic Peters <fpeters@entrouvert.com>
fixed a few errors
warning about *not* taking care of memory management and error checking
fix
documentation about writing a service provider in C
2004-08-10 Christophe Nowicki <cnowicki@easter-eggs.com>
Added new PHP Unit test for Lasso Login and Lasso Server.
2004-08-10 Romain Chantereay <rchantereau@entrouvert.com>
Corrected automake problems.
2004-08-10 Christophe Nowicki <cnowicki@easter-eggs.com>
add php unit test support. just run php -f php/run-tests.php
create php/run-tests.php and export PHP_PATH
2004-08-10 Romain Chantereay <rchantereau@entrouvert.com>
Create package directory if not exists.
2004-08-10 Romain Chantereay <rchantereau@entrouvert.com>
- Added java binding swig generation.
- Added Swig Interface file.
- Added readme for java build dependencies
- Removed old java/src directory (still present on the CVS and this is
important).
2004-08-10 Emmanuel Raviart <eraviart@entrouvert.com>
Improved Python unit tests.
2004-08-10 Christophe Nowicki <cnowicki@easter-eggs.com>
Removed the param 'remote_providerID' of lasso_login_init_authn_request() method Added a param 'remote_providerID' in lasso_login_build_authn_request_msg() method Fix compilation warnings, avoid multiple definitions and REGISTER_STRING_CONSTANT
2004-08-10 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_login_process_authn_response_msg() method
2004-08-09 Emmanuel Raviart <eraviart@entrouvert.com>
Renamed LEC to LECP. It is really a proxy.
LECP now nearly works. Still a segmentation fault at the end, but Valos is aware of it.
2004-08-09 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a BIG bug in lasso_node_add_child() method
Fixed a bug in lasso_server_dump()
2004-08-09 Emmanuel Raviart <eraviart@entrouvert.com>
Updated Python tests. Not finished but Valos want it to debug Lasso.
Slightly corrected C test.
2004-08-09 Frederic Peters <fpeters@entrouvert.com>
new lack of error checking test case; not even the developer fault this time; the program got bad data; lasso segfault.
2004-08-09 Valery Febvre <vfebvre at easter-eggs.com>
Small fix
Fixed a bug in lasso_lecp_build_authn_request_msg()
Updated server
Added XML export type in lasso_authn_request_envelope_new_from_export()
Server objects can now be created without metadata
Corrected correction
Update
2004-08-09 Valery Febvre <vfebvre at easter-eggs.com>
Removed Base64 encoding in lasso_lecp_build_authn_response_msg() Removed Base64 decoding in lasso_lecp_process_authn_request_envelope_msg()
Removed the param 'remote_providerID' of lasso_lecp_init_authn_request()
Added a param 'remote_providerID' in lasso_lecp_build_authn_request_msg()
Added 3 params in lasso_lecp_build_authn_response_envelope_msg()
They are necessary to build the Assertion, to process the federation and
possibly to set the Status.
2004-08-09 Valery Febvre <vfebvre at easter-eggs.com>
Removed the param 'remote_providerID' of lasso_login_init_authn_request() method Added a param 'remote_providerID' in lasso_login_build_authn_request_msg() method
Added 3 missing #include
2004-08-09 Frederic Peters <fpeters@entrouvert.com>
the point is to fix lasso not to segfault; not to fix tests to make lasso happy.
2004-08-09 Valery Febvre <vfebvre at easter-eggs.com>
'Class methods' Login.new() & Logout.new() should be used instead of Login() & Logout() constructors
Added doc
2004-08-09 Emmanuel Raviart <eraviart@entrouvert.com>
Updated Python unit tests infrastructure, so that it can be reused for independant simulation applications.
Added module http. It is derived from Expression eponym module, but it is derived from abstractweb and it is designed to be a truly independant module.
It still need a lot of work, but may be one day, Expression will use it.
Added module abstractweb. It defines abstract classes for HTTP servers, etc, that are independant of the connection type: They must be overrided for HTTP(S) connection or simulated connections.
Added module assertions to Python Lasso simulator. This module defines global functions to use for unit tests (instead of methods self.fail...) or for other applications.
Added module builtins to Python Lasso simulator. builtins will replace environs in Expression one day.
2004-08-08 Valery Febvre <vfebvre at easter-eggs.com>
Relpaced the lasso_str_hash() call by lasso_sha1() in the lasso_login_build_artifact_msg() method.
Fixed bug #245
In the dump of the identity object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix).
In the dump of the session object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix).
In the dump of the server object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix).
Relpaced the lasso_str_hash() call by lasso_sha1() in the
lasso_server_get_providerID_from_hash() method.
Minor fixs
In the dump of the federation object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix).
In the dump of the provider object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix).
2004-08-08 Frederic Peters <fpeters@entrouvert.com>
missed new files
missed new files
debian packaging: - correct sections - correct FSF address - renamed liblasso-dev to liblasso0-dev (and provides: liblasso-dev) - pointer to /usr/share/common-licenses/GPL
debian packaging: - correct sections - correct FSF address - renamed liblasso-dev to liblasso0-dev (and provides: liblasso-dev) - pointer to /usr/share/common-licenses/GPL
fixed FSF address
2004-08-07 Emmanuel Raviart <eraviart@entrouvert.com>
Added LECP support in Python simulator and unit tests. I think I have found several bugs in Lasso LECP implementation.
My biggest problem is that I didn't find a way for IDP to set
userAuthenticated, authenticationMethod, reauthenticateOnOrAfter to lecp
before (or when) building response envelope with
lecp.build_authn_response_envelope_msg(). Did I overlook something?
2004-08-07 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_sha1() method (will replace lasso_str_hash)
2004-08-07 Frederic Peters <fpeters@entrouvert.com>
new tests; lasso needs some error checking
2004-08-07 Emmanuel Raviart <eraviart@entrouvert.com>
Added attributes request, request_type, response, response_type to Lecp in Python binding. Close bug #247.
2004-08-06 Emmanuel Raviart <eraviart@entrouvert.com>
Added tests for forceAuthn. Light will still be green.
Added Python simulation for isPassive and corrected some simulation bugs. Added isPassive tests.
2004-08-06 Valery Febvre <vfebvre at easter-eggs.com>
Moved session & identity properties in private section
Removed debug messages
Removed an invalid SGML tag
Update of the Lasso API Reference
2004-08-06 Emmanuel Raviart <eraviart@entrouvert.com>
New Python tests.
Added new Python test. It works, but see bug #245.
Reversed error sign convention for Python binding.
2004-08-06 Valery Febvre <vfebvre at easter-eggs.com>
Added missing parameter description in 5 methods
2004-08-06 Frederic Peters <fpeters@entrouvert.com>
summarized libtool version info comment
2004-08-06 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected a bug in test.
2004-08-06 Christophe Nowicki <cnowicki@easter-eggs.com>
Fixed #244 : check for libexpat
2004-08-06 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_login_must_authenticate() method
2004-08-06 Emmanuel Raviart <eraviart@entrouvert.com>
Added a new test. If Nico & Valos are not quick enough, the light will be red.
Cleanly separated the new Python Lasso simulator from unit tests.
2004-08-06 Christophe Nowicki <cnowicki@easter-eggs.com>
PHP_PREFIX in configure.ac. Add good LDFLAGS and LIBADD to php/Makefile.am Now php load the lasso extension :
$ php -m | grep lasso
lasso
remove COMPILE_DL_LASSO ... now php can load lasso.so
2004-08-06 Valery Febvre <vfebvre at easter-eggs.com>
Renamed all SAMLArt strings by SAMLart
2004-08-06 Romain Chantereay <rchantereau@entrouvert.com>
Fixed reference docs make problems:
- Docs did not compile invoking top level make when enabled in configure.
- Docs did not compile in references directory with make all.
- Docs used the old substitution variables.
2004-08-06 Emmanuel Raviart <eraviart@entrouvert.com>
An early commit of the new Python test. It is not clean yet, but the light will be green again :-)
Corrected error in Error.
2004-08-06 Romain Chantereay <rchantereau@entrouvert.com>
Sorry.
Fixed some bad done cut/paste.
REmoved some useless tests.
2004-08-06 Frederic Peters <fpeters@entrouvert.com>
string.h never used; no need to check it
random long awaited fixes
2004-08-06 Romain Chantereay <rchantereau@entrouvert.com>
Added lasso/environs/lecp.h inclusion.
Added missing dist docs.
2004-08-06 Christophe Nowicki <cnowicki@easter-eggs.com>
install module in `php-config --extension-dir` in state of /usr/lib
add PHP_PREFIX
2004-08-06 Nicolas Clapies <nclapies@entrouvert.com>
update of code style
updated code style
Renamed load_notification_msg to process_notification msg, renamed process_request to validate_request, added some goto for code error, little update of the code style, updated examples
2004-08-05 Romain Chantereay <rchantereau@entrouvert.com>
- Big step toward unified output.
- Enable for feature.
- With for path to program (with-python, with-php-config).
2004-08-05 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
lasso_profile_get_identity() & lasso_profile_get_session() return now NULL if the identity/session is empty. lasso_profile_is_identity_dirty() & lasso_profile_is_identity_dirty() return now FALSE if the identity/session is NULL.
lasso_server_get_providerID_from_hash() method takes now a hash base64 encoded as argument.
Added automatic detection for the lasso HRef in lasso_node_get_child()
2004-08-05 Nicolas Clapies <nclapies@entrouvert.com>
fix in lecp
2004-08-05 Valery Febvre <vfebvre at easter-eggs.com>
Replaced a lot of wrong issueInstance words by issueInstant Renamed 3 methods: lasso_saml_assertion_set_issueInstant(), lasso_samlp_request_abstract_set_issueInstant(), lasso_samlp_response_abstract_set_issueInstant()
2004-08-05 Romain Chantereay <rchantereau@entrouvert.com>
Corrected error due to focus problem.
PHP build by default
2004-08-05 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
fixed coding style
2004-08-05 Romain Chantereay <rchantereau@entrouvert.com>
Unified configuration report.
pkg-config => $PKG_CONFIG
Fix #231
- Fix #234
2004-08-05 Christophe Nowicki <cnowicki@easter-eggs.com>
automake/autoconf support for the php binding
2004-08-05 Romain Chantereay <rchantereau@entrouvert.com>
- Added explanations to libtool versionning system. - Added explanations in order to fix a "good" version number in order to produce a correct libtool version.
- Fixed #229.
- Fixed #202.
Remove command line PACKAGE definition (already done in lasso_config.h).
Unified configure output. (#229)
Corrected some errors with AM_CONDITIONAL bad placed calls.
Use of conditional subdirectories.
This permit automake to automaticaly define a correct DIST_SUBDIRS.
2004-08-05 Valery Febvre <vfebvre at easter-eggs.com>
lasso_identity_get_federation() & lasso_identity_add_federation() methods make now a copy of the federation object.
update
Added a new argument 'err' in lasso_artifact_get_* methods for errors reporting.
update
Initial commit
update
2004-08-04 Valery Febvre <vfebvre at easter-eggs.com>
update
update
2004-08-04 Emmanuel Raviart <eraviart@entrouvert.com>
Python binding now raises exceptions instead of returning error codes. Close bug #237.
Slightly improved exception handling in Python.
2004-08-04 Valery Febvre <vfebvre at easter-eggs.com>
Renamed lasso_server_get_provider() into lasso_server_get_provider_ref() Added lasso_server_get_provider(), this method returns a provider copy.
2004-08-04 Christophe Nowicki <cnowicki@easter-eggs.com>
first php binding import
2004-08-04 Romain Chantereay <rchantereau@entrouvert.com>
Added one java automake.
2004-08-04 Romain Chantereay <rchantereau@entrouvert.com>
Me 1, Litlle memory stick Windows computer 0.
First step toward a fully automaked java build.
java now compile and build the DLL.
2004-08-04 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_artifact_new() and lasso_artifact_get_identityProviderSuccinctID() IdentityProviderSuccinctID data (ProviderID SHA1 hash) is now Base64 encoded.
2004-08-04 Emmanuel Raviart <eraviart@entrouvert.com>
Python test02 is now completely refactored. But bigger changes are on the way.
2004-08-04 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
update of lecp python binding
update of the LECP profile
2004-08-04 Valery Febvre <vfebvre at easter-eggs.com>
Moved '#include <lasso/lasso_config.h> into lasso.c Added also in py_lasso.c
*** empty log message ***
Added the SOAP HTTP method in lasso_login_init_from_authn_request_msg()
Added the SOAP export type in lasso_authn_request_new_from_export()
2004-08-04 Emmanuel Raviart <eraviart@entrouvert.com>
The Python test refactoring continues and the light is still green.
2004-08-04 Valery Febvre <vfebvre at easter-eggs.com>
Fixed 3 bugs in lasso_login_new_from_dump()
2004-08-04 Frederic Peters <fpeters@entrouvert.com>
fixed typo; fix bug230
2004-08-04 Emmanuel Raviart <eraviart@entrouvert.com>
The Python test reorganization continues. It detects a new login bug, so the light will be red again.
2004-08-04 Nicolas Clapies <nclapies@entrouvert.com>
remove warning message before lasso_session_remove_assertion()
2004-08-04 Frederic Peters <fpeters@entrouvert.com>
[angry comment removed]
2004-08-04 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Renamed enums (Bug #225): lassoMessageTypes,lassoHttpMethods,lassoRequestTypes into lassoMessageType,lassoHttpMethod,lassoRequestType
Removed the 'identity' arg in lasso_login_new_from_dump() method
2004-08-04 Nicolas Clapies <nclapies@entrouvert.com>
add lasso_session_remove_assertion() in validate_request() and process_response_msg()
set nameIdentifier attribute of the logout object (from LogoutRequest NameIdentifier value) after a call of init_request() method
move server param in new
*** empty log message ***
2004-08-04 Emmanuel Raviart <eraviart@entrouvert.com>
In Python tests, renamed sp to spServer and idp to idpServer.
In Python, Server.add_provider now returns an error code instead of None.
Begin to restructure Python tests.
2004-08-04 Valery Febvre <vfebvre at easter-eggs.com>
Renamed enum lassoProviderTypes into lassoProviderType (Bug #225)
Renamed enum lassoNodeExportTypes into lassoNodeExportType (Bug #225)
Changed all lasso_provider_get_* methods prototype It was added: a 'provider_type' argument to read in the appropriate Descriptor in metadata a 'err' argument for reporting errors
2004-08-04 Emmanuel Raviart <eraviart@entrouvert.com>
I thought I had discover one new bug in Lasso SP logout. I was wrong... I discovered one bug and a missing feature:
- first the feature request: Lasso should set logout.nameIdentifier in
logout.init_request, because there is no way to retrieve the current
nameIdentifier from identity_dump or session_dump
- and now the bug: After the IDP soapEndpoint returns a SOAP response, the
SP process_response_msg doesn't remove the assertion from session (neither
does it set session.is_dirty flag).
See the new test05 for details.
2004-08-03 Emmanuel Raviart <eraviart@entrouvert.com>
Python tests now work again, but please remove the Lasso-CRITICAL below.
Generate identity and service provider context dumps ... ok
Service provider initiated login ... ok
Identity Provider single sign-on when identity and session already exist. ...
(process:22065): Lasso-CRITICAL **: 03-08-2004 22:25:48 An assertion existed
already for this providerID, it was replaced by the new one.
ok
Identity Provider logout. ... ok
2004-08-03 Emmanuel Raviart <eraviart@entrouvert.com>
Install documentation is running after autoconf changes.
Lasso now requires automake 1.8
2004-08-03 Romain Chantereay <rchantereau@entrouvert.com>
No more anoying warning.
2004-08-03 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-08-03 Romain Chantereay <rchantereau@entrouvert.com>
Bye bye AM_CONDITIONAL rests.
(the if WITH_PYTHON are not accurate now).
2004-08-03 Nicolas Clapies <nclapies@entrouvert.com>
initial version
2004-08-03 Romain Chantereay <rchantereau@entrouvert.com>
- No more need of version.h. - Better libtool version computation.
Update to automake 1.8.
Revert.
Updated macro calls: from AM_CONFIG_HEADER to AC_CONFIG_HEADERS.
Corrected SWIG warning. (deleted it.)
- Added libtool auto versionning (or corrected).
- Learn back to the previous Python detection.
- Corrected invalid variable in automake java top dir Makefile.
Commented out coldfusion/Makefile generation.
2004-08-03 Nicolas Clapies <nclapies@entrouvert.com>
replace load_request_msg() with process_request_msg(), process_request() with validate_request(), remove assertion of the authenticated principal in validate_request()
2004-08-03 Romain Chantereay <rchantereau@entrouvert.com>
SWIG is NOT required (yet ?) !
2004-08-03 Nicolas Clapies <nclapies@entrouvert.com>
add request type test for Lecp
2004-08-03 Romain Chantereay <rchantereau@entrouvert.com>
New Autotools infrastructure.
Don't hesitate to report bug (if any).
Main changes:
- No more, or so few AM_CONDITIONAL.
- Binding compilation use AC_SUBST top level Makefile SUBDIRS.
- Change order of AM Macro.
- Added Macro.
- Fix Windows Compilation.
- New way to handle version number.
- Use of lasso_config.h
- more ? I do not remember.
2004-08-03 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a bug in lasso_session_new_from_dump()
Added some optimizations in lasso_identity_add_federation()
2004-08-03 Emmanuel Raviart <eraviart@entrouvert.com>
Bug correction in test04.
Added forgotten Lasso call in test04.
Updated Python test04.
Tell the poor win32 user that he can't test the software
2004-08-03 Nicolas Clapies <nclapies@entrouvert.com>
replace G_LOG_LEVEL_ERROR with G_LOG_LEVEL_CRITICAL
2004-08-03 Emmanuel Raviart <eraviart@entrouvert.com>
Added a new Python regression test that shows that logout doesn't set session is_dirty flag.
Don't build win32 anymore. Makefile.am in win32 directory will disapear anyway.
2004-08-03 Valery Febvre <vfebvre at easter-eggs.com>
- Replaced some charPtrConst_wrap() calls by charPtr_wrap() - Added GPtrArray_wrap() function to wrap GPtrArray into Python list. - Added session_getattr() function, we can get now providerIDs and is_dirty properties of Session objects.
Replaced two G_LOG_LEVEL_ERROR by G_LOG_LEVEL_CRITICAL
Fixed a bug in lasso_identity_new_from_dump()
2004-08-02 Emmanuel Raviart <eraviart@entrouvert.com>
Added test03, which shows a bug in Lasso: When identity and session already exist (and must_authenticate() return False), the call to build_artifact_msg generates:
(process:8083): GLib-GObject-WARNING **: invalid cast from LassoNode' to
LassoSamlNameIdentifier'
(process:8083): lasso-CRITICAL **: file authentication_statement.c: line 84
(lasso_authentication_statement_new): assertion
LASSO_IS_SAML_NAME_IDENTIFIER(idp_identifier)' failed
(process:8083): Lasso-CRITICAL **: 02-08-2004 20:33:59 Failed to build the
AuthenticationStatement element of the Assertion.
and then access to login.nameIdentifier fails.
2004-08-02 Frederic Peters <fpeters@entrouvert.com>
some files to be ignored in debian/
some files to be ignored in debian/
2004-08-02 Emmanuel Raviart <eraviart@entrouvert.com>
Integrated README.WIN32 into Lasso book.
Removed obsolete Python INSTALL file.
Check that Lasso is inited and shotdown only once.
Lasso Python modules now calls init() at first import (I need this
behaviour, because I have several "import lasso" in Expression and I don't
know which one will be called first and I don't want to do something like:
import lasso
if not lasso.inited:
lasso.init()
).
2004-08-02 Romain Chantereay <rchantereau@entrouvert.com>
Added some win32 specific explanations.
2004-08-02 Romain Chantereay <rchantereau@entrouvert.com>
New clean and beauty version of the windows resource file.
use defined constant from lasso_config.h
more to come.
2004-08-02 Romain Chantereay <rchantereau@entrouvert.com>
Modified resource. ()
2004-08-01 Valery Febvre <vfebvre at easter-eggs.com>
Added a new argument 'err' (GError *) in 5 methods: lasso_ds_signature_sign, lasso_node_add_signature, lasso_node_verify_signature, lasso_saml_assertion_set_signature, lasso_samlp_request_abstract_set_signature, lasso_samlp_response_abstract_set_signature for reporting always more errors.
2004-07-31 Valery Febvre <vfebvre at easter-eggs.com>
Added a new argument 'err' in 4 methods of the LassoNode class: lasso_node_get_attr lasso_node_get_child lasso_node_get_child_content lasso_node_get_content for reporting errors.
2004-07-31 Emmanuel Raviart <eraviart@entrouvert.com>
Updated Java binding and unit test.
2004-07-31 Valery Febvre <vfebvre at easter-eggs.com>
Removed access to attributes identity & session by __getattr__
Added 2 tests in lasso_federation_copy() to avoid NULL pointer copy
2004-07-31 Emmanuel Raviart <eraviart@entrouvert.com>
Python login_tests now works again, although there remains a lasso-CRITICAL caused by idpLoginContext.get_identity() (file login_tests.py, line 120):
(process:5228): lasso-CRITICAL **: file xml.c: line 64 (lasso_node_copy):
assertion LASSO_IS_NODE(node)' failed
ERROR
2004-07-31 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
Fixed 2 errors in lasso_identity_copy() et lasso_session_copy() methods
2004-07-30 Emmanuel Raviart <eraviart@entrouvert.com>
Some update to python login_tests. Some bugs remain.
Removed last profile_context or profileContext.
Restructured INSTALL a little more.
Improved book. It also now includes HACKING.
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
Initial commit
lasso_profile_get_identity() and lasso_profile_get_session() should return copies
2004-07-30 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
Update end
Added a missing #include
Some G_LOG_LEVEL_ERROR -> G_LOG_LEVEL_CRITICAL
Moved functions (alphabetical order)
Moved a function (alphabetical order)
Fixed a typing mistake all durty -> dirty
2004-07-30 Frederic Peters <fpeters@entrouvert.com>
I also can describe non-existing features.
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
Added methods: lasso_profile_get_identity() lasso_profile_get_session() lasso_profile_is_identity_durty() lasso_profile_is_session_durty()
2004-07-30 Emmanuel Raviart <eraviart@entrouvert.com>
Added some important configure options in INSTALL.
2004-07-30 Nicolas Clapies <nclapies@entrouvert.com>
lecp in environs is complete
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
Added new attribute is_durty in LassoIdentity & LassoSession classes
2004-07-30 Emmanuel Raviart <eraviart@entrouvert.com>
Improved AUTHORS restructuration.
Restructured AUTHORS & README and integrated them in Lasso Book.
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Update
2004-07-30 Nicolas Clapies <nclapies@entrouvert.com>
update of examples to user identity and session objects
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
update
2004-07-30 Emmanuel Raviart <eraviart@entrouvert.com>
Improved? ReST section titles.
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
Renamed ProfileContext into Profile
Initial commit
2004-07-30 Emmanuel Raviart <eraviart@entrouvert.com>
Added very preliminary work on Lasso Book.
Modified INSTALL to be compatible with reStructured Text syntax. Is this
solution an acceptable solution?
Added Lasso logo.
2004-07-30 Valery Febvre <vfebvre at easter-eggs.com>
Update begining
LassoProfileContext class was renamed into LassoProfile
LassoIdentity was renamed into LassoFederation
LassoUser class was splited into 2 new classes (LassoSession & LassoIdentity)
Update LassoUser class was splited into 2 classes: LassoSession & LassoIdentity LassoIdentity was renamed into LassoFederation
2004-07-29 Valery Febvre <vfebvre at easter-eggs.com>
Renamed LassoIdentity class into LassoFederation and LassoUser class into LassoIdentity lasso/protocols/federation.c replace lasso/protocols/identity.c lasso/environs/identity.c replace lasso/environs/user.c
2004-07-29 Frederic Peters <fpeters@entrouvert.com>
never thought about application developers; not a target ? added missing gobject-2.0 to list of requirements. (first to feel the pain of *using* lasso) [I wonder how it went on wednesday tutorial; didn't use autotools ?]
lasso.pc don't set minimal version for other libraries
2004-07-29 Nicolas Clapies <nclapies@entrouvert.com>
update of registration example in C
*** empty log message ***
update of register name identifier
2004-07-29 Valery Febvre <vfebvre at easter-eggs.com>
Added session class
2004-07-29 Frederic Peters <fpeters@entrouvert.com>
added stupid tests to annoy developers.
had detection of a patched (with XML support) check; only use srunner_set_xml if it is available.
2004-07-29 Valery Febvre <vfebvre at easter-eggs.com>
Removed memory leaks
Inverted only 2 lines :-)
2004-07-28 Valery Febvre <vfebvre at easter-eggs.com>
Just a typing mistake
*** empty log message ***
server attribute is now a copy in lasso_logout_new()
Atrributes server & user are now copied in lasso_login_new() and lasso_login_new_from_dump() methods
Added destroy calls for server & user attributes in lasso_profile_context_dispose() private method.
Added lasso_user_copy() method Added lasso_user_dispose() private method
Added lasso_server_copy() method
Added lasso_identity_copy() method
*** empty log message ***
2004-07-28 Frederic Peters <fpeters@entrouvert.com>
updated .cvsignore (binary is now tests and out.xml has been renamed to result.xml)
modularized tests; it is now possible to add more suites easily.
2004-07-28 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_provider_copy() method
lasso_node_get_name now returns now an xmlChar* (instead of a const xmlChar*)
2004-07-28 Frederic Peters <fpeters@entrouvert.com>
remove generated lasso.pc on make clean
2004-07-27 Nicolas Clapies <nclapies@entrouvert.com>
debug messages
*** empty log message ***
update of federation termination
2004-07-27 Frederic Peters <fpeters@entrouvert.com>
debian/ updated for official 0.3 release
debian/ updated for official 0.3 release
2004-07-27 Nicolas Clapies <nclapies@entrouvert.com>
version 0.3.0
remove useless debug message
2004-07-27 Frederic Peters <fpeters@entrouvert.com>
fixed warnings
2004-07-27 Nicolas Clapies <nclapies@entrouvert.com>
Move first_* to initial_* vars
Use LassoNode_get instead of LassoAssertion_get in user_add_assertion()
2004-07-27 Valery Febvre <vfebvre at easter-eggs.com>
'assertion' var should be a PyObject*, not a LassoNode* (in user_add_assertion)
Ooops, Copy/Paste isn't always your friend :-)
*** empty log message ***
Removed 2 useless lasso_node_copy
2004-07-27 Nicolas Clapies <nclapies@entrouvert.com>
remove the second param of lasso.Login.new
fix a bug in python binding user_add_assertion : give obj of python assertion, add a copy of assertion in lasso_add_assertion ( not sure, but assertion should be copied )
2004-07-27 Emmanuel Raviart <eraviart@entrouvert.com>
Removed obsolete logout method load_from_dump.
Upgraded some residual calls to login_new & logout_new.
Updated Java binding.
Java unit test works (and C too, but Python still doesn't).
2004-07-26 Frederic Peters <fpeters@entrouvert.com>
output tags when error occurs (not just success or failures)
2004-07-26 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
Added new ProfileContext class
2004-07-26 Nicolas Clapies <nclapies@entrouvert.com>
remove logout-from-idp.py, only logout.py is useful
2004-07-26 Romain Chantereay <rchantereau@entrouvert.com>
Removed from the dist the two removed files.
2004-07-26 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Added lasso_profile_context_set_user_from_dump method
Removed arg user in lasso_login_new
2004-07-26 Romain Chantereay <rchantereau@entrouvert.com>
- Removed old style DLL exports definitions.
- Moved old to new way windows dll creation command.
Added special Windows AC substitution.
2004-07-26 Nicolas Clapies <nclapies@entrouvert.com>
update of example
acces to RelayState in logout object
2004-07-26 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-26 Romain Chantereay <rchantereau@entrouvert.com>
use the macro to get logout data.
2004-07-26 Valery Febvre <vfebvre at easter-eggs.com>
Removed 4 useless #define constants
Added consent attribute check in lasso_login_process_federation() function
2004-07-26 Frederic Peters <fpeters@entrouvert.com>
set a few variables to NULL after they'be freed; and don't free providerID in lasso_user_get_authentication_method if it was passed by the caller.
2004-07-26 Valery Febvre <vfebvre at easter-eggs.com>
Finished to implement lasso_login_destroy() and lasso_logout_destroy() methods
Removed nameIdentifier attribute in Logout object There is already a nameIdientifier attribute in ProfileContext class
2004-07-26 Frederic Peters <fpeters@entrouvert.com>
added an XXX and a comment where I think the problem is. Developers; please have a look.
--dontfork mode for the tests (so it is easier to debug segfaults)
2004-07-26 Frederic Peters <fpeters@entrouvert.com>
end of test port to C; developers, please test it (or the python login_tests; results should be identical). There is a problem in memory management and *sometimes* it works.
*Sometimes* it doesn't:
(process:12643): lasso-CRITICAL **: file xml.c: line 64 (lasso_node_copy):
assertion `LASSO_IS_NODE(node)' failed
(process:12643): lasso-CRITICAL **: file xml.c: line 1024
(lasso_node_impl_add_child): assertion `LASSO_IS_NODE(child)' failed
And *sometimes* it is even worse (segfault):
Running suite(s): Login
50%: Checks: 2, Failures: 0, Errors: 1
login_tests.c:81:P:Generate Server Contexts:test01_generateServersContextDumps:Passed
login_tests.c:229:E:Login initiated by service
provider:test02_serviceProviderLogin: (after this point) Received signal 11
I believe this is caused by something in
http://buildbox.entrouvert.org/logs/20040726/lupin.0320.changelog.xml
2004-07-26 Frederic Peters <fpeters@entrouvert.com>
this is a debug message; please.
require check 0.9.0
further in the unit test; pain pain pain.
started to copy Python second test (serviceProviderLogin) in C. 1 hour and 38 lines so far and I should probably move to something or I'll get angry.
2004-07-26 Valery Febvre <vfebvre at easter-eggs.com>
Removed many memory leaks
Removed many memory leaks
Finished to implement lasso_user_destroy() method Removed many memory leaks
2004-07-25 Frederic Peters <fpeters@entrouvert.com>
sync namespace with check unittest namespace (I didn't feel like they would keep a 0d.be namespace...)
check 0.9 no longer has suite_free(). And our local version got srunner_set_xml()
2004-07-25 Emmanuel Raviart <eraviart@entrouvert.com>
Added a ColdFusion redirect to IDP single sign-on URL.
Added Makefile for ColdFusion "binding".
Added ColdFusion very preliminary "binding" using Java binding.
2004-07-25 Emmanuel Raviart <eraviart@entrouvert.com>
Java unit test is again similar to Python.
Corrected Java binding to pass the unit test both with Kaffe and Sun JRE.
Added a small new test in Python unit test.
2004-07-25 Frederic Peters <fpeters@entrouvert.com>
add title and time for test suites (in xml output)
moved as debug() two messages (those were interfering with the test suite)
use message functions to show message (fix #217)
basic XmlTestRunner; ./tests.py --xml; output to stdout (messed up with lasso spouting messages on stdout; will be fixed on lasso side)
s/&/and/
2004-07-25 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_provider_destroy() method
Finished to implement lasso_server_destroy() method
Replaced 2 debug(ERROR, ...) by new message(G_LOG_LEVEL_ERROR, ...) function BEWARE: debug() should be used only for debugging messages.
Oops, forget in previous commit
2004-07-25 Emmanuel Raviart <eraviart@entrouvert.com>
Adapted logout unit test to new API.
Added missing return statement.
2004-07-25 Valery Febvre <vfebvre at easter-eggs.com>
Many little fixs
Moved nameIdentifer attribute of Login object in ProfileContext
2004-07-25 Frederic Peters <fpeters@entrouvert.com>
fixed tabulations in python files (oh the horror; they were mixed with space indendations). Also installed a test on commits to catch this (and check xml files)
fixed args order (but not enough to get the test to pass)
login_tests.py can be executed without tests.py
nozero exit code if a test failed
modified sys.path so that python test suite can run before lasso is installed.
initialze codeError
2004-07-25 Nicolas Clapies <nclapies@entrouvert.com>
fix the problem of setting the user environ in SOAP method :
the problem : process_request_msg needs usr environ to verify federation
and authentication.
a solution :
first load the request msg
get the name identifier of the request
find the user dump from the name identifier and load it in logout object
process the request
see python/examples/logout.py for the methods.
2004-07-25 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
udpate of C lecp, add python lecp
2004-07-24 Romain Chantereay <rchantereau@entrouvert.com>
Update windows exports.
2004-07-24 Frederic Peters <fpeters@entrouvert.com>
do not build tests in the debian package
do not build tests in the debian package
.cvsignore for tests/ directory
using check <http://check.sourceforge.net/> for the test suite (--enable-tests=no if you don't want them)
2004-07-24 Emmanuel Raviart <eraviart@entrouvert.com>
This is not a C unit test, but it can miracolously become one.
2004-07-24 Valery Febvre <vfebvre at easter-eggs.com>
Added 2 missing #include (for xmlsec)
Added a summary. It's just a test. I'm not sure it's can be useful.
Moved some #include
2004-07-24 Frederic Peters <fpeters@entrouvert.com>
added debian packaging files (NOT included in .tar.gz produced by make dist; this is normal)
added debian packaging files (NOT included in .tar.gz produced by make dist; this is normal)
2004-07-24 Emmanuel Raviart <eraviart@entrouvert.com>
Updated unit tests to show logout bug.
2004-07-24 Frederic Peters <fpeters@entrouvert.com>
compile java binding intree (doesn't try to link to a system liblasso)
removed Question (shouldn't have been commited)
Moved copyright statements to the README file (no sense to have them in the AUTHORS file). Point *kindly* to the mailing list and request tracker. Unified titles style.
2004-07-24 Emmanuel Raviart <eraviart@entrouvert.com>
Added myself as project master.
Small corrections.
2004-07-24 Valery Febvre <vfebvre at easter-eggs.com>
Replaced old debug() calls by the 2 new functions debug() and message()
Added a missing utf8
*** empty log message ***
Added a note about bug reports, help and feature requests
2004-07-23 Frederic Peters <fpeters@entrouvert.com>
improved doap file
utf8 for AUTHORS
MANIFEST.in was used by distutils; removed
added --enable-python option to ./configure; default is yes. --enable-python=no to not compile python bindings.
2004-07-23 Emmanuel Raviart <eraviart@entrouvert.com>
Added DOAP file (see http://usefulinc.com/doap).
Slight corrections to README.
2004-07-23 Frederic Peters <fpeters@entrouvert.com>
running autoheader
moved win32 Makefile targets to win32/Makefile.am
use pkg-config unless on windows; not the contrary
2004-07-23 Romain Chantereay <rchantereau@entrouvert.com>
Added some windows specifics considerations. Cleaned the Hard, badly, sadly, dirty constant definitions. These definitions are kept dirt, but a little less.
2004-07-23 Valery Febvre <vfebvre at easter-eggs.com>
New log/debug system It uses g_log() function now (from glib) debug macro has been split into 2 macros: debug(format, args) : for debug message only, activated if LASSO_DEBUG flag is defined message(level, format, args) : level is a GLogLevelFlags (enum)
2004-07-23 Romain Chantereay <rchantereau@entrouvert.com>
Migrated windows.h inclusion from lasso.c to lasso.h.
Definition file was to early in the future.
En croisant les doigts pour les ^M ne viennent pas tout pourrir...
Cleaned DLL process creation. Now we have a import library.
The libs are created in the win32/.libs directory.
The linkage is done using import libs and no more directly the DLL.
The import library is named liblasso.a and no more liblasso.dll.a
2004-07-23 Emmanuel Raviart <eraviart@entrouvert.com>
Added Java LassoUser.getAuthenticationMethod
Python method User.get_authentication_method argument is now optional.
Use of this method in non-regression tests.
2004-07-23 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_user_get_authentication_method() Done in Python too.
2004-07-23 Nicolas Clapies <nclapies@entrouvert.com>
fix bug in init of logout from request at idp
2004-07-23 Emmanuel Raviart <eraviart@entrouvert.com>
Inverted assertion operands, so that error messages be more logical.
First non regression test that supports full logout procedure... and shows a bug.
Removed directory we should not be in CVS.
2004-07-23 Nicolas Clapies <nclapies@entrouvert.com>
fix : process of a logout request at idp
*** empty log message ***
*** empty log message ***
update of logout with better support of propagation from idp
remove unwanted debug message
2004-07-23 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
Added a third arg (GError **err) in lasso_node_get_attr_value() method to report errors
- Added a third arg (GError **err) in lasso_node_get_attr_value() method to report errors - Replaced some lasso_provider_get_providerID() by direct access to ProviderID attribute of server objects
2004-07-23 Emmanuel Raviart <eraviart@entrouvert.com>
Added (incomplete) logout tests for Python & Java.
Removed file that shouldn't be in CVS.
Added authors (please correct if I made mistakes).
2004-07-23 Frederic Peters <fpeters@entrouvert.com>
emptyed outdated TODO
useful and interesting README file
added docs/tutorial/ to directories handled by automake
install python module in site-packages/
forgot Makefile.am in nsis/ directory
2004-07-22 Frederic Peters <fpeters@entrouvert.com>
cleaned up configure.in
PKG_CHECK_MODULES detects missing pkg-config
build was used by distutils; no longer used. (but automake creates .deps)
2004-07-22 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected Java non-regression test bug (found with Sun non free jdk :-/ ).
Improved some .cvsignore.
2004-07-22 Frederic Peters <fpeters@entrouvert.com>
setup.py has been removed
added win32
2004-07-22 Emmanuel Raviart <eraviart@entrouvert.com>
Nearly completed Python & Java first non-regression test for login. But Java test doesn't work: java.lang.UnsatisfiedLinkError: libjlasso: not found Adding its directory to LD_LIBRARY_PATH may help. at LoginTest.main (LoginTest.java:165) And I don't understand why.
Please professor, help me!
2004-07-22 Frederic Peters <fpeters@entrouvert.com>
include win32/ in make dist
ignore Makefile.in, Makefile, .deps and .libs under python/
libtool line for win32; copied from libxml2
usage of pkg-config to get library information in configure; automake for the python module;
2004-07-22 Nicolas Clapies <nclapies@entrouvert.com>
add lecp in environs
2004-07-22 Emmanuel Raviart <eraviart@entrouvert.com>
Added Java Lasso method getRequestTypeFromSoapMsg.
2004-07-22 Valery Febvre <vfebvre at easter-eggs.com>
Added errors.c & errors.h
*** empty log message ***
Initial commit
*** empty log message ***
Fixed some compilation warnings Added some controls on HTTP methods
2004-07-22 Nicolas Clapies <nclapies@entrouvert.com>
add level 2 of LECP
2004-07-22 Valery Febvre <vfebvre at easter-eggs.com>
Moved LassoProviderTypes enums from profile_context.h to provider.h
Fixed some compliation warnings
Initialized some local variables to NULL to avoid compilation warnings
2004-07-22 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
xml low level implementation of LECP
2004-07-22 Frederic Peters <fpeters@entrouvert.com>
unused variables
2004-07-22 Emmanuel Raviart <eraviart@entrouvert.com>
A little more java binding and non-regression tests.
2004-07-22 Frederic Peters <fpeters@entrouvert.com>
fixed compilation warnings
unused variables
declare used function
unused variable
unused variables
unused variable `consent'
missing includes
2004-07-22 Nicolas Clapies <nclapies@entrouvert.com>
update of logout example with test of the request soap
2004-07-22 Frederic Peters <fpeters@entrouvert.com>
missing #include and case (marked with XXX; should it be written?)
missing #include
missing #include (I did my tests with -Werror but -Wall was not activated)
2004-07-22 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-22 Frederic Peters <fpeters@entrouvert.com>
xmlSecBase64Encode is used so xmlsec/base64.h must be included
2004-07-22 Nicolas Clapies <nclapies@entrouvert.com>
profile context with function to parse a soap request
2004-07-22 Emmanuel Raviart <eraviart@entrouvert.com>
Java & Python tests do not regress. They even progress.
Added Nicolas to authors.
Corrected Lasso URL.
Corrected Lasso URL.
Some progress in Python non regression test.
Corrected Lasso URL for java binding.
Some progress in first non regression test.
2004-07-22 Valery Febvre <vfebvre at easter-eggs.com>
Update
*** empty log message ***
Added "ProviderID" attribut in server object A memory leak was removed in lasso_server_new
Added method set_consent in LibAuthnRequest class
*** empty log message ***
2004-07-21 Frederic Peters <fpeters@entrouvert.com>
better way
compilation warnings; in a better way
fixed compilation warning
compilation without warning
compilation without warnings
compilation without warning
ciompilation without warning
compilation without warnings
removed compilation warnings; fixed a few places where memory was allocated with GLib (g_malloc) and freed with libxml2 (xmlFree).
C (before C99) didn't allow // as comments; trying to be kind
fixed lasso site url
2004-07-21 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-21 Emmanuel Raviart <eraviart@entrouvert.com>
Added gcj support.
2004-07-21 Emmanuel Raviart <eraviart@entrouvert.com>
Changed Makefile for Kaffe support.
Added new class LassoObject.
First non regression test.
2004-07-21 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
update of federation termination notification
2004-07-21 Valery Febvre <vfebvre at easter-eggs.com>
Update
2004-07-21 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
add list of identity provider id in user environ
allow no param in init_request for class Logout
2004-07-21 Valery Febvre <vfebvre at easter-eggs.com>
lasso_node_add_signature() method returns now an integer
lasso_saml_assertion_set_signature() method returns now an integer
lasso_ds_signature_sign() method returns now an integer
*** empty log message ***
Added error codes in lasso_login_add_response_assertion
2004-07-20 Valery Febvre <vfebvre at easter-eggs.com>
Added method lasso_user_remove_identity
*** empty log message ***
Removed 2 compilation warnings
Added method lasso_identity_destroy()
Added method lasso_node_import_from_node()
fct lasso_login_create_user: Created a new identity with the 2 nameIdentifiers found in response assertion this identity is added in user attribute
2004-07-20 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
update internal code to use new_from_export style
2004-07-20 Emmanuel Raviart <eraviart@entrouvert.com>
Added Java binding.
2004-07-20 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-20 Emmanuel Raviart <eraviart@entrouvert.com>
Added Python first unit test.
Added keys, certificates and metadata, that will be used by regression tests
and samples.
2004-07-20 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
update debug infos
*** empty log message ***
initial version of register name identifier
update destroy method
2004-07-20 Frederic Peters <fpeters@entrouvert.com>
files to be included in python tarball
2004-07-20 Valery Febvre <vfebvre at easter-eggs.com>
Little fix in lasso_node_impl_export_to_soap()
2004-07-19 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Fixed a little mistake
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-19 Romain Chantereay <rchantereau@entrouvert.com>
Modified lasso DLL ressource version number.
Added deps & lite distributions. Modified lass-full distribution version number.
2004-07-19 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
Added assertions in user object in lasso_login_add_response_assertion() and lasso_login_process_response_msg()
Removed some debug messages
Fixed memory leaks
2004-07-19 Romain Chantereay <rchantereau@entrouvert.com>
- Added NSIS installation script.
Removed --prefix option from xxx-config helpers.
- Better Win32 stuff organization. - Added NSIS special directory. - Added icon file to this directory.
2004-07-19 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-19 Romain Chantereay <rchantereau@entrouvert.com>
Additional test for disabling openssl detection under Windows/Cygwin environment.
2004-07-19 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
add a debug message when dumping assertions of user
add a INFO debug message for get provider
update federation termination
add get_attr support
2004-07-19 Valery Febvre <vfebvre at easter-eggs.com>
Added some debug messages Removed msg_relayState in dump (must be on LassoProfileContext) Finished lasso_login_process_request_msg() lasso_login_new_from_dump() is now almost complete.
New export type supported (Xml) in _new_from_export() constructor
Added new lasso_request_new_from_export() constructor
Added response_type & provider_type in login_getattr
*** empty log message ***
New export type supported (Xml) in lasso_response_new_from_export
2004-07-19 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
2004-07-19 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-18 Valery Febvre <vfebvre at easter-eggs.com>
Added 4 missing attributes in LassoProfileContext dump msg_relayState, request_type, response_type, provider_type
Update
Fixed a typing error: LASSP_... -> LASSO_...
Initial commit
Added a check for xmlsec1 OpenSSL crypto library
2004-07-17 Frederic Peters <fpeters@entrouvert.com>
.tar.gz must include lasso.pc.in
2004-07-16 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-07-16 Romain Chantereay <rchantereau@entrouvert.com>
Another try to dllwrap.
2004-07-16 Valery Febvre <vfebvre at easter-eggs.com>
Added somes g_free() and lasso_node_destroy() to fixe memory leaks
Code cleanup Fixed some memory leak Added more debug messages
lasso_node_copy() method uses now the G_OBJECT_TYPE macro to build a new object with the same type as the object copied
Removed 2 lasso_node_copy() in lasso_identity_set_local_nameIdentifier() and lasso_identity_set_remote_nameIdentifier()
2004-07-16 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
2004-07-16 Romain Chantereay <rchantereau@entrouvert.com>
Added variables exports information.
2004-07-16 Romain Chantereay <rchantereau@entrouvert.com>
Added Cygwin/Windows compilation support.
Now: just:
./autogen --hots=i686-pc-mingw32
make
make dll
make install dll
Of course you will need to install the dependencies libraries in /usr/local in
order to compile.
And next the DLL in Windows %SYSTEM% directory.
2004-07-16 Frederic Peters <fpeters@entrouvert.com>
removed rules that made "make dist" fails.
2004-07-16 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-16 Valery Febvre <vfebvre at easter-eggs.com>
Added date + time in debug messages
2004-07-15 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Update
Added method create_user in Login class + Update
Removed attribute remote_ProviderID of lasso_login_init_request() method Added new method lasso_login_create_user()
2004-07-15 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-15 Valery Febvre <vfebvre at easter-eggs.com>
Changed some debug levels
2004-07-15 Valery Febvre <vfebvre at easter-eggs.com>
Removed attribute 'msg_relayState' in LassoLogin (moved in LassoProfileContext)
lasso_login_process_response_status_and_assertion() static function was rewritten
more error codes and debug messages
Added a new static function : lasso_login_get_assertion_nameIdentifier()
2004-07-15 Valery Febvre <vfebvre at easter-eggs.com>
Added attribute 'msg_relayState' in LassoProfileContext (previously set in LassoLogin)
2004-07-15 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-15 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
7 #define moved from .c to .h
2004-07-15 Frederic Peters <fpeters@entrouvert.com>
please don't use // for comments, this is QA speaking :)
2004-07-15 Valery Febvre <vfebvre at easter-eggs.com>
3 #define moved from .h to .c
6 #define moved from .h to .c
2004-07-15 Frederic Peters <fpeters@entrouvert.com>
replaced C++ // comments with C /* */ comments before we fall on a pre-C99 compiler.
2004-07-15 Valery Febvre <vfebvre at easter-eggs.com>
4 # define moved from .h to .c
5 #define moved from .h to .c
2004-07-15 Emmanuel Raviart <eraviart@entrouvert.com>
Added init & shutdown functions to tutorial.
2004-07-14 Valery Febvre <vfebvre at easter-eggs.com>
Nothing, code cleanup only
New debug system with 4 levels (4 colors): DEBUG : yellow INFO : green WARNING : blue ERROR : red if Cflag -DLASSO_DEBUG is defined, DEBUG level message are ignored.
Added get for nameIdentifier & msg_relayState attributes (in login_getattr function)
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-14 Nicolas Clapies <nclapies@entrouvert.com>
add class User, update class Logout, update example logout.py
2004-07-13 Emmanuel Raviart <eraviart@entrouvert.com>
The API is globally frozen, but locally melting.
Added response_dump attribute.
2004-07-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-13 Nicolas Clapies <nclapies@entrouvert.com>
add signature support for soap method
2004-07-13 Emmanuel Raviart <eraviart@entrouvert.com>
Added missing s.
Use constant instead of integer.
2004-07-13 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-13 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
2004-07-13 Emmanuel Raviart <eraviart@entrouvert.com>
Profile instead of porfile.
2004-07-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-13 Emmanuel Raviart <eraviart@entrouvert.com>
Yet another very important correction.
Corrected typo.
Document a trap in which I was caught.
Use RSA keys instead of DSA.
Corrected constant name.
2004-07-13 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-07-13 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-13 Emmanuel Raviart <eraviart@entrouvert.com>
Renamed attribut to attribute.
2004-07-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-13 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-12 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
lasso/environs/federation_termination.c
*** empty log message ***
2004-07-12 Emmanuel Raviart <eraviart@entrouvert.com>
Corrected SP init for C & Python.
2004-07-12 Nicolas Clapies <nclapies@entrouvert.com>
fix: dump of user environ
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-12 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-12 Nicolas Clapies <nclapies@entrouvert.com>
fix code in new logout
2004-07-12 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-07-12 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-12 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-12 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
fix : change the return type in g_return_val_if_fail
fix : replace xmlChar with gchar type in method prototypes
fix : replace xmlChar with gchar type
register name identifier profile
2004-07-12 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-07-12 Nicolas Clapies <nclapies@entrouvert.com>
federation termination environ
2004-07-11 Nicolas Clapies <nclapies@entrouvert.com>
fix setting of status code value
*** empty log message ***
fix
fix for logout request export to query
*** empty log message ***
*** empty log message ***
*** empty log message ***
fix bugs in new_from_dump
2004-07-11 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-10 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-07-09 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-09 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
*** empty log message ***
add python class Logout
2004-07-09 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-09 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
add entry for logout binding
add entry for logou binding
2004-07-09 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-09 Nicolas Clapies <nclapies@entrouvert.com>
update of user dump methods
initial version : binding for logout
*** empty log message ***
2004-07-09 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Initial commit
2004-07-08 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-08 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-08 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-08 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
logout support in makefile.am
*** empty log message ***
2004-07-08 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-07-07 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Added initial debug message system
2004-07-07 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-07 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-07-06 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
add type provider enum
2004-07-06 Emmanuel Raviart <eraviart@entrouvert.com>
Added Python files explaining how to create a SP using Lasso.
2004-07-06 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-07-03 Valery Febvre <vfebvre at easter-eggs.com>
2 new constructors were added
*** empty log message ***
2004-07-02 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-07-02 Nicolas Clapies <nclapies@entrouvert.com>
*** empty log message ***
2004-07-02 Valery Febvre <vfebvre at easter-eggs.com>
Added new class Artifact
Fixed 2 bugs in lasso_node_impl_add_child() and lasso_node_impl_add_child() methods
Added functions lasso_build_random_sequence() and lasso_str_hash()
2004-07-01 Nicolas Clapies <nclapies@entrouvert.com>
add support for artifacts, assertions and identities
2004-07-01 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-06-30 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-06-29 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-06-25 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Initial commit
*** empty log message ***
2004-06-25 Nicolas Clapies <nclapies@entrouvert.com>
initial version
add acces methods to metadata logout properties
2004-06-24 Valery Febvre <vfebvre at easter-eggs.com>
Initial commit
*** empty log message ***
*** empty log message ***
Initial commit
*** empty log message ***
2004-06-23 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Initial commit
2004-06-23 Nicolas Clapies <nclapies@entrouvert.com>
update for session environ in process of authentication, user environ for identity list
2004-06-22 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-06-22 Nicolas Clapies <nclapies@entrouvert.com>
update
a lot of update
2004-06-15 Nicolas Clapies <nclapies@entrouvert.com>
add code to build provider from filename and method to acces value of metadata
add provider, server_environ, session_environ, identity, user_environ, remove authn_environ.c/.h
initial version
add lasso name space
2004-06-11 Nicolas Clapies <nclapies@entrouvert.com>
update type of isPassive and forceAuthn params, instead use gboolean
add ref and prefix for sso get and post request
add lasso_authn_response_new to set a AuthnResponse from a AuthnRequest object
fix : strange conversion of true string to an integer value setting the wrong value to the function settings of IsPassive and ForceAuthn
2004-06-07 Nicolas Clapies <nclapies@entrouvert.com>
fix: segmentation fault in lasso_node_get_attr_value() if no attribute found
2004-06-04 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Initial version
2004-06-02 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-06-02 Nicolas Clapies <nclapies@entrouvert.com>
add metadata prefix and uri
2004-06-02 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso_node_get_child_content() method
Changed default format value to 0 instead of 1 in dump() method of class Node
Added new directory lasso/profiles
2004-06-01 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-05-28 Valery Febvre <vfebvre at easter-eggs.com>
Added option menu to build documentation (doxygen)
Initial commit
Some functions documentation (doxygen syntax)
Updated doc Fixed a memory leak in lasso_node_add_signature() method
Added functions and public methods documentation
2004-05-26 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Initial commit
*** empty log message ***
Modified function lasso_str_sign()
*** empty log message ***
2004-05-25 Valery Febvre <vfebvre at easter-eggs.com>
Modified method get_child()
*** empty log message ***
*** empty log message ***
Added some lasso_node_destroy()
Little inversion to respect alpha order
Added 4 lasso_node_destroy()
2004-05-17 Valery Febvre <vfebvre at easter-eggs.com>
New method lasso_node_destroy() added in class LassoNode
2004-05-15 Valery Febvre <vfebvre at easter-eggs.com>
Many many memory leaks fixed
*** empty log message ***
2004-05-14 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
node_export() and node_export_from_base64() functions added 2 export methods in class Node added
node_export and node_export_from_base64() functions added
authn_response_new_from_export() function added
some update more comments
A new constructor added: authn_response_new_from_export()
2004-05-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-05-13 Nicolas Clapies <nclapies@entrouvert.com>
add some macro defines to local variables in methodes ...
2004-05-13 Valery Febvre <vfebvre at easter-eggs.com>
gpointer_get() macro added
2 methods renamed, 3 added and 1 removed
node_url_encode() and node_soap_envelop() renamed -> node_export_to_query() and node_export_to_soap()
saml_assertion_set_signature() function added
*** empty log message ***
authn_response_add_assetion() function removed
cosmetic
lasso_saml_assertion_set_signature() method rewritten
lasso_ds_signature_new() rewritten
2004-05-13 Nicolas Clapies <nclapies@entrouvert.com>
add const in read-only params of constructors
2004-05-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
all lasso_node_load_from_buffer() replaced by lasso_node_import()
lasso_authn_response_add_assertion() method removed
Minor bugfix : lassoLibMajorVersion -> lassoLibMinorVersion
Initial commit
*** empty log message ***
2004-05-13 Nicolas Clapies <nclapies@entrouvert.com>
add registration python example
register name identifier request and response updates in C and python binding
2004-05-13 Valery Febvre <vfebvre at easter-eggs.com>
update
4 NameIdentifier formats added
2004-05-11 Nicolas Clapies <nclapies@entrouvert.com>
initial version
c example for federation termination notification
name identifier mapping response low class binding and, examples ...
name identifer mapping c and python binding updates
initial version
federation termination notification c and binding
2004-05-09 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Bugfix in lasso_node_verify_signature() method New method lasso_node_add_signature() added
Bugfix in lasso_authn_response_add_assertion() method
2004-05-07 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-05-06 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-05-06 Nicolas Clapies <nclapies@entrouvert.com>
add class method constructor new_from_query in LogoutResponse
2004-05-06 Valery Febvre <vfebvre at easter-eggs.com>
Bugfixes in lasso_node_serialize(), lasso_node_get_attrs() and lasso_node_get_children() methods
Removed lasso_node_new_ns() method
*** empty log message ***
2 new constructors : lasso_node_new_from_dump() lasso_node_new_from_xmlNode() lasso_node_parse_memory() renamed -> lasso_node_load_from_buffer()
minor changes
2004-05-05 Nicolas Clapies <nclapies@entrouvert.com>
add low level of logout response binding
binding for low level of logout request and response C class
update of LogoutRequest LogoutResponse classes
update of constructors
2004-05-05 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Added a new method -> lasso_node_copy()
2004-05-05 Nicolas Clapies <nclapies@entrouvert.com>
add enveloping in soap node
update ...
add soap enveloping method in LassoNode
delete lasso_protocol_export_to_soap() function
2004-05-05 Valery Febvre <vfebvre at easter-eggs.com>
Initail commit
a new constructor - lasso_authn_request_new_from_query()
a big bug fixes in lasso_query_to_dict()
2004-05-04 Nicolas Clapies <nclapies@entrouvert.com>
minor updates
add constructors for LogoutRequest and LogoutResponse
add function to build a soap-enveloped lasso node
initial version
2004-05-03 Nicolas Clapies <nclapies@entrouvert.com>
update makefile.am for soap
add constants for soap
2004-05-03 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
4 new SAML Confirmation methods
*** empty log message ***
*** empty log message ***
Methods set_relayState() and set_nameIDPolicy() added in LibAuthnRequest class
last version which demonstrates an Authentication Request/Response (more comments)
Too many changes, sorry
Many many changes
only cosmetic
Funct lasso_node_set_node() renamed -> lasso_node_set_xmlNode()
cosmetic
2004-05-02 Valery Febvre <vfebvre at easter-eggs.com>
3 LassoAuthnRequest replaced by LassoRegisterNameIdentifierRequest
a bad cast fix
In funct name_identifier_mapping_request_new(): args providerID and nameIdentifier : required args nameQualifier and format : optional
In funct logout_request_new(): args providerID and nameIdentifier : required args nameQualifier and format : optional
Removed funct lasso_authn_response_get_protocolProfile() Added funct lasso_authn_response_process_authentication_result() 3 args removed in lasso_authn_response_new()
nico added to authors
Initial commit
Added funct lasso_authn_request_get_protocolProfile()
2004-04-29 Valery Febvre <vfebvre at easter-eggs.com>
#include fix
*** empty log message ***
AuthnRequest added
3 methods and 1 funct added
Initial commit
2004-04-28 Valery Febvre <vfebvre at easter-eggs.com>
a new funct added: lasso_query_get_value()
#include <libxml/xpath.h> replaced by #include <libxml/tree.h>
lasso_str_verify() renamed -> lasso_query_verify_signature()
*** empty log message ***
*** empty log message ***
*** empty log message ***
lasso/protocols/elements/Makefile added
Initial commit
*** empty log message ***
2004-04-27 Nicolas Clapies <nclapies@entrouvert.com>
add support for binding of NameIdentifierMapping
add NameIdentifierMappingRequest/Response class and binding
add optional attribute in FederationTerminationNotification
2004-04-27 Valery Febvre <vfebvre at easter-eggs.com>
Fixed a big boulette
2004-04-27 Nicolas Clapies <nclapies@entrouvert.com>
delete files from cvs
2004-04-27 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-04-27 Nicolas Clapies <nclapies@entrouvert.com>
add optional element RelayState
add optional element and attribute for LogoutRequest/Response
2004-04-27 Valery Febvre <vfebvre at easter-eggs.com>
type_name removed in private struct
*** empty log message ***
2004-04-27 Nicolas Clapies <nclapies@entrouvert.com>
add fonction to change names of attributes in identitiers
2004-04-27 Valery Febvre <vfebvre at easter-eggs.com>
Memory leaks fixed again
Memory leaks fixed
2004-04-27 Nicolas Clapies <nclapies@entrouvert.com>
remove code changing name of attributes in IDP/SP/OldProvidedNameIdentifier
remove files
initial version
add LogoutRequest/Response, FederationTerminationNotification, RegisterNameIdentifierRequest/Response classes in python
2004-04-26 Valery Febvre <vfebvre at easter-eggs.com>
8 SatusCode were added
2004-04-26 Nicolas Clapies <nclapies@entrouvert.com>
build the RegisterNameIdentifierRequest with specific names for name identifiers attributes
add federation termination notification high level class
add register_name_identifier.h/.c
initial version
fix conflict in name declaration of functions for name identifiers settings
2004-04-23 Nicolas Clapies <nclapies@entrouvert.com>
add LogoutRequest and LogoutResponse
2004-04-22 Valery Febvre <vfebvre at easter-eggs.com>
previously named ssoaf_authn_request.c and ssoaf_authn_request.h
renamed
*** empty log message ***
strings type changed: gchar* -> xmlChar*
added ssoaf_authn_request.c, ssoaf_authn_request.h, protocol.c and protocol.h
nico added in authors list
Initial commit
*** empty log message ***
2004-04-20 Nicolas Clapies <nclapies@entrouvert.com>
add RegisterNameIdentifierRequest class
initial version
rename functions for request creation
2004-04-20 Valery Febvre <vfebvre at easter-eggs.com>
make clean updated
2 methods comments fixed
First test version
config.h.in added
Initial commit
lasso-sections.txt removed
2004-04-19 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-04-19 Nicolas Clapies <nclapies@entrouvert.com>
add NameIdentifier content in constructors
2004-04-19 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-04-19 Nicolas Clapies <nclapies@entrouvert.com>
fix = add support of cplusplus
update for classes LogoutRequest and LogoutResponse
update functions to create and init logout request / response
2004-04-19 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-04-19 Nicolas Clapies <nclapies@entrouvert.com>
add saml_response_add_assertion() function
add add_assertion method for Response object
2004-04-18 Valery Febvre <vfebvre at easter-eggs.com>
Added lasso.pc.in to used pkg-config
2004-04-17 Valery Febvre <vfebvre at easter-eggs.com>
Remove class->set_ns() useless
Used new method set_ns() instead of new_ns() (in *_instance_init() methods)
*** empty log message ***
cosmetic, many g_return_* added, a new method lasso_node_set_ns() (will replaced lasso_node_new_ns())
2004-04-16 Nicolas Clapies <nclapies@entrouvert.com>
fix : logout_request_getattr(self, name)
add lasso_request_create() declaration
2004-04-16 Valery Febvre <vfebvre at easter-eggs.com>
Removed a call to fcunt lasso_samlp_response_add_assertion() in excess
2004-04-16 Nicolas Clapies <nclapies@entrouvert.com>
request and response definition
blablabla ...
add Request and Response class definition
in function lasso_authn_response_init() add issueInstant and InResponseTo
2004-04-15 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
Clean-ups, cosmetics and memory leaks fixed
2004-04-15 Nicolas Clapies <nclapies@entrouvert.com>
add functions for Request and Response messages
2004-04-15 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-04-15 Nicolas Clapies <nclapies@entrouvert.com>
delete file
fix : return a string the lasso_node_dump() function
add include for samlp_request.h
2004-04-14 Valery Febvre <vfebvre at easter-eggs.com>
lasso_node_dump() public method now returns a string (instead of void)
Added public method lasso_node_parse_memory()
*** empty log message ***
2004-04-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-04-13 Nicolas Clapies <nclapies@entrouvert.com>
add samlp Request compilation
initial version
2004-04-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
2004-04-13 Nicolas Clapies <nclapies@entrouvert.com>
add logout options compiling
2004-04-13 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-04-09 Nicolas Clapies <nclapies@entrouvert.com>
initial version
add logout stuffs bindings
first high level functions
2004-04-09 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
Some clean-ups
*** empty log message ***
Added function lasso_node_verify_signature()
2004-04-08 Valery Febvre <vfebvre at easter-eggs.com>
generator_lasso_strings.py
*** empty log message ***
2004-04-08 Emmanuel Raviart <eraviart@entrouvert.com>
80 columns.
2004-04-08 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
2004-04-07 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
2004-04-07 Nicolas Clapies <nclapies@entrouvert.com>
fix constructor lasso_saml_name_identifier_new(nameIdentifier) in lasso_build_nameIdentifier
2004-04-07 Valery Febvre <vfebvre at easter-eggs.com>
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
Many modifications
2004-04-06 Valery Febvre <vfebvre at easter-eggs.com>
Added virtual public method lasso_node_get_content()
Used lasso_node_get_child instead() of class->get_child()
Fixed many compilation warnings. Virtual private methods lasso_node_get_attr(), lasso_node_get_attrs(), lasso_node_get_child() and lasso_node_get_children() became virtual public
Fixed compilation warnings (casts missing)
Fixed compile warning (casts missing)
Fixed compile warning
schema replaced by xml
Files moved. Initialy located in lasso/schema/ directory
2004-04-04 Valery Febvre <vfebvre at easter-eggs.com>
lasso/Makefile.am
remove lasso/bindings/Makefile (directory lasso/bindings will be not used anymore)
2004-04-02 Nicolas Clapies <nclapies@entrouvert.com>
initial version
fix types of some parameters
add function lasso_build_authnRequest_must_autenthicate
2004-04-02 Valery Febvre <vfebvre at easter-eggs.com>
Initial commit
Fct lasso_shutdown() now return int values.
2004-04-01 Nicolas Clapies <nclapies@entrouvert.com>
use function lasso_lib_subject_new() instead of lasso_saml_subject_new()
fix : use function lasso_lib_authentication_statement_new() instead of lasso_saml_authentication_statement_new()
add function lasso_build_authnRequest_from_query
2004-04-01 Valery Febvre <vfebvre at easter-eggs.com>
Added arg protocolProfile in fct lasso_build_full_authnRequest()
2004-04-01 Nicolas Clapies <nclapies@entrouvert.com>
add functions lasso_build_assertion lasso_build_authenticationStatement
add methods lasso_build_full_logoutRequest lasso_build_full_logoutResponse
add methods lasso_build_full_federationTerminationNotification
add lasso_build_full_registerNameIdentifierRequest lasso_build_full_registerNameIdentifierResponse
2004-04-01 Valery Febvre <vfebvre at easter-eggs.com>
Ooops, add missing return for funct lasso_build_authnRequest()
2004-03-30 Valery Febvre <vfebvre at easter-eggs.com>
Added some cosmetics, comment headers, #ifdef ...
Added HEADER
2004-03-30 Nicolas Clapies <nclapies@entrouvert.com>
add includes of high level functions of class building. set prototype of common functions for encoding and signing
initial version
fix type parameters from const char to const xmlChar. add function to build response
2004-03-29 Valery Febvre <vfebvre at easter-eggs.com>
const char * convert into const xmlChar *
Added *.lo, *.la, .deps, .libs
2004-03-29 Nicolas Clapies <nclapies@entrouvert.com>
initial version
add lasso_build_authnRequest method
add protocols Makefile support
add support of protocols
initial version
2004-03-24 Nicolas Clapies <nclapies@entrouvert.com>
add comments about little problems with implementation of name identifier mapping request class and question about implementation of nodes
2004-03-23 Valery Febvre <vfebvre at easter-eggs.com>
Added *.lo, *.la, .deps, .libs
Initial version
Initial revision
View Git Blame Copy Permalink