entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

hopefully last tagging of release 2.2.90

This commit is contained in:
Benjamin Dauvergne 2010-01-18 15:05:52 +00:00
parent 4f5f45ee96
commit dc10db1372
11333 changed files with 1473226 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.cvsignore → branches/branch-0-6-0/.cvsignore
View File

86
branches/branch-0-6-0/AUTHORS Normal file
View File

@ -0,0 +1,86 @@
=======
Authors
=======
.. note:: Please do not send bug reports, help or feature requests directly
to the authors; use the request tracker or the mailing list.
(see README_ for details)
Core
====
- Nicolas Clapiès <nclapies@entrouvert.com>
- Valéry Febvre <vfebvre@easter-eggs.com>
- Frédéric Péters <fpeters@entrouvert.com>
SWIG Bindings
=============
- Emmanuel Raviart <eraviart@entrouvert.com>
with help from:
- Romain Chantereau <rchantereau@entrouvert.com> (initial SWIG binding)
- Christophe Nowicki <cnowicki@easter-eggs.com> (PHP)
- Benjamin Poussin <poussin@codelutin.com> (first Java binding)
- and the core developers
Unit Tests
==========
- Emmanuel Raviart <eraviart@entrouvert.com>
with help from:
- Frédéric Péters <fpeters@entrouvert.com>
Packaging
=========
- Frédéric Péters <fpeters@entrouvert.com>
Debian Packaging
================
- Frédéric Péters <fpeters@entrouvert.com>
Windows Port
============
- Romain Chantereau <rchantereau@entrouvert.com>
Documentation
=============
- Christophe Boutet <cboutet@entrouvert.com>
- Romain Chantereau <rchantereau@entrouvert.com>
- Nicolas Clapiès <nclapies@entrouvert.com>
- Pierre Cros <pcros@entrouvert.com>
- Cédric Musso <cedric.musso@labor-liber.net>
- Frédéric Péters <fpeters@entrouvert.com>
- Emmanuel Raviart <eraviart@entrouvert.com>
Lasso Logo
==========
- Florent Monnier <fmonnier@linux-nantes.fr.eu.org>
Web Site Design
===============
- Frédéric Péters <fpeters@entrouvert.com>
with help from:
- Cédric Musso (initial design) <cedric.musso@labor-liber.net>

340
branches/branch-0-6-0/COPYING Normal file
View File

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

13684
branches/branch-0-6-0/ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

0
HACKING → branches/branch-0-6-0/HACKING
View File

0
INSTALL → branches/branch-0-6-0/INSTALL
View File

36
branches/branch-0-6-0/Makefile.am Normal file
View File

@ -0,0 +1,36 @@
if PYTHON_ENABLED
PYTHON_SD = python
endif
if JAVA_ENABLED
JAVA_SD = java
endif
if PHP_ENABLED
PHP_SD = php
endif
if CSHARP_ENABLED
CSHARP_SD = csharp
endif
if PERL_ENABLED
PERL_SD = perl
endif
if GTK_DOC_ENABLED
GTK_DOC_SD = docs
endif
SUBDIRS = lasso \
$(PHP_SD) $(PYTHON_SD) $(JAVA_SD) $(CSHARP_SD) $(PERL_SD) \
tests \
swig \
win32 \
$(GTK_DOC_SD)
ABS_BUILDDIR = $(shell pwd)
EXTRA_DIST = COPYING lasso.pc.in lasso-src-config.in
pkgconfig_DATA = lasso.pc
pkgconfigdir = $(libdir)/pkgconfig
clean-local:
-rm -f lasso.pc

52
branches/branch-0-6-0/NEWS Normal file
View File

@ -0,0 +1,52 @@
NEWS
====
0.6.0 - January 27th 2005
-------------------------
Rewrote library internals to use standard structures instead of libxml2 nodes;
this allows faster processing, more flexibility and better support for language
bindings. Documented all the API functions. Fixed and improved the rest.
0.5.0 - November 9th 2004
-------------------------
All features of SP Basic, SP, IDP, and LECP profiles for Liberty IDFF 1.2
Static Conformance are now implemented, except for "Backward Compatibility".
Extended features are also supported, except for "Affiliations". Compatible
with the demo application of the last Beta version of SourceID Liberty 2.0.
Improved metadata support, a lot of new feature and bugfixes.
API, ABI, and dump format of messages have changed, so this release is not
compatible with previous versions.
0.4.1 - September 7th 2004
--------------------------
Small bug fixes. Windows DLL are now linked with standard call aliases.
0.4.0 - September 6th 2004
--------------------------
Complete support for the main profiles of Liberty Alliance IF-FF 1.2 (Single
Sign On, Single Logout, and Federation Termination). Revamped language
bindings to use SWIG (supported languages are noew Python, PHP, Java and C#).
More unit tests. Bugs fixed.
0.3.0 - July 27th 2004
----------------------
Improved support for Single Sign On and Single Logout profiles. Python and
Java bindings. Unit tests. Bugs fixed.
0.2.0 - June 1st 2004
---------------------
First release as a C library.

73
branches/branch-0-6-0/README Normal file
View File

@ -0,0 +1,73 @@
==============
Lasso Overview
==============
Current homepage: <http://lasso.entrouvert.org>
Lasso (Liberty Alliance Single Sign-On) is a free (GNU GPL) implementation
of the Liberty Alliance specifications. Those define processes for
federated identities, single sign-on and related protocols. Lasso provides
both a C library and bindings for different languages.
Liberty Alliance Project homepage: <http://www.project-liberty.org>
The latest version of Lasso can be found on the labs.libre-entreprise.org
website, <http://labs.libre-entreprise.org/project/showfiles.php?group_id=31>
Lasso has several mailing lists:
- lasso-devel@lists.labs.libre-entreprise.org
The mailing list for Lasso users and developers; discussions about both
development and deployment of Lasso have their place on this list.
<http://lists.labs.libre-entreprise.org/mailman/listinfo/lasso-devel>
- lasso-cvs-commits@lists.labs.libre-entreprise.org
This list just distributes notices about commits to the Lasso CVS tree.
It has no discussions, and it is not interesting unless you wish to
take part in development.
<http://lists.labs.libre-entreprise.org/mailman/listinfo/lasso-cvs-commits>
There is also a bug tracking system on the labs.libre-entreprise.org website,
<http://labs.libre-entreprise.org/tracker/?atid=206&group_id=31>
Lasso was originally written by Nicolas Clapiès and Valéry Febvre. Please
see the file AUTHORS_ for a list of major contributors, and the ChangeLog
for a detailed listing of all contributions.
::
Copyright (c) 2004, 2005 Entr'ouvert
Excepted the Lasso logo, copyright (c) 2004, Entr'ouvert & Florent Monnier
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
In addition, as a special exception, Entr'ouvert gives permission to link
the code of its release of Lasso with the OpenSSL project's "OpenSSL"
library (or with modified versions of it that use the same license as the
"OpenSSL" library), and distribute the linked executables. You must obey
the GNU General Public License in all respects for all of the code used
other than "OpenSSL". If you modify this file, you may extend this
exception to your version of the file, but you are not obligated to do so.
If you do not wish to do so, delete this exception statement from your
version.

2
branches/branch-0-6-0/README.JAVA Normal file
View File

@ -0,0 +1,2 @@
If you want to use gcc to compile java binding, jlasso compilation depends on
the development files of libgcj (libgcj4-dev package).

48
branches/branch-0-6-0/README.WIN32 Normal file
View File

@ -0,0 +1,48 @@
======================
Using Lasso Win32 Port
======================
Compile
=======
Launch:
::
./autogen.sh --disable-tests --host=i686-pc-mingw32 --with-pkg-config-path=/usr/local/lib/pkgconfig
and next ``make`` ;)
.. note:: The ``--disable-tests`` is mandatory for Win32, because C tests use a software named
"Check" that requires a POSIX OS.
Know bugs
=========
Windows 9x/ME
~~~~~~~~~~~~~
Description
-----------
Some problem with link definition.
Fix
---
After the build error, edit the lasso/*/.libs/*.la files and remove any link
calls to user32 and kernel32.
Installation
~~~~~~~~~~~~
Description
-----------
The dll is not copied to his destination directory.
Fix
---
Manualy copy the dll (lasso/.lib/liblasso-0.dll) to his destination directory.

308
branches/branch-0-6-0/autogen.sh Executable file
View File

@ -0,0 +1,308 @@
#!/bin/sh
#
# autogen.sh - Generates the initial makefiles from a pristine CVS tree
#
# $Id$
#
# USAGE: autogen.sh [configure options]
#
# If environment variable DRYRUN is set, no configuring will be done -
# (e.g. in bash) DRYRUN=1 ./autogen.sh
# will not do any configuring but will emit the programs that would be run.
#
# This script is based on similar scripts used in various free software
# projects; notably the gnome-autogen.sh script used in many GNOME programs.
#
DIE=0
if test "z$DRYRUN" != "z"; then
DRYRUN=echo
fi
# Not all echo versions allow -n, so we check what is possible. This test is
# based on the one in autoconf.
case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
*c*,-n*) ECHO_N= ;;
*c*,* ) ECHO_N=-n ;;
*) ECHO_N= ;;
esac
# some terminal codes ...
boldface="`tput bold 2>/dev/null`"
normal="`tput sgr0 2>/dev/null`"
printbold() {
echo $ECHO_N "$boldface"
echo "$@"
echo $ECHO_N "$normal"
}
printerr() {
echo "$@" >&2
}
# Usage:
# compare_versions MIN_VERSION ACTUAL_VERSION
# returns true if ACTUAL_VERSION >= MIN_VERSION
compare_versions() {
ch_min_version=$1
ch_actual_version=$2
ch_status=0
IFS="${IFS= }"; ch_save_IFS="$IFS"; IFS="."
set $ch_actual_version
for ch_min in $ch_min_version; do
ch_cur=`echo $1 | sed 's/[^0-9].*$//'`; shift # remove letter suffixes
if [ -z "$ch_min" ]; then break; fi
if [ -z "$ch_cur" ]; then ch_status=1; break; fi
if [ $ch_cur -gt $ch_min ]; then break; fi
if [ $ch_cur -lt $ch_min ]; then ch_status=1; break; fi
done
IFS="$ch_save_IFS"
return $ch_status
}
# Usage:
# version_check PACKAGE VARIABLE CHECKPROGS MIN_VERSION SOURCE
# checks to see if the package is available
version_check() {
vc_package=$1
vc_variable=$2
vc_checkprogs=$3
vc_min_version=$4
vc_source=$5
vc_status=1
vc_checkprog=`eval echo "\\$$vc_variable"`
if [ -n "$vc_checkprog" ]; then
printbold "using $vc_checkprog for $vc_package"
return 0
fi
printbold "checking for $vc_package >= $vc_min_version..."
for vc_checkprog in $vc_checkprogs; do
echo $ECHO_N " testing $vc_checkprog... "
if $vc_checkprog --version < /dev/null > /dev/null 2>&1 || \
$vc_checkprog -version < /dev/null > /dev/null 2>&1 ; then
if [ "$vc_package" = "swig" ]; then
vc_actual_version=`$vc_checkprog -version 2>&1 | head -n 2 | \
tail -1 | sed 's/^.*[ ]\([0-9.]*[a-z]*\).*$/\1/'`
else
vc_actual_version=`$vc_checkprog --version | head -n 1 | \
sed 's/^.*[ ]\([0-9.]*[a-z]*\).*$/\1/'`
fi
if compare_versions $vc_min_version $vc_actual_version; then
echo "found $vc_actual_version"
# set variable
eval "$vc_variable=$vc_checkprog"
vc_status=0
break
else
echo "too old (found version $vc_actual_version)"
fi
else
echo "not found."
fi
done
if [ "$vc_status" != 0 ]; then
printerr "***Error***: You must have $vc_package >= $vc_min_version installed"
printerr " to build $PKG_NAME. Download the appropriate package for"
printerr " from your distribution or get the source tarball at"
printerr " $vc_source"
printerr
fi
return $vc_status
}
# Usage:
# require_m4macro filename.m4
# adds filename.m4 to the list of required macros
require_m4macro() {
case "$REQUIRED_M4MACROS" in
$1\ * | *\ $1\ * | *\ $1) ;;
*) REQUIRED_M4MACROS="$REQUIRED_M4MACROS $1" ;;
esac
}
forbid_m4macro() {
case "$FORBIDDEN_M4MACROS" in
$1\ * | *\ $1\ * | *\ $1) ;;
*) FORBIDDEN_M4MACROS="$FORBIDDEN_M4MACROS $1" ;;
esac
}
# Usage:
# check_m4macros
# Checks that all the requested macro files are in the aclocal macro path
# Uses REQUIRED_M4MACROS and ACLOCAL variables.
check_m4macros() {
# construct list of macro directories
cm_macrodirs="`$ACLOCAL --print-ac-dir`"
set - $ACLOCAL_FLAGS
while [ $# -gt 0 ]; do
if [ "$1" = "-I" ]; then
cm_macrodirs="$cm_macrodirs $2"
shift
fi
shift
done
cm_status=0
if [ -n "$REQUIRED_M4MACROS" ]; then
printbold "Checking for required M4 macros..."
# check that each macro file is in one of the macro dirs
for cm_macro in $REQUIRED_M4MACROS; do
cm_macrofound=false
for cm_dir in $cm_macrodirs; do
if [ -f "$cm_dir/$cm_macro" ]; then
cm_macrofound=true
break
fi
# The macro dir in Cygwin environments may contain a file
# called dirlist containing other directories to look in.
if [ -f "$cm_dir/dirlist" ]; then
for cm_otherdir in `cat $cm_dir/dirlist`; do
if [ -f "$cm_otherdir/$cm_macro" ]; then
cm_macrofound=true
break
fi
done
fi
done
if $cm_macrofound; then
:
else
printerr " $cm_macro not found"
cm_status=1
fi
done
fi
if [ -n "$FORBIDDEN_M4MACROS" ]; then
printbold "Checking for forbidden M4 macros..."
# check that each macro file is in one of the macro dirs
for cm_macro in $FORBIDDEN_M4MACROS; do
cm_macrofound=false
for cm_dir in $cm_macrodirs; do
if [ -f "$cm_dir/$cm_macro" ]; then
cm_macrofound=true
break
fi
done
if $cm_macrofound; then
printerr " $cm_macro found (should be cleared from macros dir)"
cm_status=1
fi
done
fi
if [ "$cm_status" != 0 ]; then
printerr "***Error***: some autoconf macros required to build $PKG_NAME"
printerr " were not found in your aclocal path, or some forbidden"
printerr " macros were found. Perhaps you need to adjust your"
printerr " ACLOCAL_FLAGS?"
printerr
fi
return $cm_status
}
printbold "checking this is lasso top-level directory..."
test -f lasso/lasso.h || {
printerr "***Error***: You must run this script in lasso top-level directory"
exit 1
}
REQUIRED_AUTOCONF_VERSION=2.53
REQUIRED_AUTOMAKE_VERSION=1.8
REQUIRED_LIBTOOL_VERSION=1.5
REQUIRED_SWIG_VERSION=1.3.22
REQUIRED_PKG_CONFIG_VERSION=0.14.0
# For cygwin wrapper and perphas others ?
WANT_AUTOCONF_VER=$REQUIRED_AUTOCONF_VERSION
WANT_AUTOMAKE_VER=$REQUIRED_AUTOMAKE_VERSION
WANT_LIBTOOL_VER=$REQUIRED_LIBTOOL_VERSION
export WANT_AUTOCONF_VER WANT_AUTOMAKE_VER WANT_LIBTOOL_VER
automake_args=--add-missing
autoconf_args=
aclocal_args="-I macros"
program=`basename $0`
WANT_AUTOCONF_2_5=1 # for Mandrake wrapper
export WANT_AUTOCONF_2_5
version_check autoconf AUTOCONF 'autoconf2.50 autoconf autoconf-2.53 autoconf253' $REQUIRED_AUTOCONF_VERSION \
"http://ftp.gnu.org/pub/gnu/autoconf/autoconf-$REQUIRED_AUTOCONF_VERSION.tar.gz" || DIE=1
AUTOHEADER=`echo $AUTOCONF | sed s/autoconf/autoheader/`
case $REQUIRED_AUTOMAKE_VERSION in
1.4*) automake_progs="automake-1.4" ;;
1.5*) automake_progs="automake-1.5 automake-1.6 automake-1.7 automake-1.8 automake-1.9" ;;
1.6*) automake_progs="automake-1.6 automake-1.7 automake-1.8 automake-1.9" ;;
1.7*) automake_progs="automake-1.7 automake-1.8 automake-1.9" ;;
1.8*) automake_progs="automake-1.8 automake-1.9" ;;
1.9*) automake_progs="automake-1.9" ;;
esac
version_check automake AUTOMAKE "$automake_progs" $REQUIRED_AUTOMAKE_VERSION \
"http://ftp.gnu.org/pub/gnu/automake/automake-$REQUIRED_AUTOMAKE_VERSION.tar.gz" || DIE=1
ACLOCAL=`echo $AUTOMAKE | sed s/automake/aclocal/`
version_check swig SWIG "swig-1.3 swig" $REQUIRED_SWIG_VERSION \
"http://prdownloads.sourceforge.net/swig/swig-$REQUIRED_SWIG_VERSION.tar.gz" || DIE=1
version_check libtool LIBTOOLIZE libtoolize $REQUIRED_LIBTOOL_VERSION \
"http://ftp.gnu.org/pub/gnu/libtool/libtool-$REQUIRED_LIBTOOL_VERSION.tar.gz" || DIE=1
require_m4macro libtool.m4
version_check pkg-config PKG_CONFIG pkg-config $REQUIRED_PKG_CONFIG_VERSION \
"'http://www.freedesktop.org/software/pkgconfig/releases/pkgconfig-$REQUIRED_PKG_CONFIG_VERSION.tar.gz" || DIE=1
require_m4macro pkg.m4
check_m4macros || DIE=1
# - If something went wrong, exit with error code:1.
if [ "$DIE" -eq 1 ]; then
exit 1
fi
if test -z "$*"; then
printerr "**Warning**: I am going to run \`configure' with no arguments."
printerr "If you wish to pass any to it, please specify them on the"
printerr \`$0\'" command line."
fi
# cleaning up some files
$DRYRUN rm -f ltconfig ltmain.sh libtool
$DRYRUN rm -f configure
$DRYRYN rm -f missing depcomp
$DRYRUN rm -rf autom4te.cache
printbold "Running $LIBTOOLIZE..."
$DRYRUN $LIBTOOLIZE --force --copy || exit 1
printbold "Running $ACLOCAL..."
aclocalinclude="$ACLOCAL_FLAGS"
$DRYRUN $ACLOCAL $aclocal_args $aclocalinclude || exit 1
printbold "Running $AUTOHEADER..."
$DRYRUN $AUTOHEADER || exit 1
printbold "Running $AUTOMAKE..."
$DRYRUN $AUTOMAKE $automake_args $am_opt
printbold "Running $AUTOCONF..."
$DRYRUN $AUTOCONF $autoconf_args
printbold "Cleaning up configuration cache..."
$DRYRUN rm -f config.cache
export AUTOMAKE AUTOCONF ACLOCAL
printbold Running ./configure $conf_flags "$@" ...
if test "z$DRYRUN" = "z"; then
./configure $conf_flags "$@" \
&& echo "Now type 'make' to compile lasso." || exit 1
else
$DRYRUN ./configure $conf_flags "$@"
fi

764
branches/branch-0-6-0/configure.ac Normal file
View File

@ -0,0 +1,764 @@
dnl -*- Mode: sh -*-
dnl
dnl configure.ac - top level autoconf file for Lasso
dnl (Process this file with autoconf to produce a configure script.)
dnl
dnl
dnl See COPYING at the top of this package for the full license terms.
dnl
dnl
dnl Declare package and package version.
dnl (r-c).a.r
dnl - First number is the lowest supported API version number.
dnl - Second number is the number of supported API versions where API version >
dnl first number.
dnl - Third number is the current API version implementation version number.
dnl See libtool explanations about current, age and release, later in this file.
AC_INIT([Liberty Alliance Single Sign On], 0.6.0, lasso-devel@lists.labs.libre-entreprise.org)
dnl Check if autoconf ver > 2.53
AC_PREREQ(2.53)
dnl Check existence of a relative pathed source file.
AC_CONFIG_SRCDIR(lasso/lasso.c)
dnl Copy stamp REVISIO-INFO in the configure script.
AC_REVISION($Revision$)
dnl Run many macros mostly needed by configure.ac.
AM_INIT_AUTOMAKE(lasso, 0.6.0)
dnl Create rules to automaticaly regenerate the config header.
AM_CONFIG_HEADER(lasso/lasso_config.h)
dnl Add --enable-maintainer-mode option to configure.
AM_MAINTAINER_MODE
dnl Perform only subset commands and variable relevant to the host type.
AC_CANONICAL_HOST
dnl ==========================================================================
dnl Perform host specific configuration
dnl ==========================================================================
NULL=
MINGW=0
DARWIN=0
dnl For java sun environment automagic include subdir guessing. (dirty ? No...)
SUN_EXTRA_INCLUDE=
case "${host}" in
*aix* )
CFLAGS="${CFLAGS} -D_ALL_SOURCE"
;;
*-pc-mingw32)
case "${build}" in
*-pc-cygwin)
CC="gcc -mno-cygwin"
CFLAGS="${CFLAGS} -D_MSC_VER -DIN_LASSO -DMINGW -DWIN32 -D_WIN32 -I/usr/local/include"
LDFLAGS="${LDFLAGS} -L/usr/local/lib"
MINGW=1
SUN_EXTRA_INCLUDE="win32"
;;
dnl ==========================================================================
dnl Workaround for non libtool standard library name specs.
dnl ==========================================================================
*)
SUN_EXTRA_INCLUDE="win32"
;;
esac
dnl if test -f "/cygdrive/c/windows/system/user32.dll"; then
dnl dnl make symbolic link.
dnl if test ! -f "/usr/local/lib/libuser32.dll"; then
dnl AC_MSG_WARN([Create workaround symbolic links: user32.dll])
dnl ln -s /cygdrive/c/windows/system/user32.dll \
dnl /usr/local/lib/libuser32.dll
dnl fi
dnl if test ! -f "/usr/local/lib/libkernel32.dll"; then
dnl AC_MSG_WARN([Create workaround symbolic links: kernel32.dll])
dnl ln -s /cygdrive/c/windows/system/kernel32.dll \
dnl /usr/local/lib/libkernel32.dll
dnl fi
dnl fi
dnl FIXME: This is a guessing, no test yet under windows with sun JDK
;;
*-pc-cygwin)
SUN_EXTRA_INCLUDE="win32"
;;
*linux*)
SUN_EXTRA_INCLUDE="linux"
;;
*Darwin*)
DARWIN=1
;;
esac
# OSX Fink
if test -d /sw/bin ; then
PATH=$PATH:/sw/bin
fi
dnl
dnl Check for programs
dnl
AC_PROG_CC
AC_HEADER_STDC
LT_AC_PROG_RC
AM_PROG_GCJ
AC_EXEEXT
AC_PROG_CC_C_O
AM_SANITY_CHECK
AC_PROG_AWK
AC_PROG_LN_S
AC_LIBTOOL_WIN32_DLL
AM_PROG_LIBTOOL
AC_SUBST(LIBTOOL_DEPS)
dnl Find tar command for make dist
AC_CHECK_PROGS(TAR, gnutar gtar tar)
dnl Check existence of binding programs
AC_CHECK_PROGS(JAVA, java)
AC_CHECK_PROGS(JAVAC, gcj javac)
AC_CHECK_PROGS(JAR, fastjar jar)
AC_CHECK_PROGS(PERL, perl)
AC_CHECK_PROGS(PHP, php)
AC_CHECK_PROG(PHP_CONFIG, php-config, php-config)
AC_PATH_PROGS(PHP_PATH, php)
AC_CHECK_PROGS(PYTHON, python)
AC_CHECK_PROGS(SWIG, swig)
dnl Make sure we have an ANSI compiler
AM_C_PROTOTYPES
test "z$U" != "z" && AC_MSG_ERROR(Compiler not ANSI compliant)
dnl ==========================================================================
dnl Version Super.Size.Me.L
dnl ==========================================================================
changequote(<<, >>)dnl
VERSION_MAJOR=`echo $VERSION | $SED -e 's/^\([^\.]*\)\.\([^\.]*\)\.\(.*\)$/\1/'`
VERSION_MINOR=`echo $VERSION | $SED -e 's/^\([^\.]*\)\.\([^\.]*\)\.\(.*\)$/\2/'`
VERSION_RELEASE=`echo $VERSION | $SED -e 's/^\([^\.]*\)\.\([^\.]*\)\.\(.*\)$/\3/'`
changequote([, ])dnl
version_decimal=`expr $VERSION_MAJOR \* 10000 + $VERSION_MINOR \* 100 + $VERSION_RELEASE`
windows_version=`echo $VERSION_MAJOR,$VERSION_MINOR,$VERSION_RELEASE,0`
dnl Add versionning & package defines to lasso_config.h
AC_DEFINE_UNQUOTED(LASSO_VERSION_MAJOR, $VERSION_MAJOR, [Major version number])
AC_DEFINE_UNQUOTED(LASSO_VERSION_MINOR, $VERSION_MINOR, [Minor version number])
AC_DEFINE_UNQUOTED(LASSO_VERSION_SUBMINOR, $VERSION_RELEASE, [Release version number])
AC_DEFINE_UNQUOTED(LASSO_VERSION_DECIMAL, $version_decimal, [Release version as a decimal])
dnl Dirty hack in order to have dynamic resource version numbering.
AC_DEFINE_UNQUOTED(LASSO_WINDOWS_VERSION, $windows_version, [Windows version of the lasso version])
dnl CURRENT, REVISION, AGE
dnl - library source changed -> increment REVISION
dnl - interfaces added/removed/changed -> increment CURRENT, REVISION = 0
dnl - interfaces added -> increment AGE
dnl - interfaces removed -> AGE = 0
# syntax: CURRENT[:REVISION[:AGE]]
# So if M=major, m=minor, r=release:
# c = M + a = M + m;
# m = a
# r = r
current=`expr $VERSION_MAJOR + $VERSION_MINOR`
LASSO_VERSION_INFO="3:0:0"
AC_SUBST(LASSO_VERSION_INFO)
dnl ==========================================================================
dnl Swig
dnl ==========================================================================
SWIG_MIN_VERSION=1.3
AC_MSG_CHECKING(SWIG support)
if test "X$SWIG" != "X"; then
SWIG_VERSION=`$SWIG -version 2>&1 | $SED -ne 's/^SWIG Version //p'`
SWIG_VERSION_DEC=`echo $SWIG_VERSION | $AWK -F. '{printf("%d\n", 10000*$1 + 100*$2 + $3)};'`
if test $SWIG_VERSION_DEC -ge 010314; then
SWIG_PYTHON_ARGS=-noproxy
fi
SWIG_MIN_VERSION_DEC=`echo $SWIG_MIN_VERSION | $AWK -F. '{printf("%d\n", 10000*$1 + 100*$2 + $3)};'`
if test $SWIG_VERSION_DEC -ge $SWIG_MIN_VERSION_DEC; then
AC_MSG_RESULT($SWIG_VERSION - OK)
else
AC_MSG_RESULT($SWIG_VERSION - too old to generate language interfaces)
if test -r $srcdir/python/lasso_wrap.c ; then
AC_MSG_WARN(Pre-generated language interface files are present)
AC_MSG_WARN(If you want to change the interfaces you will need)
AC_MSG_WARN(SWIG version $SWIG_MIN_VERSION from http://www.swig.org/)
else
AC_MSG_WARN(There are no pre-generated language interface files)
AC_MSG_WARN(lasso language interfaces will NOT build.)
AC_MSG_WARN(If you want to build them you will need)
AC_MSG_WARN(SWIG version $SWIG_MIN_VERSION from http://www.swig.org/)
AC_MSG_WARN(Alternatively copy the pre-generated interface)
AC_MSG_WARN(files from a released version)
fi
fi
else
AC_MSG_RESULT(not present - using pre-generated interface files)
SWIG="echo"
fi
AC_SUBST(SWIG_PYTHON_ARGS)
dnl Detect available languages binding.
languages_available=
# ------------
# JAVA binding
# ------------
dnl Check if java is explicitly disabled.
AC_ARG_ENABLE(java, [ --disable-java disable the Java binding],,
enable_java="yes")
AC_ARG_WITH(java-home,
[ --with-java-home=(JAVA_HOME) set the full path to the java home directory.])
JAVAC_FLAGS=
JDK_INCLUDE=
SUN=no
if test "X$with_java_home" != "X"; then
JDK_INCLUDE="$with_java_home/include"
fi
dnl If the java compiler seems to be a Sun JDK-like compile (Kaffe, Sun JDK...)
if test "x$JAVA" = "xjava" && test "x$JAVAC" = "xjavac"; then
dnl If we have a java compiler
dnl need to change quotes to allow square brackets
changequote(<<, >>)dnl
JAVA_VERSION=`$JAVA -version 2>&1 | $SED -ne 's/java version "\([^"]*\)".*/\1/p' 2>/dev/null`
changequote([, ])dnl
dnl If no java version found, perphas it is a kaffee environment...
if test "x$JAVA_VERSION" = x; then
JAVA_VERSION=`$JAVA -version 2>&1 | grep "Java Version" | $SED 's/^.*Java Version: //g'`
dnl If the java environment is kaffe, specify the JDK_INCLUDE directory.
if test "x$JAVA_VERSION" != "x"; then
JDK_INCLUDE="/usr/lib/kaffe/include"
fi
else
dnl We assume it is a SUN environment.
SUN=yes
fi
if ! test -f "$JDK_INCLUDE/jni.h"; then
JAVA_VERSION=""
fi
fi
dnl If the java compiler is the GNU Java Compiler.
if test "x$JAVAC" = "xgcj"; then
changequote(<<, >>)dnl
JAVA_VERSION=`$JAVAC --version 2>&1 | $SED -ne 's/gcj (GCC) \([^"]*\) (.*/\1/p' 2>/dev/null`
changequote([, ])dnl
dnl Byte-compiled .class file
JAVAC_FLAGS="-C"
dnl JNI compatible header files. (not used with SWIG.)
dnl JAVAH_FLAGS="-jni"
dnl Checking for jni.h if gcj is the java interpreter.
AC_CHECK_HEADERS([jni.h], [], [JAVA_VERSION=""])
fi
dnl Now transform JDK_INCLUDE in CFLAG option if applicable.
if test "X$JDK_INCLUDE" != "X"; then
dnl If it is a sun environment
if test "x$SUN" = "xyes"; then
JDK_INCLUDE="$JDK_INCLUDE -I$JDK_INCLUDE/$SUN_EXTRA_INCLUDE"
fi
JDK_INCLUDE=-I$JDK_INCLUDE
fi
dnl If we found a java version information, we have java compilation environment.
if test "X$JAVA_VERSION" != "X" && test "X$JAR" != "X"; then
languages_available="$languages_available $JAVA($JAVA_VERSION)"
else
enable_java=no
JAVA_VERSION=""
fi
dnl Conditional java sub dir test.
AM_CONDITIONAL([JAVA_ENABLED],[test "x$enable_java" = "xyes"])
AC_SUBST(JAVA_VERSION)
AC_SUBST(JAVAC_FLAGS)
AC_SUBST(JDK_INCLUDE)
# --------------
# Python binding
# --------------
dnl Check if python is explicitly disabled.
AC_ARG_ENABLE(python, [ --disable-python disable the Python binding],,
enable_python="yes")
dnl Check if user passed a specific python program.
AC_ARG_WITH(python,
[ --with-python=(PYTHON) set the full path to the python program to use.])
AC_MSG_CHECKING(for Python development files)
dnl specific program passed, set PYTHON to it.
if test "X$with_python" != "X"; then
PYTHON=$with_python
fi
dnl need to change quotes to allow square brackets
changequote(<<, >>)dnl
PYTHON_VERSION=`$PYTHON -c 'import sys; print sys.version[:3]' 2>/dev/null`
changequote([, ])dnl
dnl Check if we were be able to extract a good version number.
if test "X$PYTHON_VERSION" != "X"; then
PY_PREFIX=`$PYTHON -c 'import sys ; print sys.prefix'`
PY_EXEC_PREFIX=`$PYTHON -c 'import sys ; print sys.exec_prefix'`
changequote(<<, >>)dnl
PY_VERSION=`$PYTHON -c 'import sys ; print sys.version[0:3]'`
changequote([, ])dnl
PYTHON_H=$PY_PREFIX/include/python$PY_VERSION/Python.h
LIBPYTHON_SO=$PY_PREFIX/lib/libpython$PY_VERSION.so
if test -f $PYTHON_H; then
dnl Not useful unless we make a test on the python version.
PYTHON="python$PY_VERSION"
PY_CFLAGS="-I$PY_PREFIX/include/python$PY_VERSION"
PY_MAKEFILE="$PY_EXEC_PREFIX/lib/python$PY_VERSION/config/Makefile"
PY_OTHER_LIBS=`$SED -n -e 's/^LIBS=\(.*\)/\1/p' $PY_MAKEFILE`
PY_EXTRA_LIBS="$PY_LOCALMODLIBS $PY_BASEMODLIBS $PY_OTHER_LIBS"
PY_SITE_PACKAGES="\${prefix}/lib/python$PY_VERSION/site-packages"
AC_SUBST(PYTHON)
AC_SUBST(PY_LIB_LOC)
AC_SUBST(PY_CFLAGS)
AC_SUBST(PY_EXTRA_LIBS)
AC_SUBST(PY_DYNLOAD)
AC_SUBST(PY_LIB_A)
AC_SUBST(PY_SITE_PACKAGES)
languages_available="$languages_available python($PYTHON_VERSION)"
else
enable_python=no
fi
else
enable_python=no
fi
AM_CONDITIONAL([PYTHON_ENABLED],[test "x$enable_python" = "xyes"])
AC_MSG_RESULT($enable_python)
AC_SUBST(PYTHON_VERSION)
# -----------
# PHP binding
# -----------
dnl Check if php is explicitly disabled.
AC_ARG_ENABLE(php, [ --disable-php disable the PHP binding],,
enable_php="yes")
AC_ARG_ENABLE(php-force, [ --enable-php-force always enable of the PHP binding (win32)],
[ENABLE_PHP_FORCE="yes"],
[ENABLE_PHP_FORCE="no"])
AC_ARG_WITH(php-config,
[ --with-php-config=(PHP_CONFIG) Specify full path to php-config.])
AC_ARG_WITH(php-extension-dir,
[ --with-php-extension-dir=(PHP_EXTENSION_DIR) Specify full path to php extension dir.],
[PHP_EXTENSION_DIR="$withval"],[PHP_EXTENSION_DIR=])
dnl Check if user passed a specific php-config program.
if test "X$with_php_config" != "X" ; then
PHP_CONFIG=$with_php_config
fi
if test "X$PHP_CONFIG" != "X" ; then
PHP_INCLUDES=`$PHP_CONFIG --includes`
PHP_LDFLAGS=`$PHP_CONFIG --ldflags`
PHP_LIBS=`$PHP_CONFIG --libs`
PHP_UNPREFIXED_EXTENSION_DIR=`$PHP_CONFIG --extension-dir | $SED 's/\/usr//g'`
PHP_PREFIX=`$PHP_CONFIG --prefix`
else
# We assumes PHP are in /usr/local directory.
if test $MINGW -eq 1; then
CFLAGS="$CFLAGS -DZTS -DZEND_WIN32 -DWIN32 -D_MBCS"
fi
PHP_INCLUDES="-I/usr/local/include/php4 -I/usr/local/include/php4/main -I/usr/local/include/php4/Zend -I/usr/local/include/php4/TSRM -I/usr/local/include/php4/win32"
PHP_LDFLAGS=
PHP_LIBS=-lphp4ts -lxmlparse -lxmltok
PHP_UNPREFIXED_EXTENSION_DIR=
PHP_PREFIX=
fi
AC_SUBST(PHP_INCLUDES)
AC_SUBST(PHP_LDFLAGS)
AC_SUBST(PHP_LIBS)
AC_SUBST(PHP_UNPREFIXED_EXTENSION_DIR)
AC_SUBST(PHP_EXTENSION_DIR)
AC_SUBST(PHP_PREFIX)
dnl Check for expat
have_expat_include=no
if test $MINGW -eq 1; then
AC_CHECK_LIB(xmlparse, XML_ParserCreate, have_expat_lib=yes, have_expat_lib=no)
else
AC_CHECK_LIB(expat, XML_ParserCreate, have_expat_lib=yes, have_expat_lib=no)
fi
if test x$have_expat_lib = xno; then
enable_php=no
fi
AC_MSG_CHECKING(for PHP development files)
PHP_VERSION=`$PHP_CONFIG --version 2>/dev/null`
dnl Check if we were be able to extract a good version number.
if test "X$PHP_VERSION" != "X" || test "X$ENABLE_PHP_FORCE" == "Xyes"; then
languages_available="$languages_available php($PHP_VERSION)"
else
enable_php=no
fi
AC_MSG_RESULT($enable_php)
AM_CONDITIONAL([PHP_ENABLED], [test "x$enable_php" = "xyes"])
AC_SUBST(PHP_VERSION)
# ----------
# C# binding
# ----------
AC_ARG_ENABLE(csharp, [ --disable-csharp disable the C Sharp binding],,
enable_csharp="yes")
AC_ARG_WITH(cil-interpreter, [ --with-cil-interpreter=path set location of CIL interpreter for CSharp],[CSHARPBIN="$withval"], [CSHARPBIN=])
AC_ARG_WITH(csharp-compiler, [ --with-csharp-compiler=path set location of CSharp compiler],[CSHARPCOMPILERBIN="$withval"], [CSHARPCOMPILERBIN=])
if test -z "$CSHARPCOMPILERBIN" ; then
case $host in
*-*-cygwin* | *-*-mingw*)
AC_CHECK_PROGS(CSHARPCOMPILER, mcs.bat cscc csc);;
*)AC_CHECK_PROGS(CSHARPCOMPILER, mcs cscc);;
esac
else
CSHARPCOMPILER="$CSHARPCOMPILERBIN"
fi
CSHARPPATHSEPARATOR="/"
CSHARPCYGPATH_W=echo
if test -z "$CSHARPBIN" ; then
languages_available="$languages_available C#($CSHARPCOMPILER)"
CSHARPCILINTERPRETER=""
if test "cscc" = "$CSHARPCOMPILER" ; then
AC_CHECK_PROGS(CSHARPCILINTERPRETER, ilrun)
else
if test "mcs" = "$CSHARPCOMPILER"; then
# Check that mcs is the C# compiler and not the Unix mcs utility by examining the output of 'mcs --version'
# The Mono compiler should emit: Mono C# compiler version a.b.c.d
csharp_version_raw=`(mcs --version) 2>/dev/null`
csharp_version_searched=`(mcs --version | sed -n "/C#\|Mono/p") 2>/dev/null`
CSHARPCOMPILER="";
if test -n "$csharp_version_raw" ; then
if test "$csharp_version_raw" = "$csharp_version_searched" ; then
CSHARPCOMPILER="mcs"
fi
fi
# mono interpreter (ver 0.26 doesn't seem to work on Windows platforms)
case $host in
*-*-cygwin* | *-*-mingw*)
;;
*)AC_CHECK_PROGS(CSHARPCILINTERPRETER, mint);;
esac
else
if test "csc" = "$CSHARPCOMPILER"; then
CSHARPPATHSEPARATOR="\\\\"
CSHARPCYGPATH_W='cygpath -w'
fi
fi
fi
else
CSHARPCILINTERPRETER="$CSHARPBIN"
fi
# Cygwin requires the Windows standard (Pascal) calling convention as it is a Windows executable and not a Cygwin built executable
case $host in
*-*-cygwin* | *-*-mingw*)
if test "$GCC" = yes; then
CSHARPDYNAMICLINKING=" -Wl,--add-stdcall-alias"
else
CSHARPDYNAMICLINKING=""
fi ;;
*)CSHARPDYNAMICLINKING="";;
esac
AC_CHECK_PROGS(GACUTIL, gacutil)
AC_SUBST(CSHARPCILINTERPRETER)
AC_SUBST(CSHARPCYGPATH_W)
AC_SUBST(CSHARPCOMPILER)
AC_SUBST(CSHARPDYNAMICLINKING)
AC_SUBST(CSHARPLIBRARYPREFIX) # Is this going to be used?
AC_SUBST(GACUTIL)
if test "X$CSHARPCOMPILER" = X; then
enable_csharp=no
fi
if test "X$GACUTIL" = X; then
enable_csharp=no
fi
AM_CONDITIONAL([CSHARP_ENABLED], [test "x$enable_csharp" = "xyes"])
# ------------
# Perl binding
# ------------
AC_ARG_ENABLE(perl, [ --disable-perl disable the Perl binding],,
enable_perl="yes")
if test "X$PERL" != "X"; then
PERLINSTALLSITEARCH=`$PERL -MConfig -e 'print $Config{installsitearch};'`
PERLMAN3DIR=`$PERL -MConfig -e 'print $Config{man3dir};'`
else
PERLINSTALLSITEARCH=none
PERLMAN3DIR=none
fi
AC_SUBST(PERLINSTALLSITEARCH)
AC_SUBST(PERLMAN3DIR)
AC_MSG_CHECKING(for Perl API)
if test "X$enable_perl" != "Xno" ; then
if test "X$enable_perl" != "Xyes"; then
PERL=$enable_perl
fi
enable_perl=yes
fi
PERL_VERSION=`$PERL -MConfig -e 'print $Config{version}' 2>/dev/null`
if test "X$PERL_VERSION" != "X"; then
languages_available="$languages_available perl($PERL_VERSION)"
if test $enable_perl = yes; then
languages="$languages perl"
fi
fi
AM_CONDITIONAL([PERL_ENABLED],[test "x$enable_perl" = "xyes"])
AC_MSG_RESULT($enable_perl)
AC_SUBST(PERL_VERSION)
dnl ==========================================================================
dnl Test suite (requires check)
dnl ==========================================================================
dnl Check if user disabled the tests.
AC_ARG_ENABLE(tests, [ --disable-tests disable the test suite],,
enable_tests="yes")
if test "x$enable_tests" = xyes ; then
AC_CHECK_LIB(check, srunner_set_log, enable_tests="yes", enable_tests="no")
CHECK_CFLAGS=""
CHECK_LIBS="-lcheck"
AC_SUBST(CHECK_CFLAGS)
AC_SUBST(CHECK_LIBS)
AC_CHECK_LIB(check, srunner_set_xml, [AC_DEFINE(CHECK_IS_XML, [], [Define if check available with XML support])])
fi
AM_CONDITIONAL(WITH_TESTS, [test "x$enable_tests" = "xyes"])
dnl Final step, add missing programs.
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
dnl Check if python is explicitly disabled.
AC_ARG_ENABLE(wsf, [ --enable-wsf enable experimental ID-WSF],
enable_wsf="yes", enable_wsf="no")
AM_CONDITIONAL([WSF_ENABLED],[test "x$enable_wsf" = "xyes"])
if test "x$enable_wsf" = "xyes"; then
AC_DEFINE(LASSO_WSF_ENABLED, [], [Define if ID-WSF support is enabled])
fi
dnl ==========================================================================
dnl User specific option.
dnl ==========================================================================
dnl Where do we want to install docs
AC_MSG_CHECKING(for docs folder)
AC_ARG_WITH(html-dir, [ --with-html-dir=PATH path to installed docs ])
if test "z$with_html_dir" != "z" ; then
LASSO_DOCDIR=$with_html_dir
else
LASSO_DOCDIR='$(datadir)/doc/lasso'
fi
AC_MSG_RESULT($LASSO_DOCDIR)
AC_SUBST(LASSO_DOCDIR)
AC_ARG_WITH(html-dir, [ --with-html-dir=PATH path to installed docs ])
if test "x$with_html_dir" = "x" ; then
HTML_DIR='${datadir}/gtk-doc/html'
else
HTML_DIR=$with_html_dir
fi
AC_SUBST(HTML_DIR)
AC_CHECK_PROGS(REST2HTML, rest2html)
AM_CONDITIONAL(HAVE_REST2HTML, test -n "$ac_cv_prog_REST2HTML")
dnl pkg-config path
AC_ARG_WITH(pkg-config, [ --with-pkg-config=PATH set pkg-config metadata search path.],
PKG_CONFIG_PATH="${withval}", PKG_CONFIG_PATH="")
if test "z$PKG_CONFIG_PATH" != "z"; then
export PKG_CONFIG_PATH
fi
PKG_CHECK_MODULES(LASSO, glib-2.0 gobject-2.0 libxml-2.0 libxslt xmlsec1 >= 1.2.6 xmlsec1-openssl >= 1.2.6 openssl)
dnl Let people disable the gtk-doc stuff.
AC_ARG_ENABLE(gtk-doc, [ --disable-gtk-doc disable documentation build],,
enable_gtk_doc="yes")
if test "x$enable_gtk_doc" = "xyes" ; then
GTK_DOC_MIN_VERSION=1.0
PKG_CHECK_MODULES(GTK_DOC, gtk-doc >= $GTK_DOC_MIN_VERSION, enable_gtk_doc="yes",
enable_gtk_doc="no")
fi
dnl Conditional docs sub dir test.
AM_CONDITIONAL([GTK_DOC_ENABLED],[test "x$enable_gtk_doc" = "xyes"])
dnl Debug
AC_MSG_CHECKING(for debugging)
AC_ARG_ENABLE(debugging, [ --enable-debugging enable debuging messages (no)])
if test "z$enable_debugging" = "zyes" ; then
enable_debugging=yes
LASSO_DEFINES="$LASSO_DEFINES -DLASSO_DEBUG"
else
enable_debugging=no
fi
AC_MSG_RESULT($enable_debugging)
dnl Profiling
AC_MSG_CHECKING(for profiling)
AC_ARG_ENABLE(profiling, [ --enable-profiling enable profiling compilation flags (no)])
if test "z$enable_profiling" = "zyes" ; then
CFLAGS="$CFLAGS -pg"
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
dnl ==========================================================================
dnl Pedantic compilation
dnl ==========================================================================
AC_MSG_CHECKING(for pedantic)
AC_ARG_ENABLE(pedantic, [ --enable-pedantic enable pedantic compilation flags (no)])
if test "z$enable_pedantic" = "zyes" ; then
CFLAGS="$CFLAGS -O -pedantic -Wall -ansi -fno-inline -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
dnl ==========================================================================
dnl Static linking
dnl ==========================================================================
LASSO_STATIC_BINARIES=""
AC_MSG_CHECKING(for static linking)
AC_ARG_ENABLE(static_linking, [ --enable-static-linking enable static linking (no)])
if test "z$enable_static_linking" = "zyes" ; then
LASSO_STATIC_BINARIES="-static"
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_SUBST(LASSO_STATIC_BINARIES)
dnl ==========================================================================
dnl Final steps: lasso config
dnl ==========================================================================
LASSO_PUB_CFLAGS="$LASSO_DEFINES"
LASSO_CORE_CFLAGS="$LASSO_CFLAGS $LASSO_DEFINES -DLASSO_INTERNALS"
if test $MINGW -eq 1; then
LASSO_CORE_LIBS="-llasso-0"
else
LASSO_CORE_LIBS="-llasso "
fi
AC_SUBST(LASSO_CORE_CFLAGS)
AC_SUBST(LASSO_CORE_LIBS)
LASSO_LIBS="-L${libdir} $LASSO_LIBS"
AC_SUBST(LASSO_CFLAGS)
AC_SUBST(LASSO_LIBS)
AC_SUBST(LASSO_PUB_CFLAGS)
AC_SUBST(LASSO_DEFINES)
AC_SUBST(LASSO_APP_DEFINES)
AC_SUBST(CFLAGS)
AC_SUBST(CPPFLAGS)
AC_SUBST(LDFLAGS)
dnl Dirty system often means dirty hacks...
AM_CONDITIONAL(MINGW, test $MINGW == 1)
AM_CONDITIONAL(DARWIN, test $DARWIN == 1)
dnl ==========================================================================
dnl Writing result files
dnl ==========================================================================
AC_CONFIG_FILES([lasso-src-config], [chmod +x lasso-src-config])
AC_OUTPUT(
[Makefile
csharp/Makefile
csharp/lasso-sharp.pc
docs/Makefile
docs/lasso-book/Makefile
docs/reference/Makefile
docs/reference/version.xml
java/Makefile
lasso/Makefile
lasso/id-ff/Makefile
lasso/id-wsf/Makefile
lasso/xml/Makefile
perl/Makefile
php/Makefile
python/Makefile
swig/Makefile
tests/Makefile
tests/data/Makefile
tests/data/ca1-la/Makefile
tests/data/idp1-la/Makefile
tests/data/lecp1-la/Makefile
tests/data/sp1-la/Makefile
lasso.pc
win32/Makefile
win32/nsis/Makefile
])
languages_available=`echo $languages_available | sed -e "s/^ //" `
AC_MSG_RESULT(
=============
Configuration
=============
Main
----
Compiler: ${CC}
Install prefix: ${prefix}
Debugging: $enable_debugging
Experimental ID-WSF: $enable_wsf
Optionals builds
----------------
Available languages: ${languages_available}
C# binding: ${enable_csharp}
Java binding: ${enable_java}
Perl binding: ${enable_perl}
PHP binding: ${enable_php}
Python binding: ${enable_python}
C API references: ${enable_gtk_doc}
Tests suite: ${enable_tests}
)

131
branches/branch-0-6-0/csharp/.cvsignore Normal file
View File

@ -0,0 +1,131 @@
.libs
.deps
lasso.dll
lasso-sharp.pc
liblassosharpglue.la
liblassosharpglue_la-Lasso.lo
liblassosharpglue_la-liblassosharpglue_wrap.lo
liblassosharpglue_wrap.c
Makefile
Makefile.in
Credentials.cs
Defederation.cs
Description.cs
DiscoModify.cs
DiscoModifyResponse.cs
DiscoQuery.cs
DiscoQueryResponse.cs
Discovery.cs
DstModification.cs
DstModify.cs
DstModifyResponse.cs
DstQuery.cs
DstQueryResponse.cs
Federation.cs
Identity.cs
InsertEntry.cs
LassoHttpMethod.cs
LassoLoginProtocolProfile.cs
LassoMessageType.cs
LassoProviderRole.cs
LassoRequestType.cs
LassoSignatureMethod.cs
Lecp.cs
LibAssertion.cs
LibAuthnRequest.cs
LibAuthnResponse.cs
LibFederationTerminationNotification.cs
LibLogoutRequest.cs
LibLogoutResponse.cs
LibRegisterNameIdentifierRequest.cs
LibRegisterNameIdentifierResponse.cs
LibStatusResponse.cs
Login.cs
Logout.cs
NameIdentifierMapping.cs
NameRegistration.cs
Node.cs
NodeArray.cs
Options.cs
PPMsgContact.cs
PersonalProfileService.cs
Provider.cs
QueryItem.cs
RemoveEntry.cs
ResourceID.cs
ResourceOffering.cs
SWIGTYPE_p_LassoDiscoEncryptedResourceID.cs
SWIGTYPE_p_LassoDiscoRequestedServiceType.cs
SWIGTYPE_p_LassoDstNewData.cs
SWIGTYPE_p_LassoMdProtocolType.cs
SWIGTYPE_p_LassoSignatureType.cs
SWIGTYPE_p_void.cs
SamlAdvice.cs
SamlAssertion.cs
SamlAttributeStatement.cs
SamlAuthenticationStatement.cs
SamlConditions.cs
SamlNameIdentifier.cs
SamlSubject.cs
SamlSubjectConfirmation.cs
SamlSubjectLocality.cs
SamlSubjectStatement.cs
SamlpRequest.cs
SamlpResponse.cs
SamlpStatus.cs
SamlpStatusCode.cs
Server.cs
ServiceInstance.cs
Session.cs
Status.cs
StringArray.cs
lassoPINVOKE.cs
lasso.cs
StringList.cs
SamlpResponseAbstract.cs
SamlpRequestAbstract.cs
SamlSubjectStatementAbstract.cs
SamlStatementAbstract.cs
SamlConditionAbstract.cs
SamlAuthorityBinding.cs
SamlAudienceRestrictionCondition.cs
SamlAttributeDesignator.cs
SamlAttribute.cs
NodeList.cs
LibRequestAuthnContext.cs
DiscoCredentials.cs
DiscoDescription.cs
DiscoEncryptedResourceID.cs
DiscoInsertEntry.cs
DiscoOptions.cs
DiscoRemoveEntry.cs
DiscoRequestedServiceType.cs
DiscoResourceID.cs
DiscoResourceOffering.cs
DiscoServiceInstance.cs
DowncastableNode.cs
DstData.cs
DstNewData.cs
DstQueryItem.cs
InteractionProfileService.cs
IsHelp.cs
IsInquiry.cs
IsInquiryElement.cs
IsInteractionRequest.cs
IsInteractionResponse.cs
IsInteractionStatement.cs
IsItem.cs
IsParameter.cs
IsRedirectRequest.cs
IsSelect.cs
IsText.cs
IsUserInteraction.cs
ProfileService.cs
UtilityStatus.cs
HttpMethod.cs
LoginProtocolProfile.cs
MessageType.cs
ProviderRole.cs
RequestType.cs
SignatureMethod.cs

6
branches/branch-0-6-0/csharp/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,6 @@
using System.Reflection;
using System.Runtime.CompilerServices;
[assembly:AssemblyDelaySign(false)]
[assembly:AssemblyKeyFile("lasso-sharp-build.snk")]

70
branches/branch-0-6-0/csharp/Makefile.am Normal file
View File

@ -0,0 +1,70 @@
INCLUDES = -I$(top_srcdir)
lib_LTLIBRARIES = liblassosharpglue.la
liblassosharpglue_la_SOURCES = \
liblassosharpglue_wrap.c
liblassosharpglue_la_CFLAGS = \
$(LASSO_CORE_CFLAGS) \
-DSWIG_COBJECT_TYPES
liblassosharpglue_la_LIBADD = \
$(top_builddir)/lasso/liblasso.la \
$(LASSO_LIBS)
liblassosharpglue_la_LDFLAGS = -no-undefined -module -avoid-version
liblassosharpglue_wrap.c: $(top_srcdir)/swig/Lasso.i $(top_srcdir)/swig/Lasso-wsf.i \
$(top_srcdir)/swig/inheritance.h
$(SWIG) -v -csharp -namespace lasso -module lasso \
-o liblassosharpglue_wrap.c $(top_srcdir)/swig/Lasso.i
cp liblassosharpglue_wrap.c liblassosharpglue_wrap.c.bak
sed -e 's/(char \*) "\(.*\)"/strdup("\1")/' \
< liblassosharpglue_wrap.c.bak > liblassosharpglue_wrap.c
dotnetlibdir = $(datadir)/dotnet/lasso/
dotnetlib_DATA = lasso.dll lasso.dll.config
lasso.dll: liblassosharpglue.la
-$(LN_S) $(srcdir)/lasso-sharp.snk lasso-sharp-build.snk
$(CSHARPCOMPILER) -out:lasso.dll -target:library $(srcdir)/*.cs
rm -f lasso-sharp-build.snk
pkgconfig_DATA = lasso-sharp.pc
pkgconfigdir = $(libdir)/pkgconfig
install-data-local:
-$(GACUTIL) -i lasso.dll -f -package lasso -gacdir $(libdir)
clean-local:
-rm lasso.dll lasso-sharp.pc liblassosharpglue_wrap.c.bak
SWIG_FILES = liblassosharpglue_wrap.c \
Defederation.cs \
DowncastableNode.cs \
Federation.cs Identity.cs \
lasso.cs lassoPINVOKE.cs Lecp.cs LibAssertion.cs \
LibAuthnRequest.cs \
LibAuthnResponse.cs LibFederationTerminationNotification.cs \
LibLogoutRequest.cs LibLogoutResponse.cs LibRegisterNameIdentifierRequest.cs \
LibRegisterNameIdentifierResponse.cs LibRequestAuthnContext.cs \
LibStatusResponse.cs Login.cs Logout.cs NameIdentifierMapping.cs \
NameRegistration.cs Node.cs NodeList.cs Provider.cs \
SamlAdvice.cs SamlAssertion.cs SamlAttribute.cs SamlAttributeDesignator.cs \
SamlAttributeStatement.cs SamlAudienceRestrictionCondition.cs \
SamlAuthenticationStatement.cs SamlAuthorityBinding.cs SamlConditionAbstract.cs \
SamlConditions.cs SamlNameIdentifier.cs SamlpRequestAbstract.cs SamlpRequest.cs \
SamlpResponseAbstract.cs SamlpResponse.cs SamlpStatusCode.cs SamlpStatus.cs \
SamlStatementAbstract.cs SamlSubjectConfirmation.cs SamlSubject.cs \
SamlSubjectLocality.cs SamlSubjectStatementAbstract.cs SamlSubjectStatement.cs \
Server.cs Session.cs StringList.cs SWIGTYPE_p_LassoMdProtocolType.cs \
SWIGTYPE_p_LassoSignatureType.cs SWIGTYPE_p_void.cs \
HttpMethod.cs ProviderRole.cs SignatureMethod.cs LoginProtocolProfile.cs \
RequestType.cs
EXTRA_DIST = lasso-sharp.pc.in lasso.dll.config AssemblyInfo.cs lasso-sharp.snk $(SWIG_FILES)
MAINTAINERCLEANFILES = $(SWIG_FILES)

36
branches/branch-0-6-0/csharp/examples/perfs.cs Normal file
View File

@ -0,0 +1,36 @@
/*
* install lasso then compile with
* mcs -g -nologo -pkg:lasso-sharp -out:perfs.exe perfs.cs
*/
using System;
public class perfs
{
static void Main()
{
lasso.lasso.init();
lasso.Server server = new lasso.Server(
"../../tests/data/sp1-la/metadata.xml",
"../../tests/data/sp1-la/private-key-raw.pem",
null,
"../../tests/data/sp1-la/certificate.pem");
server.addProvider(lasso.LassoProviderRole.PROVIDER_ROLE_SP,
"../../tests/data/idp1-la/metadata.xml",
"../../tests/data/idp1-la/public-key.pem",
"../../tests/data/ca1-la/certificate.pem");
lasso.Login login = new lasso.Login(server);
login.initAuthnRequest("https://idp1/metadata", (lasso.LassoHttpMethod)4);
lasso.LibAuthnRequest request = (lasso.LibAuthnRequest)login.request;
login.request.protocolProfile = lasso.lasso.LIB_PROTOCOL_PROFILE_BRWS_POST;
login.buildAuthnRequestMsg();
Console.WriteLine(login.msgUrl);
lasso.lasso.shutdown();
}
}

27
branches/branch-0-6-0/csharp/examples/runme.cs Normal file
View File

@ -0,0 +1,27 @@
/*
* install lasso then compile with
* mcs -g -nologo -pkg:lasso-sharp -out:runme.exe runme.cs
*/
using System;
public class runme
{
static void Main()
{
lasso.lasso.init();
lasso.Server server = new lasso.Server(
"../../tests/data/sp1-la/metadata.xml",
"../../tests/data/sp1-la/private-key-raw.pem",
null,
"../../tests/data/sp1-la/certificate.pem");
server.addProvider(lasso.LassoProviderRole.PROVIDER_ROLE_SP,
"../../tests/data/idp1-la/metadata.xml",
"../../tests/data/idp1-la/public-key.pem",
"../../tests/data/ca1-la/certificate.pem");
Console.WriteLine(server.dump());
lasso.lasso.shutdown();
}
}

8
branches/branch-0-6-0/csharp/lasso-sharp.pc.in Normal file
View File

@ -0,0 +1,8 @@
prefix=@prefix@
datadir=@datadir@
Name: Lasso#
Version: @VERSION@
Description: Lasso# - Lasso .NET Binding
Libs: -r:${datadir}/dotnet/lasso/lasso.dll

BIN
branches/branch-0-6-0/csharp/lasso-sharp.snk Normal file
View File

Binary file not shown.

3
branches/branch-0-6-0/csharp/lasso.dll.config Normal file
View File

@ -0,0 +1,3 @@
<configuration>
<dllmap dll="lasso" target="liblassosharpglue.so"/>
</configuration>

306
branches/branch-0-6-0/csharp/tests/BindingTests.cs Normal file
View File

@ -0,0 +1,306 @@
/*
* $Id$
*
* C# unit tests for Lasso library
*
* Copyright (C) 2004, 2005 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* To run it, install Lasso then compile with:
* export PKG_CONFIG_PATH=../
* ln -s ../lasso.dll
* ln -s ../lasso.dll.config
* mcs -g -nologo -pkg:lasso-sharp -out:BindingTests.exe BindingTests.cs
*/
using System;
public class BindingTests {
static void assertEquals(int i1, int i2) {
if (i1 != i2)
Console.WriteLine("Assertion failed: %d != %d", i1, i2);
}
static void assertEquals(String s1, String s2) {
if (s1 != s2)
Console.WriteLine("Assertion failed: %s != %s", s1, s2);
}
static void assertNull(Object o) {
if (o != null)
Console.WriteLine("Assertion failed: %s is not null", o);
}
static void assertNull(String s) {
if (s != null)
Console.WriteLine("Assertion failed: %s is not null", s);
}
static void Main() {
lasso.lasso.init();
test01();
test02();
test03();
test04();
test05();
test06();
lasso.lasso.shutdown();
}
static void test01() {
Console.Write("Create and delete nodes.");
lasso.LibAuthnRequest authnRequest = new lasso.LibAuthnRequest();
authnRequest = null;
Console.WriteLine(".. OK");
}
static void test02() {
Console.Write("Get & set simple attributes of nodes.");
lasso.LibAuthnRequest authnRequest = new lasso.LibAuthnRequest();
// Test a string attribute.
assertNull(authnRequest.consent);
authnRequest.consent = lasso.lasso.LIB_CONSENT_OBTAINED;
assertEquals(authnRequest.consent, lasso.lasso.LIB_CONSENT_OBTAINED);
authnRequest.consent = null;
assertNull(authnRequest.consent);
// Test a renamed string attribute.
assertNull(authnRequest.relayState);
authnRequest.relayState = "Hello World!";
assertEquals(authnRequest.relayState, "Hello World!");
authnRequest.relayState = null;
assertNull(authnRequest.relayState);
// Test an integer attribute.
assertEquals(authnRequest.majorVersion, 0);
authnRequest.majorVersion = 314;
assertEquals(authnRequest.majorVersion, 314);
authnRequest = null;
Console.WriteLine(".. OK");
}
static void test03() {
Console.Write("Get & set attributes of nodes of type string list.");
lasso.LibAuthnRequest authnRequest = new lasso.LibAuthnRequest();
assertNull(authnRequest.respondWith);
lasso.StringList respondWith = new lasso.StringList();
assertEquals(respondWith.length(), 0);
respondWith.append("first string");
assertEquals(respondWith.length(), 1);
assertEquals(respondWith.getItem(0), "first string");
assertEquals(respondWith.getItem(0), "first string");
respondWith.append("second string");
assertEquals(respondWith.length(), 2);
assertEquals(respondWith.getItem(0), "first string");
assertEquals(respondWith.getItem(1), "second string");
respondWith.append("third string");
assertEquals(respondWith.length(), 3);
assertEquals(respondWith.getItem(0), "first string");
assertEquals(respondWith.getItem(1), "second string");
assertEquals(respondWith.getItem(2), "third string");
authnRequest.respondWith = respondWith;
assertEquals(authnRequest.respondWith.getItem(0), "first string");
assertEquals(authnRequest.respondWith.getItem(1), "second string");
assertEquals(authnRequest.respondWith.getItem(2), "third string");
assertEquals(respondWith.getItem(0), "first string");
assertEquals(respondWith.getItem(1), "second string");
assertEquals(respondWith.getItem(2), "third string");
respondWith = null;
assertEquals(authnRequest.respondWith.getItem(0), "first string");
assertEquals(authnRequest.respondWith.getItem(1), "second string");
assertEquals(authnRequest.respondWith.getItem(2), "third string");
respondWith = authnRequest.respondWith;
assertEquals(respondWith.getItem(0), "first string");
assertEquals(respondWith.getItem(1), "second string");
assertEquals(respondWith.getItem(2), "third string");
respondWith = null;
assertEquals(authnRequest.respondWith.getItem(0), "first string");
assertEquals(authnRequest.respondWith.getItem(1), "second string");
assertEquals(authnRequest.respondWith.getItem(2), "third string");
authnRequest.respondWith = null;
assertNull(authnRequest.respondWith);
authnRequest = null;
Console.WriteLine(".. OK");
}
static void test04() {
Console.Write("Get & set attributes of nodes of type node list.");
lasso.SamlpResponse response = new lasso.SamlpResponse();
assertNull(response.assertion);
lasso.NodeList assertions = new lasso.NodeList();
assertEquals(assertions.length(), 0);
lasso.SamlAssertion assertion1 = new lasso.SamlAssertion();
assertion1.assertionId = "assertion 1";
assertions.append(assertion1);
assertEquals(assertions.length(), 1);
assertEquals(((lasso.SamlAssertion) assertions.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) assertions.getItem(0)).assertionId,
"assertion 1");
lasso.SamlAssertion assertion2 = new lasso.SamlAssertion();
assertion2.assertionId = "assertion 2";
assertions.append(assertion2);
assertEquals(assertions.length(), 2);
assertEquals(((lasso.SamlAssertion) assertions.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) assertions.getItem(1)).assertionId,
"assertion 2");
lasso.SamlAssertion assertion3 = new lasso.SamlAssertion();
assertion3.assertionId = "assertion 3";
assertions.append(assertion3);
assertEquals(assertions.length(), 3);
assertEquals(((lasso.SamlAssertion) assertions.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) assertions.getItem(1)).assertionId,
"assertion 2");
assertEquals(((lasso.SamlAssertion) assertions.getItem(2)).assertionId,
"assertion 3");
response.assertion = assertions;
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(1)).assertionId,
"assertion 2");
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(2)).assertionId,
"assertion 3");
assertEquals(((lasso.SamlAssertion) assertions.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) assertions.getItem(1)).assertionId,
"assertion 2");
assertEquals(((lasso.SamlAssertion) assertions.getItem(2)).assertionId,
"assertion 3");
assertions = null;;
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(1)).assertionId,
"assertion 2");
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(2)).assertionId,
"assertion 3");
assertions = response.assertion;
assertEquals(((lasso.SamlAssertion) assertions.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) assertions.getItem(1)).assertionId,
"assertion 2");
assertEquals(((lasso.SamlAssertion) assertions.getItem(2)).assertionId,
"assertion 3");
assertions = null;
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(0)).assertionId,
"assertion 1");
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(1)).assertionId,
"assertion 2");
assertEquals(((lasso.SamlAssertion) response.assertion.getItem(2)).assertionId,
"assertion 3");
response.assertion = null;
assertNull(response.assertion);
response = null;
Console.WriteLine(".. OK");
}
static void test05() {
Console.Write("Get & set attributes of nodes of type XML list.");
lasso.LibAuthnRequest authnRequest = new lasso.LibAuthnRequest();
assertNull(authnRequest.extension);
String actionString1 = "<lib:Extension xmlns:lib=\"urn:liberty:iff:2003-08\">\n"
+ " <action>do 1</action>\n"
+ "</lib:Extension>";
String actionString2 = "<lib:Extension xmlns:lib=\"urn:liberty:iff:2003-08\">\n"
+ " <action>do 2</action>\n"
+ "</lib:Extension>";
String actionString3 = "<lib:Extension xmlns:lib=\"urn:liberty:iff:2003-08\">\n"
+ " <action>do 3</action>\n"
+ "</lib:Extension>";
lasso.StringList extension = new lasso.StringList();
assertEquals(extension.length(), 0);
extension.append(actionString1);
assertEquals(extension.length(), 1);
assertEquals(extension.getItem(0), actionString1);
assertEquals(extension.getItem(0), actionString1);
extension.append(actionString2);
assertEquals(extension.length(), 2);
assertEquals(extension.getItem(0), actionString1);
assertEquals(extension.getItem(1), actionString2);
extension.append(actionString3);
assertEquals(extension.length(), 3);
assertEquals(extension.getItem(0), actionString1);
assertEquals(extension.getItem(1), actionString2);
assertEquals(extension.getItem(2), actionString3);
authnRequest.extension = extension;
assertEquals(authnRequest.extension.getItem(0), actionString1);
assertEquals(authnRequest.extension.getItem(1), actionString2);
assertEquals(authnRequest.extension.getItem(2), actionString3);
assertEquals(extension.getItem(0), actionString1);
assertEquals(extension.getItem(1), actionString2);
assertEquals(extension.getItem(2), actionString3);
extension = null;
assertEquals(authnRequest.extension.getItem(0), actionString1);
assertEquals(authnRequest.extension.getItem(1), actionString2);
assertEquals(authnRequest.extension.getItem(2), actionString3);
extension = authnRequest.extension;
assertEquals(extension.getItem(0), actionString1);
assertEquals(extension.getItem(1), actionString2);
assertEquals(extension.getItem(2), actionString3);
extension = null;
assertEquals(authnRequest.extension.getItem(0), actionString1);
assertEquals(authnRequest.extension.getItem(1), actionString2);
assertEquals(authnRequest.extension.getItem(2), actionString3);
authnRequest.extension = null;
assertNull(authnRequest.extension);
authnRequest = null;
Console.WriteLine(".. OK");
}
static void test06() {
Console.Write("Get & set attributes of nodes of type node.");
lasso.Login login = new lasso.Login(new lasso.Server(null, null, null, null));
assertNull(login.request);
login.request = (lasso.SamlpRequestAbstract) new lasso.LibAuthnRequest();
((lasso.LibAuthnRequest) login.request).consent = lasso.lasso.LIB_CONSENT_OBTAINED;
assertEquals(((lasso.LibAuthnRequest) login.request).consent,
lasso.lasso.LIB_CONSENT_OBTAINED);
login.request = null;
assertNull(login.request);
login = null;
Console.WriteLine(".. OK");
}
}

10
branches/branch-0-6-0/debian/.cvsignore Normal file
View File

@ -0,0 +1,10 @@
files
liblasso0
liblasso0-cil
liblasso0-dev
python2.3-lasso
php4-lasso
*.substvars
*.debhelper
tmp

46
branches/branch-0-6-0/debian/changelog Normal file
View File

@ -0,0 +1,46 @@
lasso (0.4.0-1) unstable; urgency=low
* New upstream release.
* changed soname, liblasso0 -> liblasso1
* Packaging of PHP4 binding and .NET assemblies.
-- Frederic Peters <fpeters@debian.org> Mon, 6 Sep 2004 19:18:38 +0200
lasso (0.3.0-6) unstable; urgency=low
* debian/control: improved package description (closes: #266556)
* python/: backported fix to use libtool correctly; should fix the build
failures on hppa and amd64 (closes: #267556, #268198)
-- Frederic Peters <fpeters@debian.org> Thu, 26 Aug 2004 17:01:13 +0200
lasso (0.3.0-4) unstable; urgency=low
* debian/copyright: fixed address of the FSF; add a pointer to
/usr/share/common-licenses/GPL.
* debian/control: lasso source package goes in section libs and liblasso-dev
goes in section libdevel
* debian/control: -dev package renamed to liblasso0-dev; provides
liblasso-dev (per Debian Library Packaging guide)
-- Frederic Peters <fpeters@debian.org> Sun, 8 Aug 2004 10:55:39 +0200
lasso (0.3.0-3) unstable; urgency=low
* fixed lasso.pc
-- Frederic Peters <fpeters@debian.org> Thu, 29 Jul 2004 23:24:57 +0200
lasso (0.3.0-2) unstable; urgency=low
* debian/liblasso0-python2.3.files: don't include static library in Python
package. [brown bag]
-- Frederic Peters <fpeters@debian.org> Tue, 27 Jul 2004 17:23:07 +0200
lasso (0.3.0-1) unstable; urgency=low
* Initial Release.
-- Frederic Peters <fpeters@debian.org> Tue, 27 Jul 2004 16:50:43 +0200

0
debian/compat → branches/branch-0-6-0/debian/compat
View File

82
branches/branch-0-6-0/debian/control Normal file
View File

@ -0,0 +1,82 @@
Source: lasso
Priority: optional
Section: libs
Maintainer: Frederic Peters <fpeters@debian.org>
Build-Depends: debhelper (>= 4.0.0), libxml2-dev, libxslt1-dev, libxmlsec1-dev, libxmlsec1-openssl, libglib2.0-dev, python2.3-dev, mono-mcs, mono-gac, mono-utils, php4-dev
Standards-Version: 3.6.1
Package: liblasso1-dev
Section: libdevel
Architecture: any
Depends: liblasso1 (= ${Source-Version}), libxml2-dev, libxmlsec1-dev
Provides: liblasso-dev
Conflicts: liblasso-dev, liblasso0
Description: Liberty ID-FF library - development kit
Lasso is an implementation of the Liberty Identity Federation specifications
defined by the Liberty Alliance consortium. They defines processes such as
network identity federation and single sign-on.
.
This package contains the development files for Lasso.
.
Homepage: http://lasso.entrouvert.org
Package: liblasso1
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Liberty ID-FF library - runtime library
Lasso is an implementation of the Liberty Identity Federation specifications
defined by the Liberty Alliance consortium. They defines processes such as
network identity federation and single sign-on.
.
This package contains liblasso library used by applications to gain Library
Alliance support.
.
Homepage: http://lasso.entrouvert.org
Package: python2.3-lasso
Conflicts: liblasso0-python2.3
Replaces: liblasso0-python2.3
Provides: liblasso0-python2.3
Section: python
Architecture: any
Depends: python2.3, ${shlibs:Depends}, ${misc:depends}, ${python:Depends}
Description: Liberty ID-FF library - Python 2.3 bindings
Lasso is an implementation of the Liberty Identity Federation specifications
defined by the Liberty Alliance consortium. They defines processes such as
network identity federation and single sign-on.
.
This package contains Python 2.3 bindings for liblasso, needed to use lasso
in Python applications.
.
Homepage: http://lasso.entrouvert.org
Package: liblasso-cil
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:depends}, mono-assemblies-base
Description: Liberty ID-FF library - .NET bindings
Lasso is an implementation of the Liberty Identity Federation specifications
defined by the Liberty Alliance consortium. They defines processes such as
network identity federation and single sign-on.
.
This package contains .NET assemblies that allow .NET / C# applications to use
lasso.
.
Homepage: http://lasso.entrouvert.org
Package: php4-lasso
Section: web
Architecture: any
Depends: phpapi-20020918, ${shlibs:Depends}, ${misc:depends}
Description: Liberty ID-FF library - PHP 4 bindings
Lasso is an implementation of the Liberty Identity Federation specifications
defined by the Liberty Alliance consortium. They defines processes such as
network identity federation and single sign-on.
.
This package contains PHP 4 bindings for liblasso, needed to use lasso
in PHP applications.
.
Homepage: http://lasso.entrouvert.org

45
branches/branch-0-6-0/debian/copyright Normal file
View File

@ -0,0 +1,45 @@
This package was debianized by Frederic Peters <fpeters@debian.org> on
Fri, 16 Jul 2004 14:50:19 +0200.
It was downloaded from http://lasso.entrouvert.org
Upstream Authors:
Nicolas Clapies <nclapies@entrouvert.com>
Valery Febvre <vfebvre@easter-eggs.com>
Frederic Peters <fpeters@entrouvert.com>
(complete list in AUTHORS)
Copyright (c) 2004, 2005 Entr'ouvert
Excepted the Lasso logo, copyright (c) 2004, Entr'ouvert & Florent Monnier
License is GNU GPL v2 or later plus OpenSSL exception clause.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA.
In addition, as a special exception, Entr'ouvert gives permission to link
the code of its release of Lasso with the OpenSSL project's "OpenSSL"
library (or with modified versions of it that use the same license as the
"OpenSSL" library), and distribute the linked executables. You must obey
the GNU General Public License in all respects for all of the code used
other than "OpenSSL". If you modify this file, you may extend this
exception to your version of the file, but you are not obligated to do so.
If you do not wish to do so, delete this exception statement from your
version.
On Debian GNU/Linux systems, the complete text of the GNU General Public
License can be found in `/usr/share/common-licenses/GPL'.

0
debian/dirs → branches/branch-0-6-0/debian/dirs
View File

0
debian/docs → branches/branch-0-6-0/debian/docs
View File

5
branches/branch-0-6-0/debian/files Normal file
View File

@ -0,0 +1,5 @@
liblasso1-dev_0.4.0-1_i386.deb libdevel optional
liblasso1_0.4.0-1_i386.deb libs optional
python2.3-lasso_0.4.0-1_i386.deb python optional
liblasso-cil_0.4.0-1_i386.deb libs optional
php4-lasso_0.4.0-1_i386.deb web optional

7
branches/branch-0-6-0/debian/liblasso-cil.files Normal file
View File

@ -0,0 +1,7 @@
usr/lib/liblassosharpglue.so
usr/lib/liblassosharpglue.la
usr/lib/pkgconfig/lasso-sharp.pc
usr/share/dotnet/lasso/lasso.dll
usr/share/dotnet/lasso/lasso.dll.config
usr/lib/mono/gac/
usr/lib/mono/lasso/

0
debian/liblasso3-dev.dirs → branches/branch-0-6-0/debian/liblasso1-dev.dirs
View File

5
branches/branch-0-6-0/debian/liblasso1-dev.files Normal file
View File

@ -0,0 +1,5 @@
usr/include/lasso
usr/lib/liblasso.a
usr/lib/liblasso.so
usr/lib/liblasso.la
usr/lib/pkgconfig/lasso.pc

0
debian/liblasso3.dirs → branches/branch-0-6-0/debian/liblasso1.dirs
View File

1
branches/branch-0-6-0/debian/liblasso1.files Normal file
View File

@ -0,0 +1 @@
usr/lib/lib*.so.*

5
branches/branch-0-6-0/debian/liblasso1.postinst.debhelper Normal file
View File

@ -0,0 +1,5 @@
# Automatically added by dh_makeshlibs
if [ "$1" = "configure" ]; then
ldconfig
fi
# End automatically added section

5
branches/branch-0-6-0/debian/liblasso1.postrm.debhelper Normal file
View File

@ -0,0 +1,5 @@
# Automatically added by dh_makeshlibs
if [ "$1" = "remove" ]; then
ldconfig
fi
# End automatically added section

1
branches/branch-0-6-0/debian/php4-lasso.examples Normal file
View File

@ -0,0 +1 @@
php/examples/sample-sp/

2
branches/branch-0-6-0/debian/php4-lasso.files Normal file
View File

@ -0,0 +1,2 @@
usr/lib/php4/20020429/*.so

3
branches/branch-0-6-0/debian/python2.3-lasso.files Normal file
View File

@ -0,0 +1,3 @@
usr/lib/python2.3/site-packages/*.py
usr/lib/python2.3/site-packages/*.so

101
branches/branch-0-6-0/debian/rules Executable file
View File

@ -0,0 +1,101 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# GNU copyright 1997 to 1999 by Joey Hess.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
# These are used for cross-compiling and for saving the configure script
# from having to guess our platform (since we know it already)
DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
CFLAGS = -Wall -g
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
CFLAGS += -O0
else
CFLAGS += -O2
endif
ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
INSTALL_PROGRAM += -s
endif
version=`ls src/.libs/lib*.so.* | \
awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'`
major=`ls src/.libs/lib*.so.* | \
awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'`
config.status: configure
dh_testdir
# Add here commands to configure the package.
CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --enable-tests=no --disable-java --disable-gtk-doc
build: build-stamp
build-stamp: config.status
dh_testdir
# Add here commands to compile the package.
$(MAKE)
touch build-stamp
clean:
dh_testdir
dh_testroot
rm -f build-stamp
# Add here commands to clean up after the build process.
-$(MAKE) distclean
ifneq "$(wildcard /usr/share/misc/config.sub)" ""
cp -f /usr/share/misc/config.sub config.sub
endif
ifneq "$(wildcard /usr/share/misc/config.guess)" ""
cp -f /usr/share/misc/config.guess config.guess
endif
dh_clean
install: build
dh_testdir
dh_testroot
dh_clean -k
dh_installdirs
# Add here commands to install the package into debian/tmp
$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp \
GACUTIL="/usr/bin/gacutil -root $(CURDIR)/debian/tmp/usr/lib"
# Build architecture-independent files here.
binary-indep: build install
# We have nothing to do by default.
# Build architecture-dependent files here.
binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs
dh_installdocs
dh_installexamples -XCVS
dh_installman
dh_movefiles
dh_link
dh_strip
dh_compress
dh_fixperms
dh_makeshlibs -a -V
dh_installdeb
dh_shlibdeps -a
dh_makenetlibs -L liblasso-cil -r
dh_gencontrol
dh_md5sums
dh_builddeb
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary install

81
branches/branch-0-6-0/doap.rdf Normal file
View File

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="utf-8"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
xmlns:doap="http://usefulinc.com/ns/doap#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xml:lang="en">
<Project xmlns="http://xmlns.com/foaf/0.1/">
<name>Lasso</name>
<homepage rdf:resource="http://lasso.entrouvert.org"/>
<created>2003-07-01</created>
<description>
Lasso (Liberty Alliance Single Sign On) is a free (GNU GPL) implementation
of the Liberty Alliance specifications. Those define protocols for
federated identities, single sign-on, etc. Lasso provides both a C
library and bindings for several languages (Python, Java, Perl, PHP and C# for
now).
</description>
<shortdesc>Free Software implementation of Liberty Alliance specifications</shortdesc>
<!--<bug-database rdf:resource="http://lasso.entrouvert.org/bugs"/>-->
<mailing-list rdf:resource="http://lasso.entrouvert.org/mailinglists"/>
<programming-language>C</programming-language>
<programming-language>Python</programming-language>
<programming-language>Java</programming-language>
<programming-language>PHP</programming-language>
<programming-language>Perl</programming-language>
<programming-language>C#</programming-language>
<license rdf:resource="http://usefulinc.com/doap/licenses/gpl"/>
<download-page rdf:resource="http://lasso.entrouvert.org/download/"/>
<maintainer>
<foaf:Person>
<foaf:name>Nicolas Clapiès</foaf:name>
<foaf:mbox rdf:resource="mailto:nclapies@entrouvert.com"/>
</foaf:Person>
</maintainer>
<maintainer>
<foaf:Person>
<foaf:name>Valéry Febvre</foaf:name>
<foaf:mbox rdf:resource="mailto:vfebvre@easter-eggs.com"/>
</foaf:Person>
</maintainer>
<maintainer>
<foaf:Person>
<foaf:name>Frédéric Péters</foaf:name>
<foaf:mbox rdf:resource="mailto:fpeters@entrouvert.com"/>
</foaf:Person>
</maintainer>
<repository>
<CVSRepository>
<anon-root>:pserver:anonymous@cvs.labs.libre-entreprise.org:/cvsroot/lasso</anon-root>
<module>lasso</module>
<browse rdf:resource="http://cvs.labs.libre-entreprise.org/cgi-bin/cvsweb.cgi/lasso/?cvsroot=lasso"/>
</CVSRepository>
</repository>
<release>
<Version>
<created>2005-01-27</created>
<revision>0.6.0</revision>
</Version>
<Version>
<created>2004-11-09</created>
<revision>0.5.0</revision>
</Version>
<Version>
<created>2004-09-07</created>
<revision>0.4.1</revision>
</Version>
<Version>
<created>2004-09-06</created>
<revision>0.4.0</revision>
</Version>
<Version>
<created>2004-07-27</created>
<revision>0.3.0</revision>
</Version>
<Version>
<created>2004-06-01</created>
<revision>0.2.0</revision>
</Version>
</release>
</Project>
</rdf:RDF>

0
docs/.cvsignore → branches/branch-0-6-0/docs/.cvsignore
View File

4
branches/branch-0-6-0/docs/Makefile.am Normal file
View File

@ -0,0 +1,4 @@
## Process this file with automake to produce Makefile.in
SUBDIRS = lasso-book reference

0
docs/lasso-book/.cvsignore → branches/branch-0-6-0/docs/lasso-book/.cvsignore
View File

22
branches/branch-0-6-0/docs/lasso-book/Makefile.am Normal file
View File

@ -0,0 +1,22 @@
docdir = $(datadir)/doc/lasso
LASSOBOOK_FILES = book.rst common-knowledge.rst getting-lasso.rst \
integration.rst language-bindings.rst lasso-architecture.rst \
liberty-architecture.rst other-profiles.rst preface.rst \
single-sign-on.rst
if HAVE_REST2HTML
doc_DATA = writing-a-c-sp.html book.html
else
doc_DATA = writing-a-c-sp.txt $(LASSOBOOK_FILES)
endif
%.html: %.txt
$(REST2HTML) $? > $@
%.html: %.rst
$(REST2HTML) $? > $@
CLEANFILES = writing-a-c-sp.html book.html
EXTRA_DIST = lasso-book.txt writing-a-c-sp.txt $(LASSOBOOK_FILES)

34
branches/branch-0-6-0/docs/lasso-book/book.rst Normal file
View File

@ -0,0 +1,34 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Building Liberty Services with Lasso
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:Author: Frederic Peters
:Contact: fpeters@entrouvert.com
:date: $Date$
:Copyright: Copyright © 2004, 2005 Entr'ouvert
.. contents:: Table of Contents
.. section-numbering::
This work is licensed under the GNU General Public License. To view a copy of
this license, visit http://www.gnu.org/copyleft/gpl.html.
.. include:: preface.rst
.. include:: liberty-architecture.rst
.. include:: lasso-architecture.rst
.. include:: getting-lasso.rst
.. include:: common-knowledge.rst
.. include:: single-sign-on.rst
.. include:: integration.rst
.. include:: other-profiles.rst
.. include:: language-bindings.rst
.. appendix with hints on openssl usage ?
.. and where should the info about metadata files go ?
.. a note about GLib; g_free() and other GLib objects exposed to the developer.
.. quick overview of the HTTP protocol status codes (302, etc.)

0
docs/lasso-book/check-functions.py → branches/branch-0-6-0/docs/lasso-book/check-functions.py
View File

0
docs/lasso-book/common-knowledge.rst → branches/branch-0-6-0/docs/lasso-book/common-knowledge.rst
View File

0
docs/lasso-book/defederation.process → branches/branch-0-6-0/docs/lasso-book/defederation.process
View File

BIN
branches/branch-0-6-0/docs/lasso-book/figures/single-logout.png Normal file
View File

Binary file not shown.

0
docs/lasso-book/figures/single-logout.svg → branches/branch-0-6-0/docs/lasso-book/figures/single-logout.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 155 KiB

After

Width:  |  Height:  |  Size: 155 KiB

BIN
branches/branch-0-6-0/docs/lasso-book/figures/single-sign-on.png Normal file
View File

Binary file not shown.

0
docs/lasso-book/figures/single-sign-on.svg → branches/branch-0-6-0/docs/lasso-book/figures/single-sign-on.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 96 KiB

After

Width:  |  Height:  |  Size: 96 KiB

0
docs/lasso-book/getting-lasso.rst → branches/branch-0-6-0/docs/lasso-book/getting-lasso.rst
View File

0
docs/lasso-book/integration.rst → branches/branch-0-6-0/docs/lasso-book/integration.rst
View File

0
docs/lasso-book/language-bindings.rst → branches/branch-0-6-0/docs/lasso-book/language-bindings.rst
View File

45
branches/branch-0-6-0/docs/lasso-book/lasso-architecture.rst Normal file
View File

@ -0,0 +1,45 @@
======================
The Lasso Architecture
======================
Doesn't store, doesn't communicate.
Modeled on liberty profiles; one profile = one class
Objet oriented but in C. Talks about how this work (necessary to know for the
lasso_profile functions)
------
Lasso provides the necessary functions to implement Liberty Alliance profiles,
as defined in the `Liberty ID-FF Bindings and Profiles Specification`_ and
explained in the previous chapter. Each profile maps to a Lasso class:
===================================== =============================
Single Sign-On and Federation LassoLogin
Name Registration LassoRegisterNameIdentifier
Federation Termination Notification LassoFederationTermination
Single Logout LassoLogout
Name Identifier Mapping LassoNameIdentifierMapping
Identity Provider Introduction *not implemented*
Name Identifier Encryption *not implemented*
===================================== =============================
There are also a few other classes to know about:
- LassoServer holds the data about a provider, which other providers it knows,
what certificates to use, etc.
- LassoIdentity holds the data about a Liberty federated identity
- LassoSession holds the data about an active Liberty session.
- LassoProfile is the base class for profiles.
Talk more about respective usage of Identity and Session.
.. _Liberty ID-FF Bindings and Profiles Specification:
http://www.projectliberty.org/specs/draft-liberty-idff-bindings-profiles-1.2-errata-v1.0.pdf

0
docs/lasso-book/lasso-book.txt → branches/branch-0-6-0/docs/lasso-book/lasso-book.txt
View File

94
branches/branch-0-6-0/docs/lasso-book/liberty-architecture.rst Normal file
View File

@ -0,0 +1,94 @@
========================
The Liberty Architecture
========================
Building on existing pieces, XML, SAML, SOAP, HTTP, SSL...
Points to specs; quick glossary; user = principal...
Maps use cases to profiles.
This chapter provides a quick overview of the different profiles; they will be
detailed and implemented in the next chapters.
Single Sign-On and Federation
=============================
The Single Sign On process allows a user to log in once to an identity provider
(IdP), and to be then transparently loged in to the required service providers
(SP) belonging to the IP "circle of trust". Subordinating different identities
of the same user within a circle of trust to a unique IP is called "Identity
Federation". The liberty Alliance specifications allows, thanks to this
federation, strong and unique authentication coupled with control by the user
of his personnal informations. The explicit user agreement is necessary before
proceeding to Identity Federation.
The different SPs can't communicate directly together about users informations.
They're only able to exchange informations about a user with the IP. This
assure :
- private life respect;
- increased security (an unveiled identity for one of the SPs won't
endanger the others).
To insure the integrity and the non-revocability of the exchange, a trusted
third part releases a security token which identify only the session and not
the user.
Artifact Profile
----------------
.. figure:: figures/single-sign-on.png
Single Sign-On and Federation interactions, Artifact profile
1. the user clicks on a "login" button
2. the service provider answers with a redirect to the identity provider
3. the browser goes to the identity provider where the user logs in
4. the identity provider answers with a redirect, back to the service provider
5. the browser goes to the service provider telling it has been authenticated
6. the service provider makes a SOAP request to the identity provider asking
if it is true that the user has been authenticated
7. the identity provider answers that yeah, everything is under control
8. the service provider answers to the browser and send a welcome page
Browser POST Profile
--------------------
Almost the Same thing.
Single Log-out
==============
A few words about the five different profiles.
Initiated by the Service Provider, using SOAP requests
------------------------------------------------------
.. figure:: figures/single-logout.png
Single Log-out interactions; initiated at service provider, using SOAP
Should arrange the figure with the SP on the right; I think it would help read
the figure.
Initiated by the Service Provider, using HTTP Redirects
-------------------------------------------------------
3 more to go.
Liberty URLs
============
How does the identity provider knows the "SOAP endpoint" of the service
provider ? That is metadata for you.

0
docs/lasso-book/name-registration.process → branches/branch-0-6-0/docs/lasso-book/name-registration.process
View File

0
docs/lasso-book/other-profiles.rst → branches/branch-0-6-0/docs/lasso-book/other-profiles.rst
View File

0
docs/lasso-book/preface.rst → branches/branch-0-6-0/docs/lasso-book/preface.rst
View File

0
docs/lasso-book/single-logout.process → branches/branch-0-6-0/docs/lasso-book/single-logout.process
View File

0
docs/lasso-book/single-sign-on.process → branches/branch-0-6-0/docs/lasso-book/single-sign-on.process
View File

240
branches/branch-0-6-0/docs/lasso-book/single-sign-on.rst Normal file
View File

@ -0,0 +1,240 @@
=============================
Single Sign-On and Federation
=============================
Profile Overview
================
The service provider has four things to do:
- creating an authentication request
- sending it to the identity provider
- receiving an authentication response or an artifact
- (eventually) checking it against the identity provider
The first two steps are handled with an HTTP redirection or an HTML form;
typically the user would click on a button, the service provider would then
create the authentication request and send an HTTP Redirect to the browser. No
URL is defined in the specifications for this first step.
The last two steps are handled in the *AssertionConsumerServiceURL*; the user
will arrive there through an HTTP Redirect or an HTTP POST carrying a piece of
information from the identity provider. In case of a redirect, this
information, called *artifact*, won't be large and will be exchanged with the
identity provider for a *AuthnResponse*. An HTTP POST will be able to carry
much more information and will therefore be able to provide either the
*artifact* or directly the *AuthnResponse*.
An appropriate metadata snippet would be::
<?xml version="1.0"?>
<EntityDescriptor providerID="service-provider" xmlns="urn:liberty:metadata:2003-08">
<SPDescriptor>
<AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">
https://service-provider.example.com/liberty-alliance/assertionConsumer
</AssertionConsumerServiceURL>
</SPDescriptor>
</EntityDescriptor>
The identity provider has more things to do:
- receiving an authentication request
- authenticating the user if necessary
- sending a response to the service provider
- (eventually) answering a SOAP request with an other response
All but the last one is handled in the *SingleSignOnServiceURL*; the user has
been redirected there from the service provider with an authentication request
as URL parameter. This authentication request is used to decide several things
(allowed authentication methods for example) and the authentication is done.
This step is not part of the Liberty protocols, this can be as simple as
straight HTTP authentication with a username and a password or as complex as a
Java applet checking a certificate on the client.
Anyway, once the user has been authenticated, an answer must be sent to the
service provider. It is actually not a direct communication, the answer
bounces on the user agent with an HTTP Redirect or by an HTML form pointing to
the service provider.
The answer may be an *artifact* (available in the query string in case of a
redirect or in a ``LAREQ`` form field in case of a POST); the user is then
simply redirected to this URL. The service provider will then make a SOAP
request to the *SoapEndpoint* asking for the authentication response matching
the artifact.
The answer may also be an *authentication response*; since it will be a large
piece of data it must be passed in an HTML page; an HTML form embedding the
authentication response. The user will then submit this form to the service
provider *AssertionConsumerURL*.
Metadata would be::
<?xml version="1.0"?>
<EntityDescriptor providerID="identity-provider" xmlns="urn:liberty:metadata:2003-08">
<IDPDescriptor>
<SoapEndpoint>
https://identity-provider.example.com/soapEndpoint
</SoapEndpoint>
<SingleSignOnServiceURL>
https://identity-provider.example.com/singleSignOn
</SingleSignOnServiceURL>
</IDPDescriptor>
</EntityDescriptor>
Implementing the service provider parts
=======================================
.. warning:: The source code presented in the "implementing" section has for
sole purpose to explain the different steps necessary to implement
the profiles; they notably lack proper error checking. See
XXX for details on error checking.
Sending the user to the identity provider
-----------------------------------------
``server`` is a *LassoServer* object as seen earlier (`LassoServer`_) and
``idpProviderId`` is a string with the identity provider Id (the string must
match a providerID defined in the metadata file).
::
LassoLogin *login;
/* create login object */
login = lasso_login_new(server);
Select profile to use, HTTP Redirect::
lasso_login_init_authn_request(login, idpProviderId, LASSO_HTTP_METHOD_REDIRECT);
or HTTP POST::
lasso_login_init_authn_request(login, idpProviderId, LASSO_HTTP_METHOD_POST);
Parametrize request::
/* will force authentication on the identity provider */
LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->ForceAuthn = TRUE;
/* ask for identity federation */
LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->NameIDPolicy =
strdup(LASSO_LIB_NAME_ID_POLICY_TYPE_FEDERATED);
/* the user consents with the idea of identity federation */
LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->consent =
strdup(LASSO_LIB_CONSENT_OBTAINED);
(see API reference for other possible values)
Create the authentication request::
lasso_login_build_authn_request_msg(login);
An URL is then defined in ``LASSO_PROFILE(login)->msg_url``; the user must be
redirected to it; for example, in a CGI::
printf("Location: %s\n", LASSO_PROFILE(login)->msg_url);
Receiving an answer from the identity provider
----------------------------------------------
This part is handled on the *AssertionConsumerURL*.
Receiving an assertion
......................
The user has been directed to this URL. If it was a redirect the query string
(the part of the URL after the question mark) will hold the artifact and may be
used to initialize the *LassoLogin* object.
::
LassoLogin *login;
login = lasso_login_new(server);
lasso_login_init_request(login, query_string, LASSO_HTTP_METHOD_REDIRECT);
lasso_login_build_request_msg(login);
If it was a form post it will have a ``LAREQ`` field.
::
LassoLogin *login;
login = lasso_login_new(server);
lasso_login_init_request(login, lareq_field, LASSO_HTTP_METHOD_POST);
lasso_login_build_request_msg(login);
The service provider must then check this artifact using a SOAP request to the
identity provider. The URL is ``LASSO_PROFILE(login)->msg_url`` while the
request is ``LASSO_PROFILE(login)->msg_body``. The request must succeed with
an HTTP 200 status code. The SOAP answer body must then be passed to::
lasso_login_process_response_msg(login, answer);
Receiving an authentication response
....................................
A form with a ``LARES`` field has been posted; this element holds the
authentication response.
::
LassoLogin *login;
login = lasso_login_new(server);
lasso_login_process_authn_response_msg(lares_field);
Federating identities
.....................
There is then a ``nameIdentifier`` (accessible through
``LASSO_PROFILE(login)->nameIdentifier``) for the user identifying. If this
name identifier is already known by the service provider the corresponding
identity and session must be restored.
::
if (session_dump != NULL) {
lasso_profile_set_session_from_dump(LASSO_PROFILE(login), session_dump);
}
if (identity_dump != NULL) {
lasso_profile_set_identity_from_dump(LASSO_PROFILE(login), identity_dump);
}
Process the authentication request, this will update (or create) the identity
and session.
::
lasso_login_accept_sso(login);
Identity and session must then be saved and finally the ``login`` object can be
destroyed::
lasso_login_destroy(login);
And a success web page may then be displayed.
Implementing the identity provider parts
========================================
XXX

411
branches/branch-0-6-0/docs/lasso-book/writing-a-c-sp.txt Normal file
View File

@ -0,0 +1,411 @@
=======================================
Writing a Liberty service provider in C
=======================================
:Author: Frederic Peters
:Contact: fpeters@entrouvert.com
:date: $Date$
:revision: $Revision$
:copyright: Copyright © 2004, 2005 Entr'ouvert
.. contents:: Table of Contents
.. section-numbering::
Lasso Projects Basics
=====================
Lasso functions are defined in several header files typically located in
``/usr/include/lasso/`` or ``/usr/local/include/lasso/``. It is possible to
include individual files but in most case it is enough to include the main
``lasso.h``.
The first thing to do is then to call ``lasso_init()``. Similarly the last
thing will be to call ``lasso_shutdown()``. The smallest and useless Lasso
project will therefore be::
#include <lasso/lasso.h>
int main(int argc, char *argv[])
{
lasso_init();
printf("Hello world.\n");
lasso_shutdown();
return 0;
}
Lasso uses a tool called ``pkg-config`` to know the necessary flags for
compilation and linking.
::
$ pkg-config lasso --cflags
-DXMLSEC_CRYPTO=\"openssl\" -DXMLSEC_LIBXML_260=1 -D__XMLSEC_FUNCTION__=__FUNCTION__
-DXMLSEC_NO_XKMS=1 -DXMLSEC_NO_CRYPTO_DYNAMIC_LOADING=1 -DXMLSEC_CRYPTO_OPENSSL=1
-I/usr/include/lasso -I/usr/include/libxml2 -I/usr/include/xmlsec1 -I/usr/include/glib-2.0
-I/usr/lib/glib-2.0/include
$ pkg-config lasso --libs
-llasso -lxmlsec1-openssl -lxmlsec1 -lssl -lcrypto -ldl -lgobject-2.0 -lxslt -lxml2
-lpthread -lz -lm -lglib-2.0
Creating an executable from the previous sample would then a simple matter of
calling ``gcc`` with the right flags. But there is currently a bug in
XMLSec, the library used by Lasso to provide XML Signature and XML Encryption
support. It is possible to workaround the bug::
$ gcc hello.c -o hello $(pkg-config lasso --cflags --libs)
<command line>:4:16: missing terminating " character
$ gcc hello.c -o hello $(pkg-config xmlsec1 --cflags --libs | tr -d '\\')
$ ./hello
Hello world.
Liberty and Lasso profiles
==========================
Lasso provides the necessary functions to implement Liberty Alliance profiles,
as defined in the `Liberty ID-FF Bindings and Profiles Specification`_. They
are:
- Single Sign-On and Federation
- Name Registration
- Federation Termination Notification
- Single Logout
- Identity Provider Introduction
- Name Identifier Mapping
- Name Identifier Encryption
Each profile maps to a Lasso object such as ``LassoLogin``, ``LassoLogout``...
Those are initialized with data known about identity and service providers,
available in a ``LassoServer`` object.
The ``LassoServer`` object may be created as follows:
::
LassoServer *server;
server = lasso_server_new("sp-metadata.xml",
"sp-private-key.pem", "sp-crt.pem",
LASSO_SIGNATURE_METHOD_RSA_SHA1);
lasso_server_add_provider(server, LASSO_PROVIDER_ROLE_IDP,
"idp-metadata.xml", "idp-public-key.pem", "ca-crt.pem");
- ``sp-metadata.xml`` is the Liberty metadata file for the service provider
- ``idp-metadata.xml`` is the Liberty metadata file for the identity provider
- ``sp-private-key.pem`` is the service provider private key; used to sign
documents
- ``sp-crt.pem`` is the service provider certificate; sent inside signed
documents
- ``idp-public-key.pem`` is the identity provider public key; used to verify
signature in documents sent by the identity provider
- ``ca-crt.pem`` is the certificate of the certification authority used by the
identity provider.
It is of course possible to have several calls so ``lasso_server_add_provider``
if there are more than one identity provider.
.. note:: Figures in the previously referred Binding and Profiles specification
document are quite helpful in figuring out the message passing.
Serialization
-------------
``LassoServer`` objects can be serialized into XML files::
gchar *dump;
FILE *fd;
dump = lasso_server_dump(server);
/* write dump into a file, a database, whatever */
g_free(dump);
.. note:: ``lasso_server_dump`` (and other Lasso dump functions) allocates
memory through GLib. ``g_free`` is then the function to use instead
of ``free`` to release memory.
It is then really easy to get back properly constructed objects::
LassoServer *server;
gchar *dump;
/* restore dump from file, database, whatever */
server = lasso_server_new_from_dump(dump);
.. warning:: The server dump only contains the filenames; not the actual file
contents. Files should not be moved afterwards.
Liberty Metadata Files
======================
They are descriptions of a provider containing ``providerID`` and various
norminative URLs::
<?xml version="1.0"?>
<EntityDescriptor
providerID="https://sp.example.com/" xmlns="urn:liberty:metadata:2003-08">
<SPDescriptor>
<SingleLogoutServiceURL>https://sp.example.com/singleLogout</SingleLogoutServiceURL>
<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
<SoapEndpoint>https://sp.example.com/soapEndpoint</SoapEndpoint>
<AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">
https://sp.example.com/assertionConsumer
</AssertionConsumerServiceURL>
<AuthnRequestsSigned>true</AuthnRequestsSigned>
</SPDescriptor>
</EntityDescriptor>
Describe a service provider (with providerID ``https://sp.example.com``) whose
single logout service URL is ``https://sp.example.com/singleLogout``. Refer to
the Liberty Alliance specifications for details.
Single Sign-On and Federation Profile
=====================================
.. warning:: The source code presented in this section has for sole purpose
to explain the different steps necessary to implement this
profile; they notably lack proper error checking. See `Proper
Error Checking`_ for details on error checking.
As a first step the user points its browser to the service provider to the
login URL; the service provider must then respond with an HTTP 302 Redirect
response, pointing the user browser to the identity provider single sign on
service.
.. note:: the login URL is not normative; any name will do.
``server`` is a ``LassoServer`` as seen earlier and ``idpProviderId`` is a
string with the identity provider Id (the string must match a providerID
defined in the metadata file).
::
LassoLogin *login;
login = lasso_login_new(server);
lasso_login_init_authn_request(login, idpProviderId, LASSO_HTTP_METHOD_REDIRECT);
LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->ForceAuthn = TRUE;
LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->IsPassive = FALSE;
LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->NameIDPolicy =
strdup(LASSO_LIB_NAME_ID_POLICY_TYPE_FEDERATED);
LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->consent =
strdup(LASSO_LIB_CONSENT_OBTAINED);
lasso_login_build_authn_request_msg(login);
You can now redirect the user to the URL defined in ``LASSO_PROFILE(login)->msg_url``; for
example, in a CGI::
printf("Location: %s\n", LASSO_PROFILE(login)->msg_url);
The user then logs in on the identity provider which ultimately redirects back
to the service provider; to the assertion consumer URL. A SAML artifact is
passed in the query parameter.
.. note:: the assertion consumer URL is defined by Liberty; it must be declared
in the ``AssertionConsumerServiceURL`` element of the metadata file.
::
LassoLogin *login;
login = lasso_login_new(server);
lasso_login_init_request(login, query_string, LASSO_HTTP_METHOD_REDIRECT);
lasso_login_build_request_msg(login);
The service provider must check this artifact using a SOAP request to the
identity provider. The URL is ``LASSO_PROFILE(login)->msg_url`` while the
request is ``LASSO_PROFILE(login)->msg_body``. The request must succeed with
an HTTP 200 status code; let's consider its content is put in the ``answer``,
the next statement would be::
lasso_login_process_response_msg(login, answer);
The users are defined by a ``nameIdentifier`` (accessible through
``LASSO_PROFILE(login)->nameIdentifier``). Those typically map to users
and sessions in some database on the service provider. If existing; the
session should probably contains a ``session_dump`` element and the user a
``identity_dump`` element. See `Database Considerations`_ below for more
informations.
It is now time to get them out of the database and apply them to the ``login``
object.
::
if (session_dump != NULL) {
lasso_profile_set_session_from_dump(LASSO_PROFILE(login), session_dump);
}
if (identity_dump != NULL) {
lasso_profile_set_identity_from_dump(LASSO_PROFILE(login), identity_dump);
}
lasso_login_accept_sso(login);
After ``lasso_login_accept_sso`` the session and the identity are updated (or
created) and should then be saved. If the identity has not regnogized by the
service provider an account will probably have to be created on the service
provider; this is a good opportunity to ask the user for more information.
You can get respective dumps like this::
LassoIdentity *identity;
LassoSession *session;
char *identity_dump = NULL, *session_dump = NULL;
if (lasso_profile_is_identity_dirty(LASSO_PROFILE(login))) {
identity = lasso_profile_get_identity(LASSO_PROFILE(login));
identity_dump = lasso_identity_dump(identity);
lasso_identity_destroy(identity);
}
if (lasso_profile_is_session_dirty(LASSO_PROFILE(login))) {
session = lasso_profile_get_session(LASSO_PROFILE(login));
session_dump = lasso_session_dump(session);
lasso_session_destroy(session);
}
/* code to store identity_dump and session_dump */
Finally the ``login`` object can then be destroyed::
lasso_login_destroy(login);
And a success web page displayed.
Single Logout Profile
=====================
There are different single logout profiles; some initiated on the identity
provider, others initiated on the service provider, using either HTTP redirects
or SOAP requests.
This part is about a logout using SOAP and initiated on the service provider.
::
LassoLogout *logout;
logout = lasso_logout_new(lassoServer);
Identity and session dumps should be restored to prepare the logout request.
::
if (session_dump != NULL) {
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump);
}
if (identity_dump != NULL) {
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump);
}
lasso_logout_init_request(logout, idpProviderId, LASSO_HTTP_METHOD_SOAP);
lasso_logout_build_request_msg(logout);
The service provider must then make a SOAP request to the identity provider;
``msg_url`` and ``msg_body``. You should then pass the answer to Lasso::
lasso_logout_process_response_msg(logout, answer);
And save back session and user dump; the process is similar as the one at the
end of the single sign on profile.
Proper Error Checking
=====================
Most Lasso functions returns 0 on success and a negative number on failure. It
is strongly advised to check this return code on each call.
::
int rc;
rc = lasso_logout_process_response_msg(logout, answer)
if (rc) {
fprintf(stderr, "Lasso Error: %d\n", rc);
/* handling error; most probably bailing out */
}
Database Considerations
=======================
Lasso has been designed to let the service provider keep on using existing
databases. Typically there is already a table describing users; just add an
identity dump column to the existing table:
======= ======================================== ==============
User Id existing data (name, address...) Identity dump
======= ======================================== ==============
1 ... <Identity> ...
2 ... <Identity> ...
======= ======================================== ==============
Mapping between existing users and name identifiers sent by the identity
provider can be done with a simple table.
=============== =======
Name Identifier User Id
=============== =======
AQWWRRS... 1
CGFASDE... 2
YYSSSDS... 1
=============== =======
.. note:: A separate table is needed because one user Id could map
to several name identifiers; in case there are several identity
providers.
Sessions are also commonly stored in databases; just add a session dump column
to the existing session table:
========== ================= =============
Session Id misc session data Session dump
========== ================= =============
6744066 ... <Session> ...
3338824 ... <Session> ...
========== ================= =============
Likewise sessions should be mapped to name identifiers.
=============== ==========
Name Identifier Session Id
=============== ==========
AQWWRRS... 3338824
=============== ==========
API Reference
=============
- LassoLogin_
- LassoLogout_
- LassoIdentity_
- LassoServer_
- LassoSession_
.. _Liberty ID-FF Bindings and Profiles Specification:
http://www.projectliberty.org/specs/draft-liberty-idff-bindings-profiles-1.2-errata-v1.0.pdf
.. _LassoLogin: /lasso-api/lassologin.html
.. _LassoLogout: /lasso-api/lassologout.html
.. _LassoIdentity: /lasso-api/lassoidentity.html
.. _LassoServer: /lasso-api/lassoserver.html
.. _LassoSession: /lasso-api/lassosession.html

0
docs/reference/.cvsignore → branches/branch-0-6-0/docs/reference/.cvsignore
View File

158
branches/branch-0-6-0/docs/reference/Makefile.am Normal file
View File

@ -0,0 +1,158 @@
EXTRA_DIST = \
lasso-sections.txt \
lasso.sgml \
lasso.types \
version.xml.in
# We need to pre-process original source files
# because gtkdoc does not understand some C features
#
DOC_SOURCE_DIR = ./code
DOC_SOURCE_FILES = \
$(shell find $(top_srcdir)/lasso -name '*.c' -print ) \
$(shell find $(top_srcdir)/lasso -name '*.h' -print | grep -v private)
IGNORE_HFILES = lasso_config.h
# do nothing for all
all: docs
docs: sgml html clean-sources
html: sgml lasso.sgml lasso-index
@echo '*** Building HTML ***'
test -d html || mkdir html
cd html && gtkdoc-mkhtml lasso ../build/lasso.sgml
SCANOBJ_FILES = lasso.hierarchy lasso.signals lasso.interfaces lasso.prerequisites lasso.args
#
# Prepeare sgml files from sources for each library. We are also
# doing some "magic" here by automatically adding links to XML DSig and
# XML Enc specification, we also remove "Ptr" from the end of the link
# targets to make more references
#
sgml: templates
@echo '*** Building SGML ***'
cp $(srcdir)/*.sgml version.xml build/
cd build && gtkdoc-mkdb --module=lasso \
--main-sgml-file=lasso.sgml \
--sgml-mode \
--output-format=xml \
--tmpl-dir=../tmpl/ \
--source-dir=../$(DOC_SOURCE_DIR)/lasso \
--output-dir=../sgml/
(for i in `find sgml -name "*.sgml" -print` ; do \
cat $$i | \
sed 's!\(&lt;dsig:\)\([^/]*\)\(\/&gt;\)!<ulink URL=\"http://www.w3.org/TR/xmldsig-core/#sec-\2\">\1\2\3</ulink>!g' | \
sed 's!\(&lt;enc:\)\([^/]*\)\(\/&gt;\)!<ulink URL=\"http://www.w3.org/TR/xmlenc-core/#sec-\2\">\1\2\3</ulink>!g' | \
sed 's!linkend=\"\(.*\)Ptr\"!linkend=\"\1\"!g' > \
$$i.tmp; \
mv -f $$i.tmp $$i; \
done);
rm -f build/sgml && $(LN_S) ../sgml build/sgml
# don't rebuild templates if tmpl is not in srcdir
templates: scan
@echo '*** Building TMPL ***'
if test $(top_builddir) != $(top_srcdir); then \
cp -R $(srcdir)/tmpl/ . ; \
chmod +w tmpl/ ; \
chmod +w tmpl/*.sgml ; \
else \
(cd build && gtkdoc-mktmpl --module=lasso --output-dir=../tmpl/) ; \
fi
# CFLAGS and LDFLAGS for compiling scan program.
GTKDOC_CFLAGS = \
$(LASSO_CFLAGS) \
-I$(top_srcdir)
GTKDOC_LIBS = \
$(LASSO_LIBS) \
$(top_builddir)/lasso/liblasso.la
GTKDOC_CC = $(LIBTOOL) --mode=compile $(CC)
GTKDOC_LD = $(LIBTOOL) --mode=link $(CC)
scan: doc_sources
test -d build || mkdir build
@echo '*** Scan sources ***'
cp $(srcdir)/lasso-sections.txt build/
if grep -l '^..*$$' $(srcdir)/lasso.types > /dev/null ; then \
CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" CFLAGS="$(GTKDOC_CFLAGS)" LDFLAGS="$(GTKDOC_LIBS)" gtkdoc-scangobj $(SCANOBJ_OPTIONS) --module=lasso --types=$(srcdir)/lasso.types --output-dir=build/ ; \
else \
cd $(srcdir) ; \
for i in $(SCANOBJ_FILES) ; do \
test -f $$i || touch $$i ; \
done \
fi
gtkdoc-scan --module=lasso \
--source-dir=$(DOC_SOURCE_DIR)/lasso/ \
--output-dir=build/ \
--ignore-headers="$(IGNORE_HFILES)"
#
# Prepare source files by coping them to "code" folder and
# removing LASSO_EXPORT* stuff that makes gtkdoc crazy
#
doc_sources: $(DOC_SOURCE_FILES)
@echo '*** Prepare sources ***'
(for i in $(DOC_SOURCE_FILES) ; do \
folder_name=`echo $$i | sed 's#$(top_srcdir)/##' | sed 's#/[^/]*$$##'`; \
file_name=`echo $$i | sed 's#.*/##'`; \
test -d $(DOC_SOURCE_DIR)/$$folder_name || mkdir -p $(DOC_SOURCE_DIR)/$$folder_name; \
cat $$i | \
sed 's/#if.*//' | \
sed 's/#el.*//' | \
sed 's/#end.*//' | \
sed 's/LASSO_EXPORT_VAR//' | \
sed 's/LASSO_EXPORT//' > \
$(DOC_SOURCE_DIR)/$$folder_name/$$file_name; \
done);
#
# Create index for all functions. For macros and defines need to add -CAPS suffix
#
lasso-index: scan
@echo '*** Create functions index ***'
grep -h '<NAME>.*</NAME>' build/lasso-*decl.txt | \
grep -v '<NAME>extern</NAME>' | \
sort -u | \
sed 's#_#-#g' | \
sed 's#<NAME>\([^-]*\)-\([^<]*\)</NAME>#<listitem><para><link linkend=\"\1-\2-CAPS\">\1-\2</link></para></listitem>#g' | \
sed 's#<NAME>\([^<]*\)</NAME>#<listitem><para><link linkend=\"\1\">\1</link></para></listitem>#g' > \
sgml/lasso-index.sgml
clean-local: clean-sources
-rm -rf $(DOC_SOURCE_DIR)
-rm -rf .libs
-if test $(top_builddir) != $(top_srcdir); then rm -f tmpl/*.sgml ; fi
-rm -rf sgml
-rm -rf html
-rm -rf build
-rm -f $(SCANOBJ_FILES) index.sgml lasso-index.sgml
-rm -rf $(SCANOBJ_FILES) *.o *~ *.bak *.stamp
clean-sources:
-rm -rf code
maintainer-clean-local: clean
-rm -rf `find sgml -name "*.sgml" -print`
if GTK_DOC_ENABLED
dist-check-gtkdoc:
else
dist-check-gtkdoc:
@echo "*** gtk-doc must be installed and enabled in order to make dist"
@false
endif
dist-hook: dist-check-gtkdoc dist-hook-local
mkdir $(distdir)/tmpl
mkdir $(distdir)/html
-cp $(srcdir)/tmpl/*.sgml $(distdir)/tmpl
-cp $(srcdir)/html/* $(distdir)/html
.PHONY : dist-hook-local

1000
branches/branch-0-6-0/docs/reference/lasso-sections.txt Normal file
View File

File diff suppressed because it is too large Load Diff

250
branches/branch-0-6-0/docs/reference/lasso.sgml Normal file
View File

@ -0,0 +1,250 @@
<?xml version="1.0"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
<!ENTITY LassoLibAssertion SYSTEM "sgml/lib_assertion.xml">
<!ENTITY LassoLibAuthnRequest SYSTEM "sgml/lib_authn_request.xml">
<!ENTITY LassoLibAuthnRequestEnvelope SYSTEM "sgml/lib_authn_request_envelope.xml">
<!ENTITY LassoLibAuthnResponse SYSTEM "sgml/lib_authn_response.xml">
<!ENTITY LassoLibAuthnResponseEnvelope SYSTEM "sgml/lib_authn_response_envelope.xml">
<!ENTITY LassoLibIDPEntries SYSTEM "sgml/lib_idp_entries.xml">
<!ENTITY LassoLibIDPEntry SYSTEM "sgml/lib_idp_entry.xml">
<!ENTITY LassoLibIDPList SYSTEM "sgml/lib_idp_list.xml">
<!ENTITY LassoLibRequestAuthnContext SYSTEM "sgml/lib_request_authn_context.xml">
<!ENTITY LassoLibScoping SYSTEM "sgml/lib_scoping.xml">
<!ENTITY LassoSamlAdvice SYSTEM "sgml/saml_advice.xml">
<!ENTITY LassoSamlAssertion SYSTEM "sgml/saml_assertion.xml">
<!ENTITY LassoSamlAudienceRestrictionCondition SYSTEM "sgml/saml_audience_restriction_condition.xml">
<!ENTITY LassoSamlAuthenticationStatement SYSTEM "sgml/saml_authentication_statement.xml">
<!ENTITY LassoSamlAuthorityBinding SYSTEM "sgml/saml_authority_binding.xml">
<!ENTITY LassoSamlConditionAbstract SYSTEM "sgml/saml_condition_abstract.xml">
<!ENTITY LassoSamlConditions SYSTEM "sgml/saml_conditions.xml">
<!ENTITY LassoSamlNameIdentifier SYSTEM "sgml/saml_name_identifier.xml">
<!ENTITY LassoSamlStatementAbstract SYSTEM "sgml/saml_statement_abstract.xml">
<!ENTITY LassoSamlSubject SYSTEM "sgml/saml_subject.xml">
<!ENTITY LassoSamlSubjectConfirmation SYSTEM "sgml/saml_subject_confirmation.xml">
<!ENTITY LassoSamlSubjectLocality SYSTEM "sgml/saml_subject_locality.xml">
<!ENTITY LassoSamlSubjectStatementAbstract SYSTEM "sgml/saml_subject_statement_abstract.xml">
<!ENTITY LassoSamlpRequestAbstract SYSTEM "sgml/samlp_request_abstract.xml">
<!ENTITY LassoSamlpResponse SYSTEM "sgml/samlp_response.xml">
<!ENTITY LassoSamlpResponseAbstract SYSTEM "sgml/samlp_response_abstract.xml">
<!ENTITY LassoSamlpStatus SYSTEM "sgml/samlp_status.xml">
<!ENTITY LassoSamlpStatusCode SYSTEM "sgml/samlp_status_code.xml">
<!ENTITY LassoNode SYSTEM "sgml/node.xml">
<!ENTITY LassoLibLogoutRequest SYSTEM "sgml/lib_logout_request.xml">
<!ENTITY LassoLibFederationTerminationNotification SYSTEM "sgml/lib_federation_termination_notification.xml">
<!ENTITY LassoLibLogoutResponse SYSTEM "sgml/lib_logout_response.xml">
<!ENTITY LassoLibNameIdentifierMappingRequest SYSTEM "sgml/lib_name_identifier_mapping_request.xml">
<!ENTITY LassoLibNameIdentifierMappingResponse SYSTEM "sgml/lib_name_identifier_mapping_response.xml">
<!ENTITY LassoLibRegisterNameIdentifierRequest SYSTEM "sgml/lib_register_name_identifier_request.xml">
<!ENTITY LassoLibRegisterNameIdentifierResponse SYSTEM "sgml/lib_register_name_identifier_response.xml">
<!ENTITY LassoLibStatusResponse SYSTEM "sgml/lib_status_response.xml">
<!ENTITY LassoLibSubject SYSTEM "sgml/lib_subject.xml">
<!ENTITY LassoSamlpRequest SYSTEM "sgml/samlp_request.xml">
<!ENTITY LassoLibAuthnContext SYSTEM "sgml/lib_authn_context.xml">
<!ENTITY LassoLibAuthenticationStatement SYSTEM "sgml/lib_authentication_statement.xml">
<!ENTITY lasso-lasso SYSTEM "sgml/lasso.xml">
<!ENTITY LassoFederation SYSTEM "sgml/federation.xml">
<!ENTITY LassoLecp SYSTEM "sgml/lecp.xml">
<!ENTITY LassoProvider SYSTEM "sgml/provider.xml">
<!ENTITY LassoDefederation SYSTEM "sgml/defederation.xml">
<!ENTITY LassoNameRegistration SYSTEM "sgml/name_registration.xml">
<!ENTITY LassoNameIdentifierMapping SYSTEM "sgml/name_identifier_mapping.xml">
<!ENTITY LassoIdentity SYSTEM "sgml/identity.xml">
<!ENTITY LassoLogin SYSTEM "sgml/login.xml">
<!ENTITY LassoLogout SYSTEM "sgml/logout.xml">
<!ENTITY LassoProfile SYSTEM "sgml/profile.xml">
<!ENTITY LassoServer SYSTEM "sgml/server.xml">
<!ENTITY LassoSession SYSTEM "sgml/session.xml">
<!ENTITY LassoStrings SYSTEM "sgml/strings.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<book id="index">
<bookinfo>
<title>Lasso Reference Manual</title>
<releaseinfo>for Lasso &version;</releaseinfo>
<legalnotice>
<para>
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
</para>
</legalnotice>
<copyright>
<year>2004</year>
<holder>Entr'ouvert</holder>
</copyright>
</bookinfo>
<chapter id="lasso">
<title>Lasso &amp; Liberty Alliance Overview</title>
<para>
Lasso is a library which provides all the necessary functions for sites to
implement <ulink url="http://www.projectliberty.org">Liberty Alliance</ulink>
specifications. It defines processes for federated identities, single sign-on
and related protocols.
</para>
<para>
Founded in 2001 by Sun in order to propose an alternative to the
Microsoft Passport project, the consortium Liberty Alliance aims to
promote an infrastructure of standards allowing the management of
federated identities between several services or systems.
</para>
<para>
A federated identity (or network identity) of an individual or a legal entity
on Internet gather at the same time:
<itemizedlist>
<listitem>
Its identification (name, co-ordinates, preferences, history...);
</listitem>
<listitem>
Its authentication (which guarantees the validity of an identity);
</listitem>
<listitem>
Its authorisations (access rights to information, access rights to
services).
</listitem>
</itemizedlist>
</para>
<para>
Liberty standards aims to give more coherence to a network identity
which is scattered (numerous logins and passwords) today. This identity
becomes frequently delicate to manage, both for customers and businesses.
</para>
<para>
The Liberty Alliance specifications define three types of actors:
<itemizedlist>
<listitem>
The user, person or entity who can acquire an identity;
</listitem>
<listitem>
The identity provider which creates and manages the identity of
the users, and authenticates them to the service providers;
</listitem>
<listitem>
The service provider who provides services to the users once that
they have authenticated to an identity provider.
</listitem>
</itemizedlist>
</para>
<para>
One calls circle of trust a grouping of identity providers and service
providers which agreed to share (to federate) the identity of their users.
</para>
<para>
Contrary to most other implementations of Liberty Alliance, Lasso is not a
full-fedged system but a simple C library, with complete bindings for Java,
Perl, PHP and Python. The integration work should largely be facilitated.
An existing site should be able to integrate it in a few days of
development, without calling into question its architecture. Lasso is a
library written in C Language.
</para>
<para>
Lasso is built on top of <ulink url="http://www.xmlsoft.org">libxml2</ulink>,
<ulink url="http://www.aleksey.com/xmlsec/">XMLSec</ulink> and
<ulink url="http://www.openssl.org">OpenSSL</ulink> and is licensed under
the <ulink url="http://lasso.entrouvert.org/license">GNU General Public License</ulink>
(with an <ulink url="http://lasso.entrouvert.org/license#openssl">OpenSSL exception</ulink>).
</para>
</chapter>
<chapter id="architecture">
<title>Lasso Architecture</title>
&LassoProvider;
&LassoServer;
&LassoIdentity;
&LassoSession;
&LassoFederation;
</chapter>
<chapter id="idff">
<title>Identity Federation Framework</title>
&LassoProfile;
&LassoLogin;
&LassoLecp;
&LassoLogout;
&LassoDefederation;
&LassoNameRegistration;
&LassoNameIdentifierMapping;
</chapter>
<chapter id="idwsf">
<title>Identity Web Services Framework</title>
<para>
</para>
</chapter>
<chapter id="xml">
<title>Schemas</title>
&LassoNode;
&LassoLibAssertion;
&LassoLibAuthenticationStatement;
&LassoLibAuthnContext;
&LassoLibAuthnRequest;
&LassoLibAuthnRequestEnvelope;
&LassoLibAuthnResponse;
&LassoLibAuthnResponseEnvelope;
&LassoLibFederationTerminationNotification;
&LassoLibIDPEntries;
&LassoLibIDPEntry;
&LassoLibIDPList;
&LassoLibLogoutRequest;
&LassoLibLogoutResponse;
&LassoLibNameIdentifierMappingRequest;
&LassoLibNameIdentifierMappingResponse;
&LassoLibRegisterNameIdentifierRequest;
&LassoLibRegisterNameIdentifierResponse;
&LassoLibRequestAuthnContext;
&LassoLibScoping;
&LassoLibStatusResponse;
&LassoLibSubject;
&LassoSamlAdvice;
&LassoSamlAssertion;
&LassoSamlAudienceRestrictionCondition;
&LassoSamlAuthenticationStatement;
&LassoSamlAuthorityBinding;
&LassoSamlConditionAbstract;
&LassoSamlConditions;
&LassoSamlNameIdentifier;
&LassoSamlpRequest;
&LassoSamlpRequestAbstract;
&LassoSamlpResponse;
&LassoSamlpResponseAbstract;
&LassoSamlpStatus;
&LassoSamlpStatusCode;
&LassoSamlStatementAbstract;
&LassoSamlSubject;
&LassoSamlSubjectConfirmation;
&LassoSamlSubjectLocality;
&LassoSamlSubjectStatementAbstract;
</chapter>
<chapter id="misc">
<title>Misc</title>
&lasso-lasso;
&LassoStrings;
</chapter>
</book>

52
branches/branch-0-6-0/docs/reference/lasso.types Normal file
View File

@ -0,0 +1,52 @@
#include <lasso/lasso.h>
lasso_lib_assertion_get_type
lasso_lib_authentication_statement_get_type
lasso_lib_authn_context_get_type
lasso_lib_authn_request_get_type
lasso_lib_authn_response_get_type
lasso_lib_federation_termination_notification_get_type
lasso_lib_idp_entries_get_type
lasso_lib_idp_entry_get_type
lasso_lib_idp_list_get_type
lasso_lib_logout_request_get_type
lasso_lib_logout_response_get_type
lasso_lib_name_identifier_mapping_request_get_type
lasso_lib_name_identifier_mapping_response_get_type
lasso_lib_register_name_identifier_request_get_type
lasso_lib_register_name_identifier_response_get_type
lasso_lib_request_authn_context_get_type
lasso_lib_scoping_get_type
lasso_lib_status_response_get_type
lasso_lib_subject_get_type
lasso_saml_advice_get_type
lasso_saml_assertion_get_type
lasso_saml_audience_restriction_condition_get_type
lasso_saml_authentication_statement_get_type
lasso_saml_authority_binding_get_type
lasso_saml_condition_abstract_get_type
lasso_saml_conditions_get_type
lasso_saml_name_identifier_get_type
lasso_saml_statement_abstract_get_type
lasso_saml_subject_get_type
lasso_saml_subject_confirmation_get_type
lasso_saml_subject_locality_get_type
lasso_saml_subject_statement_abstract_get_type
lasso_samlp_request_get_type
lasso_samlp_request_abstract_get_type
lasso_samlp_response_get_type
lasso_samlp_response_abstract_get_type
lasso_samlp_status_get_type
lasso_samlp_status_code_get_type
lasso_defederation_get_type
lasso_federation_get_type
lasso_lecp_get_type
lasso_login_get_type
lasso_logout_get_type
lasso_profile_get_type
lasso_provider_get_type
lasso_server_get_type
lasso_identity_get_type
lasso_session_get_type

83
branches/branch-0-6-0/docs/reference/snippet-types.rst Normal file
View File

@ -0,0 +1,83 @@
Snippet Types
=============
{ name, type, value }; assumes Name as name and Value as value in examples.
SNIPPET_NODE
<Parent>
<Value/>
</Parent>
SNIPPET_CONTENT
<Parent>
<Name>Value</Name>
</Parent>
SNIPPET_TEXT_CHILD
<Parent>
Value
</Parent>
SNIPPET_NAME_IDENTIFIER
(same result as SNIPPET_NODE)
SNIPPET_ATTRIBUTE
<Parent Name="Value"/>
SNIPPET_NODE_IN_CHILD
<Parent>
<Name>
<Value/>
</Name>
</Parent>
SNIPPET_LIST_NODES
<Parent>
<Value-1/>
<Value-2/>
<Value-n/>
</Parent>
[note: if there are no other nodes; it is possible to leave snippet name as
the empty string; nodes will then be constructed looking at their names and
namespaces (this is useful for xs:any)]
SNIPPET_LIST_CONTENT
<Parent>
<Name>Value-1</Name>
<Name>Value-2</Name>
<Name>Value-n</Name>
</Parent>
SNIPPET_LIST_XMLNODES
<Parent>
<Value-1/>
<Value-2/>
<Value-3/>
</Parent>
SNIPPET_EXTENSION
(for <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>)
SNIPPET_SIGNATURE
(for XMLDSig)

80
branches/branch-0-6-0/docs/reference/tmpl/defederation.sgml Normal file
View File

@ -0,0 +1,80 @@
<!-- ##### SECTION Title ##### -->
LassoDefederation
<!-- ##### SECTION Short_Description ##### -->
Federation Termination Notification Profile
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoDefederation ##### -->
<para>
</para>
<!-- ##### FUNCTION lasso_defederation_new ##### -->
<para>
</para>
@server:
@Returns:
<!-- ##### FUNCTION lasso_defederation_destroy ##### -->
<para>
</para>
@defederation:
<!-- ##### FUNCTION lasso_defederation_build_notification_msg ##### -->
<para>
</para>
@defederation:
@Returns:
<!-- ##### FUNCTION lasso_defederation_init_notification ##### -->
<para>
</para>
@defederation:
@remote_providerID:
@http_method:
@Returns:
<!-- # Unused Parameters # -->
@notification_method:
<!-- ##### FUNCTION lasso_defederation_process_notification_msg ##### -->
<para>
</para>
@defederation:
@notification_msg:
@Returns:
<!-- ##### FUNCTION lasso_defederation_validate_notification ##### -->
<para>
</para>
@defederation:
@Returns:

65
branches/branch-0-6-0/docs/reference/tmpl/federation.sgml Normal file
View File

@ -0,0 +1,65 @@
<!-- ##### SECTION Title ##### -->
LassoFederation
<!-- ##### SECTION Short_Description ##### -->
Principal federation between two providers
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoFederation ##### -->
<para>
</para>
@remote_providerID:
@local_nameIdentifier:
@remote_nameIdentifier:
<!-- ##### FUNCTION lasso_federation_new ##### -->
<para>
</para>
@remote_providerID:
@Returns:
<!-- ##### FUNCTION lasso_federation_destroy ##### -->
<para>
</para>
@federation:
<!-- ##### FUNCTION lasso_federation_build_local_name_identifier ##### -->
<para>
</para>
@federation:
@nameQualifier:
@format:
@content:
<!-- ##### FUNCTION lasso_federation_verify_name_identifier ##### -->
<para>
</para>
@federation:
@name_identifier:
@Returns:
<!-- # Unused Parameters # -->
@nameIdentifier:

68
branches/branch-0-6-0/docs/reference/tmpl/identity.sgml Normal file
View File

@ -0,0 +1,68 @@
<!-- ##### SECTION Title ##### -->
LassoIdentity
<!-- ##### SECTION Short_Description ##### -->
Principal Identity
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoIdentity ##### -->
<para>
</para>
@federations:
@is_dirty:
<!-- ##### FUNCTION lasso_identity_new ##### -->
<para>
</para>
@Returns:
<!-- ##### FUNCTION lasso_identity_new_from_dump ##### -->
<para>
</para>
@dump:
@Returns:
<!-- ##### FUNCTION lasso_identity_destroy ##### -->
<para>
</para>
@identity:
<!-- ##### FUNCTION lasso_identity_dump ##### -->
<para>
</para>
@identity:
@Returns:
<!-- ##### FUNCTION lasso_identity_get_federation ##### -->
<para>
</para>
@identity:
@providerID:
@Returns:

73
branches/branch-0-6-0/docs/reference/tmpl/lib_authn_request.sgml Normal file
View File

@ -0,0 +1,73 @@
<!-- ##### SECTION Title ##### -->
LassoLibAuthnRequest
<!-- ##### SECTION Short_Description ##### -->
&lt;lib:AuthnRequest&gt;
<!-- ##### SECTION Long_Description ##### -->
<para>
Authentication requests are sent from a service provider to an identity
provider.
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
<variablelist>
<varlistentry>
<term>#LassoLogin</term>
<listitem><para>Class for Single Sign-On and Federation
profile.</para></listitem>
</varlistentry>
</variablelist>
</para>
<!-- ##### STRUCT LassoLibAuthnRequest ##### -->
<para>
@ProviderID is the service provider identifier, this field will often be filled
with lasso_login_init_authn_request().
</para>
<para>
@nameIDPolicy tells the identity provider about the policy to use for
federation; it must be one of #LASSO_LIB_NAMEID_POLICY_TYPE_NONE,
#LASSO_LIB_NAMEID_POLICY_TYPE_ONE_TIME, #LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED
or #LASSO_LIB_NAMEID_POLICY_TYPE_ANY.
</para>
<para>
@IsPassive; if %TRUE (default) it tells the identity provider not to interact
with the user.
</para>
<para>
@ForceAuthn; only used if @IsPassive is %FALSE, it tells the identity provider
to force authentication of the user even when already authenticated.
</para>
<para>
@ProtocolProfile is the Single Sign-On and Federation profile to adopt; either
#LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART (which is the default value) or
#LASSO_LIB_PROTOCOL_PROFILE_BRWS_POST.
</para>
@Extension:
@ProviderID:
@AffiliationID:
@NameIDPolicy:
@ForceAuthn:
@IsPassive:
@ProtocolProfile:
@AssertionConsumerServiceID:
@RequestAuthnContext:
@RelayState:
@Scoping:
@consent:
<!-- ##### FUNCTION lasso_lib_authn_request_new ##### -->
<para>
</para>
@Returns:

358
branches/branch-0-6-0/docs/reference/tmpl/login.sgml Normal file
View File

@ -0,0 +1,358 @@
<!-- ##### SECTION Title ##### -->
LassoLogin
<!-- ##### SECTION Short_Description ##### -->
Single Sign-On and Federation Profile
<!-- ##### SECTION Long_Description ##### -->
<para>
The Single Sign On process allows a user to log in once to an identity provider
(IdP), and to be then transparently loged in to the required service providers
(SP) belonging to the IP "circle of trust". Subordinating different identities
of the same user within a circle of trust to a unique IP is called "Identity
Federation". The liberty Alliance specifications allows, thanks to this
federation, strong and unique authentication coupled with control by the user
of his personnal informations. The explicit user agreement is necessary before
proceeding to Identity Federation.
</para>
<para>
The service provider must implement the following process:
<itemizedlist>
<listitem><para>creating an authentication request (#LassoLibAuthnRequest) with
lasso_login_init_authn_request();</para></listitem>
<listitem><para>sending it to the identity provider with
lasso_login_build_authn_request_msg();</para></listitem>
<listitem><para>receiving and processing the answer:
<itemizedlist>
<listitem>either an authentication response with
lasso_login_process_authn_response_msg()</listitem>
<listitem>or an artifact with lasso_login_init_request() then sending the
request to the IdP with lasso_login_build_request_msg() and processing the
new answer with lasso_login_process_response_msg().</listitem>
</itemizedlist>
</para></listitem>
</itemizedlist>
</para>
<example>
<title>Service Provider Login URL</title>
<programlisting>
LassoLogin *login;
login = lasso_login_new(server);
lasso_login_init_authn_request(login, "http://identity-provider-id/",
LASSO_HTTP_METHOD_REDIRECT);
/* customize AuthnRequest */
request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request);
request->NameIDPolicy = strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
request->ForceAuthn = TRUE;
request->IsPassive = FALSE;
request->ProtocolProfile = strdup(LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART);
lasso_login_build_authn_request_msg(login);
/* redirect user to identity provider */
printf("Location: %s\n\nRedirected to IdP\n", LASSO_PROFILE(login)->msg_url);
</programlisting>
</example>
<example>
<title>Service Provider Assertion Consumer Service URL</title>
<programlisting>
LassoLogin *login;
char *request_method = getenv("REQUEST_METHOD");
char *artifact_msg = NULL, *lares = NULL, *lareq = NULL;
char *name_identifier;
lassoHttpMethod method;
login = lasso_login_new(server);
if (strcmp(request_method, "GET") == 0) {
artifact_msg = getenv("QUERY_STRING");
method = LASSO_HTTP_METHOD_REDIRECT;
} else {
/* read submitted form; if it has a LAREQ field, put it in lareq,
* if it has a LARES field, put it in lares */
if (lareq) {
artifact_msg = lareq;
} else if (lares) {
response_msg = lares;
} else {
/* bail out */
}
method = LASSO_HTTP_METHOD_POST;
}
if (artifact_msg) {
lasso_login_init_request(login, artifact_msg, method);
lasso_login_build_request_msg(login);
/* makes a SOAP call, soap_call is NOT a Lasso function */
soap_answer_msg = soap_call(LASSO_PROFILE(login)->msg_url,
LASSO_PROFILE(login)->msg_body);
lasso_login_process_response_msg(login, soap_answer_msg);
} else if (response_msg) {
lasso_login_process_authn_response_msg(login, response_msg);
}
/* looks up name_identifier in local file, database, whatever and gets back
* two things: identity_dump and session_dump */
name_identifier = LASSO_PROFILE(login)->nameIdentifier
lasso_profile_set_identity_from_dump(LASSO_PROFILE(login), identity_dump);
lasso_profile_set_session_from_dump(LASSO_PROFILE(login), session_dump);
lasso_login_accept_sso(login);
if (lasso_profile_is_identity_dirty(LASSO_PROFILE(login))) {
LassoIdentity *identity;
char *identity_dump;
identity = lasso_profile_get_identity(LASSO_PROFILE(login));
identity_dump = lasso_identity_dump(identity);
/* record identity_dump in file, database... */
}
if (lasso_profile_is_session_dirty(LASSO_PROFILE(login))) {
LassoSession *session;
char *session_dump;
session = lasso_profile_get_session(LASSO_PROFILE(login));
session_dump = lasso_session_dump(session);
/* record session_dump in file, database... */
}
/* redirect user anywhere */
printf("Location: /\n\nRedirected to site root\n");
</programlisting>
</example>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoLogin ##### -->
<para>
Single sign-on profile for the current transaction; possibly an
assertionArtifact to be used by the service provider in its
"assertionConsumerServiceURL" and the assertion created or received for the
principal.
</para>
@protocolProfile:
@assertionArtifact:
@assertion:
<!-- ##### ENUM LassoLoginProtocolProfile ##### -->
<para>
Identifies the two possible profiles for Single Sign-On and Federation.
</para>
@LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART:
@LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST:
<!-- ##### FUNCTION lasso_login_new ##### -->
<para>
</para>
@server:
@Returns:
<!-- ##### FUNCTION lasso_login_destroy ##### -->
<para>
</para>
@login:
<!-- ##### FUNCTION lasso_login_dump ##### -->
<para>
</para>
@login:
@Returns:
<!-- ##### FUNCTION lasso_login_new_from_dump ##### -->
<para>
</para>
@server:
@dump:
@Returns:
<!-- ##### FUNCTION lasso_login_accept_sso ##### -->
<para>
</para>
@login:
@Returns:
<!-- ##### FUNCTION lasso_login_build_artifact_msg ##### -->
<para>
</para>
@login:
@http_method:
@Returns:
<!-- ##### FUNCTION lasso_login_build_assertion ##### -->
<para>
</para>
@login:
@authenticationMethod:
@authenticationInstant:
@reauthenticateOnOrAfter:
@notBefore:
@notOnOrAfter:
@Returns:
<!-- ##### FUNCTION lasso_login_build_authn_request_msg ##### -->
<para>
</para>
@login:
@Returns:
<!-- ##### FUNCTION lasso_login_build_authn_response_msg ##### -->
<para>
</para>
@login:
@Returns:
<!-- ##### FUNCTION lasso_login_build_request_msg ##### -->
<para>
</para>
@login:
@Returns:
<!-- ##### FUNCTION lasso_login_build_response_msg ##### -->
<para>
</para>
@login:
@remote_providerID:
@Returns:
<!-- ##### FUNCTION lasso_login_init_authn_request ##### -->
<para>
</para>
@login:
@remote_providerID:
@http_method:
@Returns:
<!-- ##### FUNCTION lasso_login_init_idp_initiated_authn_request ##### -->
<para>
</para>
@login:
@remote_providerID:
@Returns:
<!-- ##### FUNCTION lasso_login_init_request ##### -->
<para>
</para>
@login:
@response_msg:
@response_http_method:
@Returns:
<!-- ##### FUNCTION lasso_login_must_ask_for_consent ##### -->
<para>
</para>
@login:
@Returns:
<!-- ##### FUNCTION lasso_login_must_authenticate ##### -->
<para>
</para>
@login:
@Returns:
<!-- ##### FUNCTION lasso_login_process_authn_request_msg ##### -->
<para>
</para>
@login:
@authn_request_msg:
@Returns:
<!-- ##### FUNCTION lasso_login_process_authn_response_msg ##### -->
<para>
</para>
@login:
@authn_response_msg:
@Returns:
<!-- ##### FUNCTION lasso_login_process_request_msg ##### -->
<para>
</para>
@login:
@request_msg:
@Returns:
<!-- ##### FUNCTION lasso_login_process_response_msg ##### -->
<para>
</para>
@login:
@response_msg:
@Returns:
<!-- ##### FUNCTION lasso_login_validate_request_msg ##### -->
<para>
</para>
@login:
@authentication_result:
@is_consent_obtained:
@Returns:

134
branches/branch-0-6-0/docs/reference/tmpl/logout.sgml Normal file
View File

@ -0,0 +1,134 @@
<!-- ##### SECTION Title ##### -->
LassoLogout
<!-- ##### SECTION Short_Description ##### -->
Single Logout Profile
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoLogout ##### -->
<para>
</para>
<!-- ##### FUNCTION lasso_logout_new ##### -->
<para>
</para>
@server:
@Returns:
<!-- ##### FUNCTION lasso_logout_new_from_dump ##### -->
<para>
</para>
@server:
@dump:
@Returns:
<!-- ##### FUNCTION lasso_logout_build_request_msg ##### -->
<para>
</para>
@logout:
@Returns:
<!-- ##### FUNCTION lasso_logout_build_response_msg ##### -->
<para>
</para>
@logout:
@Returns:
<!-- ##### FUNCTION lasso_logout_destroy ##### -->
<para>
</para>
@logout:
<!-- ##### FUNCTION lasso_logout_dump ##### -->
<para>
</para>
@logout:
@Returns:
<!-- ##### FUNCTION lasso_logout_get_next_providerID ##### -->
<para>
</para>
@logout:
@Returns:
<!-- ##### FUNCTION lasso_logout_init_request ##### -->
<para>
</para>
@logout:
@remote_providerID:
@request_method:
@Returns:
<!-- ##### FUNCTION lasso_logout_process_request_msg ##### -->
<para>
</para>
@logout:
@request_msg:
@Returns:
<!-- ##### FUNCTION lasso_logout_process_response_msg ##### -->
<para>
</para>
@logout:
@response_msg:
@Returns:
<!-- ##### FUNCTION lasso_logout_reset_providerID_index ##### -->
<para>
</para>
@logout:
@Returns:
<!-- ##### FUNCTION lasso_logout_validate_request ##### -->
<para>
</para>
@logout:
@Returns:

99
branches/branch-0-6-0/docs/reference/tmpl/name_identifier_mapping.sgml Normal file
View File

@ -0,0 +1,99 @@
<!-- ##### SECTION Title ##### -->
LassoNameIdentifierMapping
<!-- ##### SECTION Short_Description ##### -->
Name Identifier Mapping
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoNameIdentifierMapping ##### -->
<para>
</para>
@parent:
@targetNameIdentifier:
<!-- ##### FUNCTION lasso_name_identifier_mapping_new ##### -->
<para>
</para>
@server:
@Returns:
<!-- ##### FUNCTION lasso_name_identifier_mapping_destroy ##### -->
<para>
</para>
@mapping:
<!-- ##### FUNCTION lasso_name_identifier_mapping_build_request_msg ##### -->
<para>
</para>
@mapping:
@Returns:
<!-- ##### FUNCTION lasso_name_identifier_mapping_build_response_msg ##### -->
<para>
</para>
@mapping:
@Returns:
<!-- ##### FUNCTION lasso_name_identifier_mapping_init_request ##### -->
<para>
</para>
@mapping:
@targetNameSpace:
@remote_providerID:
@Returns:
<!-- ##### FUNCTION lasso_name_identifier_mapping_process_request_msg ##### -->
<para>
</para>
@mapping:
@request_msg:
@Returns:
<!-- ##### FUNCTION lasso_name_identifier_mapping_process_response_msg ##### -->
<para>
</para>
@mapping:
@response_msg:
@Returns:
<!-- ##### FUNCTION lasso_name_identifier_mapping_validate_request ##### -->
<para>
</para>
@mapping:
@Returns:

109
branches/branch-0-6-0/docs/reference/tmpl/name_registration.sgml Normal file
View File

@ -0,0 +1,109 @@
<!-- ##### SECTION Title ##### -->
LassoNameRegistration
<!-- ##### SECTION Short_Description ##### -->
Name Registration
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoNameRegistration ##### -->
<para>
</para>
@parent:
@oldNameIdentifier:
<!-- ##### FUNCTION lasso_name_registration_new ##### -->
<para>
</para>
@server:
@Returns:
<!-- ##### FUNCTION lasso_name_registration_destroy ##### -->
<para>
</para>
@name_registration:
<!-- ##### FUNCTION lasso_name_registration_new_from_dump ##### -->
<para>
</para>
@server:
@dump:
@Returns:
<!-- ##### FUNCTION lasso_name_registration_build_request_msg ##### -->
<para>
</para>
@name_registration:
@Returns:
<!-- ##### FUNCTION lasso_name_registration_build_response_msg ##### -->
<para>
</para>
@name_registration:
@Returns:
<!-- ##### FUNCTION lasso_name_registration_init_request ##### -->
<para>
</para>
@name_registration:
@remote_providerID:
@http_method:
@Returns:
<!-- ##### FUNCTION lasso_name_registration_process_request_msg ##### -->
<para>
</para>
@name_registration:
@request_msg:
@Returns:
<!-- ##### FUNCTION lasso_name_registration_process_response_msg ##### -->
<para>
</para>
@name_registration:
@response_msg:
@Returns:
<!-- ##### FUNCTION lasso_name_registration_validate_request ##### -->
<para>
</para>
@name_registration:
@Returns:

177
branches/branch-0-6-0/docs/reference/tmpl/node.sgml Normal file
View File

@ -0,0 +1,177 @@
<!-- ##### SECTION Title ##### -->
LassoNode
<!-- ##### SECTION Short_Description ##### -->
Base class for all Lasso objects
<!-- ##### SECTION Long_Description ##### -->
<para>
#LassoNode is the base class for Lasso objects; just a step over GObject as
defined in glib.
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoNode ##### -->
<para>
</para>
<!-- ##### ENUM LassoSignatureType ##### -->
<para>
</para>
@LASSO_SIGNATURE_TYPE_NONE:
@LASSO_SIGNATURE_TYPE_SIMPLE:
@LASSO_SIGNATURE_TYPE_WITHX509:
<!-- ##### ENUM LassoSignatureMethod ##### -->
<para>
</para>
@LASSO_SIGNATURE_METHOD_RSA_SHA1:
@LASSO_SIGNATURE_METHOD_DSA_SHA1:
<!-- ##### FUNCTION lasso_node_new ##### -->
<para>
</para>
@Returns:
<!-- ##### FUNCTION lasso_node_new_from_dump ##### -->
<para>
</para>
@dump:
@Returns:
<!-- ##### FUNCTION lasso_node_new_from_xmlNode ##### -->
<para>
</para>
@node:
@Returns:
<!-- ##### FUNCTION lasso_node_new_from_soap ##### -->
<para>
</para>
@soap:
@Returns:
<!-- ##### FUNCTION lasso_node_destroy ##### -->
<para>
</para>
@node:
<!-- ##### FUNCTION lasso_node_dump ##### -->
<para>
</para>
@node:
@Returns:
<!-- # Unused Parameters # -->
@encoding:
@format:
<!-- ##### FUNCTION lasso_node_export_to_base64 ##### -->
<para>
</para>
@node:
@Returns:
<!-- ##### FUNCTION lasso_node_export_to_query ##### -->
<para>
</para>
@node:
@sign_method:
@private_key_file:
@Returns:
<!-- ##### FUNCTION lasso_node_export_to_soap ##### -->
<para>
</para>
@node:
@Returns:
<!-- ##### FUNCTION lasso_node_get_xmlNode ##### -->
<para>
</para>
@node:
@lasso_dump:
@Returns:
<!-- ##### FUNCTION lasso_node_init_from_message ##### -->
<para>
</para>
@node:
@message:
@Returns:
<!-- ##### ENUM LassoMessageFormat ##### -->
<para>
Return code for lasso_node_init_from_message; it describes the type of the
message that was passed to that function.
</para>
@LASSO_MESSAGE_FORMAT_ERROR:
@LASSO_MESSAGE_FORMAT_UNKNOWN:
@LASSO_MESSAGE_FORMAT_XML:
@LASSO_MESSAGE_FORMAT_BASE64:
@LASSO_MESSAGE_FORMAT_QUERY:
@LASSO_MESSAGE_FORMAT_SOAP:
<!-- ##### FUNCTION lasso_node_init_from_query ##### -->
<para>
</para>
@node:
@query:
@Returns:
<!-- ##### FUNCTION lasso_node_init_from_xml ##### -->
<para>
</para>
@node:
@xmlnode:
@Returns:

150
branches/branch-0-6-0/docs/reference/tmpl/profile.sgml Normal file
View File

@ -0,0 +1,150 @@
<!-- ##### SECTION Title ##### -->
LassoProfile
<!-- ##### SECTION Short_Description ##### -->
Base class for all ID-FF profiles
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### ENUM LassoMessageType ##### -->
<para>
</para>
@LASSO_MESSAGE_TYPE_NONE:
@LASSO_MESSAGE_TYPE_AUTHN_REQUEST:
@LASSO_MESSAGE_TYPE_AUTHN_RESPONSE:
@LASSO_MESSAGE_TYPE_REQUEST:
@LASSO_MESSAGE_TYPE_RESPONSE:
@LASSO_MESSAGE_TYPE_ARTIFACT:
<!-- ##### ENUM LassoRequestType ##### -->
<para>
</para>
@LASSO_REQUEST_TYPE_INVALID:
@LASSO_REQUEST_TYPE_LOGIN:
@LASSO_REQUEST_TYPE_LOGOUT:
@LASSO_REQUEST_TYPE_DEFEDERATION:
@LASSO_REQUEST_TYPE_NAME_REGISTRATION:
@LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING:
@LASSO_REQUEST_TYPE_LECP:
<!-- ##### STRUCT LassoProfile ##### -->
<para>
</para>
@server:
@request:
@response:
@nameIdentifier:
@remote_providerID:
@msg_url:
@msg_body:
@msg_relayState:
<!-- ##### FUNCTION lasso_profile_get_identity ##### -->
<para>
</para>
@profile:
@Returns:
<!-- # Unused Parameters # -->
@ctx:
<!-- ##### FUNCTION lasso_profile_get_session ##### -->
<para>
</para>
@profile:
@Returns:
<!-- # Unused Parameters # -->
@ctx:
<!-- ##### FUNCTION lasso_profile_is_identity_dirty ##### -->
<para>
</para>
@profile:
@Returns:
<!-- # Unused Parameters # -->
@ctx:
<!-- ##### FUNCTION lasso_profile_is_session_dirty ##### -->
<para>
</para>
@profile:
@Returns:
<!-- # Unused Parameters # -->
@ctx:
<!-- ##### FUNCTION lasso_profile_set_identity_from_dump ##### -->
<para>
</para>
@profile:
@dump:
@Returns:
<!-- # Unused Parameters # -->
@ctx:
<!-- ##### FUNCTION lasso_profile_set_session_from_dump ##### -->
<para>
</para>
@profile:
@dump:
@Returns:
<!-- # Unused Parameters # -->
@ctx:
<!-- ##### FUNCTION lasso_profile_get_request_type_from_soap_msg ##### -->
<para>
</para>
@soap:
@Returns:
<!-- ##### FUNCTION lasso_profile_is_liberty_query ##### -->
<para>
</para>
@query:
@Returns:
<!-- ##### FUNCTION lasso_profile_get_nameIdentifier ##### -->
<para>
</para>
@profile:
@Returns:

159
branches/branch-0-6-0/docs/reference/tmpl/provider.sgml Normal file
View File

@ -0,0 +1,159 @@
<!-- ##### SECTION Title ##### -->
LassoProvider
<!-- ##### SECTION Short_Description ##### -->
Service or identity provider
<!-- ##### SECTION Long_Description ##### -->
<para>
It holds all the data about a provider.
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoProvider ##### -->
<para>
</para>
@ProviderID:
@role:
@metadata_filename:
@public_key:
@ca_cert_chain:
<!-- ##### ENUM LassoProviderRole ##### -->
<para>
</para>
@LASSO_PROVIDER_ROLE_NONE:
@LASSO_PROVIDER_ROLE_SP: Acts as service provider
@LASSO_PROVIDER_ROLE_IDP: Acts as identity provider
<!-- ##### ENUM LassoHttpMethod ##### -->
<para>
</para>
@LASSO_HTTP_METHOD_NONE:
@LASSO_HTTP_METHOD_ANY: Any method will do, select one automatically
@LASSO_HTTP_METHOD_IDP_INITIATED:
@LASSO_HTTP_METHOD_GET: HTTP-GET implementation (for image tags in Single Logout)
@LASSO_HTTP_METHOD_POST: use an HTML form to post message between service and
identity providers
@LASSO_HTTP_METHOD_REDIRECT: use HTTP 302 redirects to post message between
service and identity providers
@LASSO_HTTP_METHOD_SOAP: use a SOAP call to post message between service and
identity providers
<!-- ##### ENUM LassoMdProtocolType ##### -->
<para>
</para>
@LASSO_MD_PROTOCOL_TYPE_FEDERATION_TERMINATION: Federation Termination
Notification
@LASSO_MD_PROTOCOL_TYPE_NAME_IDENTIFIER_MAPPING: Name Identifier Mapping
@LASSO_MD_PROTOCOL_TYPE_REGISTER_NAME_IDENTIFIER: Name Registration
@LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT: Single Logout
@LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON: Single Sign-On and Federation
<!-- ##### FUNCTION lasso_provider_new ##### -->
<para>
</para>
@role:
@metadata:
@public_key:
@ca_cert_chain:
@Returns:
<!-- ##### FUNCTION lasso_provider_new_from_dump ##### -->
<para>
</para>
@dump:
@Returns:
<!-- ##### FUNCTION lasso_provider_accept_http_method ##### -->
<para>
</para>
@provider:
@remote_provider:
@protocol_type:
@http_method:
@initiate_profile:
@Returns:
<!-- ##### FUNCTION lasso_provider_get_assertion_consumer_service_url ##### -->
<para>
</para>
@provider:
@service_id:
@Returns:
<!-- ##### FUNCTION lasso_provider_get_base64_succinct_id ##### -->
<para>
</para>
@provider:
@Returns:
<!-- ##### FUNCTION lasso_provider_get_first_http_method ##### -->
<para>
</para>
@provider:
@remote_provider:
@protocol_type:
@Returns:
<!-- ##### FUNCTION lasso_provider_get_metadata_list ##### -->
<para>
</para>
@provider:
@name:
@Returns:
<!-- ##### FUNCTION lasso_provider_get_metadata_one ##### -->
<para>
</para>
@provider:
@name:
@Returns:
<!-- ##### FUNCTION lasso_provider_has_protocol_profile ##### -->
<para>
</para>
@provider:
@protocol_type:
@protocol_profile:
@Returns:

44
branches/branch-0-6-0/docs/reference/tmpl/saml_name_identifier.sgml Normal file
View File

@ -0,0 +1,44 @@
<!-- ##### SECTION Title ##### -->
LassoSamlNameIdentifier
<!-- ##### SECTION Short_Description ##### -->
&lt;saml:NameIdentifier&gt;
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoSamlNameIdentifier ##### -->
<para>
@NameQualifier is the provider ID of the provider that created the name
identifier.
</para>
<para>
@Format is a string constant defined by the Liberty
Alliance. The following constants are defined:
#LASSO_LIB_NAME_IDENTIFIER_FORMAT_FEDERATED,
#LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME,
#LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENCRYPTED (when providers transmit name
identifiers) and
#LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENTITYID.
</para>
@NameQualifier:
@Format:
@content:
<!-- ##### FUNCTION lasso_saml_name_identifier_new ##### -->
<para>
</para>
@Returns:

90
branches/branch-0-6-0/docs/reference/tmpl/server.sgml Normal file
View File

@ -0,0 +1,90 @@
<!-- ##### SECTION Title ##### -->
LassoServer
<!-- ##### SECTION Short_Description ##### -->
Representation of the current server
<!-- ##### SECTION Long_Description ##### -->
<para>
It holds the data about a provider, other providers it knows, which
certificates to use, etc.
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoServer ##### -->
<para>
</para>
@providers:
@services:
@private_key:
@secret_key:
@certificate:
@signature_method:
<!-- ##### FUNCTION lasso_server_new ##### -->
<para>
</para>
@metadata:
@private_key:
@secret_key:
@certificate:
@Returns:
<!-- ##### FUNCTION lasso_server_new_from_dump ##### -->
<para>
</para>
@dump:
@Returns:
<!-- ##### FUNCTION lasso_server_add_provider ##### -->
<para>
</para>
@server:
@role:
@metadata:
@public_key:
@ca_cert_chain:
@Returns:
<!-- ##### FUNCTION lasso_server_destroy ##### -->
<para>
</para>
@server:
<!-- ##### FUNCTION lasso_server_dump ##### -->
<para>
</para>
@server:
@Returns:
<!-- ##### FUNCTION lasso_server_get_provider ##### -->
<para>
</para>
@server:
@providerID:
@Returns:

87
branches/branch-0-6-0/docs/reference/tmpl/session.sgml Normal file
View File

@ -0,0 +1,87 @@
<!-- ##### SECTION Title ##### -->
LassoSession
<!-- ##### SECTION Short_Description ##### -->
Principal Session
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### STRUCT LassoSession ##### -->
<para>
</para>
@assertions:
@is_dirty:
<!-- ##### FUNCTION lasso_session_new ##### -->
<para>
</para>
@Returns:
<!-- ##### FUNCTION lasso_session_new_from_dump ##### -->
<para>
</para>
@dump:
@Returns:
<!-- ##### FUNCTION lasso_session_destroy ##### -->
<para>
</para>
@session:
<!-- ##### FUNCTION lasso_session_dump ##### -->
<para>
</para>
@session:
@Returns:
<!-- ##### FUNCTION lasso_session_get_assertions ##### -->
<para>
</para>
@session:
@provider_id:
@Returns:
<!-- ##### FUNCTION lasso_session_get_provider_index ##### -->
<para>
</para>
@session:
@index:
@Returns:
<!-- ##### FUNCTION lasso_session_is_empty ##### -->
<para>
</para>
@session:
@Returns:

96
branches/branch-0-6-0/docs/reference/tmpl/strings.sgml Normal file
View File

@ -0,0 +1,96 @@
<!-- ##### SECTION Title ##### -->
strings
<!-- ##### SECTION Short_Description ##### -->
<!-- ##### SECTION Long_Description ##### -->
<para>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### MACRO LASSO_LIB_NAME_IDENTIFIER_FORMAT_FEDERATED ##### -->
<para>
</para>
<!-- ##### MACRO LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME ##### -->
<para>
</para>
<!-- ##### MACRO LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENCRYPTED ##### -->
<para>
</para>
<!-- ##### MACRO LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENTITYID ##### -->
<para>
</para>
<!-- ##### MACRO LASSO_LIB_NAMEID_POLICY_TYPE_NONE ##### -->
<para>
<emphasis>None</emphasis> policy for use in #LassoLibAuthnRequest. It means an
existing federation must be used and an error should be produced if none
existed beforehand.
</para>
<!-- ##### MACRO LASSO_LIB_NAMEID_POLICY_TYPE_ONE_TIME ##### -->
<para>
<emphasis>Onetime</emphasis> policy for use in #LassoLibAuthnRequest. It means
a federation must not be created between identity and service provider. A
temporary name identifier should be used instead.
</para>
<!-- ##### MACRO LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED ##### -->
<para>
<emphasis>Federated</emphasis> policy for use in #LassoLibAuthnRequest. It
means a federation may be created between identity and service provider (if it
didn't exist before).
</para>
<!-- ##### MACRO LASSO_LIB_NAMEID_POLICY_TYPE_ANY ##### -->
<para>
<emphasis>Any</emphasis> policy for use in #LassoLibAuthnRequest. It means a
federation may be created if the principal agrees and it can fall back to
<emphasis>onetime</emphasis> if he does not.
</para>
<!-- ##### MACRO LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART ##### -->
<para>
Identifies the Single Sign-On "Artifact" profile; where an artifact is passed
from identity provider to service provider and back to get the
#LassoLibAssertion.
</para>
<!-- ##### MACRO LASSO_LIB_PROTOCOL_PROFILE_BRWS_POST ##### -->
<para>
Identifies the Single Sign-On "POST" profile; where the #LassoLibAssertion is
sent directly from the identity provider to the service provider in an HTML
form submission message.
</para>

0
docs/reference/lasso/version.xml.in → branches/branch-0-6-0/docs/reference/version.xml.in
View File

127
branches/branch-0-6-0/java/.cvsignore Normal file
View File

@ -0,0 +1,127 @@
.deps
.libs
Makefile
Makefile.in
com
lasso.jar
lasso_wrap.c
libjlasso.la
libjlasso_la-lasso_wrap.lo
Credentials.java
Defederation.java
Description.java
DiscoModify.java
DiscoModifyResponse.java
DiscoQuery.java
DiscoQueryResponse.java
Discovery.java
DowncastableNode.java
DstModification.java
DstModify.java
DstModifyResponse.java
DstQuery.java
DstQueryResponse.java
Federation.java
Identity.java
InsertEntry.java
Lecp.java
LibAssertion.java
LibAuthnRequest.java
LibAuthnResponse.java
LibFederationTerminationNotification.java
LibLogoutRequest.java
LibLogoutResponse.java
LibRegisterNameIdentifierRequest.java
LibRegisterNameIdentifierResponse.java
LibStatusResponse.java
Login.java
Logout.java
NameIdentifierMapping.java
NameRegistration.java
Node.java
NodeArray.java
Options.java
PPMsgContact.java
PersonalProfileService.java
Provider.java
QueryItem.java
RemoveEntry.java
ResourceID.java
ResourceOffering.java
SWIGTYPE_p_LassoDiscoEncryptedResourceID.java
SWIGTYPE_p_LassoDiscoRequestedServiceType.java
SWIGTYPE_p_LassoDstNewData.java
SWIGTYPE_p_LassoMdProtocolType.java
SWIGTYPE_p_LassoSignatureType.java
SWIGTYPE_p_void.java
SamlAdvice.java
SamlAssertion.java
SamlAttributeStatement.java
SamlAuthenticationStatement.java
SamlConditions.java
SamlNameIdentifier.java
SamlSubject.java
SamlSubjectConfirmation.java
SamlSubjectLocality.java
SamlSubjectStatement.java
SamlpRequest.java
SamlpResponse.java
SamlpStatus.java
SamlpStatusCode.java
Server.java
ServiceInstance.java
Session.java
Status.java
StringArray.java
lasso.java
lassoConstants.java
lassoJNI.java
LibRequestAuthnContext.java
NodeArray.java
SamlAttributeDesignator.java
SamlAttribute.java
SamlAudienceRestrictionCondition.java
SamlAuthorityBinding.java
SamlConditionAbstract.java
SamlpRequestAbstract.java
SamlpResponseAbstract.java
SamlStatementAbstract.java
SamlSubjectStatementAbstract.java
StringArray.java
StringList.java
NodeList.java
DiscoCredentials.java
DiscoDescription.java
DiscoEncryptedResourceID.java
DiscoInsertEntry.java
LassoHttpMethod.java
LassoLoginProtocolProfile.java
LassoMessageType.java
LassoProviderRole.java
LassoRequestType.java
LassoSignatureMethod.java
DiscoOptions.java
DiscoRemoveEntry.java
DiscoRequestedServiceType.java
DiscoResourceID.java
DiscoResourceOffering.java
DiscoServiceInstance.java
DstData.java
DstNewData.java
DstQueryItem.java
InteractionProfileService.java
IsHelp.java
IsInquiry.java
IsInquiryElement.java
IsInteractionRequest.java
IsInteractionResponse.java
IsInteractionStatement.java
IsItem.java
IsParameter.java
IsRedirectRequest.java
IsSelect.java
IsText.java
IsUserInteraction.java
ProfileService.java
UtilityStatus.java

84
branches/branch-0-6-0/java/Makefile.am Normal file
View File

@ -0,0 +1,84 @@
# Define java Package directory, the tailing '/' is mandatory.
JAVA_PATH = com/entrouvert/lasso/
JDK_INCLUDES = @JDK_INCLUDE@
CLASSPATH = .
javalibdir = $(prefix)/lib/java
javasharedir = $(prefix)/share/java
# Shared library.
if MINGW
javalib_LTLIBRARIES = jlasso.la
else
javalib_LTLIBRARIES = libjlasso.la
endif
jlasso_la_SOURCES = lasso_wrap.c
jlasso_la_CFLAGS = $(JDK_INCLUDES) $(LASSO_CORE_CFLAGS) -I$(top_srcdir)
jlasso_la_LIBADD = $(top_builddir)/lasso/liblasso.la $(LASSO_LIBS)
jlasso_la_LDFLAGS = -no-undefined -avoid-version -module \
-Wl,--add-stdcall-alias
libjlasso_la_SOURCES = lasso_wrap.c
libjlasso_la_CFLAGS = $(JDK_INCLUDES) $(LASSO_CORE_CFLAGS) -I$(top_srcdir)
libjlasso_la_LIBADD = $(top_builddir)/lasso/liblasso.la $(LASSO_LIBS)
libjlasso_la_LDFLAGS = -no-undefined -avoid-version -module
javashare_DATA = lasso.jar
SWIG_OUTPUTS = lasso_wrap.c \
Defederation.java \
DowncastableNode.java \
Federation.java Identity.java \
lassoConstants.java lasso.java lassoJNI.java Lecp.java \
LibAssertion.java LibAuthnRequest.java LibAuthnResponse.java \
LibFederationTerminationNotification.java LibLogoutRequest.java \
LibLogoutResponse.java LibRegisterNameIdentifierRequest.java \
LibRegisterNameIdentifierResponse.java LibRequestAuthnContext.java \
LibStatusResponse.java Login.java Logout.java NameIdentifierMapping.java \
NameRegistration.java Node.java NodeList.java Provider.java \
SamlAdvice.java SamlAssertion.java SamlAttributeDesignator.java SamlAttribute.java \
SamlAttributeStatement.java SamlAudienceRestrictionCondition.java \
SamlAuthenticationStatement.java SamlAuthorityBinding.java \
SamlConditionAbstract.java SamlConditions.java SamlNameIdentifier.java \
SamlpRequestAbstract.java SamlpRequest.java SamlpResponseAbstract.java \
SamlpResponse.java SamlpStatusCode.java SamlpStatus.java SamlStatementAbstract.java \
SamlSubjectConfirmation.java SamlSubject.java SamlSubjectLocality.java \
SamlSubjectStatementAbstract.java SamlSubjectStatement.java Server.java \
Session.java StringList.java SWIGTYPE_p_LassoMdProtocolType.java \
SWIGTYPE_p_LassoSignatureType.java SWIGTYPE_p_void.java
JAVA_CRUFT = $(JAVA_PATH)lasso.class lasso_wrap.o lasso.jar $(JAVA_PATH)lasso.java
# The SWIG outputs are included in the distribution so SWIG is not
# required to use the Java interface
EXTRA_DIST = $(SWIG_OUTPUTS)
CLEANFILES = $(JAVA_CRUFT)
MAINTAINERCLEANFILES = $(SWIG_OUTPUTS)
lasso_wrap.c lasso.java: $(top_srcdir)/swig/Lasso.i $(top_srcdir)/swig/Lasso-wsf.i \
$(top_srcdir)/swig/inheritance.h
$(SWIG) -v -java -module lasso -package com.entrouvert.lasso -o lasso_wrap.c \
$(top_srcdir)/swig/Lasso.i
# FIXME There must be a better way to do this with SWIG
$(JAVA_PATH)lasso.java: lasso.java
mkdir -p $(JAVA_PATH)
rm -f $(JAVA_PATH)/*
cp $(srcdir)/*.java $(JAVA_PATH)
clean-local:
rm -f *.class
rm -rf com
all-local: lasso.jar
$(JAVA_PATH)lasso.class: $(JAVA_PATH)lasso.java
$(JAVAC) $(JAVAC_FLAGS) $(JAVA_PATH)*.java
lasso.jar: $(JAVA_PATH)lasso.class
rm -f $@
$(JAR) cf $@ $(JAVA_PATH)*.class

0
java/coldfusion/.cvsignore → branches/branch-0-6-0/java/coldfusion/.cvsignore
View File

0
java/coldfusion/Makefile → branches/branch-0-6-0/java/coldfusion/Makefile
View File

101
branches/branch-0-6-0/java/coldfusion/src/CFLassoSingleLogout.java Normal file
View File

@ -0,0 +1,101 @@
/*
* ColdFusionLasso -- ColdFusion bindings for Lasso library
*
* Copyright (C) 2004, 2005 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
import com.entrouvert.lasso.Identity;
import com.entrouvert.lasso.lassoConstants;
import com.entrouvert.lasso.lasso;
import com.entrouvert.lasso.Logout;
import com.entrouvert.lasso.SamlNameIdentifier;
import com.entrouvert.lasso.Server;
import com.entrouvert.lasso.Session;
public class CFLassoSingleLogout {
/* A simple service provider single logout */
protected Logout logout = null;
protected Server server = null;
public String idpProviderId = null;
public void buildRequestMsg() {
logout.buildRequestMsg();
}
public void configure(String metadataPath, String privateKeyPath, String idpProviderId,
String idpMetadataPath, String idpPublicKeyPath) {
server = new Server(metadataPath, privateKeyPath, null, null);
this.idpProviderId = idpProviderId;
server.addProvider(lasso.PROVIDER_ROLE_IDP, idpMetadataPath, idpPublicKeyPath, null);
logout = new Logout(server);
}
public String getIdentityDump() {
Identity identity = logout.getIdentity();
if (identity != null)
return identity.dump();
else
return null;
}
public String getMsgBody() {
return logout.getMsgBody();
}
public String getMsgUrl() {
return logout.getMsgUrl();
}
public String getNameIdentifier() {
SamlNameIdentifier nameIdentifier = logout.getNameIdentifier();
if (nameIdentifier == null)
return null;
else
return nameIdentifier.getContent();
}
public String getSessionDump() {
Session session = logout.getSession();
if (session != null)
return session.dump();
else
return null;
}
public void initRequest() {
logout.initRequest(idpProviderId, lassoConstants.HTTP_METHOD_ANY);
}
public void processResponseMsg(String responseMsg) {
logout.processResponseMsg(responseMsg);
}
public void setIdentityFromDump(String identityDump) {
logout.setIdentityFromDump(identityDump);
}
public void setSessionFromDump(String sessionDump) {
logout.setSessionFromDump(sessionDump);
}
}

160
branches/branch-0-6-0/java/coldfusion/src/CFLassoSingleSignOn.java Normal file
View File

@ -0,0 +1,160 @@
/*
* ColdFusionLasso -- ColdFusion bindings for Lasso library
*
* Copyright (C) 2004, 2005 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* Simple wrapper for JLasso, to ease its use by ColdFusion applications.
*
* To compile it:
* $ javac -classpath ../../lasso.jar *.java
*
* To test it:
* $ export LD_LIBRARY_PATH=../../.libs/
* $ java -classpath ../../lasso.jar:. CFLassoSingleSignOn
*
* To use it:
* $ jar cf CFLasso.jar *.class
* edit ColdFusion file bin/jvm.config:
* - Add libjlasso.so directory to java.library.path variable.
* - Add lasso.jar & CFLasso.jar to java.class.path variable.
*/
import com.entrouvert.lasso.LibAuthnRequest;
import com.entrouvert.lasso.Identity;
import com.entrouvert.lasso.lassoConstants;
import com.entrouvert.lasso.lasso;
import com.entrouvert.lasso.Login;
import com.entrouvert.lasso.SamlNameIdentifier;
import com.entrouvert.lasso.Server;
import com.entrouvert.lasso.Session;
public class CFLassoSingleSignOn {
/* A simple service provider single sign-on */
protected Login login = null;
protected Server server = null;
public String idpProviderId = null;
public void acceptSso() {
login.acceptSso();
}
public void buildAuthnRequestMsg() {
login.buildAuthnRequestMsg();
}
public void buildRequestMsg() {
login.buildRequestMsg();
}
public void configure(String metadataPath, String privateKeyPath, String idpProviderId,
String idpMetadataPath, String idpPublicKeyPath) {
server = new Server(metadataPath, privateKeyPath, null, null);
this.idpProviderId = idpProviderId;
server.addProvider(lasso.PROVIDER_ROLE_IDP, idpMetadataPath, idpPublicKeyPath, null);
login = new Login(server);
}
public String getIdentityDump() {
Identity identity = login.getIdentity();
if (identity != null)
return identity.dump();
else
return null;
}
public String getMsgBody() {
return login.getMsgBody();
}
public String getMsgRelayState() {
return login.getMsgRelayState();
}
public String getMsgUrl() {
return login.getMsgUrl();
}
public String getNameIdentifier() {
SamlNameIdentifier nameIdentifier = login.getNameIdentifier();
if (nameIdentifier == null)
return null;
else
return nameIdentifier.getContent();
}
public String getSessionDump() {
Session session = login.getSession();
if (session != null)
return session.dump();
else
return null;
}
public void initAuthnRequest(String relayState) {
LibAuthnRequest authnRequest;
String authnRequestUrl;
login.initAuthnRequest(idpProviderId, lassoConstants.HTTP_METHOD_REDIRECT);
authnRequest = (LibAuthnRequest) login.getRequest();
authnRequest.setIsPassive(false);
authnRequest.setNameIdPolicy(lassoConstants.LIB_NAMEID_POLICY_TYPE_FEDERATED);
authnRequest.setConsent(lassoConstants.LIB_CONSENT_OBTAINED);
if (relayState != null)
authnRequest.setRelayState(relayState);
}
public void initRequest(String queryString) {
login.initRequest(queryString, lassoConstants.HTTP_METHOD_REDIRECT);
}
static public void main(String [] args) {
CFLassoSingleSignOn lasso = new CFLassoSingleSignOn();
lasso.configure("../../../tests/data/sp2-la/metadata.xml",
"../../../tests/data/sp2-la/private-key-raw.pem",
"https://idp2/metadata",
"../../../tests/data/idp2-la/metadata.xml",
"../../../tests/data/idp2-la/public-key.pem");
lasso.initAuthnRequest("data-to-get-back");
lasso.buildAuthnRequestMsg();
String ssoUrl = lasso.getMsgUrl();
System.out.println("Test");
System.out.print("Identity provider single sign-on URL = ");
System.out.println(ssoUrl);
}
public void processResponseMsg(String responseMsg) {
login.processResponseMsg(responseMsg);
}
public void setIdentityFromDump(String identityDump) {
login.setIdentityFromDump(identityDump);
}
public void setSessionFromDump(String sessionDump) {
login.setSessionFromDump(sessionDump);
}
}

0
java/coldfusion/web/assertionConsumer.cfm → branches/branch-0-6-0/java/coldfusion/web/assertionConsumer.cfm
View File

0
java/coldfusion/web/singleLogout.cfm → branches/branch-0-6-0/java/coldfusion/web/singleLogout.cfm
View File

0
java/coldfusion/web/singleSignOn.cfm → branches/branch-0-6-0/java/coldfusion/web/singleSignOn.cfm
View File

0
java/doc/ImplantationMapping.rst → branches/branch-0-6-0/java/doc/ImplantationMapping.rst
View File

0
java/doc/JNIForDummy.rst → branches/branch-0-6-0/java/doc/JNIForDummy.rst
View File

Some files were not shown because too many files have changed in this diff Show More