saml2/profile.c: add resolving of the endpoint index in artifacts
* lasso/saml-2.0/profile.c: add new argument role to lasso_saml20_profile_init_artifact_resolve() for looking up ArtifactResolutionService location; extract endpoint index from artifact and use it to resolve the endpoint location. * login.c: pass new argument ; force msg_url as it is preinitialized by lasso_saml20_profile_init_artifact_resolve()
This commit is contained in:
parent
cfdd3daf20
commit
566e29b3f8
|
|
@ -940,8 +940,8 @@ gint
|
|||
lasso_saml20_login_init_request(LassoLogin *login, gchar *response_msg,
|
||||
LassoHttpMethod response_http_method)
|
||||
{
|
||||
return lasso_saml20_profile_init_artifact_resolve(
|
||||
LASSO_PROFILE(login), response_msg, response_http_method);
|
||||
return lasso_saml20_profile_init_artifact_resolve(LASSO_PROFILE(login),
|
||||
LASSO_PROVIDER_ROLE_IDP, response_msg, response_http_method);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -957,7 +957,7 @@ lasso_saml20_login_build_request_msg(LassoLogin *login)
|
|||
lasso_node_remove_signature(profile->request);
|
||||
}
|
||||
return lasso_saml20_profile_build_request_msg(profile, "ArtifactResolutionService",
|
||||
LASSO_HTTP_METHOD_SOAP, NULL);
|
||||
LASSO_HTTP_METHOD_SOAP, profile->msg_url);
|
||||
}
|
||||
|
||||
gint
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@
|
|||
#include "../xml/saml-2.0/samlp2_status_response.h"
|
||||
#include "../xml/saml-2.0/samlp2_response.h"
|
||||
#include "../xml/saml-2.0/saml2_assertion.h"
|
||||
#include "../xml/saml-2.0/saml2_xsd.h"
|
||||
#include "../xml/misc_text_node.h"
|
||||
#include "../utils.h"
|
||||
#include "../debug.h"
|
||||
|
|
@ -273,7 +274,7 @@ lasso_profile_saml20_build_artifact_post_response_msg(LassoProfile *profile, con
|
|||
|
||||
int
|
||||
lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
|
||||
const char *msg, LassoHttpMethod method)
|
||||
LassoProviderRole remote_provider_role, const char *msg, LassoHttpMethod method)
|
||||
{
|
||||
char **query_fields;
|
||||
char *artifact_b64 = NULL;
|
||||
|
|
@ -281,8 +282,10 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
|
|||
char *provider_succinct_id[21];
|
||||
char artifact[45];
|
||||
LassoSamlp2RequestAbstract *request = NULL;
|
||||
LassoProvider *remote_provider = NULL;
|
||||
int i = 0;
|
||||
int rc = 0;
|
||||
unsigned short index_endpoint = 0;
|
||||
|
||||
if (method == LASSO_HTTP_METHOD_ARTIFACT_GET) {
|
||||
query_fields = urlencoded_to_strings(msg);
|
||||
|
|
@ -313,8 +316,6 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
|
|||
return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
|
||||
}
|
||||
|
||||
/* XXX: index endpoint */
|
||||
|
||||
memcpy(provider_succinct_id, artifact+4, 20);
|
||||
provider_succinct_id[20] = 0;
|
||||
|
||||
|
|
@ -324,9 +325,22 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
|
|||
profile->server, (char*)provider_succinct_id_b64));
|
||||
lasso_release_xml_string(provider_succinct_id_b64);
|
||||
if (profile->remote_providerID == NULL) {
|
||||
return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
|
||||
return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND;
|
||||
}
|
||||
|
||||
/* resolve the resolver url using the endpoint index in the artifact string */
|
||||
remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
|
||||
index_endpoint = (artifact[2] << 16) + artifact[3];
|
||||
lasso_assign_string(profile->msg_url, lasso_saml20_provider_get_endpoint_url(remote_provider,
|
||||
remote_provider_role,
|
||||
LASSO_SAML2_METADATA_ELEMENT_ARTIFACT_RESOLUTION_SERVICE, NULL, FALSE,
|
||||
FALSE, index_endpoint));
|
||||
if (! profile->msg_url) {
|
||||
debug("looking for index endpoint %d", index_endpoint);
|
||||
return LASSO_PROFILE_ERROR_ENDPOINT_INDEX_NOT_FOUND;
|
||||
}
|
||||
|
||||
|
||||
lasso_assign_new_gobject(profile->request, lasso_samlp2_artifact_resolve_new());
|
||||
request = LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request);
|
||||
lasso_assign_new_string(LASSO_SAMLP2_ARTIFACT_RESOLVE(request)->Artifact, artifact_b64);
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ int lasso_saml20_profile_init_request(LassoProfile *profile, const char *remote_
|
|||
int lasso_saml20_profile_set_response_status(LassoProfile *profile, const char *code1, const char
|
||||
*code2);
|
||||
int lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
|
||||
const char *msg, LassoHttpMethod method);
|
||||
LassoProviderRole role, const char *msg, LassoHttpMethod method);
|
||||
int lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char *msg);
|
||||
int lasso_saml20_profile_build_artifact_response(LassoProfile *profile);
|
||||
int lasso_saml20_profile_process_artifact_response(LassoProfile *profile, const char *msg);
|
||||
|
|
|
|||
Loading…
Reference in New Issue