[SAMLv2] if service provider supports logout, add a SessionIndex from the assertion ID
The standard mandate to provide a SessionIndex to service provider advertaising their support of the logout profile. We follow the convention of using the assertion ID as a SessionIndex.
This commit is contained in:
parent
358b2b1764
commit
98445777b9
|
@ -822,6 +822,12 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
|
|||
lasso_saml2_authn_context_new());
|
||||
authentication_statement->AuthnContext->AuthnContextClassRef = g_strdup(
|
||||
authenticationMethod);
|
||||
|
||||
/* if remote provider supports logout profile, add a session index == ID of the assertion */
|
||||
if (lasso_provider_get_first_http_method(&login->parent.server->parent,
|
||||
provider, LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT) != LASSO_HTTP_METHOD_NONE) {
|
||||
lasso_assign_string(authentication_statement->SessionIndex, assertion->ID);
|
||||
}
|
||||
lasso_list_add_new_gobject(assertion->AuthnStatement, authentication_statement);
|
||||
|
||||
/* Save signing material in assertion private datas to be able to sign later */
|
||||
|
|
Loading…
Reference in New Issue