[SAMLv2] if service provider supports logout, add a SessionIndex from the assertion ID

The standard mandate to provide a SessionIndex to service provider
advertaising their support of the logout profile. We follow the
convention of using the assertion ID as a SessionIndex.
This commit is contained in:
Benjamin Dauvergne 2010-07-12 14:09:14 +00:00
parent 358b2b1764
commit 98445777b9
1 changed files with 6 additions and 0 deletions

View File

@ -822,6 +822,12 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
lasso_saml2_authn_context_new());
authentication_statement->AuthnContext->AuthnContextClassRef = g_strdup(
authenticationMethod);
/* if remote provider supports logout profile, add a session index == ID of the assertion */
if (lasso_provider_get_first_http_method(&login->parent.server->parent,
provider, LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT) != LASSO_HTTP_METHOD_NONE) {
lasso_assign_string(authentication_statement->SessionIndex, assertion->ID);
}
lasso_list_add_new_gobject(assertion->AuthnStatement, authentication_statement);
/* Save signing material in assertion private datas to be able to sign later */