API change in Single Sign On profile (IdP side) to allow the developer to mess
with <lib:Assertion/> Outlined in http://lists.labs.libre-entreprise.org/pipermail/lasso-devel/2004-December/001119.html
This commit is contained in:
parent
2bda2b596e
commit
ad056adf36
|
@ -89,37 +89,17 @@ Single Sign-On and Federation
|
|||
# unserialize with lasso_login_new_from_dump(dump)
|
||||
consentObtained = TRUE # or FALSE if user didn't give its consent
|
||||
|
||||
authenticationMethod = LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD
|
||||
# or LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI or others
|
||||
# (see ...)
|
||||
# this is how the user has been authenticated
|
||||
IF lasso_login_validate_request_msg(login, userAuthenticated, consentObtained) == 0:
|
||||
# build and fill assertion
|
||||
lasso_login_build_assertion(login, authenticationMethod,
|
||||
authenticationInstant, reauthenticationTime
|
||||
assertionIsNotBefore, assertionIsNotOnOrAfter)
|
||||
# any other change to the assertion can take place here
|
||||
|
||||
authenticationInstant = "2004-03-01T00:00:00Z"
|
||||
# this is when the authentication occured; when NULL Lasso will put current time
|
||||
|
||||
assertionIsNotBefore = "2004-03-01T00:00:00Z"
|
||||
# this is when assertion starts to be valid; NULL when not used
|
||||
|
||||
assertionIsNotOnOrAfter = "2004-04-01T00:00:00Z"
|
||||
# this is when assertion stops to be valid; NULL when not used
|
||||
|
||||
reauthenticationTime = "2004-04-01T00:00:00Z"
|
||||
# this is when the user will have to be reauthenticated; NULL when not used
|
||||
|
||||
IF login->protocolProfile IS lassoLoginProtocolProfileBrwsArt
|
||||
lasso_login_build_artifact_msg(login, userAuthenticated,
|
||||
consentObtained,
|
||||
authenticationMethod,
|
||||
authenticationInstant, reauthenticationTime,
|
||||
assertionIsNotBefore, assertionIsNotOnOrAfter,
|
||||
lassoHttpMethodRedirect)
|
||||
IF login->protocolProfile IS LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART
|
||||
lasso_login_build_artifact_msg(login, LASSO_HTTP_METHOD_REDIRECT)
|
||||
ELSE # IF login->protocolProfile IS lassoLoginProtocolProfileBrwsPost
|
||||
lasso_login_build_authn_response_msg(login, userAuthenticated,
|
||||
consentObtained,
|
||||
authenticationMethod,
|
||||
authenticationInstant, reauthenticationTime,
|
||||
assertionIsNotBefore, assertionIsNotOnOrAfter,
|
||||
reauthenticationTime)
|
||||
lasso_login_build_authn_response_msg(login)
|
||||
|
||||
# map LASSO_PROFILE(login)->nameIdentifier to user and session
|
||||
# (write this down in a database)
|
||||
|
|
|
@ -127,14 +127,7 @@ lasso_lecp_build_authn_response_msg(LassoLecp *lecp)
|
|||
}
|
||||
|
||||
gint
|
||||
lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp,
|
||||
gint authentication_result,
|
||||
gboolean is_consent_obtained,
|
||||
const char *authenticationMethod,
|
||||
const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
const char *notBefore,
|
||||
const char *notOnOrAfter)
|
||||
lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp)
|
||||
{
|
||||
LassoProfile *profile;
|
||||
LassoProvider *provider;
|
||||
|
@ -156,10 +149,7 @@ lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp,
|
|||
}
|
||||
|
||||
/* build lib:AuthnResponse */
|
||||
lasso_login_build_authn_response_msg(LASSO_LOGIN(lecp),
|
||||
authentication_result, is_consent_obtained,
|
||||
authenticationMethod, authenticationInstant, reauthenticateOnOrAfter,
|
||||
notBefore, notOnOrAfter);
|
||||
lasso_login_build_authn_response_msg(LASSO_LOGIN(lecp));
|
||||
|
||||
assertionConsumerServiceURL = lasso_provider_get_metadata_one(
|
||||
provider, "AssertionConsumerServiceURL");
|
||||
|
|
|
@ -70,14 +70,7 @@ LASSO_EXPORT int lasso_lecp_build_authn_request_msg(LassoLecp *lecp);
|
|||
|
||||
LASSO_EXPORT int lasso_lecp_build_authn_response_msg(LassoLecp *lecp);
|
||||
|
||||
LASSO_EXPORT int lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp,
|
||||
int authentication_result,
|
||||
gboolean is_consent_obtained,
|
||||
const char *authenticationMethod,
|
||||
const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
const char *notBefore,
|
||||
const char *notOnOrAfter);
|
||||
LASSO_EXPORT int lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp);
|
||||
|
||||
LASSO_EXPORT void lasso_lecp_destroy(LassoLecp *lecp);
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@ struct _LassoLoginPrivate
|
|||
/**
|
||||
* lasso_login_build_assertion:
|
||||
* @login: a Login
|
||||
* @federation: a federation or NULL
|
||||
* @authenticationMethod: the authentication method.
|
||||
* @authenticationInstant: the time at which the authentication took place or NULL.
|
||||
* @reauthenticateOnOrAfter: the time at, or after which the service provider
|
||||
|
@ -61,9 +60,8 @@ struct _LassoLoginPrivate
|
|||
*
|
||||
* Return value: 0 on success or a negative value otherwise.
|
||||
**/
|
||||
static gint
|
||||
int
|
||||
lasso_login_build_assertion(LassoLogin *login,
|
||||
LassoFederation *federation,
|
||||
const char *authenticationMethod,
|
||||
const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
|
@ -74,12 +72,15 @@ lasso_login_build_assertion(LassoLogin *login,
|
|||
LassoLibAuthenticationStatement *as;
|
||||
LassoSamlNameIdentifier *nameIdentifier;
|
||||
LassoProfile *profile;
|
||||
gint ret = 0;
|
||||
LassoFederation *federation;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
/* federation MAY be NULL */
|
||||
|
||||
profile = LASSO_PROFILE(login);
|
||||
|
||||
federation = g_hash_table_lookup(profile->identity->federations,
|
||||
profile->remote_providerID);
|
||||
|
||||
/*
|
||||
get RequestID to build Assertion
|
||||
|
@ -111,21 +112,18 @@ lasso_login_build_assertion(LassoLogin *login,
|
|||
federation->local_nameIdentifier);
|
||||
}
|
||||
|
||||
if (as == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
LASSO_SAML_ASSERTION(assertion)->AuthenticationStatement =
|
||||
LASSO_SAML_AUTHENTICATION_STATEMENT(as);
|
||||
|
||||
/* FIXME : How to know if the assertion must be signed or unsigned ? */
|
||||
/* signature should be added at end */
|
||||
#if 0
|
||||
/* signature should be added at end (i.e. move this to
|
||||
* build_response_msg and build_authn_response_msg) */
|
||||
ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
|
||||
profile->server->signature_method,
|
||||
profile->server->private_key,
|
||||
profile->server->certificate);
|
||||
if (ret)
|
||||
return ret;
|
||||
#endif
|
||||
|
||||
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) {
|
||||
/* only add assertion if response is an AuthnResponse */
|
||||
|
@ -136,6 +134,7 @@ lasso_login_build_assertion(LassoLogin *login,
|
|||
if (profile->session == NULL) {
|
||||
profile->session = lasso_session_new();
|
||||
}
|
||||
login->assertion = LASSO_SAML_ASSERTION(assertion);
|
||||
lasso_session_add_assertion(profile->session, profile->remote_providerID,
|
||||
LASSO_SAML_ASSERTION(assertion));
|
||||
return 0;
|
||||
|
@ -436,41 +435,17 @@ lasso_login_accept_sso(LassoLogin *login)
|
|||
/**
|
||||
* lasso_login_build_artifact_msg:
|
||||
* @login: a LassoLogin
|
||||
* @authentication_result: whether the principal is authenticated.
|
||||
* @is_consent_obtained: whether the principal consents to be federated.
|
||||
* @authenticationMethod: the authentication method
|
||||
* @authenticationInstant: the time at which the authentication took place
|
||||
* @reauthenticateOnOrAfter: the time at, or after which the service provider
|
||||
* reauthenticates the Principal with the identity provider or NULL
|
||||
* @notBefore: the earliest time instant at which the assertion is valid
|
||||
* @notOnOrAfter: the time instant at which the assertion has expired
|
||||
*
|
||||
* @http_method: the HTTP method to send the artifact (REDIRECT or POST)
|
||||
*
|
||||
* Builds an artifact. Depending of the HTTP method, the data for the sending of
|
||||
* the artifact are stored in msg_url (REDIRECT) or msg_url, msg_body and
|
||||
* msg_relayState (POST).
|
||||
*
|
||||
* @authenticationMethod, @authenticationInstant, @reauthenticateOnOrAfter,
|
||||
* @notBefore, @notOnOrAfter should be NULL if @authentication_result is FALSE.
|
||||
* If @authenticationInstant is NULL, the current time will be set.
|
||||
*
|
||||
* Time values must be encoded in UTC.
|
||||
*
|
||||
* Return value: 0 on success and a negative value otherwise.
|
||||
**/
|
||||
gint
|
||||
lasso_login_build_artifact_msg(LassoLogin *login,
|
||||
gboolean authentication_result,
|
||||
gboolean is_consent_obtained,
|
||||
const char *authenticationMethod,
|
||||
const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
const char *notBefore,
|
||||
const char *notOnOrAfter,
|
||||
lassoHttpMethod http_method)
|
||||
lasso_login_build_artifact_msg(LassoLogin *login, lassoHttpMethod http_method)
|
||||
{
|
||||
LassoFederation *federation = NULL;
|
||||
LassoProvider *remote_provider;
|
||||
gchar *url;
|
||||
xmlSecByte samlArt[42], *b64_samlArt, *relayState;
|
||||
|
@ -488,23 +463,6 @@ lasso_login_build_artifact_msg(LassoLogin *login,
|
|||
return critical_error(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE);
|
||||
}
|
||||
|
||||
/* process federation and build assertion only if signature is OK */
|
||||
if (LASSO_PROFILE(login)->signature_status == 0 && authentication_result == TRUE) {
|
||||
ret = lasso_login_process_federation(login, is_consent_obtained);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
/* fill the response with the assertion */
|
||||
if (ret == 0) {
|
||||
federation = g_hash_table_lookup(
|
||||
LASSO_PROFILE(login)->identity->federations,
|
||||
LASSO_PROFILE(login)->remote_providerID);
|
||||
lasso_login_build_assertion(login, federation, authenticationMethod,
|
||||
authenticationInstant, reauthenticateOnOrAfter,
|
||||
notBefore, notOnOrAfter);
|
||||
}
|
||||
}
|
||||
|
||||
if (LASSO_PROFILE(login)->remote_providerID == NULL)
|
||||
return -1;
|
||||
|
||||
|
@ -655,40 +613,17 @@ lasso_login_build_authn_request_msg(LassoLogin *login)
|
|||
/**
|
||||
* lasso_login_build_authn_response_msg:
|
||||
* @login: a LassoLogin
|
||||
* @authentication_result: whether the principal is authenticated
|
||||
* @is_consent_obtained: whether the principal consents to be federated
|
||||
* @authenticationMethod: the method used to authenticate the principal
|
||||
* @authenticationInstant: the time at which the authentication took place
|
||||
* @reauthenticateOnOrAfter: the time at, or after which the service provider
|
||||
* reauthenticates the Principal with the identity provider
|
||||
* @notBefore: the earliest time instant at which the assertion is valid
|
||||
* @notOnOrAfter: the time instant at which the assertion has expired
|
||||
*
|
||||
* Builds an authentication response. The data for the sending of the response
|
||||
* are stored in msg_url and msg_body.
|
||||
*
|
||||
* @authenticationMethod, @authenticationInstant, @reauthenticateOnOrAfter,
|
||||
* @notBefore, @notOnOrAfter should be NULL if @authentication_result is FALSE.
|
||||
* If @authenticationInstant is NULL, the current time will be set.
|
||||
*
|
||||
* Time values must be encoded in UTC.
|
||||
*
|
||||
* Return value: 0 on success and a negative value otherwise.
|
||||
**/
|
||||
gint
|
||||
lasso_login_build_authn_response_msg(LassoLogin *login,
|
||||
gboolean authentication_result,
|
||||
gboolean is_consent_obtained,
|
||||
const char *authenticationMethod,
|
||||
const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
const char *notBefore,
|
||||
const char *notOnOrAfter)
|
||||
lasso_login_build_authn_response_msg(LassoLogin *login)
|
||||
{
|
||||
LassoProfile *profile;
|
||||
LassoProvider *remote_provider;
|
||||
LassoFederation *federation;
|
||||
gint ret = 0;
|
||||
LassoProfile *profile;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
|
||||
|
@ -699,55 +634,6 @@ lasso_login_build_authn_response_msg(LassoLogin *login,
|
|||
return critical_error(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE);
|
||||
}
|
||||
|
||||
/* create LibAuthnResponse */
|
||||
profile->response = lasso_lib_authn_response_new(
|
||||
LASSO_PROVIDER(profile->server)->ProviderID,
|
||||
LASSO_LIB_AUTHN_REQUEST(profile->request));
|
||||
|
||||
/* modify AuthnResponse StatusCode if user authentication is not OK */
|
||||
if (authentication_result == FALSE) {
|
||||
lasso_profile_set_response_status(profile,
|
||||
LASSO_SAML_STATUS_CODE_REQUEST_DENIED);
|
||||
}
|
||||
|
||||
/* if signature is not OK => modify AuthnResponse StatusCode */
|
||||
if (profile->signature_status == LASSO_DS_ERROR_INVALID_SIGNATURE) {
|
||||
lasso_profile_set_response_status(profile,
|
||||
LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE);
|
||||
}
|
||||
|
||||
if (profile->signature_status == LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
|
||||
/* Unsigned AuthnRequest */
|
||||
lasso_profile_set_response_status(profile,
|
||||
LASSO_LIB_STATUS_CODE_UNSIGNED_AUTHN_REQUEST);
|
||||
}
|
||||
|
||||
if (profile->signature_status == 0 && authentication_result == TRUE) {
|
||||
/* process federation */
|
||||
ret = lasso_login_process_federation(login, is_consent_obtained);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
/* fill the response with the assertion */
|
||||
if (ret == 0) {
|
||||
federation = g_hash_table_lookup(
|
||||
profile->identity->federations,
|
||||
profile->remote_providerID);
|
||||
lasso_login_build_assertion(login, federation,
|
||||
authenticationMethod, authenticationInstant,
|
||||
reauthenticateOnOrAfter,
|
||||
notBefore, notOnOrAfter);
|
||||
}
|
||||
}
|
||||
|
||||
if (LASSO_SAMLP_RESPONSE(profile->response)->Status == NULL) {
|
||||
lasso_profile_set_response_status(profile,
|
||||
LASSO_SAML_STATUS_CODE_SUCCESS);
|
||||
}
|
||||
|
||||
remote_provider = g_hash_table_lookup(profile->server->providers,
|
||||
profile->remote_providerID);
|
||||
|
||||
/* XXX: not sure this was signed in Lasso 0.5.0 */
|
||||
LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_type = LASSO_SIGNATURE_TYPE_WITHX509;
|
||||
LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_method =
|
||||
|
@ -756,10 +642,13 @@ lasso_login_build_authn_response_msg(LassoLogin *login,
|
|||
/* build an lib:AuthnResponse base64 encoded */
|
||||
profile->msg_body = lasso_node_export_to_base64(profile->response,
|
||||
profile->server->private_key, profile->server->certificate);
|
||||
|
||||
remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers,
|
||||
LASSO_PROFILE(login)->remote_providerID);
|
||||
profile->msg_url = lasso_provider_get_metadata_one(
|
||||
remote_provider, "AssertionConsumerServiceURL");
|
||||
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1272,6 +1161,7 @@ lasso_login_process_response_msg(LassoLogin *login, gchar *response_msg)
|
|||
static struct XmlSnippet schema_snippets[] = {
|
||||
{ "AssertionArtifact", SNIPPET_CONTENT, G_STRUCT_OFFSET(LassoLogin, assertionArtifact) },
|
||||
{ "NameIDPolicy", SNIPPET_CONTENT, G_STRUCT_OFFSET(LassoLogin, nameIDPolicy) },
|
||||
{ "Assertion", SNIPPET_NODE_IN_CHILD, G_STRUCT_OFFSET(LassoLogin, assertion) },
|
||||
{ NULL, 0, 0}
|
||||
};
|
||||
|
||||
|
@ -1434,3 +1324,56 @@ lasso_login_dump(LassoLogin *login)
|
|||
return lasso_node_dump(LASSO_NODE(login), NULL, 1);
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
lasso_login_validate_request_msg(LassoLogin *login, gboolean authentication_result,
|
||||
gboolean is_consent_obtained)
|
||||
{
|
||||
LassoProfile *profile;
|
||||
gint ret = 0;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
|
||||
profile = LASSO_PROFILE(login);
|
||||
|
||||
/* create LibAuthnResponse */
|
||||
profile->response = lasso_lib_authn_response_new(
|
||||
LASSO_PROVIDER(profile->server)->ProviderID,
|
||||
LASSO_LIB_AUTHN_REQUEST(profile->request));
|
||||
|
||||
/* modify AuthnResponse StatusCode if user authentication is not OK */
|
||||
if (authentication_result == FALSE) {
|
||||
lasso_profile_set_response_status(profile,
|
||||
LASSO_SAML_STATUS_CODE_REQUEST_DENIED);
|
||||
return LASSO_LOGIN_ERROR_REQUEST_DENIED;
|
||||
}
|
||||
|
||||
/* if signature is not OK => modify AuthnResponse StatusCode */
|
||||
if (profile->signature_status == LASSO_DS_ERROR_INVALID_SIGNATURE) {
|
||||
lasso_profile_set_response_status(profile,
|
||||
LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE);
|
||||
return LASSO_LOGIN_ERROR_INVALID_SIGNATURE;
|
||||
}
|
||||
|
||||
if (profile->signature_status == LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
|
||||
/* Unsigned AuthnRequest */
|
||||
lasso_profile_set_response_status(profile,
|
||||
LASSO_LIB_STATUS_CODE_UNSIGNED_AUTHN_REQUEST);
|
||||
return LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST;
|
||||
}
|
||||
|
||||
if (profile->signature_status == 0 && authentication_result == TRUE) {
|
||||
/* process federation */
|
||||
ret = lasso_login_process_federation(login, is_consent_obtained);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
/* XXX: what should be done if ret was > 0 ? I would return
|
||||
* that code */
|
||||
}
|
||||
|
||||
lasso_profile_set_response_status(profile, LASSO_SAML_STATUS_CODE_SUCCESS);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
@ -61,6 +61,7 @@ struct _LassoLogin {
|
|||
|
||||
lassoLoginProtocolProfile protocolProfile;
|
||||
gchar *assertionArtifact;
|
||||
LassoSamlAssertion *assertion;
|
||||
|
||||
/*< private >*/
|
||||
gchar *nameIDPolicy;
|
||||
|
@ -78,26 +79,11 @@ LASSO_EXPORT LassoLogin* lasso_login_new(LassoServer *server);
|
|||
LASSO_EXPORT LassoLogin* lasso_login_new_from_dump(LassoServer *server, const gchar *dump);
|
||||
LASSO_EXPORT gint lasso_login_accept_sso(LassoLogin *login);
|
||||
|
||||
LASSO_EXPORT gint lasso_login_build_artifact_msg(LassoLogin *login,
|
||||
gboolean authentication_result,
|
||||
gboolean is_consent_obtained,
|
||||
const char *authenticationMethod,
|
||||
const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
const char *notBefore,
|
||||
const char *notOnOrAfter,
|
||||
lassoHttpMethod http_method);
|
||||
LASSO_EXPORT gint lasso_login_build_artifact_msg(LassoLogin *login, lassoHttpMethod http_method);
|
||||
|
||||
LASSO_EXPORT gint lasso_login_build_authn_request_msg(LassoLogin *login);
|
||||
|
||||
LASSO_EXPORT gint lasso_login_build_authn_response_msg(LassoLogin *login,
|
||||
gboolean authentication_result,
|
||||
gboolean is_consent_obtained,
|
||||
const char *authenticationMethod,
|
||||
const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
const char *notBefore,
|
||||
const char *notOnOrAfter);
|
||||
LASSO_EXPORT gint lasso_login_build_authn_response_msg(LassoLogin *login);
|
||||
|
||||
LASSO_EXPORT gint lasso_login_build_request_msg(LassoLogin *login);
|
||||
LASSO_EXPORT gint lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID);
|
||||
|
@ -124,6 +110,14 @@ LASSO_EXPORT gint lasso_login_process_authn_response_msg(LassoLogin *login,
|
|||
LASSO_EXPORT gint lasso_login_process_request_msg(LassoLogin *login, gchar *request_msg);
|
||||
LASSO_EXPORT gint lasso_login_process_response_msg(LassoLogin *login, gchar *response_msg);
|
||||
|
||||
LASSO_EXPORT int lasso_login_validate_request_msg(LassoLogin *login,
|
||||
gboolean authentication_result, gboolean is_consent_obtained);
|
||||
|
||||
LASSO_EXPORT int lasso_login_build_assertion(LassoLogin *login,
|
||||
const char *authenticationMethod, const char *authenticationInstant,
|
||||
const char *reauthenticateOnOrAfter,
|
||||
const char *notBefore, const char *notOnOrAfter);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif /* __cplusplus */
|
||||
|
|
|
@ -72,9 +72,12 @@
|
|||
#define LASSO_PARAM_ERROR_CHECK_FAILED -503
|
||||
|
||||
/* login */
|
||||
#define LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND 601
|
||||
#define LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED 602
|
||||
#define LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY -603
|
||||
#define LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND 601
|
||||
#define LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED 602
|
||||
#define LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY -603
|
||||
#define LASSO_LOGIN_ERROR_REQUEST_DENIED 604
|
||||
#define LASSO_LOGIN_ERROR_INVALID_SIGNATURE 605
|
||||
#define LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST 606
|
||||
|
||||
/* others */
|
||||
#define LASSO_ERROR_UNDEFINED -999
|
||||
|
|
43
swig/Lasso.i
43
swig/Lasso.i
|
@ -1620,10 +1620,13 @@ typedef struct {
|
|||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
void buildArtifactMsg(gboolean authenticationResult, gboolean isConsentObtained,
|
||||
char *authenticationMethod, char *authenticationInstant,
|
||||
char *reauthenticateOnOrAfter, char *notBefore,
|
||||
char *notOnOrAfter, lassoHttpMethod httpMethod);
|
||||
void buildArtifactMsg(lassoHttpMethod httpMethod);
|
||||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
int buildAssertion(char *authenticationMethod, char *authenticationInstant,
|
||||
char *reauthenticateOnOrAfter,
|
||||
char *notBefore, char *notOnOrAfter);
|
||||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
|
@ -1631,10 +1634,7 @@ typedef struct {
|
|||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
void buildAuthnResponseMsg(gint authenticationResult, gboolean isConsentObtained,
|
||||
char *authenticationMethod, char *authenticationInstant,
|
||||
char *reauthenticateOnOrAfter, char *notBefore,
|
||||
char *notOnOrAfter);
|
||||
void buildAuthnResponseMsg();
|
||||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
|
@ -1681,6 +1681,11 @@ typedef struct {
|
|||
THROW_ERROR
|
||||
void processResponseMsg(gchar *responseMsg);
|
||||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
int validateRequestMsg(gboolean authenticationResult, gboolean isConsentObtained);
|
||||
END_THROW_ERROR
|
||||
|
||||
}
|
||||
} LassoLogin;
|
||||
|
||||
|
@ -1825,6 +1830,7 @@ gint LassoLogin_setSessionFromDump(LassoLogin *self, gchar *dump) {
|
|||
/* Methods implementations */
|
||||
|
||||
#define LassoLogin_acceptSso lasso_login_accept_sso
|
||||
#define LassoLogin_buildAssertion lasso_login_build_assertion
|
||||
#define LassoLogin_buildArtifactMsg lasso_login_build_artifact_msg
|
||||
#define LassoLogin_buildAuthnRequestMsg lasso_login_build_authn_request_msg
|
||||
#define LassoLogin_buildAuthnResponseMsg lasso_login_build_authn_response_msg
|
||||
|
@ -1840,6 +1846,7 @@ gint LassoLogin_setSessionFromDump(LassoLogin *self, gchar *dump) {
|
|||
#define LassoLogin_processAuthnResponseMsg lasso_login_process_authn_response_msg
|
||||
#define LassoLogin_processRequestMsg lasso_login_process_request_msg
|
||||
#define LassoLogin_processResponseMsg lasso_login_process_response_msg
|
||||
#define LassoLogin_validateRequestMsg lasso_login_validate_request_msg
|
||||
|
||||
%}
|
||||
|
||||
|
@ -2147,6 +2154,18 @@ typedef struct {
|
|||
void setSessionFromDump(gchar *dump);
|
||||
END_THROW_ERROR
|
||||
|
||||
/* Methods inherited from LassoLogin */
|
||||
|
||||
THROW_ERROR
|
||||
int buildAssertion(char *authenticationMethod, char *authenticationInstant,
|
||||
char *reauthenticateOnOrAfter,
|
||||
char *notBefore, char *notOnOrAfter);
|
||||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
int validateRequestMsg(gboolean authenticationResult, gboolean isConsentObtained);
|
||||
END_THROW_ERROR
|
||||
|
||||
/* Methods */
|
||||
|
||||
THROW_ERROR
|
||||
|
@ -2158,10 +2177,7 @@ typedef struct {
|
|||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
void buildAuthnResponseEnvelopeMsg(gboolean authenticationResult,
|
||||
gboolean isConsentObtained, char *authenticationMethod,
|
||||
char *authenticationInstant, char *reauthenticateOnOrAfter,
|
||||
char *notBefore, char *notOnOrAfter);
|
||||
void buildAuthnResponseEnvelopeMsg();
|
||||
END_THROW_ERROR
|
||||
|
||||
THROW_ERROR
|
||||
|
@ -2183,6 +2199,7 @@ typedef struct {
|
|||
THROW_ERROR
|
||||
void processAuthnResponseEnvelopeMsg(gchar *responseMsg);
|
||||
END_THROW_ERROR
|
||||
|
||||
}
|
||||
} LassoLecp;
|
||||
|
||||
|
@ -2321,6 +2338,7 @@ gint LassoLecp_setSessionFromDump(LassoLecp *self, gchar *dump) {
|
|||
|
||||
/* Methods implementations */
|
||||
|
||||
#define LassoLecp_buildAssertion lasso_login_build_assertion
|
||||
#define LassoLecp_buildAuthnRequestEnvelopeMsg lasso_lecp_build_authn_request_envelope_msg
|
||||
#define LassoLecp_buildAuthnRequestMsg lasso_lecp_build_authn_request_msg
|
||||
#define LassoLecp_buildAuthnResponseEnvelopeMsg lasso_lecp_build_authn_response_envelope_msg
|
||||
|
@ -2329,6 +2347,7 @@ gint LassoLecp_setSessionFromDump(LassoLecp *self, gchar *dump) {
|
|||
#define LassoLecp_processAuthnRequestEnvelopeMsg lasso_lecp_process_authn_request_envelope_msg
|
||||
#define LassoLecp_processAuthnRequestMsg lasso_lecp_process_authn_request_msg
|
||||
#define LassoLecp_processAuthnResponseEnvelopeMsg lasso_lecp_process_authn_response_envelope_msg
|
||||
#define LassoLecp_validateRequestMsg lasso_login_validate_request_msg
|
||||
|
||||
%}
|
||||
|
||||
|
|
|
@ -136,15 +136,18 @@ START_TEST(test02_serviceProviderLogin)
|
|||
"protocoleProfile should be ProfileBrwsArt");
|
||||
fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
|
||||
"lasso_login_must_ask_for_consent() should be FALSE");
|
||||
rc = lasso_login_build_artifact_msg(idpLoginContext,
|
||||
rc = lasso_login_validate_request_msg(idpLoginContext,
|
||||
1, /* authentication_result */
|
||||
0, /* is_consent_obtained */
|
||||
0 /* is_consent_obtained */
|
||||
);
|
||||
|
||||
rc = lasso_login_build_assertion(idpLoginContext,
|
||||
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
|
||||
"FIXME: authenticationInstant",
|
||||
"FIXME: reauthenticateOnOrAfter",
|
||||
"FIXME: notBefore",
|
||||
"FIXME: notOnOrAfter",
|
||||
LASSO_HTTP_METHOD_REDIRECT);
|
||||
"FIXME: notOnOrAfter");
|
||||
rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
|
||||
fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
|
||||
|
||||
idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
|
||||
|
|
Loading…
Reference in New Issue