The old way of transmiting the assertion to return via the session is kept,
but a new way more semblable to the one used in the SAML 2.0 code is added.
After lasso_login_build_artifact_msg() you must save the return of
lasso_profile_get_artifact_message() linked to the value of the artifact
obtained via lasso_profile_get_artifact().
In the artifact-resolve endpoint you must find the artifact message
corresponding to the return value of lasso_profile_get_artifact()
reinstall the artifact message using lasso_profile_set_artifact_message()
just before calling lasso_login_build_response_msg().
This change is necessary for ID-FF 1.2 SSO profile to work with the
thin-sessions.
The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.
Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:
{namespace}attribute_name
an example:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
To allow lasso_node_impl_init_from_xmlnode to do proper namespace
checking, child node which are not of the same namespace as their parent
in their XSD schema must have an explicit namespace declared in the
XmlSnippet.
- now any non expected log output is considered an error, by setting a
g_log default handler.
- block_lasso_logs()/unblock_lasso_logs() will block logging output at
the DEBUG level
- begin_check_do_log(level, message, endswith)/end_check_do_log() with
check that the only message emitted between the two macros is one
equals to "message" at the level "level", or ending (to work around
variable parts in a log message) with "message" if "endswith" is True.
The added key can be appended or prepended, depending on the need for the key:
- rollover
- improving performances (using simpler cryptographic algorithmss using shared secret keys)
Using this method you can specify a signing which will be used for
communication with the specified provider instead of the one configured
on the LassoServer object. The main objective is to allow shared secret
cryptography instead of public key cryptography.
LassoKey currenly store a LassoSignatureContext inside a
reference-counted and bindable object. It will be used to export API
around key management to bindings.