/**
* lasso_login_assertion_add_discovery:
* @login: a #LassoLogin object
* @assertion: a #LassoSamlAssertion object
*
* Adds AttributeStatement and ResourceOffering attributes to @assertion of a @login object if there
* is a discovery service registerered in the @LassoLogin.server field.
* .
**/
void
lasso_login_assertion_add_discovery(LassoLogin *login, LassoSamlAssertion *assertion)
{
LassoProfile *profile = LASSO_PROFILE(login);
LassoDiscoResourceOffering *resourceOffering;
LassoDiscoServiceInstance *serviceInstance, *newServiceInstance;
LassoSamlAttributeStatement *attributeStatement;
LassoSamlAttribute *attribute;
LassoSamlAttributeValue *attributeValue;
serviceInstance = lasso_server_get_service(profile->server, LASSO_DISCO_HREF);
if (LASSO_IS_DISCO_SERVICE_INSTANCE(serviceInstance) &&
login->private_data->resourceId) {
newServiceInstance = lasso_disco_service_instance_copy(serviceInstance);
resourceOffering = lasso_disco_resource_offering_new(newServiceInstance);
lasso_release_gobject(newServiceInstance);
lasso_assign_gobject(resourceOffering->ResourceID, login->private_data->resourceId);
attributeValue = lasso_saml_attribute_value_new();
lasso_list_add_new_gobject(attributeValue->any, resourceOffering);
attribute = lasso_saml_attribute_new();
lasso_assign_string(attribute->attributeName, "DiscoveryResourceOffering");
lasso_assign_string(attribute->attributeNameSpace, LASSO_DISCO_HREF);
lasso_list_add_new_gobject(attribute->AttributeValue, attributeValue);
attributeStatement = lasso_saml_attribute_statement_new();
lasso_list_add_new_gobject(attributeStatement->Attribute, attribute);
lasso_assign_new_gobject(assertion->AttributeStatement, attributeStatement);
/* FIXME: Add CredentialsRef and saml:Advice Assertions */
}
}
void
lasso_idwsf2_util_response_set_status2(LassoIdWsf2UtilResponse *idwsf2_util_response,
const char *status, const char *status2)
{
LassoIdWsf2UtilStatus *idwsf2_util_status = NULL;
LassoIdWsf2UtilStatus *idwsf2_util_status2 = NULL;
if (! LASSO_IS_IDWSF2_UTIL_RESPONSE(idwsf2_util_response))
return;
if (status2 == NULL || status2[0] == '\0')
return;
if (status) {
idwsf2_util_status = lasso_idwsf2_util_status_new();
lasso_assign_string(idwsf2_util_status->code, status);
} else {
if (LASSO_IS_IDWSF2_UTIL_STATUS(idwsf2_util_response->Status)) {
idwsf2_util_status = idwsf2_util_response->Status;
} else {
return;
}
}
if (idwsf2_util_status) {
idwsf2_util_status2 = lasso_idwsf2_util_status_new();
lasso_assign_string(idwsf2_util_status2->code, status2);
lasso_list_add_new_gobject(idwsf2_util_status->Status, idwsf2_util_status2);
lasso_assign_new_gobject(idwsf2_util_response->Status, idwsf2_util_status);
}
}
/**
* lasso_login_set_resourceId:
* @login: a #LassoLogin
* @content: a resourceID identifier
*
* Set the resourceId to place in the next produced assertion for ID-WSF bootstrap.
*
* Return value: 0 on success; or a negative value otherwise.
**/
int
lasso_login_set_resourceId(LassoLogin *login, const char *content)
{
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
g_return_val_if_fail(content != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
lasso_assign_new_gobject(login->private_data->resourceId, lasso_disco_resource_id_new(content));
return 0;
}
/**
* lasso_idwsf2_util_response_set_status:
* @idwsf2_util_response: a #LassoIdWsf2UtilResponse object
* @status: a status code identifier
*
* Set the first level status code and no second level status code.
*/
void
lasso_idwsf2_util_response_set_status(LassoIdWsf2UtilResponse *idwsf2_util_response,
const char *status)
{
LassoIdWsf2UtilStatus *idwsf2_util_status;
if (! LASSO_IS_IDWSF2_UTIL_RESPONSE(idwsf2_util_response))
return;
if (status == NULL || status[0] == '\0')
return;
idwsf2_util_status = lasso_idwsf2_util_status_new();
lasso_assign_string(idwsf2_util_status->code, status);
lasso_assign_new_gobject(idwsf2_util_response->Status, idwsf2_util_status);
}
/**
* lasso_assertion_query_build_request_msg:
* @assertion_query: a #LassoAssertionQuery
*
* Build an Assertion Query profile request message.
*
* Return value: 0 on success; or a negative value otherwise.
**/
gint
lasso_assertion_query_build_request_msg(LassoAssertionQuery *assertion_query)
{
LassoProfile *profile;
LassoProvider *remote_provider;
gint rc = 0;
g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query),
LASSO_PARAM_ERROR_INVALID_VALUE);
profile = LASSO_PROFILE(assertion_query);
lasso_profile_clean_msg_info(profile);
remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
}
/* fill and encrypt <Subject> if necessary */
if (LASSO_IS_SAMLP2_SUBJECT_QUERY_ABSTRACT(profile->request)) do {
LassoSaml2NameID *nameID = NULL;
LassoSamlp2SubjectQueryAbstract *subject_query;
subject_query = (LassoSamlp2SubjectQueryAbstract*)profile->request;
if (! LASSO_IS_SAML2_SUBJECT(subject_query->Subject)) {
lasso_assign_new_gobject(subject_query->Subject,
lasso_saml2_subject_new());
}
/* verify that there is a NameID */
if ( (! LASSO_IS_SAML2_NAME_ID(subject_query->Subject->NameID) &&
! LASSO_IS_SAML2_ENCRYPTED_ELEMENT(subject_query->Subject->EncryptedID)))
{
/* if not try to get the local profile one */
nameID = (LassoSaml2NameID*)profile->nameIdentifier;
if (! LASSO_IS_SAML2_NAME_ID(nameID))
nameID = (LassoSaml2NameID*)lasso_profile_get_nameIdentifier(profile);
/* if none found, try to get the identity object or session object one */
if (! LASSO_IS_SAML2_NAME_ID(nameID))
return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
lasso_assign_gobject(subject_query->Subject->NameID, nameID);
}
lasso_check_good_rc(lasso_saml20_profile_setup_subject(profile,
subject_query->Subject));
} while(FALSE);
if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
LassoAssertionQueryRequestType type;
const char *url;
/* XXX: support only SOAP */
static const gchar *servicepoints[LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST] = {
NULL,
NULL,
"AuthnQueryService SOAP",
"AttributeService SOAP",
"AuthzService SOAP",
};
static const LassoProviderRole roles[LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST] = {
LASSO_PROVIDER_ROLE_NONE,
LASSO_PROVIDER_ROLE_NONE,
LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY,
LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY,
LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY,
};
type = assertion_query->private_data->query_request_type;
if (type == LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID) {
return LASSO_ERROR_UNDEFINED;
}
if (type < LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID ||
type > LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHZ_DECISION) {
return LASSO_PARAM_ERROR_INVALID_VALUE;
}
url = lasso_provider_get_metadata_one_for_role(remote_provider, roles[type], servicepoints[type]);
return lasso_saml20_profile_build_request_msg(&assertion_query->parent,
NULL,
LASSO_HTTP_METHOD_SOAP, url);
}
cleanup:
return rc;
}
