/** * lasso_login_assertion_add_discovery: * @login: a #LassoLogin object * @assertion: a #LassoSamlAssertion object * * Adds AttributeStatement and ResourceOffering attributes to @assertion of a @login object if there * is a discovery service registerered in the @LassoLogin.server field. * . **/ void lasso_login_assertion_add_discovery(LassoLogin *login, LassoSamlAssertion *assertion) { LassoProfile *profile = LASSO_PROFILE(login); LassoDiscoResourceOffering *resourceOffering; LassoDiscoServiceInstance *serviceInstance, *newServiceInstance; LassoSamlAttributeStatement *attributeStatement; LassoSamlAttribute *attribute; LassoSamlAttributeValue *attributeValue; serviceInstance = lasso_server_get_service(profile->server, LASSO_DISCO_HREF); if (LASSO_IS_DISCO_SERVICE_INSTANCE(serviceInstance) && login->private_data->resourceId) { newServiceInstance = lasso_disco_service_instance_copy(serviceInstance); resourceOffering = lasso_disco_resource_offering_new(newServiceInstance); lasso_release_gobject(newServiceInstance); lasso_assign_gobject(resourceOffering->ResourceID, login->private_data->resourceId); attributeValue = lasso_saml_attribute_value_new(); lasso_list_add_new_gobject(attributeValue->any, resourceOffering); attribute = lasso_saml_attribute_new(); lasso_assign_string(attribute->attributeName, "DiscoveryResourceOffering"); lasso_assign_string(attribute->attributeNameSpace, LASSO_DISCO_HREF); lasso_list_add_new_gobject(attribute->AttributeValue, attributeValue); attributeStatement = lasso_saml_attribute_statement_new(); lasso_list_add_new_gobject(attributeStatement->Attribute, attribute); lasso_assign_new_gobject(assertion->AttributeStatement, attributeStatement); /* FIXME: Add CredentialsRef and saml:Advice Assertions */ } }
/** * lasso_assertion_query_build_response_msg: * @assertion_query: a #LassoAssertionQuery * * Builds the Response message. * * Return value: 0 on success; or a negative value otherwise. **/ int lasso_assertion_query_build_response_msg(LassoAssertionQuery *assertion_query) { LassoProfile *profile; LassoSamlp2StatusResponse *response; int rc = 0; g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query), LASSO_PARAM_ERROR_INVALID_VALUE); profile = LASSO_PROFILE(assertion_query); lasso_profile_clean_msg_info(profile); if (profile->response == NULL) { /* no response set here means request denied */ response = (LassoSamlp2StatusResponse*) lasso_samlp2_response_new(); lasso_check_good_rc(lasso_saml20_profile_init_response( profile, response, LASSO_SAML2_STATUS_CODE_RESPONDER, LASSO_SAML2_STATUS_CODE_REQUEST_DENIED)); return 0; } /* build logout response message */ rc = lasso_saml20_profile_build_response_msg(profile, NULL, profile->http_request_method, NULL); cleanup: return rc; }
/** * lasso_ecp_new * * Creates a new #LassoEcp. * * Return value: a newly created #LassoEcp object; or NULL if an error * occured **/ LassoEcp* lasso_ecp_new(LassoServer *server) { LassoEcp *ecp; ecp = g_object_new(LASSO_TYPE_ECP, NULL); LASSO_PROFILE(ecp)->server = g_object_ref(server); return ecp; }
/** * lasso_assertion_query_new: * @server: the #LassoServer * * Creates a new #LassoAssertionQuery. * * Return value: a newly created #LassoAssertionQuery object; or NULL if * an error occured **/ LassoAssertionQuery* lasso_assertion_query_new(LassoServer *server) { LassoAssertionQuery *assertion_query; g_return_val_if_fail(LASSO_IS_SERVER(server), NULL); assertion_query = g_object_new(LASSO_TYPE_ASSERTION_QUERY, NULL); LASSO_PROFILE(assertion_query)->server = lasso_ref(server); return assertion_query; }
/** * lasso_assertion_query_validate_request: * @assertion_query: a #LassoAssertionQuery * * Processes a Assertion query or request; caller must add assertions to the * response afterwards. * * Return value: 0 on success; or a negative value otherwise. **/ int lasso_assertion_query_validate_request(LassoAssertionQuery *assertion_query) { LassoProfile *profile; LassoProvider *remote_provider; LassoSamlp2StatusResponse *response; int rc = 0; g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query), LASSO_PARAM_ERROR_INVALID_VALUE); profile = LASSO_PROFILE(assertion_query); response = (LassoSamlp2StatusResponse*) lasso_samlp2_response_new(); lasso_check_good_rc(lasso_saml20_profile_validate_request(profile, FALSE, response, &remote_provider)); cleanup: lasso_release_gobject(response); return rc; }
/** * lasso_assertion_query_process_request_msg: * @assertion_query: a #LassoAssertionQuery * @request_msg: the Assertion query or request message * * Processes a Assertion query or request message. Rebuilds a request object * from the message and check its signature. * * Return value: 0 on success; or a negative value otherwise. **/ gint lasso_assertion_query_process_request_msg(LassoAssertionQuery *assertion_query, char *request_msg) { LassoProfile *profile = NULL; LassoSamlp2SubjectQueryAbstract *subject_query = NULL; LassoSaml2Subject *subject = NULL; int rc = 0; g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query), LASSO_PARAM_ERROR_INVALID_VALUE); profile = LASSO_PROFILE(assertion_query); lasso_check_good_rc(lasso_saml20_profile_process_soap_request(profile, request_msg)); lasso_extract_node_or_fail(subject_query, profile->request, SAMLP2_SUBJECT_QUERY_ABSTRACT, LASSO_PROFILE_ERROR_INVALID_MSG); lasso_extract_node_or_fail(subject, subject_query->Subject, SAML2_SUBJECT, LASSO_PROFILE_ERROR_MISSING_SUBJECT); lasso_check_good_rc(lasso_saml20_profile_process_name_identifier_decryption(profile, &subject->NameID, &subject->EncryptedID)); cleanup: return rc; }
END_TEST START_TEST(test03_serviceProviderLogin) { char *serviceProviderContextDump, *identityProviderContextDump; LassoServer *spContext, *idpContext; LassoLogin *spLoginContext, *idpLoginContext; LassoLibAuthnRequest *request; int rc = 0; char *relayState; char *authnRequestUrl, *authnRequestQuery; char *responseUrl, *responseQuery; char *idpIdentityContextDump, *idpSessionContextDump; char *serviceProviderId, *soapRequestMsg, *soapResponseMsg; char *spIdentityContextDump; char *spSessionDump; int requestType; serviceProviderContextDump = generateServiceProviderContextDump(); spContext = lasso_server_new_from_dump(serviceProviderContextDump); spLoginContext = lasso_login_new(spContext); fail_unless(spLoginContext != NULL, "lasso_login_new() shouldn't have returned NULL"); rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata", LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_init_authn_request failed"); request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request); fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request"); request->IsPassive = 0; request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED); request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED); relayState = "fake"; request->RelayState = g_strdup(relayState); rc = lasso_login_build_authn_request_msg(spLoginContext); fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed"); authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url; fail_unless(authnRequestUrl != NULL, "authnRequestUrl shouldn't be NULL"); authnRequestQuery = strchr(authnRequestUrl, '?')+1; fail_unless(strlen(authnRequestQuery) > 0, "authnRequestRequest shouldn't be an empty string"); /* Identity provider singleSignOn, for a user having no federation. */ identityProviderContextDump = generateIdentityProviderContextDumpMemory(); idpContext = lasso_server_new_from_dump(identityProviderContextDump); idpLoginContext = lasso_login_new(idpContext); fail_unless(idpLoginContext != NULL, "lasso_login_new() shouldn't have returned NULL"); rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery); fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed"); fail_unless(lasso_login_must_authenticate(idpLoginContext), "lasso_login_must_authenticate() should be TRUE"); fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART, "protocoleProfile should be ProfileBrwsArt"); fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext), "lasso_login_must_ask_for_consent() should be FALSE"); rc = lasso_login_validate_request_msg(idpLoginContext, 1, /* authentication_result */ 0 /* is_consent_obtained */ ); rc = lasso_login_build_assertion(idpLoginContext, LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD, "FIXME: authenticationInstant", "FIXME: reauthenticateOnOrAfter", "FIXME: notBefore", "FIXME: notOnOrAfter"); rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_build_artifact_msg failed"); idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity); fail_unless(idpIdentityContextDump != NULL, "lasso_identity_dump shouldn't return NULL"); idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session); fail_unless(idpSessionContextDump != NULL, "lasso_session_dump shouldn't return NULL"); responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url; fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL"); responseQuery = strchr(responseUrl, '?')+1; fail_unless(strlen(responseQuery) > 0, "responseQuery shouldn't be an empty string"); serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID); fail_unless(serviceProviderId != NULL, "lasso_profile_get_remote_providerID shouldn't return NULL"); /* Service provider assertion consumer */ lasso_server_destroy(spContext); lasso_login_destroy(spLoginContext); spContext = lasso_server_new_from_dump(serviceProviderContextDump); spLoginContext = lasso_login_new(spContext); rc = lasso_login_init_request(spLoginContext, responseQuery, LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_init_request failed"); rc = lasso_login_build_request_msg(spLoginContext); fail_unless(rc == 0, "lasso_login_build_request_msg failed"); soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body; fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL"); /* Identity provider SOAP endpoint */ lasso_server_destroy(idpContext); lasso_login_destroy(idpLoginContext); requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg); fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN, "requestType should be LASSO_REQUEST_TYPE_LOGIN"); idpContext = lasso_server_new_from_dump(identityProviderContextDump); idpLoginContext = lasso_login_new(idpContext); rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg); fail_unless(rc == 0, "lasso_login_process_request_msg failed"); rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext), idpSessionContextDump); fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed"); rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId); fail_unless(rc == 0, "lasso_login_build_response_msg failed"); soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body; fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL"); /* Service provider assertion consumer (step 2: process SOAP response) */ rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg); fail_unless(rc == 0, "lasso_login_process_response_msg failed"); rc = lasso_login_accept_sso(spLoginContext); fail_unless(rc == 0, "lasso_login_accept_sso failed"); fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL, "spLoginContext has no identity"); spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity); fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed"); spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session); g_free(serviceProviderId); g_free(serviceProviderContextDump); g_free(identityProviderContextDump); g_free(idpSessionContextDump); g_free(idpIdentityContextDump); g_free(spIdentityContextDump); g_free(spSessionDump); g_object_unref(spContext); g_object_unref(idpContext); g_object_unref(spLoginContext); g_object_unref(idpLoginContext); }
int lasso_ecp_process_response_msg(LassoEcp *ecp, const char *response_msg) { xmlDoc *doc; xmlXPathContext *xpathCtx; xmlXPathObject *xpathObj; xmlNode *new_envelope, *header, *paos_response, *ecp_relay_state; xmlNode *body = NULL; xmlNs *soap_env_ns, *ecp_ns; g_return_val_if_fail(LASSO_IS_ECP(ecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); doc = lasso_xml_parse_memory(response_msg, strlen(response_msg)); xpathCtx = xmlXPathNewContext(doc); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body", xpathCtx); if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { body = xmlCopyNode(xpathObj->nodesetval->nodeTab[0], 1); } xmlXPathFreeObject(xpathObj); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ecp", (xmlChar*)LASSO_ECP_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//ecp:Response", xpathCtx); if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { ecp->assertionConsumerURL = (char*)xmlGetProp( xpathObj->nodesetval->nodeTab[0], (xmlChar*)"AssertionConsumerURL"); } xmlXPathFreeObject(xpathObj); xmlXPathFreeContext(xpathCtx); xpathCtx = NULL; xpathObj = NULL; new_envelope = xmlNewNode(NULL, (xmlChar*)"Envelope"); xmlSetNs(new_envelope, xmlNewNs(new_envelope, (xmlChar*)LASSO_SOAP_ENV_HREF, (xmlChar*)LASSO_SOAP_ENV_PREFIX)); xmlNewNs(new_envelope, (xmlChar*)LASSO_SAML_ASSERTION_HREF, (xmlChar*)LASSO_SAML_ASSERTION_PREFIX); header = xmlNewTextChild(new_envelope, NULL, (xmlChar*)"Header", NULL); /* PAOS request header block */ soap_env_ns = xmlNewNs(new_envelope, (xmlChar*)LASSO_SOAP_ENV_HREF, (xmlChar*)LASSO_SOAP_ENV_PREFIX); paos_response = xmlNewNode(NULL, (xmlChar*)"Response"); xmlSetNs(paos_response, xmlNewNs(paos_response, (xmlChar*)LASSO_PAOS_HREF, (xmlChar*)LASSO_PAOS_PREFIX)); xmlSetNsProp(paos_response, soap_env_ns, (xmlChar*)"mustUnderstand", (xmlChar*)"1"); xmlSetNsProp(paos_response, soap_env_ns, (xmlChar*)"actor", (xmlChar*)LASSO_SOAP_ENV_ACTOR); if (ecp->private_data->messageID) { xmlSetNsProp(paos_response, soap_env_ns, (xmlChar*)"refToMessageID", (xmlChar*)ecp->private_data->messageID); } xmlAddChild(header, paos_response); /* ECP relay state block */ if (ecp->private_data->relay_state) { ecp_relay_state = xmlNewNode(NULL, (xmlChar*)"RelayState"); xmlNodeSetContent(ecp_relay_state, (xmlChar*)ecp->private_data->relay_state); ecp_ns = xmlNewNs(ecp_relay_state, (xmlChar*)LASSO_ECP_HREF, (xmlChar*)LASSO_ECP_PREFIX); xmlSetNs(ecp_relay_state, ecp_ns); xmlSetNsProp(ecp_relay_state, soap_env_ns, (xmlChar*)"mustUnderstand", (xmlChar*)"1"); xmlSetNsProp(ecp_relay_state, soap_env_ns, (xmlChar*)"actor", (xmlChar*)LASSO_SOAP_ENV_ACTOR); xmlAddChild(header, ecp_relay_state); } xmlAddChild(new_envelope, body); lasso_assign_new_string(LASSO_PROFILE(ecp)->msg_body, lasso_xmlnode_to_string(new_envelope, 0, 0)) lasso_release_doc(doc); return 0; }
int lasso_ecp_process_authn_request_msg(LassoEcp *ecp, const char *authn_request_msg) { xmlDoc *doc; xmlXPathContext *xpathCtx; xmlXPathObject *xpathObj; xmlNode *xmlnode; LassoProfile *profile; LassoProvider *remote_provider; g_return_val_if_fail(LASSO_IS_ECP(ecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); g_return_val_if_fail(authn_request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); profile = LASSO_PROFILE(ecp); doc = lasso_xml_parse_memory(authn_request_msg, strlen(authn_request_msg)); xpathCtx = xmlXPathNewContext(doc); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ecp", (xmlChar*)LASSO_ECP_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//ecp:RelayState", xpathCtx); if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { xmlnode = xpathObj->nodesetval->nodeTab[0]; ecp->private_data->relay_state = xmlNodeGetContent(xmlnode); } xmlXPathFreeObject(xpathObj); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"paos", (xmlChar*)LASSO_PAOS_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//paos:Request", xpathCtx); if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { ecp->private_data->messageID = xmlGetProp( xpathObj->nodesetval->nodeTab[0], (xmlChar*)"messageID"); } xmlXPathFreeObject(xpathObj); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Header", xpathCtx); if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { xmlnode = xpathObj->nodesetval->nodeTab[0]; xmlUnlinkNode(xmlnode); xmlFreeNode(xmlnode); } xmlXPathFreeObject(xpathObj); xmlXPathFreeContext(xpathCtx); xpathCtx = NULL; xpathObj = NULL; xmlnode = xmlDocGetRootElement(doc); lasso_assign_new_string(LASSO_PROFILE(ecp)->msg_body, lasso_xmlnode_to_string(xmlnode, 0, 0)) lasso_release_doc(doc); profile->remote_providerID = lasso_server_get_first_providerID_by_role(profile->server, LASSO_PROVIDER_ROLE_IDP); if (profile->remote_providerID == NULL) { return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); } remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) { return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); } profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SingleSignOnService SOAP"); if (profile->msg_url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } return 0; }
/** * lasso_assertion_query_init_request: * @assertion_query: a #LassoAssertionQuery * @remote_provider_id: (allow-none): the providerID of the remote provider. * @http_method: if set, then it get the protocol profile in metadata * corresponding of this HTTP request method. * @query_request_type: the type of request. * * Initializes a new Assertion Query Request. * For the AssertionID request type, the remote_provider_id is mandatory, for all other kind of * request it is optional if we can find a provider supporting the associated role, i.e. * IDP; authentication, attribute and authorization authority. * * Return value: 0 on success; or a negative value otherwise. **/ gint lasso_assertion_query_init_request(LassoAssertionQuery *assertion_query, char *remote_provider_id, LassoHttpMethod http_method, LassoAssertionQueryRequestType query_request_type) { LassoProfile *profile; LassoNode *request; gint rc = 0; g_return_val_if_fail(http_method == LASSO_HTTP_METHOD_ANY || http_method == LASSO_HTTP_METHOD_SOAP, LASSO_PARAM_ERROR_INVALID_VALUE); g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query), LASSO_PARAM_ERROR_INVALID_VALUE); profile = LASSO_PROFILE(assertion_query); /* set the remote provider id */ profile->remote_providerID = NULL; if (remote_provider_id) { profile->remote_providerID = g_strdup(remote_provider_id); } else { LassoProviderRole role = LASSO_PROVIDER_ROLE_NONE; switch (query_request_type) { case LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHN: role = LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY; break; case LASSO_ASSERTION_QUERY_REQUEST_TYPE_ATTRIBUTE: role = LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY; break; case LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHZ_DECISION: role = LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY; break; /* other request types should not happen or should not go there */ default: return critical_error(LASSO_PARAM_ERROR_INVALID_VALUE); } profile->remote_providerID = lasso_server_get_first_providerID_by_role(profile->server, role); } g_return_val_if_fail(profile->remote_providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); assertion_query->private_data->query_request_type = query_request_type; switch (query_request_type) { case LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID: request = lasso_samlp2_assertion_id_request_new(); break; case LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHN: request = lasso_samlp2_authn_query_new(); break; case LASSO_ASSERTION_QUERY_REQUEST_TYPE_ATTRIBUTE: request = lasso_samlp2_attribute_query_new(); break; case LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHZ_DECISION: request = lasso_samlp2_authz_decision_query_new(); break; default: return critical_error(LASSO_PARAM_ERROR_INVALID_VALUE); } /* Setup usual request attributes */ if (LASSO_IS_SAMLP2_SUBJECT_QUERY_ABSTRACT(request)) { LassoSamlp2SubjectQueryAbstract *sqa; sqa = (LassoSamlp2SubjectQueryAbstract*)request; sqa->Subject = (LassoSaml2Subject*)lasso_saml2_subject_new(); } lasso_check_good_rc(lasso_saml20_profile_init_request(profile, profile->remote_providerID, TRUE, (LassoSamlp2RequestAbstract*)request, http_method, _lasso_assertion_query_type_to_protocol_type(query_request_type))); cleanup: lasso_release_gobject(request); return rc; }
/** * lasso_assertion_query_build_request_msg: * @assertion_query: a #LassoAssertionQuery * * Build an Assertion Query profile request message. * * Return value: 0 on success; or a negative value otherwise. **/ gint lasso_assertion_query_build_request_msg(LassoAssertionQuery *assertion_query) { LassoProfile *profile; LassoProvider *remote_provider; gint rc = 0; g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query), LASSO_PARAM_ERROR_INVALID_VALUE); profile = LASSO_PROFILE(assertion_query); lasso_profile_clean_msg_info(profile); remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) { return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); } /* fill and encrypt <Subject> if necessary */ if (LASSO_IS_SAMLP2_SUBJECT_QUERY_ABSTRACT(profile->request)) do { LassoSaml2NameID *nameID = NULL; LassoSamlp2SubjectQueryAbstract *subject_query; subject_query = (LassoSamlp2SubjectQueryAbstract*)profile->request; if (! LASSO_IS_SAML2_SUBJECT(subject_query->Subject)) { lasso_assign_new_gobject(subject_query->Subject, lasso_saml2_subject_new()); } /* verify that there is a NameID */ if ( (! LASSO_IS_SAML2_NAME_ID(subject_query->Subject->NameID) && ! LASSO_IS_SAML2_ENCRYPTED_ELEMENT(subject_query->Subject->EncryptedID))) { /* if not try to get the local profile one */ nameID = (LassoSaml2NameID*)profile->nameIdentifier; if (! LASSO_IS_SAML2_NAME_ID(nameID)) nameID = (LassoSaml2NameID*)lasso_profile_get_nameIdentifier(profile); /* if none found, try to get the identity object or session object one */ if (! LASSO_IS_SAML2_NAME_ID(nameID)) return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; lasso_assign_gobject(subject_query->Subject->NameID, nameID); } lasso_check_good_rc(lasso_saml20_profile_setup_subject(profile, subject_query->Subject)); } while(FALSE); if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { LassoAssertionQueryRequestType type; const char *url; /* XXX: support only SOAP */ static const gchar *servicepoints[LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST] = { NULL, NULL, "AuthnQueryService SOAP", "AttributeService SOAP", "AuthzService SOAP", }; static const LassoProviderRole roles[LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST] = { LASSO_PROVIDER_ROLE_NONE, LASSO_PROVIDER_ROLE_NONE, LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY, LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY, LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY, }; type = assertion_query->private_data->query_request_type; if (type == LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID) { return LASSO_ERROR_UNDEFINED; } if (type < LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID || type > LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHZ_DECISION) { return LASSO_PARAM_ERROR_INVALID_VALUE; } url = lasso_provider_get_metadata_one_for_role(remote_provider, roles[type], servicepoints[type]); return lasso_saml20_profile_build_request_msg(&assertion_query->parent, NULL, LASSO_HTTP_METHOD_SOAP, url); } cleanup: return rc; }