/** * lasso_login_assertion_add_discovery: * @login: a #LassoLogin object * @assertion: a #LassoSamlAssertion object * * Adds AttributeStatement and ResourceOffering attributes to @assertion of a @login object if there * is a discovery service registerered in the @LassoLogin.server field. * . **/ void lasso_login_assertion_add_discovery(LassoLogin *login, LassoSamlAssertion *assertion) { LassoProfile *profile = LASSO_PROFILE(login); LassoDiscoResourceOffering *resourceOffering; LassoDiscoServiceInstance *serviceInstance, *newServiceInstance; LassoSamlAttributeStatement *attributeStatement; LassoSamlAttribute *attribute; LassoSamlAttributeValue *attributeValue; serviceInstance = lasso_server_get_service(profile->server, LASSO_DISCO_HREF); if (LASSO_IS_DISCO_SERVICE_INSTANCE(serviceInstance) && login->private_data->resourceId) { newServiceInstance = lasso_disco_service_instance_copy(serviceInstance); resourceOffering = lasso_disco_resource_offering_new(newServiceInstance); lasso_release_gobject(newServiceInstance); lasso_assign_gobject(resourceOffering->ResourceID, login->private_data->resourceId); attributeValue = lasso_saml_attribute_value_new(); lasso_list_add_new_gobject(attributeValue->any, resourceOffering); attribute = lasso_saml_attribute_new(); lasso_assign_string(attribute->attributeName, "DiscoveryResourceOffering"); lasso_assign_string(attribute->attributeNameSpace, LASSO_DISCO_HREF); lasso_list_add_new_gobject(attribute->AttributeValue, attributeValue); attributeStatement = lasso_saml_attribute_statement_new(); lasso_list_add_new_gobject(attributeStatement->Attribute, attribute); lasso_assign_new_gobject(assertion->AttributeStatement, attributeStatement); /* FIXME: Add CredentialsRef and saml:Advice Assertions */ } }
void lasso_idwsf2_util_response_set_status2(LassoIdWsf2UtilResponse *idwsf2_util_response, const char *status, const char *status2) { LassoIdWsf2UtilStatus *idwsf2_util_status = NULL; LassoIdWsf2UtilStatus *idwsf2_util_status2 = NULL; if (! LASSO_IS_IDWSF2_UTIL_RESPONSE(idwsf2_util_response)) return; if (status2 == NULL || status2[0] == '\0') return; if (status) { idwsf2_util_status = lasso_idwsf2_util_status_new(); lasso_assign_string(idwsf2_util_status->code, status); } else { if (LASSO_IS_IDWSF2_UTIL_STATUS(idwsf2_util_response->Status)) { idwsf2_util_status = idwsf2_util_response->Status; } else { return; } } if (idwsf2_util_status) { idwsf2_util_status2 = lasso_idwsf2_util_status_new(); lasso_assign_string(idwsf2_util_status2->code, status2); lasso_list_add_new_gobject(idwsf2_util_status->Status, idwsf2_util_status2); lasso_assign_new_gobject(idwsf2_util_response->Status, idwsf2_util_status); } }
/** * lasso_login_set_resourceId: * @login: a #LassoLogin * @content: a resourceID identifier * * Set the resourceId to place in the next produced assertion for ID-WSF bootstrap. * * Return value: 0 on success; or a negative value otherwise. **/ int lasso_login_set_resourceId(LassoLogin *login, const char *content) { g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); g_return_val_if_fail(content != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); lasso_assign_new_gobject(login->private_data->resourceId, lasso_disco_resource_id_new(content)); return 0; }
/** * lasso_idwsf2_util_response_set_status: * @idwsf2_util_response: a #LassoIdWsf2UtilResponse object * @status: a status code identifier * * Set the first level status code and no second level status code. */ void lasso_idwsf2_util_response_set_status(LassoIdWsf2UtilResponse *idwsf2_util_response, const char *status) { LassoIdWsf2UtilStatus *idwsf2_util_status; if (! LASSO_IS_IDWSF2_UTIL_RESPONSE(idwsf2_util_response)) return; if (status == NULL || status[0] == '\0') return; idwsf2_util_status = lasso_idwsf2_util_status_new(); lasso_assign_string(idwsf2_util_status->code, status); lasso_assign_new_gobject(idwsf2_util_response->Status, idwsf2_util_status); }
/** * lasso_assertion_query_build_request_msg: * @assertion_query: a #LassoAssertionQuery * * Build an Assertion Query profile request message. * * Return value: 0 on success; or a negative value otherwise. **/ gint lasso_assertion_query_build_request_msg(LassoAssertionQuery *assertion_query) { LassoProfile *profile; LassoProvider *remote_provider; gint rc = 0; g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query), LASSO_PARAM_ERROR_INVALID_VALUE); profile = LASSO_PROFILE(assertion_query); lasso_profile_clean_msg_info(profile); remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) { return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); } /* fill and encrypt <Subject> if necessary */ if (LASSO_IS_SAMLP2_SUBJECT_QUERY_ABSTRACT(profile->request)) do { LassoSaml2NameID *nameID = NULL; LassoSamlp2SubjectQueryAbstract *subject_query; subject_query = (LassoSamlp2SubjectQueryAbstract*)profile->request; if (! LASSO_IS_SAML2_SUBJECT(subject_query->Subject)) { lasso_assign_new_gobject(subject_query->Subject, lasso_saml2_subject_new()); } /* verify that there is a NameID */ if ( (! LASSO_IS_SAML2_NAME_ID(subject_query->Subject->NameID) && ! LASSO_IS_SAML2_ENCRYPTED_ELEMENT(subject_query->Subject->EncryptedID))) { /* if not try to get the local profile one */ nameID = (LassoSaml2NameID*)profile->nameIdentifier; if (! LASSO_IS_SAML2_NAME_ID(nameID)) nameID = (LassoSaml2NameID*)lasso_profile_get_nameIdentifier(profile); /* if none found, try to get the identity object or session object one */ if (! LASSO_IS_SAML2_NAME_ID(nameID)) return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; lasso_assign_gobject(subject_query->Subject->NameID, nameID); } lasso_check_good_rc(lasso_saml20_profile_setup_subject(profile, subject_query->Subject)); } while(FALSE); if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { LassoAssertionQueryRequestType type; const char *url; /* XXX: support only SOAP */ static const gchar *servicepoints[LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST] = { NULL, NULL, "AuthnQueryService SOAP", "AttributeService SOAP", "AuthzService SOAP", }; static const LassoProviderRole roles[LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST] = { LASSO_PROVIDER_ROLE_NONE, LASSO_PROVIDER_ROLE_NONE, LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY, LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY, LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY, }; type = assertion_query->private_data->query_request_type; if (type == LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID) { return LASSO_ERROR_UNDEFINED; } if (type < LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID || type > LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHZ_DECISION) { return LASSO_PARAM_ERROR_INVALID_VALUE; } url = lasso_provider_get_metadata_one_for_role(remote_provider, roles[type], servicepoints[type]); return lasso_saml20_profile_build_request_msg(&assertion_query->parent, NULL, LASSO_HTTP_METHOD_SOAP, url); } cleanup: return rc; }