achieved support for using affiliations

author: Frederic Peters <fpeters@entrouvert.com> 2006-12-01 18:45:10 +0000
committer: Frederic Peters <fpeters@entrouvert.com> 2006-12-01 18:45:10 +0000
commit: 10ab6685fcbc927762f7170347d2956e30850daa (patch)
tree: 2ae7604f42724de5f9db099b70181542d153f348
parent: af3bed614a107e74a38c5e81a74596837bbc998f (diff)
3 files changed, 36 insertions, 10 deletions
diff --git a/lasso/id-ff/providerprivate.h b/lasso/id-ff/providerprivate.h
index 1f0ca8a5..c3b39916 100644
--- a/lasso/id-ff/providerprivate.h
+++ b/lasso/id-ff/providerprivate.h
@@ -53,6 +53,7 @@ struct _LassoProviderPrivate
 	xmlNode *organization;
 
 	char *affiliation_owner_id;
+	char *affiliation_id;
 
 	xmlSecKey *public_key;
 	xmlNode *signing_key_descriptor;
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 82c5211a..fe062ced 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -475,6 +475,8 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt
 	LassoSamlp2NameIDPolicy *name_id_policy;
 	char *name_id_policy_format = NULL;
 	LassoFederation *federation;
+	char *name_id_sp_name_qualifier = NULL;
+	LassoProvider *remote_provider;
 
 	/* verify if identity already exists else create it */
 	if (profile->identity == NULL) {
@@ -492,9 +494,16 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt
 		return 0;
 	}
 
-	/* search a federation in the identity */
-	federation = g_hash_table_lookup(profile->identity->federations,
+	remote_provider = g_hash_table_lookup(profile->server->providers,
 			profile->remote_providerID);
+	if (remote_provider->private_data->affiliation_id) {
+		name_id_sp_name_qualifier = remote_provider->private_data->affiliation_id;
+	} else {
+		name_id_sp_name_qualifier = profile->remote_providerID;
+	}
+
+	/* search a federation in the identity */
+	federation = g_hash_table_lookup(profile->identity->federations, name_id_sp_name_qualifier);
 	if (name_id_policy->AllowCreate == FALSE) {
 		/* a federation MUST exist */
 		if (federation == NULL) {
@@ -507,11 +516,13 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt
 	}
 
 	if (federation == NULL) {
-		federation = lasso_federation_new(profile->remote_providerID);
+		federation = lasso_federation_new(name_id_sp_name_qualifier);
 		lasso_saml20_federation_build_local_name_identifier(federation,
 				LASSO_PROVIDER(profile->server)->ProviderID,
 				LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
 				NULL);
+		LASSO_SAML2_NAME_ID(federation->local_nameIdentifier)->SPNameQualifier = g_strdup(
+				name_id_sp_name_qualifier);
 		lasso_identity_add_federation(profile->identity, federation);
 	}
 
@@ -540,9 +551,20 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 	LassoSaml2EncryptedElement *encrypted_element = NULL;
 	LassoSamlp2Response *response = NULL;
 
+	provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID);
+
 	if (profile->identity) {
+		char *name_id_sp_name_qualifier;
+		if (provider->private_data->affiliation_id) {
+			name_id_sp_name_qualifier = provider->private_data->affiliation_id;
+		} else {
+			name_id_sp_name_qualifier = profile->remote_providerID;
+		}
 		federation = g_hash_table_lookup(profile->identity->federations,
-				profile->remote_providerID);
+			name_id_sp_name_qualifier);
+		if (federation == NULL) {
+			message(G_LOG_LEVEL_WARNING, "can't find federation for identity");
+		}
 	} else {
 		federation = NULL;
 	}
@@ -574,9 +596,8 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 	assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotOnOrAfter = g_strdup(
 		notOnOrAfter);
 
-	provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID);
-
-	if (name_id_policy == NULL || strcmp(name_id_policy->Format,
+	if (name_id_policy == NULL || federation == NULL || 
+			strcmp(name_id_policy->Format,
 				LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) == 0) {
 		/* transient -> don't use a federation */
 		name_id = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
diff --git a/lasso/saml-2.0/server.c b/lasso/saml-2.0/server.c
index 7b71deeb..5958f8a6 100644
--- a/lasso/saml-2.0/server.c
+++ b/lasso/saml-2.0/server.c
@@ -31,7 +31,7 @@ int
 lasso_saml20_server_load_affiliation(LassoServer *server, xmlDoc *doc, xmlNode *node)
 {
 	xmlNode *t;
-	char *id, *member_id;
+	char *owner_id, *member_id, *affiliation_id;
 	LassoProvider *provider;
 
 	if (strcmp((char*)node->ns->href, LASSO_SAML2_METADATA_HREF) != 0) {
@@ -51,7 +51,8 @@ lasso_saml20_server_load_affiliation(LassoServer *server, xmlDoc *doc, xmlNode *
 		return LASSO_XML_ERROR_NODE_NOT_FOUND;
 	}
 
-	id = (char*)xmlGetProp(t, (xmlChar*)"affiliationOwnerID");
+	affiliation_id = (char*)xmlGetProp(node, (xmlChar*)"entityID");
+	owner_id = (char*)xmlGetProp(t, (xmlChar*)"affiliationOwnerID");
 
 	for (t = t->children; t; t = t->next) {
 		if (t->type == XML_ELEMENT_NODE && 
@@ -70,10 +71,13 @@ lasso_saml20_server_load_affiliation(LassoServer *server, xmlDoc *doc, xmlNode *
 						provider->ProviderID);
 				g_free(provider->private_data->affiliation_owner_id);
 			}
-			provider->private_data->affiliation_owner_id = g_strdup(member_id);
+			provider->private_data->affiliation_owner_id = g_strdup(owner_id);
+			provider->private_data->affiliation_id = g_strdup(affiliation_id);
 			xmlFree(member_id);
 		}
 	}
 
+	xmlFree(affiliation_id);
+
 	return 0;
 }
author	Frederic Peters <fpeters@entrouvert.com>	2006-12-01 18:45:10 +0000
committer	Frederic Peters <fpeters@entrouvert.com>	2006-12-01 18:45:10 +0000
commit	10ab6685fcbc927762f7170347d2956e30850daa (patch)
tree	2ae7604f42724de5f9db099b70181542d153f348
parent	af3bed614a107e74a38c5e81a74596837bbc998f (diff)