diff options
| author | Nicolas Clapies <nclapies@entrouvert.com> | 2004-07-21 12:46:46 +0000 |
|---|---|---|
| committer | Nicolas Clapies <nclapies@entrouvert.com> | 2004-07-21 12:46:46 +0000 |
| commit | 222f813ee84604400c04416248773973fd8450f8 (patch) | |
| tree | 107ddf22d336d053d726e8fd2b67b4709d64f651 | |
| parent | 1d7b3791454b797bfd8d5dc72600b6932a16552d (diff) | |
| download | lasso-222f813ee84604400c04416248773973fd8450f8.tar.gz lasso-222f813ee84604400c04416248773973fd8450f8.tar.xz lasso-222f813ee84604400c04416248773973fd8450f8.zip | |
*** empty log message ***
| -rw-r--r-- | lasso/Attic/protocols/provider.h | 6 | ||||
| -rw-r--r-- | lasso/id-ff/federation_termination.c | 29 | ||||
| -rw-r--r-- | lasso/id-ff/logout.c | 32 | ||||
| -rw-r--r-- | lasso/id-ff/server.c | 8 | ||||
| -rw-r--r-- | python/examples/defederation.py | 12 |
5 files changed, 48 insertions, 39 deletions
diff --git a/lasso/Attic/protocols/provider.h b/lasso/Attic/protocols/provider.h index fd769fdc..e1cd2d05 100644 --- a/lasso/Attic/protocols/provider.h +++ b/lasso/Attic/protocols/provider.h @@ -72,15 +72,15 @@ LASSO_EXPORT LassoProvider *lasso_provider_new_from_metadata_node LASSO_EXPORT LassoProvider *lasso_provider_new_metadata_filename (gchar *metadata_filename); +LASSO_EXPORT gchar *lasso_provider_dump (LassoProvider *provider); + LASSO_EXPORT gchar *lasso_provider_get_assertionConsumerServiceURL (LassoProvider *provider); LASSO_EXPORT gchar *lasso_provider_get_federationTerminationNotificationProtocolProfile (LassoProvider *provider); LASSO_EXPORT gchar *lasso_provider_get_federationTerminationReturnServiceURL (LassoProvider *provider); -LASSO_EXPORT gchar *lasso_provider_get_federationTerminationNotificationServiceURL (LassoProvider *provider); - -LASSO_EXPORT gchar *lasso_provider_dump (LassoProvider *provider); +LASSO_EXPORT gchar *lasso_provider_get_federationTerminationServiceURL (LassoProvider *provider); LASSO_EXPORT gchar *lasso_provider_get_nameIdentifierMappingProtocolProfile (LassoProvider *provider); diff --git a/lasso/id-ff/federation_termination.c b/lasso/id-ff/federation_termination.c index d120784b..a50985a1 100644 --- a/lasso/id-ff/federation_termination.c +++ b/lasso/id-ff/federation_termination.c @@ -40,21 +40,20 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * profileContext = LASSO_PROFILE_CONTEXT(defederation); - /* get the prototocol profile of the federation termination notification */ provider = lasso_server_get_provider(profileContext->server, profileContext->remote_providerID); if(provider==NULL){ debug(ERROR, "Provider %s not found\n", profileContext->remote_providerID); return(-2); } + /* get the prototocol profile of the federation termination notification */ protocolProfile = lasso_provider_get_federationTerminationNotificationProtocolProfile(provider); if(protocolProfile==NULL){ - debug(ERROR, "Federation termination protocol profile not found\n"); + debug(ERROR, "Federation termination notification protocol profile not found\n"); return(-3); } if(xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloSpSoap) || xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloIdpSoap)){ - debug(DEBUG, "Building a federation termination soap message\n"); profileContext->request_type = lassoHttpMethodSoap; profileContext->msg_url = lasso_provider_get_federationTerminationServiceURL(provider); if(profileContext->msg_url==NULL){ @@ -64,7 +63,6 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * profileContext->msg_body = lasso_node_export_to_soap(profileContext->request); } else if(xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloSpHttp)||xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloIdpHttp)){ - debug(DEBUG, "Building a federation termination http redirect message\n"); profileContext->request_type = lassoHttpMethodRedirect; profileContext->msg_url = lasso_node_export_to_query(profileContext->request, profileContext->server->signature_method, @@ -76,9 +74,6 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * return(-5); } - debug(INFO, "notification url : %s\n", profileContext->msg_url); - debug(INFO, "notification body : %s\n", profileContext->msg_body); - return(0); } @@ -113,12 +108,19 @@ lasso_federation_termination_init_notification(LassoFederationTermination *defed profileContext = LASSO_PROFILE_CONTEXT(defederation); - profileContext->remote_providerID = remote_providerID; + if(remote_providerID==NULL){ + debug(INFO, "No remote provider id, get the issuer of the first authentication assertion\n"); + profileContext->remote_providerID = lasso_user_get_next_assertion_remote_providerID(profileContext->user); + } + else{ + debug(INFO, "A remote provider id for defederation notification : %s\n", remote_providerID); + profileContext->remote_providerID = g_strdup(remote_providerID); + } /* get identity */ identity = lasso_user_get_identity(profileContext->user, profileContext->remote_providerID); if(identity==NULL){ - debug(ERROR, "No identity for %s not found\n", profileContext->remote_providerID); + debug(ERROR, "Identity not found for %s\n", profileContext->remote_providerID); return(-2); } @@ -134,10 +136,12 @@ lasso_federation_termination_init_notification(LassoFederationTermination *defed if(!nameIdentifier) nameIdentifier = LASSO_NODE(lasso_identity_get_local_nameIdentifier(identity)); break; + default: + debug(ERROR, "Unknown provider type\n"); } if(!nameIdentifier){ - debug(ERROR, "No name identifier for %s\n", profileContext->remote_providerID); + debug(ERROR, "Name identifier not found for %s\n", profileContext->remote_providerID); return(-3); } @@ -150,6 +154,11 @@ lasso_federation_termination_init_notification(LassoFederationTermination *defed content, nameQualifier, format); + if(profileContext->request==NULL){ + debug(ERROR, "Error while creating the notification\n"); + return(-6); + } + return(0); } diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 9cee792f..654165a7 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -59,7 +59,6 @@ lasso_logout_build_request_msg(LassoLogout *logout) } /* get the prototocol profile of the logout request */ - singleLogoutServiceURL = lasso_provider_get_singleLogoutServiceURL(provider); protocolProfile = lasso_provider_get_singleLogoutProtocolProfile(provider); if(protocolProfile==NULL){ @@ -67,11 +66,6 @@ lasso_logout_build_request_msg(LassoLogout *logout) return(-3); } - if(singleLogoutServiceURL==NULL){ - debug(ERROR, "Single Logout Service URL not found\n"); - return(-4); - } - if(xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloSpSoap) || xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloIdpSoap)){ debug(DEBUG, "Building a soap request message\n"); profileContext->request_type = lassoHttpMethodSoap; @@ -82,12 +76,13 @@ lasso_logout_build_request_msg(LassoLogout *logout) profileContext->server->private_key, profileContext->server->certificate); - profileContext->msg_url = singleLogoutServiceURL; + profileContext->msg_url = lasso_provider_get_soapEndpoint(provider); profileContext->msg_body = lasso_node_export_to_soap(profileContext->request); } else if(xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloSpHttp)||xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloIdpHttp)){ debug(DEBUG, "Building a http get request message\n"); profileContext->request_type = lassoHttpMethodRedirect; + profileContext->msg_url = lasso_provider_get_singleLogoutServiceURL(provider); profileContext->msg_url = lasso_node_export_to_query(profileContext->request, profileContext->server->signature_method, profileContext->server->private_key); @@ -164,7 +159,7 @@ lasso_logout_init_request(LassoLogout *logout, if(remote_providerID==NULL){ debug(INFO, "No remote provider id, get the next assertion peer provider id\n"); - profileContext->remote_providerID = lasso_user_get_next_providerID(profileContext->user); + profileContext->remote_providerID = lasso_user_get_next_assertion_remote_providerID(profileContext->user); } else{ debug(INFO, "A remote provider id for logout request : %s\n", remote_providerID); @@ -286,6 +281,19 @@ lasso_logout_process_request_msg(LassoLogout *logout, return(-6); } + /* verify authentication (if ok, delete assertion) */ + if(profileContext->user==NULL){ + debug(WARNING, "User environ not found\n"); + statusCode_class->set_prop(statusCode, "Value", lassoSamlStatusCodeRequestDenied); + } + + assertion = lasso_user_get_assertion(profileContext->user, remote_providerID); + if(assertion==NULL){ + debug(WARNING, "%s has no assertion\n", remote_providerID); + statusCode_class->set_prop(statusCode, "Value", lassoSamlStatusCodeRequestDenied); + return(-9); + } + /* Verify federation */ identity = lasso_user_get_identity(profileContext->user, remote_providerID); if(identity==NULL){ @@ -300,14 +308,6 @@ lasso_logout_process_request_msg(LassoLogout *logout, return(-8); } - /* verify authentication (if ok, delete assertion) */ - assertion = lasso_user_get_assertion(profileContext->user, remote_providerID); - if(assertion==NULL){ - debug(WARNING, "%s has no assertion\n", remote_providerID); - statusCode_class->set_prop(statusCode, "Value", lassoSamlStatusCodeRequestDenied); - return(-9); - } - return(0); } diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index fbf2b7a0..c2517028 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -96,7 +96,7 @@ lasso_server_add_lasso_provider(LassoServer *server, g_return_val_if_fail(LASSO_IS_SERVER(server), -1); g_return_val_if_fail(LASSO_IS_PROVIDER(provider), -2); - debug(INFO, "Add a provider(%s)\n", lasso_provider_get_providerID(provider)); +/* debug(INFO, "Add a provider(%s)\n", lasso_provider_get_providerID(provider)); */ g_ptr_array_add(server->providers, provider); } @@ -114,7 +114,7 @@ lasso_server_add_provider(LassoServer *server, provider = lasso_provider_new(metadata, public_key, ca_certificate); g_return_val_if_fail(provider!=NULL, -5); - debug(INFO, "Add a provider(%s)\n", lasso_provider_get_providerID(provider)); + /* debug(INFO, "Add a provider(%s)\n", lasso_provider_get_providerID(provider)); */ g_ptr_array_add(server->providers, provider); return(0); @@ -137,7 +137,7 @@ lasso_server_get_provider(LassoServer *server, g_return_val_if_fail(LASSO_IS_SERVER(server), NULL); g_return_val_if_fail(providerID!=NULL, NULL); - debug(INFO, "Get information of provider id %s\n", providerID); +/* debug(INFO, "Get information of provider id %s\n", providerID); */ len = server->providers->len; for(index = 0; index<len; index++) { @@ -302,7 +302,7 @@ lasso_server_new_from_dump(gchar *dump) server_node = lasso_node_new_from_dump(dump); if(server_node==NULL){ - debug(ERROR, "Error while loading Server dump\n"); + debug(ERROR, "Error while loading server dump\n"); return(NULL); } server_class = LASSO_NODE_GET_CLASS(server_node); diff --git a/python/examples/defederation.py b/python/examples/defederation.py index f490ae9a..4b7b3500 100644 --- a/python/examples/defederation.py +++ b/python/examples/defederation.py @@ -10,24 +10,22 @@ lasso.init() spserver = lasso.Server.new("../../examples/sp.xml", "../../examples/rsapub.pem", "../../examples/rsakey.pem", "../../examples/rsacert.pem", lasso.signatureMethodRsaSha1) - spserver.add_provider("../../examples/idp.xml", None, None) idpserver = lasso.Server.new("../../examples/idp.xml", "../../examples/rsapub.pem", "../../examples/rsakey.pem", "../../examples/rsacert.pem", lasso.signatureMethodRsaSha1) - spserver.add_provider("../../examples/sp.xml", None, None) -# users : -spuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://identity-provider:2003/liberty-alliance/metadata\"><LassoRemoteNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">LLLLLLLLLLLLLLLLLLLLLLLLL</NameIdentifier></LassoRemoteNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" +# users : +spuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://identity-provider:2003/liberty-alliance/metadata\"><LassoRemoteNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">1111111111111111111111111</NameIdentifier></LassoRemoteNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" spuser = lasso.User.new_from_dump(spuser_dump) -idpuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://service-provider:2003/liberty-alliance/metadata\"><LassoLocalNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">LLLLLLLLLLLLLLLLLLLLLLLLL</NameIdentifier></LassoLocalNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" - +idpuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://service-provider:2003/liberty-alliance/metadata\"><LassoLocalNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">1111111111111111111111111</NameIdentifier></LassoLocalNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" idpuser = lasso.User.new_from_dump(idpuser_dump) + # sp federation termination : spdefederation = lasso.FederationTermination.new(spserver, spuser, lasso.providerTypeSp) spdefederation.init_notification("https://identity-provider:2003/liberty-alliance/metadata") @@ -35,6 +33,8 @@ spdefederation.build_notification_msg() print 'url : ', spdefederation.msg_url print 'body : ', spdefederation.msg_body +sys.exit(1) + # idp federation termination : print "---------------------------------------------------------" print " At identity provider " |