First attempt to implement authentication security mechanism. Only SAML is implemented and it needs improvement.

7 files changed, 262 insertions, 42 deletions

diff --git a/lasso/id-wsf/authentication.c b/lasso/id-wsf/authentication.c
index d3727e3b..42f0e2fe 100644
--- a/lasso/id-wsf/authentication.c
+++ b/lasso/id-wsf/authentication.c
@@ -228,7 +228,7 @@ lasso_authentication_init_request(LassoAuthentication *authentication,
 	request = lasso_sa_sasl_request_new(mechanisms);
 	LASSO_WSF_PROFILE(authentication)->request = LASSO_NODE(request);
 
-	envelope = lasso_wsf_profile_build_soap_envelope(NULL);
+	envelope = lasso_wsf_profile_build_soap_envelope(NULL, NULL);
 	LASSO_WSF_PROFILE(authentication)->soap_envelope_request = envelope;
 	envelope->Body->any = g_list_append(envelope->Body->any, request);
 
@@ -327,7 +327,7 @@ lasso_authentication_process_request_msg(LassoAuthentication *authentication,
 
 	correlation = envelope->Header->Other->data;
 	messageId = correlation->messageID;
-	envelope = lasso_wsf_profile_build_soap_envelope(messageId);
+	envelope = lasso_wsf_profile_build_soap_envelope(messageId, NULL);
 	LASSO_WSF_PROFILE(authentication)->soap_envelope_response = envelope;
 
 	status = lasso_utility_status_new(LASSO_SA_STATUS_CODE_OK);
@@ -390,7 +390,7 @@ lasso_authentication_process_response_msg(LassoAuthentication *authentication,
 		correlation = envelope->Header->Other->data;
 		messageId = correlation->messageID;
 
-		envelope = lasso_wsf_profile_build_soap_envelope(messageId);
+		envelope = lasso_wsf_profile_build_soap_envelope(messageId, NULL);
 		LASSO_WSF_PROFILE(authentication)->soap_envelope_request = envelope;
 
 		request = lasso_sa_sasl_request_new(g_strdup(response->serverMechanism));
diff --git a/lasso/id-wsf/data_service.c b/lasso/id-wsf/data_service.c
index 154957f8..c48c8d84 100644
--- a/lasso/id-wsf/data_service.c
+++ b/lasso/id-wsf/data_service.c
@@ -39,12 +39,21 @@ struct _LassoDataServicePrivate
 {
 	gboolean dispose_has_run;
 	LassoDiscoResourceOffering *offering;
+	GList *credentials;
 };
 
 /*****************************************************************************/
 /* public methods                                                            */
 /*****************************************************************************/
 
+gint
+lasso_data_service_add_credential(LassoDataService *service,
+	LassoSamlAssertion *assertion)
+{
+	service->private_data->credentials = g_list_append(
+		service->private_data->credentials,
+		g_object_ref(assertion));
+}
 
 LassoDstModification*
 lasso_data_service_add_modification(LassoDataService *service, const gchar *select)
@@ -123,12 +132,13 @@ lasso_data_service_add_query_item(LassoDataService *service,
  **/
 gint
 lasso_data_service_init_query(LassoDataService *service, const char *select,
-	const char *item_id)
+	const char *item_id, const char *security_mech_id)
 {
 	LassoWsfProfile *profile;
 	LassoDstQuery *query;
 	LassoDiscoResourceOffering *offering;
 	LassoDiscoDescription *description;
+	GList *iter;
 
 	profile = LASSO_WSF_PROFILE(service);
 
@@ -142,7 +152,8 @@ lasso_data_service_init_query(LassoDataService *service, const char *select,
 	offering = service->private_data->offering;
 
 	query->hrefServiceType = g_strdup(offering->ServiceInstance->ServiceType);
-	query->prefixServiceType = lasso_get_prefix_for_dst_service_href(query->hrefServiceType);
+	query->prefixServiceType = lasso_get_prefix_for_dst_service_href(
+		query->hrefServiceType);
 	if (query->prefixServiceType == NULL) {
 		return LASSO_ERROR_UNDEFINED;
 	}
@@ -156,11 +167,19 @@ lasso_data_service_init_query(LassoDataService *service, const char *select,
 		return LASSO_ERROR_UNIMPLEMENTED;
 	}
 
-	profile->soap_envelope_request = lasso_wsf_profile_build_soap_envelope(NULL);
+	profile->soap_envelope_request = lasso_wsf_profile_build_soap_envelope(
+		NULL, NULL);
 	profile->soap_envelope_request->Body->any = g_list_append(
 			profile->soap_envelope_request->Body->any, query);
 
-	description = lasso_discovery_get_description_auto(offering, LASSO_SECURITY_MECH_NULL);
+	if (security_mech_id)
+		description = lasso_discovery_get_description_auto(
+			offering, security_mech_id);
+	else
+		description = lasso_discovery_get_description_auto(
+			offering, LASSO_SECURITY_MECH_NULL);
+	if (!description)
+		return -1;
 
 	if (description->Endpoint != NULL) {
 		profile->msg_url = g_strdup(description->Endpoint);
@@ -169,6 +188,20 @@ lasso_data_service_init_query(LassoDataService *service, const char *select,
 		return LASSO_ERROR_UNIMPLEMENTED;
 	}
 
+	/* Added needed credential for remote service */
+	if (description->CredentialRef) {
+			char *credentialRef = description->CredentialRef->data;
+			iter = service->private_data->credentials;
+			while (iter) {
+				LassoSamlAssertion *credential = LASSO_SAML_ASSERTION(
+					iter->data);
+				if (strcmp(credentialRef, credential->AssertionID) == 0)
+					lasso_wsf_profile_add_saml_authentication(
+						LASSO_WSF_PROFILE(service), credential);
+				iter = iter->next;
+			}
+	}
+
 	return 0;
 }
 
@@ -183,7 +216,8 @@ lasso_data_service_init_query(LassoDataService *service, const char *select,
  * Return value: 0 on success; or a negative value otherwise.
  **/
 gint
-lasso_data_service_process_query_msg(LassoDataService *service, const char *message)
+lasso_data_service_process_query_msg(LassoDataService *service, const char *message,
+	const char *security_mech_id)
 {
 	LassoDstQuery *query;
 	LassoWsfProfile *profile;
@@ -195,6 +229,14 @@ lasso_data_service_process_query_msg(LassoDataService *service, const char *mess
 		return rc;
 	}
 
+	/* Verify needed credential */
+	if (lasso_security_mech_id_is_saml_authentication(security_mech_id) == TRUE) {
+		int res = lasso_wsf_profile_verify_saml_authentication(
+			LASSO_WSF_PROFILE(service);
+		if (res < 0)
+			return res;
+	}
+
 	query = LASSO_DST_QUERY(profile->request);
 	if (query->ResourceID)
 		service->resource_id = g_object_ref(query->ResourceID);
@@ -241,7 +283,8 @@ lasso_data_service_build_modify_response_msg(LassoDataService *service) {
 	while (iter) {
 		LassoDstModification *modification = iter->data;
 		xmlNode *newNode = modification->NewData->any->data;
-		xpathObj = xmlXPathEvalExpression((xmlChar*)modification->Select, xpathCtx);
+		xpathObj = xmlXPathEvalExpression((xmlChar*)modification->Select,
+			xpathCtx);
 		if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) {
 			xmlNode *node = xpathObj->nodesetval->nodeTab[0];
 			xmlReplaceNode(node, newNode);
@@ -276,7 +319,8 @@ lasso_data_service_build_response_msg(LassoDataService *service)
 	profile = LASSO_WSF_PROFILE(service);
 	request = LASSO_DST_QUERY(profile->request);
 
-	response = lasso_dst_query_response_new(lasso_utility_status_new(LASSO_DST_STATUS_CODE_OK));
+	response = lasso_dst_query_response_new(
+		lasso_utility_status_new(LASSO_DST_STATUS_CODE_OK));
 	profile->response = LASSO_NODE(response);
 	response->prefixServiceType = g_strdup(request->prefixServiceType);
 	response->hrefServiceType = g_strdup(request->hrefServiceType);
@@ -437,12 +481,14 @@ lasso_data_service_get_answer_for_item_id(LassoDataService *service, const char
  * Return value: 0 on success; or a negative value otherwise.
  **/
 gint
-lasso_data_service_process_query_response_msg(LassoDataService *service, const char *message)
+lasso_data_service_process_query_response_msg(LassoDataService *service,
+	const char *message)
 {
 	int rc;
 	LassoDstQueryResponse *response;
 
-	rc = lasso_wsf_profile_process_soap_response_msg(LASSO_WSF_PROFILE(service), message);
+	rc = lasso_wsf_profile_process_soap_response_msg(
+		LASSO_WSF_PROFILE(service), message);
 	if (rc) return rc;
 
 	if (! LASSO_IS_DST_QUERY_RESPONSE(LASSO_WSF_PROFILE(service)->response))
@@ -457,7 +503,8 @@ lasso_data_service_process_query_response_msg(LassoDataService *service, const c
 
 
 gint
-lasso_data_service_init_modify(LassoDataService *service, const gchar *select, xmlNode *xmlData)
+lasso_data_service_init_modify(LassoDataService *service, const gchar *select,
+	xmlNode *xmlData)
 {
 	LassoDstModification *modification;
 	LassoDstNewData *newData;
@@ -483,7 +530,8 @@ lasso_data_service_init_modify(LassoDataService *service, const gchar *select, x
 	offering = service->private_data->offering;
 	
 	modify->hrefServiceType = g_strdup(offering->ServiceInstance->ServiceType);
-	modify->prefixServiceType = lasso_get_prefix_for_dst_service_href(modify->hrefServiceType);
+	modify->prefixServiceType = lasso_get_prefix_for_dst_service_href(
+		modify->hrefServiceType);
 	if (modify->prefixServiceType == NULL) {
 		return LASSO_ERROR_UNDEFINED;
 	}
@@ -500,7 +548,7 @@ lasso_data_service_init_modify(LassoDataService *service, const gchar *select, x
 		return LASSO_ERROR_UNIMPLEMENTED;
 	}
 
-	envelope = lasso_wsf_profile_build_soap_envelope(NULL);
+	envelope = lasso_wsf_profile_build_soap_envelope(NULL, NULL);
 	LASSO_WSF_PROFILE(service)->soap_envelope_request = envelope;
 	envelope->Body->any = g_list_append(envelope->Body->any, modify);
 
@@ -515,7 +563,8 @@ lasso_data_service_init_modify(LassoDataService *service, const gchar *select, x
 
 
 gint
-lasso_data_service_process_modify_msg(LassoDataService *service, const gchar *modify_soap_msg)
+lasso_data_service_process_modify_msg(LassoDataService *service,
+	const gchar *modify_soap_msg)
 {
 	LassoDstModify *modify;
 	LassoWsfProfile *profile;
diff --git a/lasso/id-wsf/data_service.h b/lasso/id-wsf/data_service.h
index 0b218de5..e214e881 100644
--- a/lasso/id-wsf/data_service.h
+++ b/lasso/id-wsf/data_service.h
@@ -38,6 +38,7 @@ extern "C" {
 #include <lasso/xml/dst_query_item.h>
 #include <lasso/xml/disco_resource_offering.h>
 #include <lasso/xml/xml.h>
+#include <lasso/xml/saml_assertion.h>
 
 #define LASSO_TYPE_PROFILE_SERVICE (lasso_data_service_get_type())
 #define LASSO_DATA_SERVICE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), \
@@ -82,14 +83,17 @@ LASSO_EXPORT LassoDataService* lasso_data_service_new(LassoServer *server);
 LASSO_EXPORT LassoDataService* lasso_data_service_new_full(LassoServer *server,
 		LassoDiscoResourceOffering *offering);
 
+LASSO_EXPORT gint lasso_data_service_add_credential(LassoDataService *service,
+	LassoSamlAssertion *assertion);
+
 LASSO_EXPORT gint lasso_data_service_init_query(LassoDataService *service,
-		const char *select, const char *item_id);
+		const char *select, const char *item_id, const char *security_mech_id);
 
 LASSO_EXPORT LassoDstQueryItem* lasso_data_service_add_query_item(LassoDataService *service,
 		const char *select, const char *item_id);
 
 LASSO_EXPORT gint lasso_data_service_process_query_msg(LassoDataService *service,
-		const char *message);
+		const char *message, const char *security_mech_id);
 
 LASSO_EXPORT gint lasso_data_service_build_modify_response_msg(LassoDataService *service);
 
@@ -116,9 +120,6 @@ LASSO_EXPORT gint lasso_data_service_process_modify_msg(LassoDataService *servic
 LASSO_EXPORT gint lasso_data_service_process_modify_response_msg(LassoDataService *service,
 		const gchar *soap_msg);
 
-LASSO_EXPORT void lasso_data_service_register_service(LassoDataService *service,
-		const char *prefix, const char *href);
-
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
diff --git a/lasso/id-wsf/discovery.c b/lasso/id-wsf/discovery.c
index feb888a3..13611c5f 100644
--- a/lasso/id-wsf/discovery.c
+++ b/lasso/id-wsf/discovery.c
@@ -41,6 +41,30 @@ struct _LassoDiscoveryPrivate
 /* static methods/functions */
 /*****************************************************************************/
 
+gchar*
+lasso_discovery_build_credential(LassoDiscovery *discovery, const gchar *providerId)
+{
+	LassoSamlAssertion *assertion;
+	LassoDiscoQueryResponse *response;
+	LassoDiscoCredentials *credentials;
+
+	assertion = lasso_saml_assertion_new();
+	assertion->AssertionID = lasso_build_unique_id(32);
+	assertion->MajorVersion = LASSO_SAML_MAJOR_VERSION_N;
+	assertion->MinorVersion = LASSO_SAML_MINOR_VERSION_N;
+	assertion->IssueInstant = lasso_get_current_time();
+	assertion->Issuer = g_strdup(LASSO_PROVIDER(
+		LASSO_WSF_PROFILE(discovery)->server)->ProviderID);
+
+	response = LASSO_DISCO_QUERY_RESPONSE(LASSO_WSF_PROFILE(discovery)->response);
+	credentials = lasso_disco_credentials_new();
+	response->Credentials = credentials;
+
+	credentials->any = g_list_append(credentials->any, LASSO_NODE(assertion));
+
+	return g_strdup(assertion->AssertionID);
+}
+
 /**
  * lasso_discovery_init_request:
  * @discovery: a LassoDiscovery
@@ -52,7 +76,7 @@ struct _LassoDiscoveryPrivate
  * Return value: 0 on success and a negative value if an error occurs.
  **/
 static gint
-lasso_discovery_init_request(LassoDiscovery             *discovery,
+lasso_discovery_init_request(LassoDiscovery *discovery,
 			     LassoDiscoResourceOffering *resourceOffering,
 			     LassoDiscoDescription      *description)
 {
@@ -217,7 +241,7 @@ lasso_discovery_init_modify(LassoDiscovery                *discovery,
 	modify = lasso_disco_modify_new();
 	LASSO_WSF_PROFILE(discovery)->request = LASSO_NODE(modify);
 
-	envelope = lasso_wsf_profile_build_soap_envelope(NULL);
+	envelope = lasso_wsf_profile_build_soap_envelope(NULL, NULL);
 	LASSO_WSF_PROFILE(discovery)->soap_envelope_request = envelope;
 	envelope->Body->any = g_list_append(envelope->Body->any, modify);
 
@@ -286,7 +310,8 @@ end:
  * Return value: internally allocated, don't free
  **/
 LassoDiscoDescription*
-lasso_discovery_get_description_auto(LassoDiscoResourceOffering *offering, gchar *security_mech)
+lasso_discovery_get_description_auto(LassoDiscoResourceOffering *offering,
+	const gchar *security_mech)
 {
 	GList *iter, *iter2;
 	LassoDiscoDescription *description;
@@ -317,7 +342,8 @@ lasso_discovery_get_description_auto(LassoDiscoResourceOffering *offering, gchar
  * Return value: 0 on success; or a negative value otherwise.
  **/
 gint
-lasso_discovery_init_insert(LassoDiscovery *discovery, LassoDiscoResourceOffering *new_offering)
+lasso_discovery_init_insert(LassoDiscovery *discovery,
+	LassoDiscoResourceOffering *new_offering, const char *security_mech_id)
 {
 	LassoDiscoModify *modify;
 	LassoDiscoResourceOffering *offering;
@@ -331,7 +357,13 @@ lasso_discovery_init_insert(LassoDiscovery *discovery, LassoDiscoResourceOfferin
 	if (offering == NULL) {
 		return -1;
 	}
-	description = lasso_discovery_get_description_auto(offering, LASSO_SECURITY_MECH_NULL);
+	if (security_mech_id)
+		description = lasso_discovery_get_description_auto(offering, security_mech_id);
+	else
+		description = lasso_discovery_get_description_auto(offering,
+			LASSO_SECURITY_MECH_NULL);
+	if (!description)
+		return -1;
 	
 	/* XXX: EncryptedResourceID support */
 	modify->ResourceID = g_object_ref(offering->ResourceID);
@@ -373,7 +405,8 @@ lasso_discovery_init_remove(LassoDiscovery *discovery, const char *entry_id)
 	if (offering == NULL) {
 		return -1;
 	}
-	description = lasso_discovery_get_description_auto(offering, LASSO_SECURITY_MECH_NULL);
+	description = lasso_discovery_get_description_auto(offering,
+		LASSO_SECURITY_MECH_NULL);
 	
 	/* XXX: EncryptedResourceID support */
 	modify->ResourceID = g_object_ref(offering->ResourceID);
@@ -399,7 +432,7 @@ lasso_discovery_init_remove(LassoDiscovery *discovery, const char *entry_id)
  * Return value: 0 on success; or a negative value otherwise.
  **/
 gint
-lasso_discovery_init_query(LassoDiscovery *discovery)
+lasso_discovery_init_query(LassoDiscovery *discovery, const gchar *security_mech_id)
 {
 	LassoDiscoQuery *query;
 	LassoDiscoResourceOffering *offering;
@@ -413,8 +446,14 @@ lasso_discovery_init_query(LassoDiscovery *discovery)
 	if (offering == NULL) {
 		return -1;
 	}
-	description = lasso_discovery_get_description_auto(offering, LASSO_SECURITY_MECH_NULL);
-	
+	if (security_mech_id)
+		description = lasso_discovery_get_description_auto(offering, security_mech_id);
+	else
+		description = lasso_discovery_get_description_auto(offering,
+			LASSO_SECURITY_MECH_NULL);
+	if (!description)
+		return -1;
+
 	/* XXX: EncryptedResourceID support */
 	query->ResourceID = g_object_ref(offering->ResourceID);
 	lasso_node_destroy(LASSO_NODE(offering));
@@ -583,7 +622,8 @@ lasso_discovery_process_modify_response_msg(LassoDiscovery *discovery, const gch
  * Return value: 0 on success; or a negative value otherwise.
  **/
 gint
-lasso_discovery_process_query_msg(LassoDiscovery *discovery, const gchar *message)
+lasso_discovery_process_query_msg(LassoDiscovery *discovery, const gchar *message,
+	const char *security_mech_id)
 {
 	LassoDiscoQuery *request;
 	LassoSoapEnvelope *envelope;
@@ -626,8 +666,14 @@ lasso_discovery_build_response_msg(LassoDiscovery *discovery)
 	LassoDiscoQuery *request = LASSO_DISCO_QUERY(LASSO_WSF_PROFILE(discovery)->request);
 	LassoDiscoQueryResponse *response;
 	LassoSoapEnvelope *envelope;
+
+	LassoSoapBindingProvider *provider = NULL;
+
 	GList *offerings = NULL;
-	GList *iter;
+	GList *iter, *iter2, *iter3, *iter4;
+	int res;
+	
+	gchar *credentialRef;
 
 	iter = request->RequestedServiceType;
 	while (iter) {
@@ -645,9 +691,34 @@ lasso_discovery_build_response_msg(LassoDiscovery *discovery)
 	LASSO_WSF_PROFILE(discovery)->response = LASSO_NODE(response);
 	envelope = LASSO_WSF_PROFILE(discovery)->soap_envelope_response;
 	envelope->Body->any = g_list_append(envelope->Body->any, response);
+	
+	/* Add needed credential for offerings */
+	iter = offerings;
+	while (iter) {
+		LassoDiscoResourceOffering *resource_offering = iter->data;
+		iter = g_list_next(iter);
+		iter2 = resource_offering->ServiceInstance->Description;
+		while (iter2) {
+			LassoDiscoDescription *description = LASSO_DISCO_DESCRIPTION(iter2->data);
+			iter3 = description->SecurityMechID;
+			while (iter3) {
+				if (lasso_security_mech_id_is_saml_authentication(
+						iter3->data) == TRUE)
+					credentialRef = lasso_discovery_build_credential(
+						discovery, NULL);
+					description->CredentialRef = g_list_append(
+						description->CredentialRef, credentialRef);
+				iter3 = g_list_next(iter3);
+			}
+			iter2 = g_list_next(iter2);
+		}
+	}
 
-	return lasso_wsf_profile_build_soap_response_msg(LASSO_WSF_PROFILE(discovery));
-
+	res = lasso_wsf_profile_build_soap_response_msg(LASSO_WSF_PROFILE(discovery));
+	if (res < 0)
+		return res;
+	
+	return 0;
 }
 
 /**
@@ -727,6 +798,15 @@ lasso_discovery_get_service(LassoDiscovery *discovery, const char *service_type)
 		service = lasso_data_service_new_full(LASSO_WSF_PROFILE(discovery)->server,
 				offering);
 	}
+	
+	if (response->Credentials) {
+		iter = response->Credentials->any;
+		while (iter) {
+			lasso_data_service_add_credential(LASSO_DATA_SERVICE(service),
+				LASSO_SAML_ASSERTION(iter->data));
+			iter = iter->next;
+		}
+	}
 
 	return service;
 }
diff --git a/lasso/id-wsf/discovery.h b/lasso/id-wsf/discovery.h
index d2d229f0..d2b62e38 100644
--- a/lasso/id-wsf/discovery.h
+++ b/lasso/id-wsf/discovery.h
@@ -81,6 +81,9 @@ LASSO_EXPORT GType lasso_discovery_get_type(void);
 
 LASSO_EXPORT LassoDiscovery* lasso_discovery_new(LassoServer *server);
 
+LASSO_EXPORT gchar* lasso_discovery_build_credential(LassoDiscovery *discovery,
+	const gchar *providerId);
+
 LASSO_EXPORT LassoDiscoInsertEntry* lasso_discovery_add_insert_entry(
 	LassoDiscovery *discovery,
 	LassoDiscoServiceInstance *serviceInstance,
@@ -95,7 +98,7 @@ LASSO_EXPORT LassoDiscoRequestedServiceType* lasso_discovery_add_requested_servi
 LASSO_EXPORT void lasso_discovery_destroy(LassoDiscovery *discovery);
 
 LASSO_EXPORT gint lasso_discovery_init_insert(LassoDiscovery *discovery,
-		LassoDiscoResourceOffering *resourceOffering);
+		LassoDiscoResourceOffering *resourceOffering, const char *security_mech_id);
 LASSO_EXPORT gint lasso_discovery_init_remove(LassoDiscovery *discovery, const char *entry_id);
 
 LASSO_EXPORT gint lasso_discovery_build_response_msg(LassoDiscovery *discovery);
@@ -105,7 +108,8 @@ LASSO_EXPORT gint lasso_discovery_init_modify(LassoDiscovery *discovery,
 					      LassoDiscoResourceOffering *resourceOffering,
 					      LassoDiscoDescription *description);
 
-LASSO_EXPORT gint lasso_discovery_init_query(LassoDiscovery *discovery);
+LASSO_EXPORT gint lasso_discovery_init_query(LassoDiscovery *discovery,
+	const gchar *security_mech_id);
 
 LASSO_EXPORT gint lasso_discovery_process_modify_msg(LassoDiscovery *discovery,
 						     const gchar *message);
@@ -114,7 +118,7 @@ LASSO_EXPORT gint lasso_discovery_process_modify_response_msg(LassoDiscovery *di
 							      const gchar *message);
 
 LASSO_EXPORT gint lasso_discovery_process_query_msg(LassoDiscovery *discovery,
-						    const gchar *message);
+					const gchar *message, const char *security_mech_id);
 
 LASSO_EXPORT gint lasso_discovery_process_query_response_msg(LassoDiscovery *discovery,
 							     const gchar *message);
@@ -129,7 +133,7 @@ LASSO_EXPORT LassoDataService* lasso_discovery_get_service_with_providerId(
 LASSO_EXPORT GList* lasso_discovery_get_services(LassoDiscovery *discovery);
 
 LASSO_EXPORT LassoDiscoDescription* lasso_discovery_get_description_auto(
-		LassoDiscoResourceOffering *offering, gchar *security_mech);
+		LassoDiscoResourceOffering *offering, const gchar *security_mech);
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
index b756926b..bbddd277 100644
--- a/lasso/id-wsf/wsf_profile.c
+++ b/lasso/id-wsf/wsf_profile.c
@@ -25,13 +25,17 @@
 #include <lasso/id-wsf/wsf_profile.h>
 #include <lasso/xml/disco_modify.h>
 #include <lasso/xml/soap_binding_correlation.h>
+#include <lasso/xml/soap_binding_provider.h>
+#include <lasso/xml/wsse_security.h>
+#include <lasso/xml/saml_assertion.h>
+
 
 /*****************************************************************************/
 /* private methods                                                           */
 /*****************************************************************************/
 
 LassoSoapEnvelope*
-lasso_wsf_profile_build_soap_envelope(const char *refToMessageId)
+lasso_wsf_profile_build_soap_envelope(const char *refToMessageId, const char *providerId)
 {
 	LassoSoapEnvelope *envelope;
 	LassoSoapHeader *header;
@@ -55,6 +59,12 @@ lasso_wsf_profile_build_soap_envelope(const char *refToMessageId)
 		correlation->refToMessageID = g_strdup(refToMessageId);
 	header->Other = g_list_append(header->Other, correlation);
 
+	/* Provider */
+	if (providerId) {
+		LassoSoapBindingProvider *provider = lasso_soap_binding_provider_new(providerId);
+		header->Other = g_list_append(header->Other, provider);
+	}
+
 	return envelope;
 }
 
@@ -62,6 +72,72 @@ lasso_wsf_profile_build_soap_envelope(const char *refToMessageId)
 /* public methods                                                            */
 /*****************************************************************************/
 
+gint
+lasso_wsf_profile_verify_saml_authentication(LassoWsfProfile *profile)
+{
+	LassoSoapHeader *header;
+	LassoWsseSecurity *security = NULL;
+	LassoSamlAssertion *credential;
+	GList *iter;
+	
+	header = profile->soap_envelope_request->Header;
+
+	/* Security */
+	iter = header->Other;
+	while (iter) {
+		if (LASSO_IS_WSSE_SECURITY(iter->data) == TRUE) {
+			security = LASSO_WSSE_SECURITY(iter->data);
+			break;
+		}
+		iter = iter->next;
+	}
+	if (!security)
+		return -1;
+	
+	/* Assertion */
+	iter = security->any;
+	while (iter) {
+		if (LASSO_IS_SAML_ASSERTION(iter->data) == TRUE) {
+			credential = LASSO_SAML_ASSERTION(iter->data);
+			break;
+		}
+		iter = iter->next;
+	}
+	if (!credential)
+		return -1;
+	
+	return 0;
+}
+
+gboolean
+lasso_security_mech_id_is_saml_authentication(const gchar *security_mech_id)
+{
+	if (!security_mech_id)
+		return FALSE;
+
+	if (strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0 || \
+		strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 || \
+		strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0)
+		return TRUE;
+
+	return FALSE;
+}
+
+gint
+lasso_wsf_profile_add_saml_authentication(LassoWsfProfile *profile, LassoSamlAssertion *credential)
+{
+	LassoSoapHeader *header;
+	LassoWsseSecurity *security;
+	GList *iter;
+
+	security = lasso_wsse_security_new();
+	security->any = g_list_append(security->any, credential);
+	header = profile->soap_envelope_request->Header;
+	header->Other = g_list_append(header->Other, security);
+
+	return 0;
+}
+
 
 /**
  * lasso_wsf_profile_get_identity:
@@ -184,7 +260,8 @@ lasso_wsf_profile_init_soap_request(LassoWsfProfile *profile, LassoNode *request
 {
 	LassoSoapEnvelope *envelope;
 
-	envelope = lasso_wsf_profile_build_soap_envelope(NULL);
+	envelope = lasso_wsf_profile_build_soap_envelope(NULL,
+		LASSO_PROVIDER(profile->server)->ProviderID);
 	LASSO_WSF_PROFILE(profile)->soap_envelope_request = envelope;
 	envelope->Body->any = g_list_append(envelope->Body->any, request);
 
@@ -245,7 +322,7 @@ lasso_wsf_profile_process_soap_request_msg(LassoWsfProfile *profile, const gchar
 	correlation = envelope->Header->Other->data;
 
 	messageId = correlation->messageID;
-	envelope = lasso_wsf_profile_build_soap_envelope(messageId);
+	envelope = lasso_wsf_profile_build_soap_envelope(messageId, NULL);
 	LASSO_WSF_PROFILE(profile)->soap_envelope_response = envelope;
 
 	return 0;
diff --git a/lasso/id-wsf/wsf_profile.h b/lasso/id-wsf/wsf_profile.h
index 67a7cfb1..47d60940 100644
--- a/lasso/id-wsf/wsf_profile.h
+++ b/lasso/id-wsf/wsf_profile.h
@@ -35,6 +35,7 @@ extern "C" {
 #include <lasso/id-ff/session.h>
 #include <lasso/xml/soap_envelope.h>
 #include <lasso/xml/soap_binding_provider.h>
+#include <lasso/xml/saml_assertion.h>
 
 #define LASSO_TYPE_WSF_PROFILE (lasso_wsf_profile_get_type())
 #define LASSO_WSF_PROFILE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), \
@@ -76,6 +77,13 @@ struct _LassoWsfProfileClass {
 
 LASSO_EXPORT GType lasso_wsf_profile_get_type(void);
 
+/* FIXME: Should not be here */
+LASSO_EXPORT gboolean lasso_security_mech_id_is_saml_authentication(
+	const gchar *security_mech_id);
+
+LASSO_EXPORT gint lasso_wsf_profile_add_saml_authentication(LassoWsfProfile *profile,
+	LassoSamlAssertion *credential);
+
 LASSO_EXPORT LassoIdentity* lasso_wsf_profile_get_identity(LassoWsfProfile *profile);
 LASSO_EXPORT LassoSession* lasso_wsf_profile_get_session(LassoWsfProfile *profile);
 LASSO_EXPORT gboolean lasso_wsf_profile_is_identity_dirty(LassoWsfProfile *profile);
@@ -87,7 +95,8 @@ LASSO_EXPORT gint lasso_wsf_profile_set_session_from_dump(LassoWsfProfile *profi
 		const gchar *dump);
 
 /* FIXME: must be private method */
-LASSO_EXPORT LassoSoapEnvelope* lasso_wsf_profile_build_soap_envelope(const char *refToMessageId);
+LASSO_EXPORT LassoSoapEnvelope* lasso_wsf_profile_build_soap_envelope(const char *refToMessageId,
+		const char *providerId);
 
 LASSO_EXPORT gint lasso_wsf_profile_build_soap_request_msg(LassoWsfProfile *profile);