started support for AssertionConsumerServiceIndex (as alternative to

ProtocolBinding) (used by zxid)
author: Frederic Peters <fpeters@entrouvert.com> 2006-10-29 12:27:36 +0000
committer: Frederic Peters <fpeters@entrouvert.com> 2006-10-29 12:27:36 +0000
commit: 42f573a9fcb1ea8db175cf61c8891e54895050d8 (patch)
tree: 447e2f5c930d05305060865b77437b4463915e69
parent: f5ebbdfb9e1150198f5ead788d32f6c9b2295986 (diff)
4 files changed, 63 insertions, 3 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 3965bf79..487568ef 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -183,8 +183,32 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
 
 	protocol_binding = LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->ProtocolBinding;
 	if (protocol_binding == NULL) {
-		/* XXX: what does spec say when protocol binding is not set ? */
-		message(G_LOG_LEVEL_WARNING, "undefined protocol binding");
+		/* protocol binding not set; will look into
+		 * AssertionConsumingServiceIndex */
+		int service_index = LASSO_SAMLP2_AUTHN_REQUEST(
+				profile->request)->AssertionConsumerServiceIndex;
+		if (service_index == -1) {
+			/* XXX: what does spec say when protocol binding and
+			 * attribute consuming service index are both unset ?
+			 */
+			message(G_LOG_LEVEL_WARNING, "missing service index");
+		} else {
+			gchar *binding;
+			LassoProvider *remote_provider;
+
+			remote_provider = g_hash_table_lookup(profile->server->providers,
+					profile->remote_providerID);
+
+			binding = lasso_saml20_provider_get_assertion_consumer_service_binding(
+					remote_provider, service_index);
+			if (binding == NULL) {
+				message(G_LOG_LEVEL_WARNING, "can't find binding for index");
+			} else if (strcmp(binding, "HTTP-Artifact") == 0) {
+				login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART;
+			} else if (strcmp(binding, "HTTP-POST") == 0) {
+				login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST;
+			}
+		}
 	} else if (strcmp(protocol_binding, LASSO_SAML20_METADATA_BINDING_ARTIFACT) == 0) {
 		login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART;
 	} else if (strcmp(protocol_binding, LASSO_SAML20_METADATA_BINDING_POST) == 0) {
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 57255409..8fc41cce 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -263,6 +263,40 @@ lasso_saml20_provider_get_assertion_consumer_service_url(LassoProvider *provider
 	return NULL;
 }
 
+gchar*
+lasso_saml20_provider_get_assertion_consumer_service_binding(LassoProvider *provider,
+		int service_id)
+{
+	GHashTable *descriptor;
+	GList *l = NULL;
+	char *sid;
+	char *name;
+	char *binding;
+	const char *possible_bindings[] = {
+		"HTTP-Artifact", "HTTP-Post", "HTTP-POST", NULL
+	};
+	int i;
+
+	sid = g_strdup_printf("%d", service_id);
+
+	descriptor = provider->private_data->SPDescriptor;
+	if (descriptor == NULL)
+		return NULL;
+
+	for (i=0; possible_bindings[i]; i++) {
+		name = g_strdup_printf("AssertionConsumerService %s %s",
+				possible_bindings[i], sid);
+		l = g_hash_table_lookup(descriptor, name);
+		g_free(name);
+		if (l != NULL) {
+			return g_strdup(possible_bindings[i]);
+		}
+	}
+	return NULL;
+}
+
+
+
 gboolean
 lasso_saml20_provider_accept_http_method(LassoProvider *provider, LassoProvider *remote_provider,
 		LassoMdProtocolType protocol_type, LassoHttpMethod http_method,
diff --git a/lasso/saml-2.0/providerprivate.h b/lasso/saml-2.0/providerprivate.h
index 9660dc7a..9024a034 100644
--- a/lasso/saml-2.0/providerprivate.h
+++ b/lasso/saml-2.0/providerprivate.h
@@ -45,6 +45,8 @@ char* lasso_saml20_provider_build_artifact(LassoProvider *provider);
 
 gchar* lasso_saml20_provider_get_assertion_consumer_service_url(LassoProvider *provider,
 		int service_id);
+gchar* lasso_saml20_provider_get_assertion_consumer_service_binding(LassoProvider *provider,
+		int service_id);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/xml/saml-2.0/samlp2_authn_request.c b/lasso/xml/saml-2.0/samlp2_authn_request.c
index 11203b6d..a8daa457 100644
--- a/lasso/xml/saml-2.0/samlp2_authn_request.c
+++ b/lasso/xml/saml-2.0/samlp2_authn_request.c
@@ -126,7 +126,7 @@ instance_init(LassoSamlp2AuthnRequest *node)
 	node->ForceAuthn = FALSE;
 	node->IsPassive = FALSE;
 	node->ProtocolBinding = NULL;
-	node->AssertionConsumerServiceIndex = 0;
+	node->AssertionConsumerServiceIndex = -1;
 	node->AssertionConsumerServiceURL = NULL;
 	node->AttributeConsumingServiceIndex = 0;
 	node->ProviderName = NULL;
author	Frederic Peters <fpeters@entrouvert.com>	2006-10-29 12:27:36 +0000
committer	Frederic Peters <fpeters@entrouvert.com>	2006-10-29 12:27:36 +0000
commit	42f573a9fcb1ea8db175cf61c8891e54895050d8 (patch)
tree	447e2f5c930d05305060865b77437b4463915e69
parent	f5ebbdfb9e1150198f5ead788d32f6c9b2295986 (diff)