* lasso/id-ff/login.c: comment the generation of Advice when ResourceOffering for

  the DiscoService support a security mechanism needing one. Anyway the
  generation of Credentials is broken.
* lasso/id-ff/session.c: add treatment of saml:Advice on newly added
  Assertions, keep the transmitted assertions inside the session indexed by their
  AssertionID.

* lasso/xml/saml_advice.{c,h}: change content to SNIPPET_LIST_XMLNODES.

4 files changed, 29 insertions, 7 deletions

diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index d34b6ad4..92ee7d37 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -280,7 +280,7 @@ lasso_login_assertion_add_discovery(LassoLogin *login, LassoSamlAssertion *asser
 					          AttributeStatement */
 
 					advice = LASSO_SAML_ADVICE(lasso_saml_advice_new());
-					advice->Assertion = LASSO_NODE(credential);
+					// advice->Assertion = LASSO_NODE(credential);
 					assertion->Advice = advice;
 				}
 				description->CredentialRef = g_list_append(
diff --git a/lasso/id-ff/session.c b/lasso/id-ff/session.c
index 7a0534e9..8281709a 100644
--- a/lasso/id-ff/session.c
+++ b/lasso/id-ff/session.c
@@ -43,6 +43,8 @@
 #include <lasso/xml/id-wsf-2.0/sec_token.h>
 #endif
 
+#include <xmlsec/xmltree.h>
+
 
 /*****************************************************************************/
 /* public methods                                                            */
@@ -70,6 +72,23 @@ lasso_session_add_assertion(LassoSession *session, const char *providerID, Lasso
 
 	g_hash_table_insert(session->assertions, g_strdup(providerID), g_object_ref(assertion));
 
+    /* ID-WSF specific need */
+    if (LASSO_IS_SAML_ASSERTION(assertion)) {
+        LassoSamlAssertion *saml_assertion = LASSO_SAML_ASSERTION(assertion);
+        if (saml_assertion->Advice) {
+            LassoSamlAdvice *advice = saml_assertion->Advice;
+            GList *iter;
+            for (iter = advice->any; iter; iter = iter->next) {
+                xmlNode *node = (xmlNodePtr)iter->data;
+                if (xmlSecCheckNodeName(node, (xmlChar*)"Assertion", (xmlChar*)LASSO_SAML_ASSERTION_HREF)) {
+                    xmlChar *id = xmlGetProp(node, (xmlChar*)"AssertionID");
+                    ret = lasso_session_add_assertion_with_id(session, (char*)id, node);
+                    xmlFree(id);
+                }
+            }
+        }
+    }
+
 	session->is_dirty = TRUE;
 
 	return ret;
diff --git a/lasso/xml/saml_advice.c b/lasso/xml/saml_advice.c
index e0df3402..5b3736b5 100644
--- a/lasso/xml/saml_advice.c
+++ b/lasso/xml/saml_advice.c
@@ -53,9 +53,10 @@
 /*****************************************************************************/
 
 static struct XmlSnippet schema_snippets[] = {
-	{ "AssertionIDReference", SNIPPET_LIST_CONTENT,
+/*	{ "AssertionIDReference", SNIPPET_LIST_CONTENT,
 		G_STRUCT_OFFSET(LassoSamlAdvice, AssertionIDReference) },
-	{ "Assertion", SNIPPET_NODE, G_STRUCT_OFFSET(LassoSamlAdvice, Assertion) },
+	{ "Assertion", SNIPPET_NODE, G_STRUCT_OFFSET(LassoSamlAdvice, Assertion) }, */
+    { "", SNIPPET_LIST_XMLNODES, G_STRUCT_OFFSET(LassoSamlAdvice, any) },
 	{ NULL, 0, 0}
 };
 
@@ -66,8 +67,9 @@ static struct XmlSnippet schema_snippets[] = {
 static void
 instance_init(LassoSamlAdvice *node)
 {
-	node->AssertionIDReference = NULL;
-	node->Assertion = NULL;
+/*	node->AssertionIDReference = NULL;
+	node->Assertion = NULL; */
+    node->any = NULL;
 }
 
 static void
diff --git a/lasso/xml/saml_advice.h b/lasso/xml/saml_advice.h
index 64b09ae3..3dc2464a 100644
--- a/lasso/xml/saml_advice.h
+++ b/lasso/xml/saml_advice.h
@@ -50,9 +50,10 @@ struct _LassoSamlAdvice {
 
 	/*< public >*/
 	/* <element ref="saml:AssertionIDReference"/> */
-	GList *AssertionIDReference;
+	// GList *AssertionIDReference;
 	/* <element ref="saml:Assertion"/> */
-	LassoNode *Assertion; /* actually LassoSamlAssertion* but it recurses */
+	// LassoNode *Assertion; /* actually LassoSamlAssertion* but it recurses */
+	GList *any; /* of xmlNode */
 };
 
 struct _LassoSamlAdviceClass {