fixing saml2 sso error cases (on ispassive)

4 files changed, 32 insertions, 20 deletions

diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index c28e6e41..6f11fa4f 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -1095,7 +1095,8 @@ lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID)
 			LassoSamlAssertion *assertion;
 			LassoSamlpStatus *status;
 
-			status = lasso_session_get_status(profile->session, remote_providerID);
+			status = LASSO_SAMLP_STATUS(lasso_session_get_status(
+						profile->session, remote_providerID));
 			assertion = LASSO_SAML_ASSERTION(
 					lasso_session_get_assertion(profile->session,
 						profile->remote_providerID));
diff --git a/lasso/id-ff/session.c b/lasso/id-ff/session.c
index fcc09ddb..09090fbb 100644
--- a/lasso/id-ff/session.c
+++ b/lasso/id-ff/session.c
@@ -71,7 +71,7 @@ lasso_session_add_assertion(LassoSession *session, char *providerID, LassoNode *
  * Return value: 0 on success; or a negative value otherwise.
  **/
 gint
-lasso_session_add_status(LassoSession *session, char *providerID, LassoSamlpStatus *status)
+lasso_session_add_status(LassoSession *session, char *providerID, LassoNode *status)
 {
 	g_return_val_if_fail(session != NULL, -1);
 	g_return_val_if_fail(providerID != NULL, -2);
@@ -150,7 +150,7 @@ lasso_session_get_assertions(LassoSession *session, const char *provider_id)
  * Return value: the status or NULL if it didn't exist.  This #LassoSamlpStatus
  *      is internally allocated and must not be freed by the caller.
  **/
-LassoSamlpStatus*
+LassoNode*
 lasso_session_get_status(LassoSession *session, gchar *providerID)
 {
 	if (session == NULL) {
@@ -369,8 +369,8 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode)
 			while (n && n->type != XML_ELEMENT_NODE) n = n->next;
 			
 			if (n) {
-				LassoSamlpStatus *status;
-				status = LASSO_SAMLP_STATUS(lasso_node_new_from_xmlNode(n));
+				LassoNode *status;
+				status = lasso_node_new_from_xmlNode(n);
 				g_hash_table_insert(session->private_data->status,
 						xmlGetProp(t, (xmlChar*)"RemoteProviderID"),
 						status);
diff --git a/lasso/id-ff/sessionprivate.h b/lasso/id-ff/sessionprivate.h
index f59ced4e..8334f199 100644
--- a/lasso/id-ff/sessionprivate.h
+++ b/lasso/id-ff/sessionprivate.h
@@ -36,11 +36,11 @@ extern "C" {
 gint lasso_session_add_assertion(LassoSession *session,
 		char *providerID, LassoNode *assertion);
 gint lasso_session_add_status(LassoSession *session,
-		char *providerID, LassoSamlpStatus *authn_response);
+		char *providerID, LassoNode *status);
 
 LassoNode* lasso_session_get_assertion(
 		LassoSession *session, gchar *providerID);
-LassoSamlpStatus* lasso_session_get_status(
+LassoNode* lasso_session_get_status(
 		LassoSession *session, gchar *providerID);
 
 gint lasso_session_remove_status(LassoSession *session, gchar *providerID);
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 6dadfa21..e4b00066 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -502,11 +502,6 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me
 
 	profile = LASSO_PROFILE(login);
 
-	assertion = login->private_data->saml2_assertion;
-	if (LASSO_IS_SAML2_ASSERTION(assertion) == FALSE) {
-		return LASSO_PROFILE_ERROR_MISSING_ASSERTION;
-	}
-
 	if (profile->remote_providerID == NULL)
 		return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
 
@@ -518,7 +513,11 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me
 	url = lasso_saml20_provider_get_assertion_consumer_service_url(remote_provider,
 			LASSO_SAMLP2_AUTHN_REQUEST(
 				profile->request)->AssertionConsumerServiceIndex);
-	assertion->Subject->SubjectConfirmation->SubjectConfirmationData->Recipient = g_strdup(url);
+	assertion = login->private_data->saml2_assertion;
+	if (LASSO_IS_SAML2_ASSERTION(assertion) == TRUE) {
+		assertion->Subject->SubjectConfirmation->SubjectConfirmationData->Recipient = 
+			g_strdup(url);
+	}
 
 	artifact = lasso_saml20_profile_generate_artifact(profile, 1);
 	login->assertionArtifact = g_strdup(artifact);
@@ -529,6 +528,19 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me
 		/* XXX: ARTIFACT POST */
 	}
 	g_free(url);
+
+	if (strcmp(LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->Status->StatusCode->Value,
+				"samlp:Success") != 0) {
+		if (profile->session == NULL)
+			profile->session = lasso_session_new();
+
+		lasso_session_add_status(profile->session, profile->remote_providerID,
+				g_object_ref(LASSO_SAMLP2_STATUS_RESPONSE(
+						profile->response)->Status));
+	} else {
+		lasso_session_remove_status(profile->session, profile->remote_providerID);
+	}
+
 	return 0;
 }
 
@@ -718,11 +730,6 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login)
 		return critical_error(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE);
 	}
 
-	assertion = login->private_data->saml2_assertion;
-	if (LASSO_IS_SAML2_ASSERTION(assertion) == FALSE) {
-		return LASSO_PROFILE_ERROR_MISSING_ASSERTION;
-	}
-
 	if (profile->server->certificate)
 		LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->sign_type =
 			LASSO_SIGNATURE_TYPE_WITHX509;
@@ -746,13 +753,17 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login)
 			remote_provider,
 			LASSO_SAMLP2_AUTHN_REQUEST(
 				profile->request)->AssertionConsumerServiceIndex);
-	assertion->Subject->SubjectConfirmation->SubjectConfirmationData->Recipient = g_strdup(
-			profile->msg_url);
 
 	if (profile->msg_url == NULL) {
 		return LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL;
 	}
 
+	assertion = login->private_data->saml2_assertion;
+	if (LASSO_IS_SAML2_ASSERTION(assertion) == TRUE) {
+		assertion->Subject->SubjectConfirmation->SubjectConfirmationData->Recipient =
+			g_strdup(profile->msg_url);
+	}
+
 	/* build an lib:AuthnResponse base64 encoded */
 	profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response));