Store status in session to be restored for samlp:Response usage. This means

the session *must* be saved in single sign-on service url and will be dirty. (so souk, libertyidentity.py line 1076 failIf(login.isSessionDirty) will fail)
author: Frederic Peters <fpeters@entrouvert.com> 2004-12-29 11:00:20 +0000
committer: Frederic Peters <fpeters@entrouvert.com> 2004-12-29 11:00:20 +0000
commit: 70801607cfa1c7e85cc0101844ce83f8e3bb93a6 (patch)
tree: a7d02233d73d29315c15a13bfa7f6da698a69121
parent: 542b94d69fe04759e9395222ce8fe7a69f6d5f39 (diff)
download: lasso-70801607cfa1c7e85cc0101844ce83f8e3bb93a6.tar.gz
lasso-70801607cfa1c7e85cc0101844ce83f8e3bb93a6.tar.xz
lasso-70801607cfa1c7e85cc0101844ce83f8e3bb93a6.zip
4 files changed, 150 insertions, 19 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 61f00d93..f98becdf 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -27,6 +27,7 @@
 
 #include <lasso/xml/lib_authentication_statement.h>
 #include <lasso/xml/lib_subject.h>
+#include <lasso/xml/samlp_response.h>
 
 #include <lasso/id-ff/login.h>
 #include <lasso/id-ff/provider.h>
@@ -248,10 +249,8 @@ lasso_login_process_federation(LassoLogin *login, gboolean is_consent_obtained)
 			/* if protocolProfile is LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST
 			 * set StatusCode to FederationDoesNotExist in lib:AuthnResponse
 			 */
-			if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) {
-				lasso_profile_set_response_status(LASSO_PROFILE(login),
-						LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST);
-			}
+			lasso_profile_set_response_status(LASSO_PROFILE(login),
+					LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST);
 			return LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND;
 		}
 
@@ -283,10 +282,8 @@ lasso_login_process_federation(LassoLogin *login, gboolean is_consent_obtained)
 		 * set StatusCode to FederationDoesNotExist in lib:AuthnResponse
 		 */
 		/* FIXME : is it the correct value for the StatusCode ? */
-		if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) {
-			lasso_profile_set_response_status(LASSO_PROFILE(login),
-					LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST);
-		}
+		lasso_profile_set_response_status(LASSO_PROFILE(login),
+				LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST);
 		return LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED;
 	}
 
@@ -515,6 +512,11 @@ lasso_login_build_artifact_msg(LassoLogin *login, lassoHttpMethod http_method)
 	xmlFree(b64_samlArt);
 	xmlFree(relayState);
 
+	if (profile->session == NULL)
+		profile->session = lasso_session_new();
+	lasso_session_add_status(profile->session, profile->remote_providerID,
+			g_object_ref(LASSO_SAMLP_RESPONSE(profile->response)->Status));
+
 	return ret;
 }
 
@@ -747,9 +749,19 @@ lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID)
 				lasso_profile_set_response_status(profile,
 						LASSO_SAML_STATUS_CODE_SUCCESS);
 			} else {
-				/* FIXME should this message output by
-				 * lasso_session_get_assertion () ? */
-				message(G_LOG_LEVEL_CRITICAL, "Assertion not found in session");
+				LassoSamlpStatus *status;
+				/* no assertion, get back status code */
+				status = lasso_session_get_status(profile->session,
+						remote_providerID);
+				if (status) {
+					lasso_node_destroy(LASSO_NODE(LASSO_SAMLP_RESPONSE(
+								profile->response)->Status));
+					LASSO_SAMLP_RESPONSE(profile->response)->Status =
+						g_object_ref(status);
+					lasso_session_remove_status(profile->session,
+							remote_providerID);
+				}
+				
 			}
 		}
 	} else {
diff --git a/lasso/id-ff/profile.c b/lasso/id-ff/profile.c
index 49f8c957..a59eec3e 100644
--- a/lasso/id-ff/profile.c
+++ b/lasso/id-ff/profile.c
@@ -177,9 +177,13 @@ lasso_profile_get_identity(LassoProfile *profile)
 LassoSession*
 lasso_profile_get_session(LassoProfile *profile)
 {
-	if (profile->session && g_hash_table_size(profile->session->assertions))
-		return profile->session;
-	return NULL;
+	if (profile->session == NULL)
+		return NULL;
+
+	if (lasso_session_is_empty(profile->session))
+		return NULL;
+
+	return profile->session;
 }
 
 gboolean
diff --git a/lasso/id-ff/session.c b/lasso/id-ff/session.c
index bce0666e..5d3bda02 100644
--- a/lasso/id-ff/session.c
+++ b/lasso/id-ff/session.c
@@ -29,6 +29,7 @@ struct _LassoSessionPrivate
 {
 	gboolean dispose_has_run;
 	GList *providerIDs;
+	GHashTable *status; /* hold temporary response status for sso-art */
 };
 
 /*****************************************************************************/
@@ -60,6 +61,32 @@ lasso_session_add_assertion(LassoSession *session, char *providerID, LassoSamlAs
 }
 
 /**
+ * lasso_session_add_status:
+ * @session: a #LassoSession
+ * @providerID: the provider ID
+ * @status: the status
+ *
+ * Adds @status to the principal session.
+ *
+ * Return value: 0 on success; or a negative value otherwise.
+ **/
+gint
+lasso_session_add_status(LassoSession *session, char *providerID, LassoSamlpStatus *status)
+{
+	g_return_val_if_fail(session != NULL, -1);
+	g_return_val_if_fail(providerID != NULL, -2);
+	g_return_val_if_fail(status != NULL, -3);
+
+	g_hash_table_insert(session->private_data->status, g_strdup(providerID), status);
+
+	session->is_dirty = TRUE;
+
+	return 0;
+}
+
+
+
+/**
  * lasso_session_get_assertion
  * @session: a #LassoSession
  * @providerID: the provider ID
@@ -76,6 +103,22 @@ lasso_session_get_assertion(LassoSession *session, gchar *providerID)
 	return g_hash_table_lookup(session->assertions, providerID);
 }
 
+/**
+ * lasso_session_get_status
+ * @session: a #LassoSession
+ * @providerID: the provider ID
+ *
+ * Gets the status for the given @providerID.
+ *
+ * Return value: the status or NULL if it didn't exist.  This #LassoSamlpStatus
+ *      is internally allocated and must not be freed by the caller.
+ **/
+LassoSamlpStatus*
+lasso_session_get_status(LassoSession *session, gchar *providerID)
+{
+	return g_hash_table_lookup(session->private_data->status, providerID);
+}
+
 static void
 add_providerID(gchar *key, LassoLibAssertion *assertion, LassoSession *session)
 {
@@ -116,6 +159,27 @@ lasso_session_get_provider_index(LassoSession *session, gint index)
 }
 
 /**
+ * lasso_session_is_empty:
+ * @session: a #LassoSession
+ *
+ * Returns %TRUE if session is empty.
+ *
+ * Return value: %TRUE if empty
+ **/
+gboolean
+lasso_session_is_empty(LassoSession *session)
+{
+	if (session == NULL) return TRUE;
+
+	if (g_hash_table_size(session->assertions))
+		return FALSE;
+	if (g_hash_table_size(session->private_data->status))
+		return FALSE;
+
+	return TRUE;
+}
+
+/**
  * lasso_session_remove_assertion:
  * @session: a #LassoSession
  * @providerID: the provider ID
@@ -135,6 +199,26 @@ lasso_session_remove_assertion(LassoSession *session, gchar *providerID)
 	return LASSO_ERROR_UNDEFINED; /* assertion not found */
 }
 
+/**
+ * lasso_session_remove_status:
+ * @session: a #LassoSession
+ * @providerID: the provider ID
+ *
+ * Removes status for @providerID from @session.
+ *
+ * Return value: 0 on success; or a negative value otherwise.
+ **/
+gint
+lasso_session_remove_status(LassoSession *session, gchar *providerID)
+{
+	if (g_hash_table_remove(session->private_data->status, providerID)) {
+		session->is_dirty = TRUE;
+		return 0;
+	}
+
+	return LASSO_ERROR_UNDEFINED; /* status not found */
+}
+
 /*****************************************************************************/
 /* private methods                                                           */
 /*****************************************************************************/
@@ -150,6 +234,15 @@ add_assertion_childnode(gchar *key, LassoLibAssertion *value, xmlNode *xmlnode)
 	xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
 }
 
+static void
+add_status_childnode(gchar *key, LassoSamlpStatus *value, xmlNode *xmlnode)
+{
+	xmlNode *t;
+	t = xmlNewTextChild(xmlnode, NULL, "Status", NULL);
+	xmlSetProp(t, "RemoteProviderID", key);
+	xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
+}
+
 static xmlNode*
 get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
@@ -163,6 +256,9 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
 	if (g_hash_table_size(session->assertions))
 		g_hash_table_foreach(session->assertions,
 				(GHFunc)add_assertion_childnode, xmlnode);
+	if (g_hash_table_size(session->private_data->status))
+		g_hash_table_foreach(session->private_data->status,
+				(GHFunc)add_status_childnode, xmlnode);
 
 	return xmlnode;
 }
@@ -187,10 +283,19 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode)
 			if (n) {
 				LassoLibAssertion *assertion;
 				assertion = LASSO_LIB_ASSERTION(lasso_node_new_from_xmlNode(n));
-				g_hash_table_insert(
-						session->assertions,
-						xmlGetProp(t, "RemoteProviderID"),
-						assertion);
+				g_hash_table_insert(session->assertions,
+						xmlGetProp(t, "RemoteProviderID"), assertion);
+			}
+		}
+		if (strcmp(t->name, "Status") == 0) {
+			n = t->children;
+			while (n && n->type != XML_ELEMENT_NODE) n = n->next;
+			
+			if (n) {
+				LassoSamlpStatus *status;
+				status = LASSO_SAMLP_STATUS(lasso_node_new_from_xmlNode(n));
+				g_hash_table_insert(session->private_data->status,
+						xmlGetProp(t, "RemoteProviderID"), status);
 			}
 		}
 		t = t->next;
@@ -248,6 +353,9 @@ instance_init(LassoSession *session)
 	session->private_data = g_new (LassoSessionPrivate, 1);
 	session->private_data->dispose_has_run = FALSE;
 	session->private_data->providerIDs = NULL;
+	session->private_data->status = g_hash_table_new_full(g_str_hash, g_str_equal,
+			(GDestroyNotify)g_free,
+			(GDestroyNotify)lasso_node_destroy);
 
 	session->assertions = g_hash_table_new_full(g_str_hash, g_str_equal,
 			(GDestroyNotify)g_free,
@@ -337,7 +445,7 @@ lasso_session_new_from_dump(const gchar *dump)
 gchar*
 lasso_session_dump(LassoSession *session)
 {
-	if (g_hash_table_size(session->assertions) == 0)
+	if (lasso_session_is_empty(session))
 		return g_strdup("");
 
 	return lasso_node_dump(LASSO_NODE(session), NULL, 1);
diff --git a/lasso/id-ff/session.h b/lasso/id-ff/session.h
index b2620588..e2616ec1 100644
--- a/lasso/id-ff/session.h
+++ b/lasso/id-ff/session.h
@@ -32,6 +32,7 @@ extern "C" {
 
 #include <lasso/xml/xml.h>
 #include <lasso/xml/lib_assertion.h>
+#include <lasso/xml/samlp_status.h>
 
 #define LASSO_TYPE_SESSION (lasso_session_get_type())
 #define LASSO_SESSION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_SESSION, LassoSession))
@@ -80,6 +81,12 @@ LASSO_EXPORT gint lasso_session_remove_assertion(LassoSession *session, gchar *p
 
 LASSO_EXPORT void lasso_session_destroy(LassoSession *session);
 
+gint lasso_session_add_status(LassoSession *session,
+		char *providerID, LassoSamlpStatus *authn_response);
+LassoSamlpStatus* lasso_session_get_status(LassoSession *session, gchar *providerID);
+gint lasso_session_remove_status(LassoSession *session, gchar *providerID);
+
+LASSO_EXPORT gboolean lasso_session_is_empty(LassoSession *session);
 
 #ifdef __cplusplus
 }
author	Frederic Peters <fpeters@entrouvert.com>	2004-12-29 11:00:20 +0000
committer	Frederic Peters <fpeters@entrouvert.com>	2004-12-29 11:00:20 +0000
commit	70801607cfa1c7e85cc0101844ce83f8e3bb93a6 (patch)
tree	a7d02233d73d29315c15a13bfa7f6da698a69121
parent	542b94d69fe04759e9395222ce8fe7a69f6d5f39 (diff)
download	lasso-70801607cfa1c7e85cc0101844ce83f8e3bb93a6.tar.gz lasso-70801607cfa1c7e85cc0101844ce83f8e3bb93a6.tar.xz lasso-70801607cfa1c7e85cc0101844ce83f8e3bb93a6.zip