diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2014-05-21 14:07:06 +0200 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2014-05-21 14:07:06 +0200 |
commit | 73625674113f5bc5e6e18adc0ee218fcab17065f (patch) | |
tree | 0a5122b930273c34f15638035a516f05e125606b | |
parent | 6012c05951566e4eea9905cf69aa65e546adae3b (diff) | |
download | lasso-73625674113f5bc5e6e18adc0ee218fcab17065f.tar.gz lasso-73625674113f5bc5e6e18adc0ee218fcab17065f.tar.xz lasso-73625674113f5bc5e6e18adc0ee218fcab17065f.zip |
login: complete document of lasso_login_process_authn_response_msg on expectable error codes
-rw-r--r-- | lasso/id-ff/login.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 9e1a137c..8c4b9ae7 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -2127,7 +2127,38 @@ lasso_login_process_authn_request_msg(LassoLogin *login, const char *authn_reque * * Processes received authentication response. * - * Return value: 0 on success; or a negative value otherwise. + * Return value: 0 on success; or + * <itemizedlist> + * <listitem><para>#LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a #LassoLogin + * object,</para></listitem> + * <listitem><para>#LASSO_PARAM_ERROR_INVALID_VALUE if authn_response_msg is NULL,</para></listitem> + * <listitem><para>#LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND, if the issuing + * provider of the assertion is not registered in the #LassoServer object,</para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_MISSING_ISSUER if the parsed samlp2:AuthnRequest does not + * have a proper Issuer element, </para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_MISSING_STATUS_CODE if the reponse is missing a + * <literal>StatusCode</literal> element,</para></listitem> + * <listitem><para>#LASSO_PROFILE_STATUS_NOT_SUCCESS_ERROR if the identity provider returned a + * failure response,</para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_REQUEST_DENIED</para> if the identity provider returned the + * specific status code <literal>RequestDenied</literal>,</listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_INVALID_MSG if the message is not a #LassoSamlpResponse + * (ID-FF 1.2) or a #LassoSamlp2ResponseMsg (SAML 2.0),</para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE, if the received message format does not + * correspond to a binding supported by this function, the only supported binding by this function + * is HTTP POST,</para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_MISSING_SERVER the server object is needed to sign a message + * and it is missing,</para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE if the validation of the signature + * of the message failed, a specific error code is available in + * <literal>login->parent.signature_status</literal></para></listitem> + * <listitem><para>#LASSO_LOGIN_ERROR_ASSERTION_DOES_NOT_MATCH_REQUEST_ID if the received response + * does not match the saved AuthenticationRequest ID,</para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_INVALID_ISSUER if the assertion issuer does not match the + * AuthenticationResponse issuer,</para></listitem> + * <listitem><para>#LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND if not NameID could be found or + * decoded,</para></listitem> + * </itemizedlist> **/ gint lasso_login_process_authn_response_msg(LassoLogin *login, gchar *authn_response_msg) |