only set samlp:Success in samlp:Response if assertion was found; fall back to

samlp:RequestDenied in other cases since there is currently no way to be more
precise.

2 files changed, 5 insertions, 1 deletions

diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 57c37e52..61f00d93 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -713,6 +713,8 @@ lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID)
 	profile = LASSO_PROFILE(login);
 
 	profile->response = lasso_samlp_response_new();
+	/* XXX: should set status code to what we would have set in
+	 * lib:AuthnResponse in lasso_login_validate_request() */
 	LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_type = LASSO_SIGNATURE_TYPE_WITHX509;
 	LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_method = 
 		LASSO_SIGNATURE_METHOD_RSA_SHA1;
@@ -742,6 +744,8 @@ lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID)
 			if (assertion) {
 				LASSO_SAMLP_RESPONSE(profile->response)->Assertion =
 					g_object_ref(assertion);
+				lasso_profile_set_response_status(profile,
+						LASSO_SAML_STATUS_CODE_SUCCESS);
 			} else {
 				/* FIXME should this message output by
 				 * lasso_session_get_assertion () ? */
diff --git a/lasso/xml/samlp_response.c b/lasso/xml/samlp_response.c
index 85c31999..d2874e7c 100644
--- a/lasso/xml/samlp_response.c
+++ b/lasso/xml/samlp_response.c
@@ -142,7 +142,7 @@ lasso_samlp_response_new()
 	/* Add Status */
 	status = LASSO_SAMLP_STATUS(lasso_samlp_status_new());
 	status_code = LASSO_SAMLP_STATUS_CODE(lasso_samlp_status_code_new());
-	status_code->Value = LASSO_SAML_STATUS_CODE_SUCCESS;
+	status_code->Value = LASSO_SAML_STATUS_CODE_REQUEST_DENIED;
 	status->StatusCode = status_code;
 	LASSO_SAMLP_RESPONSE(response)->Status = status;