saml2/login: fix role of providers in process_authn_request() and idp_initiated_authn_request()

It is necessary for endpoint resolution to know the role of providers.

1 files changed, 9 insertions, 0 deletions

diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 02a659f6..b1b79ddc 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -260,6 +260,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
 	LassoSamlp2StatusResponse *response = NULL;
 	LassoSamlp2AuthnRequest *authn_request = NULL;
 	LassoProvider *remote_provider = NULL;
+	LassoServer *server = NULL;
 	const gchar *protocol_binding = NULL;
 	const char *status1 = LASSO_SAML2_STATUS_CODE_RESPONDER;
 	const char *status2 = NULL;
@@ -298,6 +299,10 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
 		rc = LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER;
 		goto cleanup;
 	}
+	lasso_extract_node_or_fail(server, lasso_profile_get_server(&login->parent), SERVER,
+			LASSO_PROFILE_ERROR_MISSING_SERVER);
+	remote_provider->role = LASSO_PROVIDER_ROLE_SP;
+	server->parent.role = LASSO_PROVIDER_ROLE_IDP;
 
 	/* all those attributes are mutually exclusive */
 	if (((authn_request->ProtocolBinding != NULL) ||
@@ -1501,6 +1506,10 @@ lasso_saml20_login_init_idp_initiated_authn_request(LassoLogin *login,
 	if (! LASSO_IS_PROVIDER(provider))
 		return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND;
 
+	/* fix roles */
+	server->parent.role = LASSO_PROVIDER_ROLE_IDP;
+	provider->role = LASSO_PROVIDER_ROLE_SP;
+
 	lasso_assign_string(profile->remote_providerID, remote_providerID);
 	lasso_assign_new_gobject(profile->request, lasso_samlp2_authn_request_new());
 	lasso_assign_new_gobject(LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy,