diff options
author | Frederic Peters <fpeters@entrouvert.com> | 2004-12-14 10:48:54 +0000 |
---|---|---|
committer | Frederic Peters <fpeters@entrouvert.com> | 2004-12-14 10:48:54 +0000 |
commit | ac7dcf24c70590fc4e78ee2c5f01f0ec85c695ab (patch) | |
tree | c41a62374baf5fa0cb82e5d3074be02645bacee3 | |
parent | f7b1251a4e292cc37d51724b6618ffef0dc58732 (diff) | |
download | lasso-ac7dcf24c70590fc4e78ee2c5f01f0ec85c695ab.tar.gz lasso-ac7dcf24c70590fc4e78ee2c5f01f0ec85c695ab.tar.xz lasso-ac7dcf24c70590fc4e78ee2c5f01f0ec85c695ab.zip |
process files taken from lasso 0.5 (not uptodate)
-rw-r--r-- | docs/lasso-book/defederation.process | 58 | ||||
-rw-r--r-- | docs/lasso-book/name-registration.process | 78 |
2 files changed, 136 insertions, 0 deletions
diff --git a/docs/lasso-book/defederation.process b/docs/lasso-book/defederation.process new file mode 100644 index 00000000..50719272 --- /dev/null +++ b/docs/lasso-book/defederation.process @@ -0,0 +1,58 @@ +Federation Termination Notification + +(apply for both IdP and SP) + +/federationTermination (* normative, Federation Termination Notification service URL *) + defederation = lasos_defederation_new(server) + IF lasso_is_liberty_query(query) + # query is a valid liberty message, then process it + + lasso_defederation_process_notification_msg(defederation, query) + + nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier + # Retrieve session and user using name identifier. + lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump) + lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump) + + lasso_defederation_validate_notification(defederation) + # Close the federation locally. + # The user is no more authenticated on any identity provider, Log him out. + + REDIRECT TO LASSO_PROFILE(defederation)->msg_url + + ELSE + # query is not a valid liberty message, then initiates profile + + # identity and session from logged in user + lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump) + lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump) + + lasso_defederation_build_notification_msg(defederation) + + # close the local user account (session, index...) + + IF LaSSO_PROFILE(defederation)->msg_body: + SOAP CALL -------------------------------------------------------------\ + TO LASSO_PROFILE(defederation)->msg_url | + BODY LASSO_PROFILE(defederation)->msg_body + + ELSE + REDIRECT TO LASSO_PROFILE(defederation)->msg_url + +/federationTerminationReturn (* normative, Federation Termination service Return URL *) + + # get the relay state if exists in query response + +/soapEndPoint (* normative, SOAP endpoint *) <----/ + defederation = lasso_defederation_new(server) + lasso_defederation_process_notification_msg(defederation, soapRequestMsg) + + nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier + # Retrieve session and user using name identifier. + + lasso_defederation_validate_notification(defederation) + # Close the federation locally. + # The user is no more authenticated on any identity provider. Log him out. + # Return OK (204), even when the defederation validation fails. + ANSWER SOAP REQUEST WITH 204 (No content) + diff --git a/docs/lasso-book/name-registration.process b/docs/lasso-book/name-registration.process new file mode 100644 index 00000000..53123412 --- /dev/null +++ b/docs/lasso-book/name-registration.process @@ -0,0 +1,78 @@ +Name Registration + +(apply for both IdP and SP) + +/nameRegistration (* normative, Name Registration service URL *) + registration = lasso_name_registration_new(server) + + IF lasso_is_liberty_query(query) + lasso_name_registration_process_request_msg(query) + + oldNameIdentifier = registration->oldNameIdentifier + newNameIdentifier = LASSO_PROFILE(registration)->nameIdentifier + + lasso_name_registration_validate_request(registration) + + # Update identity (session is not changed, because name identifiers + # in assertions are left as is). + + # Update nameIdentifier in indexes if it has changed. + + lasso_name_registration_build_response_msg(registration) + REDIRECT TO LASSO_PROFILE(registration)->msg_url + + ELSE + lasso_profile_set_identity_from_dump(identityDump) + lasso_name_registration_init_request(registration, remote_providerID, method) + # method can be any, soap or redirect + + lasso_lib_register_name_identifier_request_set_relaystate( + LASSO_PROFILE(registration)->request, relayState) + # optionaly set relay state + + lasso_name_registration_build_request_msg() + IF LASSO_PROFILE(registration)->msg_body: + SOAP CALL -----------------------------------------------------------\ + TO LASSO_PROFILE(registration)->msg_url | + BODY LASSO_PROFILE(registration)->msg_body + + lasso_name_registration_process_response_msg(soap_answer_msg) + oldNameIdentifier = registration->oldNameIdentifier + newNameIdentifier = registration->nameIdentifier + + lasso_name_registration_validate_request(registration) + + # Update identity (session is not changed, because name + # indentifiers in assertions are left as is). + + # Update nameIdentifier in indexes if it has changed. + + lasso_name_registration_build_response_msg(registration) + + REDIRECT TO LASSO_PROFILE(registration)->msg_url + ELSE + # XXX: Use Redirect method + + +/nameRegistrationReturn (* normative, Name Registration service Return URL *) + registration = lasso_name_registration_new_from_dump(nameRegistrationDump) + lasso_name_registration_process_response_msg(registration, query) + + + | +/soapEndPoint (* normative, SOAP endpoint *) <----/ + lasso_name_registration_process_request_msg(soapRequestMsg) + + oldNameIdentifier = registration->oldNameIdentifier + newNameIdentifier = LASSO_PROFILE(registration)->nameIdentifier + + lasso_name_registration_validate_request(registration) + + # Update identity (session is not changed, because name identifiers + # in assertions are left as is). + + # Update nameIdentifier in indexes if it has changed. + + lasso_name_registration_build_response_msg(registration) + ANSWER SOAP REQUEST WITH: LASSO_PROFILE(registration)->msg_body + |