diff options
| author | Damien Laniel <dlaniel@entrouvert.com> | 2006-11-27 11:05:27 +0000 |
|---|---|---|
| committer | Damien Laniel <dlaniel@entrouvert.com> | 2006-11-27 11:05:27 +0000 |
| commit | b69f9c8b73aa8f40ede12a4292a00f444b6a4dce (patch) | |
| tree | 700339fd771fc333bd1d6646afcaf2bcc89a48c0 | |
| parent | 6ce1f2f04412ce4e865734f504d15404b2820abd (diff) | |
Support for name-id:format:encrypted in NameIdPolicy in Authnrequest
| -rw-r--r-- | lasso/saml-2.0/login.c | 10 | ||||
| -rw-r--r-- | lasso/xml/strings.h | 2 | ||||
| -rw-r--r-- | swig/Lasso-saml2.i | 3 |
3 files changed, 13 insertions, 2 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index c62f7a33..864de3b9 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -539,6 +539,7 @@ lasso_saml20_login_build_assertion(LassoLogin *login, LassoProvider *provider = NULL; LassoSaml2EncryptedElement *encrypted_element = NULL; LassoSamlp2Response *response = NULL; + gboolean name_id_encryption = FALSE; federation = g_hash_table_lookup(profile->identity->federations, profile->remote_providerID); @@ -566,6 +567,9 @@ lasso_saml20_login_build_assertion(LassoLogin *login, assertion->Subject->SubjectConfirmation->SubjectConfirmationData = LASSO_SAML2_SUBJECT_CONFIRMATION_DATA( lasso_saml2_subject_confirmation_data_new()); + + provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); + if (name_id_policy == NULL || strcmp(name_id_policy->Format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) == 0) { /* transient -> don't use a federation */ @@ -577,6 +581,10 @@ lasso_saml20_login_build_assertion(LassoLogin *login, assertion->Subject->NameID = name_id; } else { + if (provider && strcmp(name_id_policy->Format, + LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED) == 0) { + provider->private_data->encryption_mode |= LASSO_ENCRYPTION_MODE_NAMEID; + } if (federation->remote_nameIdentifier) { assertion->Subject->NameID = g_object_ref( federation->remote_nameIdentifier); @@ -586,8 +594,6 @@ lasso_saml20_login_build_assertion(LassoLogin *login, } } - provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); - /* Encrypt NameID */ if (provider && provider->private_data->encryption_mode & LASSO_ENCRYPTION_MODE_NAMEID && provider->private_data->encryption_public_key != NULL) { diff --git a/lasso/xml/strings.h b/lasso/xml/strings.h index 39ba162b..d75931d9 100644 --- a/lasso/xml/strings.h +++ b/lasso/xml/strings.h @@ -356,6 +356,8 @@ "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" #define LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT \ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" +#define LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED \ + "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted" /* Consent */ diff --git a/swig/Lasso-saml2.i b/swig/Lasso-saml2.i index c4f1040c..a1453ada 100644 --- a/swig/Lasso-saml2.i +++ b/swig/Lasso-saml2.i @@ -14,11 +14,14 @@ gboolean lasso_profile_is_saml_query(char *query); #ifndef SWIGPHP4 %rename(SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT; %rename(SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT; +%rename(SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED) LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED; #endif #define LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT \ "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" #define LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT \ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" +#define LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED \ + "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted" /* Protocol Bindings */ #ifndef SWIGPHP4 |