Core Login: in login.c, add assertion accessor

 * docs/reference/lasso/lasso-sections.txt:
   declare new function
 * lasso/id-ff/login.c lasso/id-ff/login.h:
   add new function lasso_login_get_assertion.
 * lasso/saml-2.0/login.c:
   store created assertions
 * lasso/id-ff/login.h:
   make assertion field private for bindings.

4 files changed, 29 insertions, 3 deletions

diff --git a/docs/reference/lasso/lasso-sections.txt b/docs/reference/lasso/lasso-sections.txt
index 0467d918..4ed58199 100644
--- a/docs/reference/lasso/lasso-sections.txt
+++ b/docs/reference/lasso/lasso-sections.txt
@@ -142,6 +142,7 @@ lasso_provider_get_organization
 lasso_provider_get_protocol_conformance
 lasso_provider_set_encryption_mode
 lasso_provider_set_encryption_sym_key_type
+lasso_provider_verify_single_node_signature
 <SUBSECTION Standard>
 LASSO_PROVIDER
 LASSO_IS_PROVIDER
@@ -215,17 +216,18 @@ lasso_login_build_request_msg
 lasso_login_build_response_msg
 lasso_login_destroy
 lasso_login_dump
+lasso_login_get_assertion
 lasso_login_init_authn_request
-lasso_login_init_request
 lasso_login_init_idp_initiated_authn_request
+lasso_login_init_request
 lasso_login_must_ask_for_consent
 lasso_login_must_authenticate
 lasso_login_process_authn_request_msg
 lasso_login_process_authn_response_msg
+lasso_login_process_paos_response_msg
 lasso_login_process_request_msg
 lasso_login_process_response_msg
 lasso_login_validate_request_msg
-lasso_login_process_paos_response_msg
 <SUBSECTION Standard>
 LASSO_LOGIN
 LASSO_IS_LOGIN
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 1452983a..7d2c0ef8 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -2266,3 +2266,23 @@ lasso_login_process_paos_response_msg(LassoLogin *login, gchar *msg)
 
 	return 0;
 }
+
+/**
+ * lasso_login_get_assertion:
+ * @login: a #LassoLogin object
+ *
+ * Return the last build assertion.
+ *
+ * Return value: a #LassoNode representing the build assertion (generally a #LassoSamlAssertion when
+ * using ID-FF 1.2 or a #LassoSaml2Assertion when using SAML 2.0)
+ */
+LassoNode*
+lasso_login_get_assertion(LassoLogin *login)
+{
+	g_return_val_if_fail (LASSO_IS_LOGIN (login), NULL);
+
+	if (login->private_data && login->private_data->saml2_assertion)
+		return (LassoNode*)g_object_ref(login->private_data->saml2_assertion);
+
+	return (LassoNode*)g_object_ref(login->assertion);
+}
diff --git a/lasso/id-ff/login.h b/lasso/id-ff/login.h
index 6ffc3b1f..81217e01 100644
--- a/lasso/id-ff/login.h
+++ b/lasso/id-ff/login.h
@@ -88,9 +88,9 @@ struct _LassoLogin {
 	/*< public >*/
 	LassoLoginProtocolProfile protocolProfile;
 	gchar *assertionArtifact;
+	/*< private >*/
 	LassoSamlAssertion *assertion;
 
-	/*< private >*/
 	gchar *nameIDPolicy;
 	LassoHttpMethod http_method;
 
@@ -147,6 +147,8 @@ LASSO_EXPORT int lasso_login_validate_request_msg(LassoLogin *login,
 
 LASSO_EXPORT int lasso_login_process_paos_response_msg(LassoLogin *login, gchar *msg);
 
+LASSO_EXPORT LassoNode *lasso_login_get_assertion(LassoLogin *login);
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index d1f42d3c..1b794f00 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -1194,6 +1194,8 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 		LassoSaml2Assertion *assertion = samlp2_response->Assertion->data;
 		int rc2 = 0;
 
+		lasso_assign_gobject (profile->private_data->saml2_assertion, assertion);
+
 		/* If no signature was validated on the response, check the signature at the
 		 * assertion level */
 		if (profile->signature_status == LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {