*** empty log message ***

author: Valery Febvre <vfebvre at easter-eggs.com> 2004-07-06 17:20:48 +0000
committer: Valery Febvre <vfebvre at easter-eggs.com> 2004-07-06 17:20:48 +0000
commit: c6dd3f287d9e424323d7f117070c146e60e5eba8 (patch)
tree: 3a0871e5057e310aaf2b3bcb8224707600c9072a
parent: 9eb31ca3840d7013dbc4ce3a35ae7d6120306370 (diff)
download: lasso-c6dd3f287d9e424323d7f117070c146e60e5eba8.tar.gz
lasso-c6dd3f287d9e424323d7f117070c146e60e5eba8.tar.xz
lasso-c6dd3f287d9e424323d7f117070c146e60e5eba8.zip
4 files changed, 241 insertions, 99 deletions
diff --git a/lasso/Attic/protocols/provider.c b/lasso/Attic/protocols/provider.c
index c9633024..eac45141 100644
--- a/lasso/Attic/protocols/provider.c
+++ b/lasso/Attic/protocols/provider.c
@@ -27,6 +27,13 @@
 /*****************************************************************************/
 /* public methods                                                            */
 /*****************************************************************************/
+
+xmlChar *
+lasso_provider_get_assertionConsumerServiceURL(LassoProvider *provider)
+{
+  return(lasso_node_get_child_content(provider->metadata, "AssertionConsumerServiceURL", NULL));
+}
+
 xmlChar *
 lasso_provider_get_providerID(LassoProvider *provider)
 {
@@ -40,9 +47,9 @@ lasso_provider_get_singleSignOnProtocolProfile(LassoProvider *provider)
 }
 
 xmlChar *
-lasso_provider_get_singleSignOnServiceUrl(LassoProvider *provider)
+lasso_provider_get_singleSignOnServiceURL(LassoProvider *provider)
 {
-  return(lasso_node_get_child_content(provider->metadata, "SingleSignOnServiceUrl", NULL));
+  return(lasso_node_get_child_content(provider->metadata, "SingleSignOnServiceURL", NULL));
 }
 
 xmlChar *lasso_provider_get_singleLogoutProtocolProfile(LassoProvider *provider)
@@ -50,14 +57,20 @@ xmlChar *lasso_provider_get_singleLogoutProtocolProfile(LassoProvider *provider)
   return(lasso_node_get_child_content(provider->metadata, "SingleLogoutProtocolProfile", NULL));
 }
 
-xmlChar *lasso_provider_get_singleLogoutServiceUrl(LassoProvider *provider)
+xmlChar *lasso_provider_get_singleLogoutServiceURL(LassoProvider *provider)
 {
-  return(lasso_node_get_child_content(provider->metadata, "SingleLogoutServiceUrl", NULL));
+  return(lasso_node_get_child_content(provider->metadata, "SingleLogoutServiceURL", NULL));
 }
 
-xmlChar *lasso_provider_get_singleLogoutServiceReturnUrl(LassoProvider *provider)
+xmlChar *lasso_provider_get_singleLogoutServiceReturnURL(LassoProvider *provider)
+{
+  return(lasso_node_get_child_content(provider->metadata, "SingleLogoutServiceReturnURL", NULL));
+}
+
+xmlChar *
+lasso_provider_get_soapEndpoint(LassoProvider *provider)
 {
-  return(lasso_node_get_child_content(provider->metadata, "SingleLogoutServiceReturnUrl", NULL));
+  return(lasso_node_get_child_content(provider->metadata, "SoapEndpoint", NULL));
 }
 
 /*****************************************************************************/
diff --git a/lasso/Attic/protocols/provider.h b/lasso/Attic/protocols/provider.h
index 5cca277a..acb873a6 100644
--- a/lasso/Attic/protocols/provider.h
+++ b/lasso/Attic/protocols/provider.h
@@ -61,15 +61,18 @@ LASSO_EXPORT LassoProvider* lasso_provider_new                              (gch
 									     const gchar *public_key,
 									     const gchar *certificate);
 
+LASSO_EXPORT xmlChar       *lasso_provider_get_assertionConsumerServiceURL  (LassoProvider *provider);
+
 LASSO_EXPORT xmlChar       *lasso_provider_get_providerID                   (LassoProvider *provider);
 
 LASSO_EXPORT xmlChar       *lasso_provider_get_singleSignOnProtocolProfile  (LassoProvider *provider);
-LASSO_EXPORT xmlChar       *lasso_provider_get_singleSignOnServiceUrl       (LassoProvider *provider);
+LASSO_EXPORT xmlChar       *lasso_provider_get_singleSignOnServiceURL       (LassoProvider *provider);
 
 LASSO_EXPORT xmlChar       *lasso_provider_get_singleLogoutProtocolProfile  (LassoProvider *provider);
-LASSO_EXPORT xmlChar       *lasso_provider_get_singleLogoutServiceUrl       (LassoProvider *provider);
-LASSO_EXPORT xmlChar       *lasso_provider_get_singleLogoutServiceReturnUrl (LassoProvider *provider);
+LASSO_EXPORT xmlChar       *lasso_provider_get_singleLogoutServiceURL       (LassoProvider *provider);
+LASSO_EXPORT xmlChar       *lasso_provider_get_singleLogoutServiceReturnURL (LassoProvider *provider);
 
+LASSO_EXPORT xmlChar*       lasso_provider_get_soapEndpoint                 (LassoProvider *provider);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index b2772459..4fb44a4d 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -33,6 +33,75 @@
 /* functions                                                                 */
 /*****************************************************************************/
 
+gint
+lasso_login_process_federation(LassoLogin *login)
+{
+  LassoIdentity *identity;
+  xmlChar       *nameIDPolicy;
+  LassoNode     *idpProvidedNameIdentifier;
+
+  /* verify if a user context exists else create it */
+  if (LASSO_PROFILE_CONTEXT(login)->user == NULL) {
+    LASSO_PROFILE_CONTEXT(login)->user = lasso_user_new("");
+  }
+  identity = lasso_user_get_identity(LASSO_PROFILE_CONTEXT(login)->user,
+				     LASSO_PROFILE_CONTEXT(login)->remote_providerID);
+  nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request,
+					      "NameIDPolicy", NULL);
+  printf("NameIDPolicy %s\n", nameIDPolicy);
+  if (nameIDPolicy == NULL || xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone)) {
+    if (identity == NULL) {
+      lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login),
+						lassoLibStatusCodeFederationDoesNotExist);
+    }
+  }
+  else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeFederated)) {
+    printf("DEBUG - NameIDPolicy is federated\n");
+    if (identity == NULL) {
+      identity = lasso_identity_new(LASSO_PROFILE_CONTEXT(login)->remote_providerID);
+      idpProvidedNameIdentifier = lasso_lib_idp_provided_name_identifier_new(lasso_build_unique_id(32));
+      /* TODO: set nameQualifier and Format */
+      lasso_identity_set_local_nameIdentifier(identity, idpProvidedNameIdentifier);
+      lasso_user_add_identity(LASSO_PROFILE_CONTEXT(login)->user,
+			      LASSO_PROFILE_CONTEXT(login)->remote_providerID,
+			      identity);
+    }
+  }
+  else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) {
+    // TODO
+  }
+
+  return (0);
+}
+
+gint
+lasso_login_add_response_assertion(LassoLogin    *login,
+				   LassoIdentity *identity,
+				   const gchar   *authenticationMethod,
+				   const gchar   *reauthenticateOnOrAfter)
+{
+  xmlChar *providerID;
+  LassoNode *assertion=NULL, *authentication_statement;
+
+  providerID = lasso_provider_get_providerID(LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server));
+  assertion = lasso_assertion_new(providerID,
+				  lasso_node_get_attr_value(LASSO_NODE(LASSO_PROFILE_CONTEXT(login)->request), "RequestID"));
+  authentication_statement = lasso_authentication_statement_new(authenticationMethod,
+								reauthenticateOnOrAfter,
+								identity->remote_nameIdentifier,
+								identity->local_nameIdentifier);
+  lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion),
+						   LASSO_SAML_AUTHENTICATION_STATEMENT(authentication_statement));
+  lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
+				     LASSO_PROFILE_CONTEXT(login)->server->signature_method,
+				     LASSO_PROFILE_CONTEXT(login)->server->private_key,
+				     LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server)->certificate);
+  lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE_CONTEXT(login)->response),
+				     assertion);
+
+  return (0);
+}
+
 /*****************************************************************************/
 /* public methods                                                            */
 /*****************************************************************************/
@@ -41,20 +110,19 @@ gint
 lasso_login_build_authn_request_msg(LassoLogin *login)
 {
   LassoProvider *provider, *remote_provider;
-  xmlChar *request_protocolProfile, *url, *query;
-  gchar *msg;
+  xmlChar *request_protocolProfile, *url=NULL, *query=NULL;
   gboolean must_sign;
   
   provider = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server);
+  remote_provider = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server,
+					      LASSO_PROFILE_CONTEXT(login)->remote_providerID);
   must_sign = xmlStrEqual(lasso_node_get_child_content(provider->metadata, "AuthnRequestsSigned", NULL), "true");
-  
   /* export request depending on the request ProtocolProfile */
-  request_protocolProfile = lasso_provider_get_singleSignOnProtocolProfile(provider);
+  request_protocolProfile = lasso_provider_get_singleSignOnProtocolProfile(remote_provider);
+
   if (xmlStrEqual(request_protocolProfile, lassoLibProtocolProfileSSOGet)) {
     /* GET -> query */
-    remote_provider = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server,
-						LASSO_PROFILE_CONTEXT(login)->remote_providerID);
-    url = lasso_provider_get_singleSignOnServiceUrl(remote_provider);
+    url = lasso_provider_get_singleSignOnServiceURL(remote_provider);
     if (must_sign) {
       query = lasso_node_export_to_query(LASSO_PROFILE_CONTEXT(login)->request,
 					 LASSO_PROFILE_CONTEXT(login)->server->signature_method,
@@ -63,6 +131,8 @@ lasso_login_build_authn_request_msg(LassoLogin *login)
     else {
       query = lasso_node_export_to_query(LASSO_PROFILE_CONTEXT(login)->request, 0, NULL);
     }
+    if (url == NULL) return (-1);
+    if (query == NULL) return (-2);
     /* alloc msg_url (+2 for the ? and \0) */
     LASSO_PROFILE_CONTEXT(login)->msg_url = (gchar *) g_new(gchar, strlen(url) + strlen(query) + 2);
     g_sprintf(LASSO_PROFILE_CONTEXT(login)->msg_url, "%s?%s", url, query);
@@ -78,74 +148,113 @@ lasso_login_build_authn_request_msg(LassoLogin *login)
 }
 
 gint
-lasso_login_build_authn_response_msg(LassoLogin  *login,
-				     gint         authentication_result,
-				     const gchar *authenticationMethod,
-				     const gchar *reauthenticateOnOrAfter)
+lasso_login_build_artifact_msg(LassoLogin  *login,
+			       gint         authentication_result,
+			       const gchar *authenticationMethod,
+			       const gchar *reauthenticateOnOrAfter,
+			       gint         method)
 {
-  LassoUser *user;
   LassoIdentity *identity;
-  gchar     *msg = g_new(gchar, 1024), *samlArt;
-  xmlChar   *nameIDPolicy, *relayState, *providerID;
-  xmlChar   *assertionHandle, *identityProviderSuccinctID;
-  LassoNode *assertion=NULL, *authentication_statement, *idpProvidedNameIdentifier;
+  LassoProvider *remote_provider;
 
-  /* ProtocolProfile must be BrwsPost */
-  if (login->protocolProfile != lassoLoginProtocolPorfileBrwsPost) {
+  gchar   *b64_samlArt, *samlArt, *url;
+  xmlChar *relayState;
+  xmlChar *assertionHandle, *identityProviderSuccinctID;
+  xmlChar *providerID;
+
+  /* ProtocolProfile must be BrwsArt */
+  if (login->protocolProfile != lassoLoginProtocolPorfileBrwsArt) {
     return (-1);
   }
 
-  providerID = lasso_provider_get_providerID(LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server));
-
   /* federation */
-  /* verify if a user context exists else create it */
-  if (LASSO_PROFILE_CONTEXT(login)->user == NULL) {
-    LASSO_PROFILE_CONTEXT(login)->user = lasso_user_new("");
-  }
+  lasso_login_process_federation(login);
   identity = lasso_user_get_identity(LASSO_PROFILE_CONTEXT(login)->user,
 				     LASSO_PROFILE_CONTEXT(login)->remote_providerID);
-  nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request,
-					      "NameIDPolicy", NULL);
-  printf("NameIDPolicy %s\n", nameIDPolicy);
-  if (nameIDPolicy == NULL || xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone)) {
-    if (identity == NULL) {
+
+  /* fill the response with the assertion */
+  if (identity != NULL && authentication_result == 1) {
+    printf("DEBUG - an identity found, so build an assertion\n");
+    lasso_login_add_response_assertion(login,
+				       identity,
+				       authenticationMethod,
+				       reauthenticateOnOrAfter);
+  }
+  else {
+    printf("No identity or login failed !!!\n");
+    if (authentication_result == 0) {
       lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login),
-						lassoLibStatusCodeFederationDoesNotExist);
+						lassoSamlStatusCodeRequestDenied);
     }
   }
-  else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeFederated)) {
-    printf("DEBUG - NameIDPolicy is federated\n");
-    if (identity == NULL) {
-      identity = lasso_identity_new(LASSO_PROFILE_CONTEXT(login)->remote_providerID);
-      idpProvidedNameIdentifier = lasso_lib_idp_provided_name_identifier_new(lasso_build_unique_id(32));
-      /* TODO: set nameQualifier and Format */
-      lasso_identity_set_local_nameIdentifier(identity, idpProvidedNameIdentifier);
-      lasso_user_add_identity(LASSO_PROFILE_CONTEXT(login)->user,
-			      LASSO_PROFILE_CONTEXT(login)->remote_providerID,
-			      identity);
+  /* save response dump */
+  login->response_dump = lasso_node_export(LASSO_PROFILE_CONTEXT(login)->response);
+
+  providerID = lasso_provider_get_providerID(LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server));
+  remote_provider = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server,
+					      LASSO_PROFILE_CONTEXT(login)->remote_providerID);
+  switch (method) {
+  case lassoHttpMethodRedirect:
+    url = lasso_provider_get_assertionConsumerServiceURL(remote_provider);
+    /* return query (base64 encoded) */
+    /* liberty-idff-bindings-profiles-v1.2.pdf p.25 */
+    samlArt = g_new(gchar, 2+20+20+1);
+    identityProviderSuccinctID = lasso_str_hash(providerID,
+						LASSO_PROFILE_CONTEXT(login)->server->private_key);
+    assertionHandle = lasso_build_random_sequence(20);
+    sprintf(samlArt, "%c%c%s%s", 0, 3, identityProviderSuccinctID, assertionHandle);
+    //printf("%s\n", identityProviderSuccinctID);
+    //printf("%s\n", assertionHandle);
+    g_free(assertionHandle);
+    xmlFree(identityProviderSuccinctID);
+    b64_samlArt = xmlSecBase64Encode(samlArt, 42, 0);
+    g_free(samlArt);
+    LASSO_PROFILE_CONTEXT(login)->msg_url = g_new(gchar, 1024+1);
+    sprintf(LASSO_PROFILE_CONTEXT(login)->msg_url, "%s?SAMLArt=%s", url, b64_samlArt);
+    xmlFree(url);
+    xmlFree(b64_samlArt);
+    relayState = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request,
+					      "RelayState", NULL);
+    if (relayState != NULL) {
+      sprintf(LASSO_PROFILE_CONTEXT(login)->msg_url, "%s&RelayState=%s",
+	      LASSO_PROFILE_CONTEXT(login)->msg_url, relayState);
+      xmlFree(relayState);
     }
+    break;
+  case lassoHttpMethodPost:
+    /* TODO: return a formular */
+    break;
   }
-  else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) {
-    // TODO
+  xmlFree(providerID);
+  
+  return (0);
+}
+
+gint
+lasso_login_build_authn_response_msg(LassoLogin  *login,
+				     gint         authentication_result,
+				     const gchar *authenticationMethod,
+				     const gchar *reauthenticateOnOrAfter)
+{
+  LassoIdentity *identity;
+
+  /* ProtocolProfile must be BrwsPost */
+  if (login->protocolProfile != lassoLoginProtocolPorfileBrwsPost) {
+    return (-1);
   }
 
+  /* federation */
+  lasso_login_process_federation(login);
+  identity = lasso_user_get_identity(LASSO_PROFILE_CONTEXT(login)->user,
+				     LASSO_PROFILE_CONTEXT(login)->remote_providerID);
+
   /* fill the response with the assertion */
   if (identity != NULL && authentication_result == 1) {
     printf("DEBUG - an identity found, so build an assertion\n");
-    assertion = lasso_assertion_new(providerID,
-				    lasso_node_get_attr_value(LASSO_NODE(LASSO_PROFILE_CONTEXT(login)->request), "RequestID"));
-    authentication_statement = lasso_authentication_statement_new(authenticationMethod,
-								  reauthenticateOnOrAfter,
-								  identity->remote_nameIdentifier,
-								  identity->local_nameIdentifier);
-    lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion),
-						     LASSO_SAML_AUTHENTICATION_STATEMENT(authentication_statement));
-    lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
-				       LASSO_PROFILE_CONTEXT(login)->server->signature_method,
-				       LASSO_PROFILE_CONTEXT(login)->server->private_key,
-				       LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server)->certificate);
-    lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE_CONTEXT(login)->response),
-				       assertion);
+    lasso_login_add_response_assertion(login,
+				       identity,
+				       authenticationMethod,
+				       reauthenticateOnOrAfter);
   }
   else {
     printf("No identity or login failed !!!\n");
@@ -162,6 +271,18 @@ lasso_login_build_authn_response_msg(LassoLogin  *login,
 }
 
 gint
+lasso_login_build_request_msg(LassoLogin *login)
+{
+  LassoProvider *remote_provider;
+
+  remote_provider = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server,
+					      LASSO_PROFILE_CONTEXT(login)->remote_providerID);
+  LASSO_PROFILE_CONTEXT(login)->msg_body = lasso_node_export_to_soap(LASSO_PROFILE_CONTEXT(login)->request);
+  LASSO_PROFILE_CONTEXT(login)->msg_url = lasso_provider_get_soapEndpoint(remote_provider);
+  return (0);
+}
+
+gint
 lasso_login_init_authn_request(LassoLogin  *login,
 			       const gchar *remote_providerID)
 {
@@ -169,7 +290,7 @@ lasso_login_init_authn_request(LassoLogin  *login,
 
   server = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server);
   LASSO_PROFILE_CONTEXT(login)->request = lasso_authn_request_new(lasso_provider_get_providerID(server));
-  LASSO_PROFILE_CONTEXT(login)->remote_providerID = remote_providerID;
+  LASSO_PROFILE_CONTEXT(login)->remote_providerID = g_strdup(remote_providerID);
 
   if (LASSO_PROFILE_CONTEXT(login)->request == NULL) {
     return (-1);
@@ -184,7 +305,7 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login,
 					gint        authn_request_method)
 {
   LassoServer *server;
-  LassoProvider *sp;
+  LassoProvider *remote_provider;
   gchar *protocolProfile;
   gboolean  must_verify_signature, signature_status;
 
@@ -228,26 +349,28 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login,
     break;
   }
 
-  /* get SP ProviderID */
+  /* get remote ProviderID */
   LASSO_PROFILE_CONTEXT(login)->remote_providerID = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request,
 										 "ProviderID", NULL);
-  sp = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server,
-				 LASSO_PROFILE_CONTEXT(login)->remote_providerID);
+  printf("remote_providerID = %s\n", LASSO_PROFILE_CONTEXT(login)->remote_providerID);
+  remote_provider = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server,
+					      LASSO_PROFILE_CONTEXT(login)->remote_providerID);
   /* Is authnRequest signed ? */
-  must_verify_signature = xmlStrEqual(lasso_node_get_child_content(sp->metadata, "AuthnRequestsSigned", NULL), "true");
+  must_verify_signature = xmlStrEqual(lasso_node_get_child_content(remote_provider->metadata, "AuthnRequestsSigned", NULL), "true");
 
   /* verify request signature */
   if (must_verify_signature) {
     switch (authn_request_method) {
     case lassoHttpMethodGet:
     case lassoHttpMethodRedirect:
+      printf("VERIFY SIGNATURE\n");
       signature_status = lasso_query_verify_signature(authn_request_msg,
-						      sp->public_key,
+						      remote_provider->public_key,
 						      LASSO_PROFILE_CONTEXT(login)->server->private_key);
       break;
     case lassoHttpMethodPost:
       signature_status = lasso_node_verify_signature(LASSO_PROFILE_CONTEXT(login)->request,
-						     sp->certificate);
+						     remote_provider->certificate);
       break;
     }
     
@@ -270,12 +393,15 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login,
 }
 
 gint
-lasso_login_init_request(LassoLogin *login,
-			 xmlChar    *response_msg,
-			 gint        response_method)
+lasso_login_init_request(LassoLogin  *login,
+			 xmlChar     *response_msg,
+			 gint         response_method,
+			 const gchar *remote_providerID)
 {
   xmlChar *artifact;
 
+  LASSO_PROFILE_CONTEXT(login)->remote_providerID = g_strdup(remote_providerID);
+
   /* rebuild response (artifact) */
   switch (response_method = 1) {
   case lassoHttpMethodGet:
@@ -298,11 +424,15 @@ lasso_login_init_request(LassoLogin *login,
 }
 
 gint
-lasso_login_init_response(LassoLogin *login,
-			  xmlChar    *response_msg,
-			  gint        response_method)
+lasso_login_handle_request(LassoLogin *login,
+			   xmlChar    *request_msg)
 {
-  // TODO
+  LassoNode *node;
+
+  node = lasso_node_new_from_dump(request_msg);
+ 
+  login->assertionArtifact = lasso_node_get_child_content(node, "AssertionArtifact", lassoSamlProtocolHRef);
+  lasso_node_destroy(node);
 
   return (0);
 }
@@ -352,8 +482,7 @@ lasso_handle_authn_response_msg(LassoLogin *login,
 }
 
 gboolean
-lasso_login_must_authenticate(LassoLogin *login,
-			      gboolean    is_user_authenticated)
+lasso_login_must_authenticate(LassoLogin *login)
 {
   gboolean  must_authenticate = TRUE;
   gboolean  isPassive = TRUE;
@@ -369,10 +498,10 @@ lasso_login_must_authenticate(LassoLogin *login,
   }
 
   /* complex test to login process */
-  if ((forceAuthn == TRUE || is_user_authenticated == FALSE) && isPassive == FALSE) {
+  if ((forceAuthn == TRUE || LASSO_PROFILE_CONTEXT(login)->user == NULL) && isPassive == FALSE) {
     must_authenticate = TRUE;
   }
-  else if (is_user_authenticated == FALSE && isPassive == TRUE) {
+  else if (LASSO_PROFILE_CONTEXT(login)->user == NULL && isPassive == TRUE) {
     lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login),
 					      lassoLibStatusCodeNoPassive);
     must_authenticate = FALSE;
diff --git a/lasso/id-ff/login.h b/lasso/id-ff/login.h
index b825c110..2f6d2b18 100644
--- a/lasso/id-ff/login.h
+++ b/lasso/id-ff/login.h
@@ -55,31 +55,28 @@ typedef enum {
 struct _LassoLogin {
   LassoProfileContext parent;
   /*< public >*/
+  gint     protocolProfile;
+  xmlChar *assertionArtifact;
+
+  xmlChar *response_dump;
+
+  gchar   *msg_relayState;
   /*< private >*/
-  gint   protocolProfile;
-  gchar *msg_relayState;
 };
 
 struct _LassoLoginClass {
   LassoProfileContextClass parent;
 };
 
-LASSO_EXPORT GType                lasso_login_get_type               (void);
-
-LASSO_EXPORT LassoProfileContext* lasso_login_new                    (LassoServer *server,
-								      LassoUser   *user);
+LASSO_EXPORT GType                lasso_login_get_type                (void);
 
-LASSO_EXPORT gchar*               lasso_login_build_request_msg      (LassoLogin *authn);
+LASSO_EXPORT LassoProfileContext* lasso_login_new                     (LassoServer *server,
+								       LassoUser   *user);
 
-LASSO_EXPORT gchar*               lasso_login_process_login_result (LassoLogin *authn,
-										      gint                 login_result,
-										      const char          *login_method);
+LASSO_EXPORT gint                 lasso_login_build_authn_request_msg (LassoLogin *login);
 
-LASSO_EXPORT gchar*               lasso_login_build_response_msg            (LassoLogin *authn,
-										      gint                 login_result,
-										      const gchar         *loginMethod,
-										      const gchar         *reauthenticateOnOrAfter,
-										      gint                 method);
+LASSO_EXPORT gint                 lasso_login_init_authn_request      (LassoLogin  *login,
+								       const gchar *remote_providerID);
 
 #ifdef __cplusplus
 }
author	Valery Febvre <vfebvre at easter-eggs.com>	2004-07-06 17:20:48 +0000
committer	Valery Febvre <vfebvre at easter-eggs.com>	2004-07-06 17:20:48 +0000
commit	c6dd3f287d9e424323d7f117070c146e60e5eba8 (patch)
tree	3a0871e5057e310aaf2b3bcb8224707600c9072a
parent	9eb31ca3840d7013dbc4ce3a35ae7d6120306370 (diff)
download	lasso-c6dd3f287d9e424323d7f117070c146e60e5eba8.tar.gz lasso-c6dd3f287d9e424323d7f117070c146e60e5eba8.tar.xz lasso-c6dd3f287d9e424323d7f117070c146e60e5eba8.zip