summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederic Peters <fpeters@entrouvert.com>2005-04-25 14:25:03 +0000
committerFrederic Peters <fpeters@entrouvert.com>2005-04-25 14:25:03 +0000
commitec81badb6c000850eb833fbc53440cadbef0eafc (patch)
tree9386d49a23c6cdf9aceae9af427952db255f5a52
parent59892c5c86a0746f091089355300690894ae0420 (diff)
use proper confirmation method saml identifiers
Diffstat
-rw-r--r--lasso/id-ff/login.c22
-rw-r--r--lasso/xml/lib_authentication_statement.c3
2 files changed, 23 insertions, 2 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 64d855d3..a6f02bef 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -622,6 +622,20 @@ lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method)
if (login->assertionArtifact == NULL)
lasso_login_build_assertion_artifact(login);
+ if (login->assertion) {
+ LassoSamlAssertion *assertion = login->assertion;
+ LassoSamlSubjectStatementAbstract *ss;
+
+ ss = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(assertion->AuthenticationStatement);
+ if (assertion->MajorVersion == 1 && assertion->MinorVersion == 0) {
+ ss->Subject->SubjectConfirmation->ConfirmationMethod = g_list_append(NULL,
+ g_strdup(LASSO_SAML_CONFIRMATION_METHOD_ARTIFACT01));
+ } else {
+ ss->Subject->SubjectConfirmation->ConfirmationMethod = g_list_append(NULL,
+ g_strdup(LASSO_SAML_CONFIRMATION_METHOD_ARTIFACT));
+ }
+ }
+
b64_samlArt = xmlStrdup(login->assertionArtifact);
relayState = xmlURIEscapeStr(LASSO_LIB_AUTHN_REQUEST(profile->request)->RelayState, NULL);
@@ -785,6 +799,14 @@ lasso_login_build_authn_response_msg(LassoLogin *login)
return critical_error(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE);
}
+ if (login->assertion) {
+ LassoSamlAssertion *assertion = login->assertion;
+ LassoSamlSubjectStatementAbstract *ss;
+ ss = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(assertion->AuthenticationStatement);
+ ss->Subject->SubjectConfirmation->ConfirmationMethod = g_list_append(NULL,
+ g_strdup(LASSO_SAML_CONFIRMATION_METHOD_BEARER));
+ }
+
/* Countermeasure: The issuer should sign <lib:AuthnResponse> messages.
* (binding and profiles (1.2errata2, page 65) */
if (profile->server->certificate)
diff --git a/lasso/xml/lib_authentication_statement.c b/lasso/xml/lib_authentication_statement.c
index 1d2a6cd7..cf5439ad 100644
--- a/lasso/xml/lib_authentication_statement.c
+++ b/lasso/xml/lib_authentication_statement.c
@@ -179,8 +179,7 @@ lasso_lib_authentication_statement_new_full(const char *authenticationMethod,
/* SubjectConfirmation & Subject */
subject_confirmation = lasso_saml_subject_confirmation_new();
- subject_confirmation->ConfirmationMethod = g_list_append(NULL,
- g_strdup(LASSO_SAML_CONFIRMATION_METHOD_BEARER));
+ subject_confirmation->ConfirmationMethod = NULL;
LASSO_SAML_SUBJECT(subject)->SubjectConfirmation = subject_confirmation;
LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(statement)->Subject = LASSO_SAML_SUBJECT(subject);
generated by cgit (git 2.34.1) at 2026-03-29 06:33:58 +0000