diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2012-03-17 15:21:23 +0100 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2012-03-17 15:21:23 +0100 |
commit | f55c92725510f102a778878b45561aaba8ab887d (patch) | |
tree | b19e8007ab9c42d091b47d68fe7c9ba50c79adfb | |
parent | d96960360496245a1a9e259b08b0afcabc9149e6 (diff) | |
download | lasso-f55c92725510f102a778878b45561aaba8ab887d.tar.gz lasso-f55c92725510f102a778878b45561aaba8ab887d.tar.xz lasso-f55c92725510f102a778878b45561aaba8ab887d.zip |
[saml2] fix handling of SingleSignOnServer in lasso_saml20_provider_get_first_http_method
When checking if a synchronous http method can be used for sending a
request to the SingleSignOnService we must check if the response can
received by the AssertionConsumerService with a synchronous binding not
the SingleSignOnService.
-rw-r--r-- | lasso/saml-2.0/provider.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index baccb174..1a6ba908 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -534,7 +534,24 @@ lasso_saml20_provider_load_metadata(LassoProvider *provider, xmlNode *root_node) return TRUE; } -static gboolean has_synchronous_methods(LassoProvider *provider, LassoMdProtocolType protocol_type) +enum { + FOR_RESPONSE = 1 +}; + +/** + * has_synchronous_methods: + * @provider: a #LassoProvider object + * @protocol_type: a #LassoMdProtocolType value + * @for_response: a boolean stating whether we need the answer for receiving a response. + * + * Return whether the given @provider support a certain protocol with a synchronous binding. + * If we need to receive a response for this protocol, @for_response must be set to True. + * + * Return result: TRUE if @provider supports @protocol_type with a synchronous binding, eventually + * for receiving responses, FALSE otherwise. + */ +static gboolean has_synchronous_methods(LassoProvider *provider, LassoMdProtocolType protocol_type, + gboolean for_response) { GList *t = NULL; const char *kind = NULL; @@ -547,6 +564,11 @@ static gboolean has_synchronous_methods(LassoProvider *provider, LassoMdProtocol return LASSO_HTTP_METHOD_NONE; } + if (for_response && protocol_type == LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON) + { + kind = LASSO_SAML2_METADATA_ELEMENT_ASSERTION_CONSUMER_SERVICE; + } + lasso_foreach(t, provider->private_data->endpoints) { EndpointType *endpoint_type = (EndpointType*)t->data; if (endpoint_type && lasso_strisequal(endpoint_type->kind, kind)) { @@ -581,7 +603,7 @@ lasso_saml20_provider_get_first_http_method(LassoProvider *provider, /* a synchronous method needs another synchronous method for receiving the * response on the local side */ if (http_method_kind(result) == SYNCHRONOUS - && ! has_synchronous_methods(provider, protocol_type)) + && ! has_synchronous_methods(provider, protocol_type, FOR_RESPONSE)) continue; if (result != LASSO_HTTP_METHOD_NONE) break; |