diff options
author | Frederic Peters <fpeters@entrouvert.com> | 2004-12-19 11:07:32 +0000 |
---|---|---|
committer | Frederic Peters <fpeters@entrouvert.com> | 2004-12-19 11:07:32 +0000 |
commit | cae2befb48c60998515875b735e8c2e9ba6f5cfa (patch) | |
tree | 3b8309f1e14796fd9a145966bf9f68436302f187 /docs/lasso-book | |
parent | 74697b19c1160f20cc0e3f40e392b7fa7850b7a5 (diff) | |
download | lasso-cae2befb48c60998515875b735e8c2e9ba6f5cfa.tar.gz lasso-cae2befb48c60998515875b735e8c2e9ba6f5cfa.tar.xz lasso-cae2befb48c60998515875b735e8c2e9ba6f5cfa.zip |
cleaning up process files
Diffstat (limited to 'docs/lasso-book')
-rw-r--r-- | docs/lasso-book/defederation.process | 74 | ||||
-rw-r--r-- | docs/lasso-book/name-registration.process | 86 | ||||
-rw-r--r-- | docs/lasso-book/single-logout.process | 4 | ||||
-rw-r--r-- | docs/lasso-book/single-sign-on.process | 4 |
4 files changed, 83 insertions, 85 deletions
diff --git a/docs/lasso-book/defederation.process b/docs/lasso-book/defederation.process index 50719272..14ac915c 100644 --- a/docs/lasso-book/defederation.process +++ b/docs/lasso-book/defederation.process @@ -3,56 +3,58 @@ Federation Termination Notification (apply for both IdP and SP) /federationTermination (* normative, Federation Termination Notification service URL *) - defederation = lasos_defederation_new(server) - IF lasso_is_liberty_query(query) - # query is a valid liberty message, then process it + defederation = lasos_defederation_new(server) + IF lasso_is_liberty_query(query) + # query is a valid liberty message, then process it - lasso_defederation_process_notification_msg(defederation, query) + lasso_defederation_process_notification_msg(defederation, query) - nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier - # Retrieve session and user using name identifier. - lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump) - lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump) + nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier + # Retrieve session and user using name identifier. + lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump) + lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump) - lasso_defederation_validate_notification(defederation) - # Close the federation locally. - # The user is no more authenticated on any identity provider, Log him out. + lasso_defederation_validate_notification(defederation) + # Close the federation locally. + # The user is no more authenticated on any identity provider, Log him out. - REDIRECT TO LASSO_PROFILE(defederation)->msg_url + REDIRECT TO LASSO_PROFILE(defederation)->msg_url - ELSE - # query is not a valid liberty message, then initiates profile + ELSE + # query is not a valid liberty message, then initiates profile - # identity and session from logged in user - lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump) - lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump) + # identity and session from logged in user + lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump) + lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump) - lasso_defederation_build_notification_msg(defederation) + lasso_defederation_build_notification_msg(defederation) - # close the local user account (session, index...) + # close the local user account (session, index...) - IF LaSSO_PROFILE(defederation)->msg_body: - SOAP CALL -------------------------------------------------------------\ - TO LASSO_PROFILE(defederation)->msg_url | - BODY LASSO_PROFILE(defederation)->msg_body + IF LASSO_PROFILE(defederation)->msg_body: + SOAP CALL -----------------------------------------------------------------\ + TO LASSO_PROFILE(defederation)->msg_url | + BODY LASSO_PROFILE(defederation)->msg_body + + ELSE + REDIRECT TO LASSO_PROFILE(defederation)->msg_url - ELSE - REDIRECT TO LASSO_PROFILE(defederation)->msg_url /federationTerminationReturn (* normative, Federation Termination service Return URL *) - # get the relay state if exists in query response + # get the relay state if exists in query response + /soapEndPoint (* normative, SOAP endpoint *) <----/ - defederation = lasso_defederation_new(server) - lasso_defederation_process_notification_msg(defederation, soapRequestMsg) - - nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier - # Retrieve session and user using name identifier. - - lasso_defederation_validate_notification(defederation) - # Close the federation locally. - # The user is no more authenticated on any identity provider. Log him out. - # Return OK (204), even when the defederation validation fails. + defederation = lasso_defederation_new(server) + lasso_defederation_process_notification_msg(defederation, soapRequestMsg) + + nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier + # Retrieve session and user using name identifier. + + lasso_defederation_validate_notification(defederation) + # Close the federation locally. + # The user is no more authenticated on any identity provider. Log him out. + # Return OK (204), even when the defederation validation fails. ANSWER SOAP REQUEST WITH 204 (No content) diff --git a/docs/lasso-book/name-registration.process b/docs/lasso-book/name-registration.process index 53123412..6388e9b6 100644 --- a/docs/lasso-book/name-registration.process +++ b/docs/lasso-book/name-registration.process @@ -3,76 +3,72 @@ Name Registration (apply for both IdP and SP) /nameRegistration (* normative, Name Registration service URL *) - registration = lasso_name_registration_new(server) + registration = lasso_name_registration_new(server) - IF lasso_is_liberty_query(query) - lasso_name_registration_process_request_msg(query) + IF lasso_is_liberty_query(query) + lasso_name_registration_process_request_msg(query) oldNameIdentifier = registration->oldNameIdentifier newNameIdentifier = LASSO_PROFILE(registration)->nameIdentifier lasso_name_registration_validate_request(registration) - # Update identity (session is not changed, because name identifiers - # in assertions are left as is). - - # Update nameIdentifier in indexes if it has changed. + # Update identity (session is not changed, because name identifiers + # in assertions are left as is). + + # Update nameIdentifier in indexes if it has changed. - lasso_name_registration_build_response_msg(registration) - REDIRECT TO LASSO_PROFILE(registration)->msg_url + lasso_name_registration_build_response_msg(registration) + REDIRECT TO LASSO_PROFILE(registration)->msg_url - ELSE - lasso_profile_set_identity_from_dump(identityDump) - lasso_name_registration_init_request(registration, remote_providerID, method) - # method can be any, soap or redirect + ELSE + lasso_profile_set_identity_from_dump(identityDump) + lasso_name_registration_init_request(registration, remote_providerID, method) + # method can be any, soap or redirect - lasso_lib_register_name_identifier_request_set_relaystate( - LASSO_PROFILE(registration)->request, relayState) - # optionaly set relay state + lasso_name_registration_build_request_msg() + IF LASSO_PROFILE(registration)->msg_body: + SOAP CALL ----------------------------------------------------------------\ + TO LASSO_PROFILE(registration)->msg_url | + BODY LASSO_PROFILE(registration)->msg_body - lasso_name_registration_build_request_msg() - IF LASSO_PROFILE(registration)->msg_body: - SOAP CALL -----------------------------------------------------------\ - TO LASSO_PROFILE(registration)->msg_url | - BODY LASSO_PROFILE(registration)->msg_body - - lasso_name_registration_process_response_msg(soap_answer_msg) - oldNameIdentifier = registration->oldNameIdentifier - newNameIdentifier = registration->nameIdentifier + lasso_name_registration_process_response_msg(soap_answer_msg) + oldNameIdentifier = registration->oldNameIdentifier + newNameIdentifier = registration->nameIdentifier - lasso_name_registration_validate_request(registration) + lasso_name_registration_validate_request(registration) - # Update identity (session is not changed, because name - # indentifiers in assertions are left as is). + # Update identity (session is not changed, because name + # indentifiers in assertions are left as is). - # Update nameIdentifier in indexes if it has changed. + # Update nameIdentifier in indexes if it has changed. - lasso_name_registration_build_response_msg(registration) + lasso_name_registration_build_response_msg(registration) - REDIRECT TO LASSO_PROFILE(registration)->msg_url - ELSE - # XXX: Use Redirect method + REDIRECT TO LASSO_PROFILE(registration)->msg_url + ELSE + # XXX: Use Redirect method /nameRegistrationReturn (* normative, Name Registration service Return URL *) - registration = lasso_name_registration_new_from_dump(nameRegistrationDump) - lasso_name_registration_process_response_msg(registration, query) + registration = lasso_name_registration_new_from_dump(nameRegistrationDump) + lasso_name_registration_process_response_msg(registration, query) | /soapEndPoint (* normative, SOAP endpoint *) <----/ - lasso_name_registration_process_request_msg(soapRequestMsg) + lasso_name_registration_process_request_msg(soapRequestMsg) - oldNameIdentifier = registration->oldNameIdentifier - newNameIdentifier = LASSO_PROFILE(registration)->nameIdentifier + oldNameIdentifier = registration->oldNameIdentifier + newNameIdentifier = LASSO_PROFILE(registration)->nameIdentifier - lasso_name_registration_validate_request(registration) + lasso_name_registration_validate_request(registration) - # Update identity (session is not changed, because name identifiers - # in assertions are left as is). - - # Update nameIdentifier in indexes if it has changed. + # Update identity (session is not changed, because name identifiers + # in assertions are left as is). + + # Update nameIdentifier in indexes if it has changed. - lasso_name_registration_build_response_msg(registration) - ANSWER SOAP REQUEST WITH: LASSO_PROFILE(registration)->msg_body + lasso_name_registration_build_response_msg(registration) + ANSWER SOAP REQUEST WITH: LASSO_PROFILE(registration)->msg_body diff --git a/docs/lasso-book/single-logout.process b/docs/lasso-book/single-logout.process index e735766a..c8842a27 100644 --- a/docs/lasso-book/single-logout.process +++ b/docs/lasso-book/single-logout.process @@ -11,8 +11,8 @@ Single Log Out lasso_logout_init_request(logout, idpProviderId, lassoHttpMethodAny) # if idpProviderId is NULL the first one defined in the metadata will be picked # if third param http method is lassoHttpMethodAny, then lasso retrieves - # the first http mehtod supported by both providers, else check - # the passed http method is supported. + # the first http mehtod supported by both providers, else check + # the passed http method is supported. request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(logout)->request) lasso_lib_authn_request_set_relayState(request, relayState) # relayState is an optional value set by the SP diff --git a/docs/lasso-book/single-sign-on.process b/docs/lasso-book/single-sign-on.process index 1678c0f6..700a9ce8 100644 --- a/docs/lasso-book/single-sign-on.process +++ b/docs/lasso-book/single-sign-on.process @@ -58,11 +58,11 @@ Single Sign-On and Federation # proceed to an IDP initiated SSO. # First ask the user the SP for which he wants to proceed to sign-on. lasso_login_init_idp_initiated_authn_request(serviceProviderId) - IF METHOD IS POST + ELSE (METHOD IS POST) authn_request_msg = /form submitted LAREQ field/ IF authn_request_msg: - lasso_login_process_msg(login, authn_request_msg) + lasso_login_process_authn_request_msg(login, authn_request_msg) IF lasso_login_must_authenticate(login) # proceed to authentication |