diff options
| author | Frederic Peters <fpeters@entrouvert.com> | 2004-12-14 19:20:20 +0000 |
|---|---|---|
| committer | Frederic Peters <fpeters@entrouvert.com> | 2004-12-14 19:20:20 +0000 |
| commit | ad056adf3699d7162858ccae0faaacfc5ac24882 (patch) | |
| tree | 154311be0f549793690f2cca0e5d742339bd1ea1 /docs | |
| parent | 2bda2b596eaaa5c83aca90ea73b9bbec31985a5b (diff) | |
| download | lasso-ad056adf3699d7162858ccae0faaacfc5ac24882.tar.gz lasso-ad056adf3699d7162858ccae0faaacfc5ac24882.tar.xz lasso-ad056adf3699d7162858ccae0faaacfc5ac24882.zip | |
API change in Single Sign On profile (IdP side) to allow the developer to mess
with <lib:Assertion/>
Outlined in http://lists.labs.libre-entreprise.org/pipermail/lasso-devel/2004-December/001119.html
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/lasso-book/single-sign-on.process | 40 |
1 files changed, 10 insertions, 30 deletions
diff --git a/docs/lasso-book/single-sign-on.process b/docs/lasso-book/single-sign-on.process index d04ff539..1678c0f6 100644 --- a/docs/lasso-book/single-sign-on.process +++ b/docs/lasso-book/single-sign-on.process @@ -89,37 +89,17 @@ Single Sign-On and Federation # unserialize with lasso_login_new_from_dump(dump) consentObtained = TRUE # or FALSE if user didn't give its consent - authenticationMethod = LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD - # or LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI or others - # (see ...) - # this is how the user has been authenticated - - authenticationInstant = "2004-03-01T00:00:00Z" - # this is when the authentication occured; when NULL Lasso will put current time - - assertionIsNotBefore = "2004-03-01T00:00:00Z" - # this is when assertion starts to be valid; NULL when not used - - assertionIsNotOnOrAfter = "2004-04-01T00:00:00Z" - # this is when assertion stops to be valid; NULL when not used - - reauthenticationTime = "2004-04-01T00:00:00Z" - # this is when the user will have to be reauthenticated; NULL when not used - - IF login->protocolProfile IS lassoLoginProtocolProfileBrwsArt - lasso_login_build_artifact_msg(login, userAuthenticated, - consentObtained, - authenticationMethod, - authenticationInstant, reauthenticationTime, - assertionIsNotBefore, assertionIsNotOnOrAfter, - lassoHttpMethodRedirect) + IF lasso_login_validate_request_msg(login, userAuthenticated, consentObtained) == 0: + # build and fill assertion + lasso_login_build_assertion(login, authenticationMethod, + authenticationInstant, reauthenticationTime + assertionIsNotBefore, assertionIsNotOnOrAfter) + # any other change to the assertion can take place here + + IF login->protocolProfile IS LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART + lasso_login_build_artifact_msg(login, LASSO_HTTP_METHOD_REDIRECT) ELSE # IF login->protocolProfile IS lassoLoginProtocolProfileBrwsPost - lasso_login_build_authn_response_msg(login, userAuthenticated, - consentObtained, - authenticationMethod, - authenticationInstant, reauthenticationTime, - assertionIsNotBefore, assertionIsNotOnOrAfter, - reauthenticationTime) + lasso_login_build_authn_response_msg(login) # map LASSO_PROFILE(login)->nameIdentifier to user and session # (write this down in a database) |