udpate of logout and federation profiles

author: Nicolas Clapies <nclapies@entrouvert.com> 2004-08-18 14:05:37 +0000
committer: Nicolas Clapies <nclapies@entrouvert.com> 2004-08-18 14:05:37 +0000
commit: 214f02b82cdb71969a25b89dc61db7fa435664b1 (patch)
tree: abbe199d0b742b99de54b5e6060085717a038e51 /lasso/id-ff/federation_termination.c
parent: d9978fdc4cbdb7f88b48ba5c8e949bd2822e133f (diff)
download: lasso-214f02b82cdb71969a25b89dc61db7fa435664b1.tar.gz
lasso-214f02b82cdb71969a25b89dc61db7fa435664b1.tar.xz
lasso-214f02b82cdb71969a25b89dc61db7fa435664b1.zip
1 files changed, 97 insertions, 32 deletions
diff --git a/lasso/id-ff/federation_termination.c b/lasso/id-ff/federation_termination.c
index 82f425ee..0a5767a0 100644
--- a/lasso/id-ff/federation_termination.c
+++ b/lasso/id-ff/federation_termination.c
@@ -37,12 +37,12 @@
  * 
  * It gets the federation termination notification protocol profile and :
  *    if it is a SOAP method, then it builds the federation termination notification SOAP message,
- *    set the msg_body attribute, get the federation termination service url
- *    and set the msg_url attribute of the federation termination object.
+ *    optionaly signs the notification node, set the msg_body attribute, get the federation termination
+ *    service url and set the msg_url attribute of the federation termination object.
  *
- *    if it is a HTTP-Redirect method, then it builds the federation termination notification QUERY message,
- *    builds the federation termination notification url with federation termination service url,
- *    set the msg_url attribute of the federation termination object,
+ *    if it is a HTTP-Redirect method, then it builds the federation termination notification QUERY message
+ *    ( optionaly signs the notification message ), builds the federation termination notification url
+ *    with federation termination service url, set the msg_url attribute of the federation termination object,
  *    set the msg_body to NULL
  * 
  * Return value: O of OK else < 0
@@ -53,7 +53,6 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination *
   LassoProfile      *profile;
   LassoProvider     *provider;
   xmlChar           *protocolProfile;
-  lassoProviderType  provider_type; /* use to get metadata */
   gint               ret = 0;
 
   g_return_val_if_fail(LASSO_IS_FEDERATION_TERMINATION(defederation), -1);
@@ -63,23 +62,24 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination *
   provider = lasso_server_get_provider_ref(profile->server,
 					   profile->remote_providerID,
 					   NULL);
-  if (provider == NULL) {
-    debug("Provider %s not found\n", profile->remote_providerID);
-    ret = -1;
-    goto done;
-  }
 
+  /* get the protocol profile of the remote provider ( if the notifier is a IDP, then get with IDP type else if IDP, SP ) */
   if (profile->provider_type == lassoProviderTypeSp) {
-    provider_type = lassoProviderTypeIdp;
+  protocolProfile = lasso_provider_get_federationTerminationNotificationProtocolProfile(provider,
+											lassoProviderTypeIdp,
+											NULL);
+  }
+  else if (profile->provider_type == lassoProviderTypeIdp) {
+  protocolProfile = lasso_provider_get_federationTerminationNotificationProtocolProfile(provider,
+											lassoProviderTypeSp,
+											NULL);    
   }
   else {
-    provider_type = lassoProviderTypeSp;
+    message(G_LOG_LEVEL_CRITICAL, "Invalid provider type\n");
+    ret = -1;
+    goto done;
   }
 
-  /* get the prototocol profile of the federation termination notification */
-  protocolProfile = lasso_provider_get_federationTerminationNotificationProtocolProfile(provider,
-											provider_type,
-											NULL);
   if (protocolProfile == NULL) {
     message(G_LOG_LEVEL_CRITICAL, "Federation termination notification protocol profile not found\n");
     ret = -1;
@@ -88,6 +88,16 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination *
 
   if (xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloSpSoap) || \
       xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloIdpSoap)) {
+    /* optionaly sign the notification node */
+    if (profile->server->private_key != NULL) {
+      lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request),
+						 profile->server->signature_method,
+						 profile->server->private_key,
+						 profile->server->certificate,
+						 NULL);
+    }
+
+    /* build the message */
     profile->msg_url = lasso_provider_get_federationTerminationServiceURL(provider,
 									  lassoProviderTypeIdp,
 									  NULL);
@@ -100,10 +110,21 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination *
   }
   else if (xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloSpHttp) || \
 	   xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloIdpHttp)) {
-    profile->msg_url = lasso_node_export_to_query(profile->request,
-						  profile->server->signature_method,
-						  profile->server->private_key);
+    /* temporary vars to store url, query and separator */
+    gchar *url, *query;
+    const gchar *separator = "?";
+
+    /* build and optionaly sign the query message and build the federation termination notification url */
+    url = lasso_provider_get_federationTerminationServiceURL(provider,
+							     lassoProviderTypeIdp,
+							     NULL);
+    query = lasso_node_export_to_query(profile->request,
+				       profile->server->signature_method,
+				       profile->server->private_key);
+    profile->msg_url = g_strjoin(separator, url, query);
     profile->msg_body = NULL;
+    xmlFree(url);
+    xmlFree(query);
   }
   else {
     message(G_LOG_LEVEL_CRITICAL, "Invalid protocol profile\n");
@@ -263,6 +284,7 @@ lasso_federation_termination_process_notification_msg(LassoFederationTermination
 						      lassoHttpMethod             notification_method)
 {
   LassoProfile *profile;
+  gint ret = 0;
 
   g_return_val_if_fail(LASSO_IS_FEDERATION_TERMINATION(defederation), -1);
   g_return_val_if_fail(notification_msg!=NULL, -1);
@@ -280,11 +302,13 @@ lasso_federation_termination_process_notification_msg(LassoFederationTermination
     break;
   default:
     message(G_LOG_LEVEL_CRITICAL, "Invalid notification method\n");
-    return(-3);
+    ret = -1;
+    goto done;
   }
   if (profile->request==NULL) {
     message(G_LOG_LEVEL_CRITICAL, "Error while building the notification from msg\n");
-    return(-4);
+    ret = -1;
+    goto done;
   }
 
   /* get the NameIdentifier */
@@ -292,14 +316,17 @@ lasso_federation_termination_process_notification_msg(LassoFederationTermination
 							 "NameIdentifier", NULL, NULL);
   if (profile->nameIdentifier==NULL) {
     message(G_LOG_LEVEL_CRITICAL, "NameIdentifier not found\n");
-    return(-1);
+    ret = -1;
+    goto done;
   }
-  
+
   /* get the RelayState */
   profile->msg_relayState = lasso_node_get_child_content(profile->request,
 							 "RelayState", NULL, NULL);
 
-  return(0);
+  done:
+
+  return(ret);
 }
 
 /**
@@ -307,8 +334,8 @@ lasso_federation_termination_process_notification_msg(LassoFederationTermination
  * @defederation: the federation termination object
  * 
  * Validate the federation termination notification :
- *    initialises the federation termination notification
  *    verifies the ProviderID
+ *    if HTTP-Redirect method, set msg_url with the federation termination service return url
  *    verifies the federation
  *    verifies the authentication
  * 
@@ -318,9 +345,12 @@ gint
 lasso_federation_termination_validate_notification(LassoFederationTermination *defederation)
 {
   LassoProfile    *profile;
+  LassoProvider   *provider;
   LassoFederation *federation;
   LassoNode       *nameIdentifier;
   gint             ret = 0;
+  gint             signature_check;
+  GError          *err = NULL;
 
   profile = LASSO_PROFILE(defederation);
 
@@ -331,16 +361,38 @@ lasso_federation_termination_validate_notification(LassoFederationTermination *d
   }
 
   /* set the remote provider id from the request */
-  profile->remote_providerID = lasso_node_get_child_content(profile->request, "ProviderID",
-							    NULL, NULL);
+  profile->remote_providerID = lasso_node_get_child_content(profile->request,
+							    "ProviderID",
+							    NULL,
+							    NULL);
   if (profile->remote_providerID == NULL) {
     message(G_LOG_LEVEL_CRITICAL, "Remote provider id not found\n");
     ret = -1;
     goto done;
   }
 
-  nameIdentifier = lasso_node_get_child(profile->request, "NameIdentifier",
-					NULL, NULL);
+  /* if HTTP-Redirect protocol profile, set the federation termination service return url */
+  provider = lasso_server_get_provider(profile->server, profile->remote_providerID, NULL);
+  if (provider == NULL) {
+    message(G_LOG_LEVEL_CRITICAL, "Provider not found\n");
+    ret = -1;
+    goto done;
+  }
+  if (profile->http_request_method==lassoHttpMethodRedirect) {
+    profile->msg_url = lasso_provider_get_federationTerminationServiceReturnURL(provider,
+										profile->provider_type,
+										NULL);
+    if (profile->msg_url) {
+      message(G_LOG_LEVEL_CRITICAL, "Federation termination service return url not found\n");
+      ret = -1;
+      goto done;
+    }
+  }
+
+  nameIdentifier = lasso_node_get_child(profile->request,
+					"NameIdentifier",
+					NULL,
+					NULL);
   if (nameIdentifier == NULL) {
     message(G_LOG_LEVEL_CRITICAL, "Name identifier not found in request\n");
     ret = -1;
@@ -356,13 +408,13 @@ lasso_federation_termination_validate_notification(LassoFederationTermination *d
 
   federation = lasso_identity_get_federation(profile->identity, profile->remote_providerID);
   if (federation == NULL) {
-    message(G_LOG_LEVEL_WARNING, "No federation for %s\n", profile->remote_providerID);
+    message(G_LOG_LEVEL_CRITICAL, "No federation for %s\n", profile->remote_providerID);
     ret = -1;
     goto done;
   }
 
   if (lasso_federation_verify_nameIdentifier(federation, nameIdentifier) == FALSE) {
-    message(G_LOG_LEVEL_WARNING, "No name identifier for %s\n", profile->remote_providerID);
+    message(G_LOG_LEVEL_CRITICAL, "No name identifier for %s\n", profile->remote_providerID);
     ret = -1;
     goto done;
   }
@@ -423,6 +475,19 @@ GType lasso_federation_termination_get_type() {
  * @server: the server object of the provider
  * @provider_type: the provider type (service provider or identity provider)
  * 
+ * This function build a new federation termination object to build
+ * a notification message or to process a notification.
+ *
+ * If building a federation termination notification message then call :
+ *    lasso_federation_termination_init_notification()
+ *    lasso_federation_termination_build_notification_msg()
+ * and get msg_url or msg_body.
+ *
+ * If processing a federation termination notification message then call :
+ *   lasso_federation_termination_process_notification_msg()
+ *   lasso_federation_termination_validate_notification()
+ * and process the returned code.
+ *
  * Return value: a new instance of federation termination object or NULL
  **/
 LassoFederationTermination*
author	Nicolas Clapies <nclapies@entrouvert.com>	2004-08-18 14:05:37 +0000
committer	Nicolas Clapies <nclapies@entrouvert.com>	2004-08-18 14:05:37 +0000
commit	214f02b82cdb71969a25b89dc61db7fa435664b1 (patch)
tree	abbe199d0b742b99de54b5e6060085717a038e51 /lasso/id-ff/federation_termination.c
parent	d9978fdc4cbdb7f88b48ba5c8e949bd2822e133f (diff)
download	lasso-214f02b82cdb71969a25b89dc61db7fa435664b1.tar.gz lasso-214f02b82cdb71969a25b89dc61db7fa435664b1.tar.xz lasso-214f02b82cdb71969a25b89dc61db7fa435664b1.zip