diff options
| -rw-r--r-- | lasso/id-ff/login.h | 1 | ||||
| -rw-r--r-- | lasso/saml-2.0/login.c | 29 | ||||
| -rw-r--r-- | lasso/saml-2.0/provider.c | 4 | ||||
| -rw-r--r-- | swig/Lasso.i | 2 |
4 files changed, 29 insertions, 7 deletions
diff --git a/lasso/id-ff/login.h b/lasso/id-ff/login.h index 94343ed0..3633c7ff 100644 --- a/lasso/id-ff/login.h +++ b/lasso/id-ff/login.h @@ -63,6 +63,7 @@ typedef enum { LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART = 1, LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST, LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP, + LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT, } LassoLoginProtocolProfile; struct _LassoLogin { diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index c3ffcb79..4600b8ef 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -265,6 +265,8 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART; } else if (strcmp(binding, "HTTP-POST") == 0) { login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST; + } else if (strcmp(binding, "HTTP-Redirect") == 0) { + login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT; } else if (strcmp(binding, "SOAP") == 0) { login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP; } else if (strcmp(binding, "PAOS") == 0) { @@ -1360,7 +1362,8 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login) LassoProvider *remote_provider; LassoSaml2Assertion *assertion; - if (login->protocolProfile != LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) { + if (login->protocolProfile != LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST && + login->protocolProfile != LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT) { return critical_error(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE); } @@ -1386,19 +1389,35 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login) profile->msg_url = lasso_saml20_login_get_assertion_consumer_service_url( login, remote_provider); - if (profile->msg_url == NULL) { return LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL; } - + assertion = login->private_data->saml2_assertion; if (LASSO_IS_SAML2_ASSERTION(assertion) == TRUE) { assertion->Subject->SubjectConfirmation->SubjectConfirmationData->Recipient = g_strdup(profile->msg_url); } - /* build an lib:AuthnResponse base64 encoded */ - profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response)); + + if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) { + /* build an lib:AuthnResponse base64 encoded */ + profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response)); + } else { + char *url, *query; + + url = profile->msg_url; + query = lasso_node_export_to_query(profile->response, + profile->server->signature_method, + profile->server->private_key); + if (query == NULL) { + return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED); + } + profile->msg_url = lasso_concat_url_query(url, query); + profile->msg_body = NULL; + g_free(query); + g_free(url); + } return 0; diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index ff7d528d..e6b251dc 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -241,7 +241,7 @@ lasso_saml20_provider_get_assertion_consumer_service_url(LassoProvider *provider char *sid; char *name; const char *possible_bindings[] = { - "HTTP-Artifact", "HTTP-Post", "HTTP-POST", "SOAP", NULL + "HTTP-Artifact", "HTTP-Post", "HTTP-POST", "HTTP-Redirect", "SOAP", NULL }; int i; @@ -341,7 +341,7 @@ lasso_saml20_provider_get_assertion_consumer_service_binding(LassoProvider *prov char *name; char *binding = NULL; const char *possible_bindings[] = { - "HTTP-Artifact", "HTTP-Post", "HTTP-POST", "SOAP", NULL + "HTTP-Artifact", "HTTP-Post", "HTTP-POST", "HTTP-Redirect", "SOAP", NULL }; int i; diff --git a/swig/Lasso.i b/swig/Lasso.i index 89ea3aae..fd9bfcb4 100644 --- a/swig/Lasso.i +++ b/swig/Lasso.i @@ -865,12 +865,14 @@ typedef enum { %rename(LOGIN_PROTOCOL_PROFILE_BRWS_ART) LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART; %rename(LOGIN_PROTOCOL_PROFILE_BRWS_POST) LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST; %rename(LOGIN_PROTOCOL_PROFILE_BRWS_LECP) LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP; +%rename(LOGIN_PROTOCOL_PROFILE_REDIRECT) LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT; %rename(LoginProtocolProfile) LassoLoginProtocolProfile; #endif typedef enum { LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART = 1, LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST, LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP, + LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT, } LassoLoginProtocolProfile; /* ProviderRole */ |