diff options
| -rw-r--r-- | lasso/id-ff/lecp.c | 5 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 38 | ||||
| -rw-r--r-- | lasso/id-ff/login.h | 7 | ||||
| -rw-r--r-- | python/lasso.py | 8 | ||||
| -rw-r--r-- | python/tests/ServiceProvider.py | 5 | ||||
| -rw-r--r-- | swig/Lasso.i | 5 | ||||
| -rw-r--r-- | tests/login_tests.c | 5 |
7 files changed, 42 insertions, 31 deletions
diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index 726bc2e7..e06845db 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -183,7 +183,10 @@ lasso_lecp_init_authn_request(LassoLecp *lecp) g_return_val_if_fail(LASSO_IS_LECP(lecp), -1); - res = lasso_login_init_authn_request(LASSO_LOGIN(lecp)); + /* FIXME : BAD usage of http_method + using POST method so that the lib:AuthnRequest is initialize with + a signature template */ + res = lasso_login_init_authn_request(LASSO_LOGIN(lecp), lassoHttpMethodPost); return(res); } diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 6d72aaa2..1bd89856 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -518,7 +518,6 @@ lasso_login_build_artifact_msg(LassoLogin *login, * lasso_login_build_authn_request_msg: * @login: a LassoLogin * @remote_providerID: the providerID of the identity provider - * @http_method: the HTTP method to send the AuthnRequest (REDIRECT or POST) * * Builds an authentication request. Depending of the SSO protocol profile of * the identity provider (defined in metadata file), the data for the sending of @@ -528,8 +527,7 @@ lasso_login_build_artifact_msg(LassoLogin *login, **/ gint lasso_login_build_authn_request_msg(LassoLogin *login, - const gchar *remote_providerID, - lassoHttpMethod http_method) + const gchar *remote_providerID) { LassoProvider *provider, *remote_provider; xmlChar *md_authnRequestsSigned = NULL; @@ -543,10 +541,6 @@ lasso_login_build_authn_request_msg(LassoLogin *login, g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); g_return_val_if_fail(remote_providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); - if (http_method != lassoHttpMethodRedirect && http_method != lassoHttpMethodPost) { - message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it must be REDIRECT or POST\n."); - return (LASSO_PARAM_ERROR_INVALID_VALUE); - } LASSO_PROFILE(login)->remote_providerID = g_strdup(remote_providerID); @@ -584,7 +578,7 @@ lasso_login_build_authn_request_msg(LassoLogin *login, goto done; } - if (http_method == lassoHttpMethodRedirect) { + if (login->http_method == lassoHttpMethodRedirect) { /* REDIRECT -> query */ if (must_sign) { query = lasso_node_export_to_query(LASSO_PROFILE(login)->request, @@ -610,7 +604,7 @@ lasso_login_build_authn_request_msg(LassoLogin *login, LASSO_PROFILE(login)->msg_body = NULL; g_free(query); } - else if (http_method == lassoHttpMethodPost) { + else if (login->http_method == lassoHttpMethodPost) { /* POST -> formular */ if (must_sign) { ret = lasso_samlp_request_abstract_sign_signature_tmpl(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request), @@ -774,20 +768,34 @@ lasso_login_dump(LassoLogin *login) } gint -lasso_login_init_authn_request(LassoLogin *login) +lasso_login_init_authn_request(LassoLogin *login, + lassoHttpMethod http_method) { g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); + if (http_method != lassoHttpMethodRedirect && http_method != lassoHttpMethodPost) { + message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it must be REDIRECT or POST\n."); + return (LASSO_PARAM_ERROR_INVALID_VALUE); + } - /* FIXME */ - LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID, - lassoSignatureTypeNone, - 0); - LASSO_PROFILE(login)->request_type = lassoMessageTypeAuthnRequest; + login->http_method = http_method; + + if (http_method == lassoHttpMethodPost) { + LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID, + lassoSignatureTypeWithX509, + lassoSignatureMethodRsaSha1); + } + else { + LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID, + lassoSignatureTypeNone, + 0); + } if (LASSO_PROFILE(login)->request == NULL) { return (-2); } + LASSO_PROFILE(login)->request_type = lassoMessageTypeAuthnRequest; + return (0); } diff --git a/lasso/id-ff/login.h b/lasso/id-ff/login.h index cd8daea7..aff97602 100644 --- a/lasso/id-ff/login.h +++ b/lasso/id-ff/login.h @@ -62,6 +62,7 @@ struct _LassoLogin { gchar *assertionArtifact; gchar *response_dump; /*< private >*/ + lassoHttpMethod http_method; LassoLoginPrivate *private; }; @@ -85,8 +86,7 @@ LASSO_EXPORT gint lasso_login_build_artifact_msg (LassoLogin lassoHttpMethod http_method); LASSO_EXPORT gint lasso_login_build_authn_request_msg (LassoLogin *login, - const gchar *remote_providerID, - lassoHttpMethod http_method); + const gchar *remote_providerID); LASSO_EXPORT gint lasso_login_build_authn_response_msg (LassoLogin *login, gboolean authentication_result, @@ -99,7 +99,8 @@ LASSO_EXPORT void lasso_login_destroy (LassoLogin *lo LASSO_EXPORT gchar* lasso_login_dump (LassoLogin *login); -LASSO_EXPORT gint lasso_login_init_authn_request (LassoLogin *login); +LASSO_EXPORT gint lasso_login_init_authn_request (LassoLogin *login, + lassoHttpMethod http_method); LASSO_EXPORT gint lasso_login_init_from_authn_request_msg (LassoLogin *login, gchar *authn_request_msg, diff --git a/python/lasso.py b/python/lasso.py index 461e5f4a..ce8ede4f 100644 --- a/python/lasso.py +++ b/python/lasso.py @@ -472,9 +472,9 @@ class Login(_ObjectMixin, lassomod.LassoLogin, _ProfileChild): if errorCode: raise newError(errorCode, 'lasso_login_build_artifact_msg') - def build_authn_request_msg(self, remote_providerID, http_method): + def build_authn_request_msg(self, remote_providerID): errorCode = lassomod.lasso_login_build_authn_request_msg( - self, remote_providerID, http_method) + self, remote_providerID) if errorCode: raise newError(errorCode, 'lasso_login_build_authn_request_msg') @@ -493,8 +493,8 @@ class Login(_ObjectMixin, lassomod.LassoLogin, _ProfileChild): def dump(self): return lassomod.lasso_login_dump(self) - def init_authn_request(self): - errorCode = lassomod.lasso_login_init_authn_request(self) + def init_authn_request(self, http_method): + errorCode = lassomod.lasso_login_init_authn_request(self, http_method) if errorCode: raise newError(errorCode, 'lasso_login_init_authn_request') diff --git a/python/tests/ServiceProvider.py b/python/tests/ServiceProvider.py index fdf3b7ff..b906dec9 100644 --- a/python/tests/ServiceProvider.py +++ b/python/tests/ServiceProvider.py @@ -223,7 +223,8 @@ class ServiceProviderMixin(Provider.ProviderMixin): return handler.respond(headers = headers, body = authnRequestEnvelopeMsg) else: login = lasso.Login(lassoServer) - login.init_authn_request() + login.init_authn_request(lasso.httpMethodRedirect) + #login.init_authn_request() failUnlessEqual(login.request_type, lasso.messageTypeAuthnRequest) if forceAuthn: login.request.set_forceAuthn(forceAuthn) @@ -233,7 +234,7 @@ class ServiceProviderMixin(Provider.ProviderMixin): login.request.set_consent(lasso.libConsentObtained) if relayState: login.request.set_relayState(relayState) - login.build_authn_request_msg(self.idpSite.providerId, lasso.httpMethodRedirect) + login.build_authn_request_msg(self.idpSite.providerId) authnRequestUrl = login.msg_url failUnless(authnRequestUrl) return handler.respondRedirectTemporarily(authnRequestUrl) diff --git a/swig/Lasso.i b/swig/Lasso.i index 42722d0f..28f82253 100644 --- a/swig/Lasso.i +++ b/swig/Lasso.i @@ -561,8 +561,7 @@ gint lasso_login_build_artifact_msg(LassoLogin *login, gint authentication_resul const gchar *reauthenticateOnOrAfter, lassoHttpMethod http_method); -gint lasso_login_build_authn_request_msg(LassoLogin *login, const gchar *remote_providerID, - lassoHttpMethod http_method); +gint lasso_login_build_authn_request_msg(LassoLogin *login, const gchar *remote_providerID); gint lasso_login_build_authn_response_msg(LassoLogin *login, gint authentication_result, const gchar *authenticationMethod, @@ -573,7 +572,7 @@ gint lasso_login_build_request_msg(LassoLogin *login); %newobject lasso_login_dump; gchar* lasso_login_dump(LassoLogin *login); -gint lasso_login_init_authn_request(LassoLogin *login); +gint lasso_login_init_authn_request(LassoLogin *login, lassoHttpMethod http_method); gint lasso_login_init_from_authn_request_msg(LassoLogin *login, gchar *authn_request_msg, lassoHttpMethod authn_request_http_method); diff --git a/tests/login_tests.c b/tests/login_tests.c index ad65c902..6b261f30 100644 --- a/tests/login_tests.c +++ b/tests/login_tests.c @@ -104,7 +104,7 @@ START_TEST(test02_serviceProviderLogin) spLoginContext = lasso_login_new(spContext); fail_unless(spLoginContext != NULL, "lasso_login_new() shouldn't have returned NULL"); - rc = lasso_login_init_authn_request(spLoginContext); + rc = lasso_login_init_authn_request(spLoginContext, lassoHttpMethodRedirect); fail_unless(rc == 0, "lasso_login_init_authn_request failed"); fail_unless(LASSO_PROFILE(spLoginContext)->request_type == \ lassoMessageTypeAuthnRequest, "request_type should be AuthnRequest"); @@ -115,8 +115,7 @@ START_TEST(test02_serviceProviderLogin) lasso_lib_authn_request_set_consent(request, lassoLibConsentObtained); relayState = "fake"; lasso_lib_authn_request_set_relayState(request, "fake"); - rc = lasso_login_build_authn_request_msg(spLoginContext, "https://idp1/metadata", - lassoHttpMethodRedirect); + rc = lasso_login_build_authn_request_msg(spLoginContext, "https://idp1/metadata"); fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed"); authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url; fail_unless(authnRequestUrl != NULL, |