summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lasso/Attic/protocols/single_sign_on_and_federation.c75
-rw-r--r--lasso/Attic/protocols/single_sign_on_and_federation.h4
-rw-r--r--lasso/xml/lib_authn_request.c22
-rw-r--r--lasso/xml/lib_authn_request.h4
-rwxr-xr-xpython/examples/test.py8
-rw-r--r--python/protocols/py_single_sign_on_and_federation.c36
6 files changed, 100 insertions, 49 deletions
diff --git a/lasso/Attic/protocols/single_sign_on_and_federation.c b/lasso/Attic/protocols/single_sign_on_and_federation.c
index b5e94979..18010cef 100644
--- a/lasso/Attic/protocols/single_sign_on_and_federation.c
+++ b/lasso/Attic/protocols/single_sign_on_and_federation.c
@@ -36,8 +36,8 @@ lasso_authn_request_build_full(const xmlChar *requestID,
const xmlChar *issueInstant,
const xmlChar *providerID,
const xmlChar *nameIDPolicy,
- const xmlChar *forceAuthn,
- const xmlChar *isPassive,
+ gint forceAuthn,
+ gint isPassive,
const xmlChar *protocolProfile,
const xmlChar *assertionConsumerServiceID,
GPtrArray *authnContextClassRefs,
@@ -50,6 +50,7 @@ lasso_authn_request_build_full(const xmlChar *requestID,
{
LassoNode *request, *authn_context, *scoping;
gint i;
+ gboolean authn_context_ok = FALSE;
/* create a new AuthnRequestinstance */
request = lasso_lib_authn_request_new();
@@ -94,8 +95,7 @@ lasso_authn_request_build_full(const xmlChar *requestID,
}
/* ProviderID */
- lasso_lib_authn_request_set_providerID(LASSO_LIB_AUTHN_REQUEST(request),
- providerID);
+ lasso_lib_authn_request_set_providerID(LASSO_LIB_AUTHN_REQUEST(request), providerID);
/* NameIDPolicy */
if (nameIDPolicy != NULL) {
@@ -103,14 +103,10 @@ lasso_authn_request_build_full(const xmlChar *requestID,
}
/* ForceAuthn */
- if (forceAuthn != NULL) {
- lasso_lib_authn_request_set_forceAuthn(LASSO_LIB_AUTHN_REQUEST(request), forceAuthn);
- }
+ lasso_lib_authn_request_set_forceAuthn(LASSO_LIB_AUTHN_REQUEST(request), forceAuthn);
/* IsPassive */
- if (isPassive != NULL) {
- lasso_lib_authn_request_set_isPassive(LASSO_LIB_AUTHN_REQUEST(request), isPassive);
- }
+ lasso_lib_authn_request_set_isPassive(LASSO_LIB_AUTHN_REQUEST(request), isPassive);
/* ProtocolProfile */
if (protocolProfile != NULL) {
@@ -124,20 +120,37 @@ lasso_authn_request_build_full(const xmlChar *requestID,
}
/* AuthnContext */
- if (authnContextClassRefs != NULL || authnContextStatementRefs != NULL) {
+ if (authnContextClassRefs != NULL) {
+ if (authnContextClassRefs->len > 0) {
+ authn_context_ok = TRUE;
+ }
+ }
+ if (!authn_context_ok && authnContextStatementRefs != NULL) {
+ if (authnContextStatementRefs->len > 0) {
+ authn_context_ok = TRUE;
+ }
+ }
+
+ if (authn_context_ok) {
/* create a new AuthnContext instance */
authn_context = lasso_lib_request_authn_context_new();
/* AuthnContextClassRefs */
if (authnContextClassRefs != NULL) {
- for(i=0; i<authnContextClassRefs->len; i++) {
- lasso_lib_request_authn_context_add_authnContextClassRef(LASSO_LIB_REQUEST_AUTHN_CONTEXT(authn_context),
- lasso_g_ptr_array_index(authnContextClassRefs, i));
+ if (authnContextClassRefs->len > 0) {
+ for(i=0; i<authnContextClassRefs->len; i++) {
+ lasso_lib_request_authn_context_add_authnContextClassRef(LASSO_LIB_REQUEST_AUTHN_CONTEXT(authn_context),
+ lasso_g_ptr_array_index(authnContextClassRefs, i));
+ }
}
}
/* AuthnContextStatementRefs */
- for(i=0; i<authnContextStatementRefs->len; i++) {
- lasso_lib_request_authn_context_add_authnContextStatementRef(LASSO_LIB_REQUEST_AUTHN_CONTEXT(authn_context),
- lasso_g_ptr_array_index(authnContextStatementRefs, i));
+ if (authnContextStatementRefs != NULL) {
+ if (authnContextStatementRefs->len > 0) {
+ for(i=0; i<authnContextStatementRefs->len; i++) {
+ lasso_lib_request_authn_context_add_authnContextStatementRef(LASSO_LIB_REQUEST_AUTHN_CONTEXT(authn_context),
+ lasso_g_ptr_array_index(authnContextStatementRefs, i));
+ }
+ }
}
/* AuthnContextComparison */
if (authnContextComparison != NULL) {
@@ -175,8 +188,8 @@ lasso_authn_request_build_full(const xmlChar *requestID,
lassoAuthnRequest *
lasso_authn_request_create(const xmlChar *providerID,
const xmlChar *nameIDPolicy,
- const xmlChar *forceAuthn,
- const xmlChar *isPassive,
+ gint forceAuthn,
+ gint isPassive,
const xmlChar *protocolProfile,
const xmlChar *assertionConsumerServiceID,
GPtrArray *authnContextClassRefs,
@@ -225,6 +238,8 @@ lasso_authn_response_create(xmlChar *query,
lassoAuthnResponse *lares;
GData *gd;
gboolean forceAuthn = FALSE;
+ gboolean isPassive = TRUE;
+ const gchar *authnContextComparison = lassoLibAuthnContextComparisonExact;
gint proxyCount = 0;
lares = g_malloc(sizeof(lassoAuthnResponse));
@@ -246,19 +261,35 @@ lasso_authn_response_create(xmlChar *query,
if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProxyCount"), 0) != NULL) {
proxyCount = atoi(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProxyCount"), 0));
}
+ /* if forceAuthn exists, convert it into integer */
+ if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "forceAuthn"), 0) != NULL) {
+ forceAuthn = atoi(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0));
+ }
+ /* if isPassive exists, convert it into integer */
+ if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0) != NULL) {
+ isPassive = atoi(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0));
+ }
+ /* if isPassive exists, convert it into integer */
+ if (g_datalist_get_data(&gd, "AuthnContextClassRef") != NULL ||
+ g_datalist_get_data(&gd, "AuthnContextStatementRef") != NULL) {
+ if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AuthnContextComparison"), 0) != NULL) {
+ authnContextComparison = lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AuthnContextComparison"), 0);
+ }
+ }
+
lares->request_node = lasso_authn_request_build_full(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RequestID"), 0),
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "MajorVersion"), 0),
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "MinorVersion"), 0),
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IssueInstance"), 0),
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProviderID"), 0),
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "NameIDPolicy"), 0),
- lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0),
- lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0),
+ forceAuthn,
+ isPassive,
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProtocolProfile"), 0),
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AssertionConsumerServiceID"), 0),
(GPtrArray *)g_datalist_get_data(&gd, "AuthnContextClassRef"),
(GPtrArray *)g_datalist_get_data(&gd, "AuthnContextStatementRef"),
- lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AuthnContextComparison"), 0),
+ authnContextComparison,
lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RelayState"), 0),
proxyCount,
(GPtrArray *)g_datalist_get_data(&gd, "IDPList"),
diff --git a/lasso/Attic/protocols/single_sign_on_and_federation.h b/lasso/Attic/protocols/single_sign_on_and_federation.h
index dfa81ab7..736c1198 100644
--- a/lasso/Attic/protocols/single_sign_on_and_federation.h
+++ b/lasso/Attic/protocols/single_sign_on_and_federation.h
@@ -53,8 +53,8 @@ struct _lassoAuthnResponse {
lassoAuthnRequest *lasso_authn_request_create(const xmlChar *providerID,
const xmlChar *nameIDPolicy,
- const xmlChar *forceAuthn,
- const xmlChar *isPassive,
+ gint forceAuthn,
+ gint isPassive,
const xmlChar *protocolProfile,
const xmlChar *assertionConsumerServiceID,
GPtrArray *authnContextClassRefs,
diff --git a/lasso/xml/lib_authn_request.c b/lasso/xml/lib_authn_request.c
index f5b8e8d7..08b9917d 100644
--- a/lasso/xml/lib_authn_request.c
+++ b/lasso/xml/lib_authn_request.c
@@ -117,22 +117,32 @@ lasso_lib_authn_request_set_consent(LassoLibAuthnRequest *node,
void
lasso_lib_authn_request_set_forceAuthn(LassoLibAuthnRequest *node,
- const xmlChar *forceAuthn) {
+ gint forceAuthn) {
g_assert(LASSO_IS_LIB_AUTHN_REQUEST(node));
- g_assert(forceAuthn != NULL);
+ g_assert(forceAuthn == 0 || forceAuthn == 1);
LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
- class->new_child(LASSO_NODE (node), "ForceAuthn", forceAuthn, FALSE);
+ if (forceAuthn == 0) {
+ class->new_child(LASSO_NODE (node), "ForceAuthn", "false", FALSE);
+ }
+ if (forceAuthn == 1) {
+ class->new_child(LASSO_NODE (node), "ForceAuthn", "true", FALSE);
+ }
}
void
lasso_lib_authn_request_set_isPassive(LassoLibAuthnRequest *node,
- const xmlChar *isPassive) {
+ gint isPassive) {
g_assert(LASSO_IS_LIB_AUTHN_REQUEST(node));
- g_assert(isPassive != NULL);
+ g_assert(isPassive == 0 || isPassive == 1);
LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
- class->new_child(LASSO_NODE (node), "IsPassive", isPassive, FALSE);
+ if (isPassive == 0) {
+ class->new_child(LASSO_NODE (node), "IsPassive", "false", FALSE);
+ }
+ if (isPassive == 1) {
+ class->new_child(LASSO_NODE (node), "IsPassive", "true", FALSE);
+ }
}
/**
diff --git a/lasso/xml/lib_authn_request.h b/lasso/xml/lib_authn_request.h
index 4c7be627..1717146c 100644
--- a/lasso/xml/lib_authn_request.h
+++ b/lasso/xml/lib_authn_request.h
@@ -65,10 +65,10 @@ LASSO_EXPORT void lasso_lib_authn_request_set_consent (LassoL
const xmlChar *);
LASSO_EXPORT void lasso_lib_authn_request_set_forceAuthn (LassoLibAuthnRequest *,
- const xmlChar *);
+ gint);
LASSO_EXPORT void lasso_lib_authn_request_set_isPassive (LassoLibAuthnRequest *,
- const xmlChar *);
+ gint);
LASSO_EXPORT void lasso_lib_authn_request_set_nameIDPolicy (LassoLibAuthnRequest *node,
const xmlChar *nameIDPolicy);
diff --git a/python/examples/test.py b/python/examples/test.py
index aa32bdce..b5bf8816 100755
--- a/python/examples/test.py
+++ b/python/examples/test.py
@@ -8,13 +8,13 @@ print lasso.init()
req = lasso.AuthnRequest("providerid.com",
"federated",
- "false",
- "true",
+ 0,
+ 1,
"pp", # None
"3",
["test"],
- [],
- "1", # None
+ None,
+ lasso.LibAuthnContextComparisonExact, # None
"encoded_RelayState", # None
0,
None,
diff --git a/python/protocols/py_single_sign_on_and_federation.c b/python/protocols/py_single_sign_on_and_federation.c
index bf62a039..a18b2ea7 100644
--- a/python/protocols/py_single_sign_on_and_federation.c
+++ b/python/protocols/py_single_sign_on_and_federation.c
@@ -73,22 +73,22 @@ PyObject *authn_request_create(PyObject *self, PyObject *args) {
PyObject *authnContextClassRefs_obj, *authnContextStatementRefs_obj;
PyObject *idpList_obj;
const xmlChar *providerID;
- const xmlChar *nameIDPolicy;
- const xmlChar *forceAuthn;
- const xmlChar *isPassive;
- const xmlChar *protocolProfile;
- const xmlChar *assertionConsumerServiceID;
- //GPtrArray *authnContextClassRefs = NULL;
- //GPtrArray *authnContextStatementRefs = NULL;
- const xmlChar *authnContextComparison;
- const xmlChar *relayState;
+ const xmlChar *nameIDPolicy = NULL;
+ gint forceAuthn;
+ gint isPassive;
+ const xmlChar *protocolProfile = NULL;
+ const xmlChar *assertionConsumerServiceID = NULL;
+ GPtrArray *authnContextClassRefs = NULL;
+ GPtrArray *authnContextStatementRefs = NULL;
+ const xmlChar *authnContextComparison = NULL;
+ const xmlChar *relayState = NULL;
gint proxyCount;
GPtrArray *idpList = NULL;
- const xmlChar *consent;
+ const xmlChar *consent = NULL;
lassoAuthnRequest *request;
- if(!PyArg_ParseTuple(args, (char *) "ssssssOOssiOs:authn_request_create",
+ if(!PyArg_ParseTuple(args, (char *) "sziizz|O|OzziOz:authn_request_create",
&providerID, &nameIDPolicy, &forceAuthn, &isPassive,
&protocolProfile, &assertionConsumerServiceID,
&authnContextClassRefs_obj, &authnContextStatementRefs_obj,
@@ -96,14 +96,24 @@ PyObject *authn_request_create(PyObject *self, PyObject *args) {
&idpList_obj, &consent))
return NULL;
+ if (authnContextClassRefs_obj != Py_None) {
+ authnContextClassRefs = PythonStringList2_get(authnContextClassRefs_obj);
+ }
+ if (authnContextStatementRefs_obj != Py_None) {
+ authnContextStatementRefs = PythonStringList2_get(authnContextStatementRefs_obj);
+ }
+ if (idpList_obj != Py_None) {
+ idpList = PythonStringList2_get(idpList_obj);
+ }
+
request = lasso_authn_request_create(providerID,
nameIDPolicy,
forceAuthn,
isPassive,
protocolProfile,
assertionConsumerServiceID,
- PythonStringList2_get(authnContextClassRefs_obj),
- PythonStringList2_get(authnContextStatementRefs_obj),
+ authnContextClassRefs,
+ authnContextStatementRefs,
authnContextComparison,
relayState,
proxyCount,
generated by cgit (git 2.34.1) at 2026-01-06 03:00:40 +0000