diff options
| -rw-r--r-- | lasso/Attic/protocols/single_sign_on_and_federation.c | 269 | ||||
| -rw-r--r-- | lasso/Attic/protocols/single_sign_on_and_federation.h | 68 | ||||
| -rw-r--r-- | lasso/xml/lib_idp_provided_name_identifier.c | 11 | ||||
| -rw-r--r-- | lasso/xml/lib_idp_provided_name_identifier.h | 2 | ||||
| -rw-r--r-- | lasso/xml/lib_subject.c | 10 | ||||
| -rw-r--r-- | lasso/xml/strings.c | 19 | ||||
| -rw-r--r-- | lasso/xml/strings.h | 19 | ||||
| -rw-r--r-- | python/lassomod.c | 2 | ||||
| -rw-r--r-- | python/protocols/py_single_sign_on_and_federation.c | 28 | ||||
| -rw-r--r-- | python/protocols/py_single_sign_on_and_federation.h | 2 |
10 files changed, 283 insertions, 147 deletions
diff --git a/lasso/Attic/protocols/single_sign_on_and_federation.c b/lasso/Attic/protocols/single_sign_on_and_federation.c index f76865be..b5e94979 100644 --- a/lasso/Attic/protocols/single_sign_on_and_federation.c +++ b/lasso/Attic/protocols/single_sign_on_and_federation.c @@ -173,19 +173,19 @@ lasso_authn_request_build_full(const xmlChar *requestID, } lassoAuthnRequest * -lasso_authn_request_build(const xmlChar *providerID, - const xmlChar *nameIDPolicy, - const xmlChar *forceAuthn, - const xmlChar *isPassive, - const xmlChar *protocolProfile, - const xmlChar *assertionConsumerServiceID, - GPtrArray *authnContextClassRefs, - GPtrArray *authnContextStatementRefs, - const xmlChar *authnContextComparison, - const xmlChar *relayState, - gint proxyCount, - GPtrArray *idpList, - const xmlChar *consent) +lasso_authn_request_create(const xmlChar *providerID, + const xmlChar *nameIDPolicy, + const xmlChar *forceAuthn, + const xmlChar *isPassive, + const xmlChar *protocolProfile, + const xmlChar *assertionConsumerServiceID, + GPtrArray *authnContextClassRefs, + GPtrArray *authnContextStatementRefs, + const xmlChar *authnContextComparison, + const xmlChar *relayState, + gint proxyCount, + GPtrArray *idpList, + const xmlChar *consent) { lassoAuthnRequest *lareq; @@ -219,11 +219,8 @@ lasso_authn_response_create(xmlChar *query, gboolean verifySignature, const xmlChar *public_key, const xmlChar *private_key, - gboolean isAuthenticated, - gboolean *isPassive, - gboolean *mustAuthenticate, - GPtrArray *authenticationMethods, - xmlChar *authnContextComparison) + const xmlChar *certificate, + gboolean isAuthenticated) { lassoAuthnResponse *lares; GData *gd; @@ -232,6 +229,9 @@ lasso_authn_response_create(xmlChar *query, lares = g_malloc(sizeof(lassoAuthnResponse)); lares->request_query = query; + lares->public_key = public_key; + lares->private_key = private_key; + lares->certificate = certificate; if (verifySignature == TRUE) { if (lasso_str_verify(query, public_key, private_key) != 1) { @@ -246,36 +246,36 @@ lasso_authn_response_create(xmlChar *query, if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProxyCount"), 0) != NULL) { proxyCount = atoi(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProxyCount"), 0)); } - lares->node = lasso_authn_request_build_full(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RequestID"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "MajorVersion"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "MinorVersion"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IssueInstance"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProviderID"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "NameIDPolicy"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProtocolProfile"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AssertionConsumerServiceID"), 0), - (GPtrArray *)g_datalist_get_data(&gd, "AuthnContextClassRef"), - (GPtrArray *)g_datalist_get_data(&gd, "AuthnContextStatementRef"), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AuthnContextComparison"), 0), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RelayState"), 0), - proxyCount, - (GPtrArray *)g_datalist_get_data(&gd, "IDPList"), - lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "consent"), 0)); + lares->request_node = lasso_authn_request_build_full(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RequestID"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "MajorVersion"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "MinorVersion"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IssueInstance"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProviderID"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "NameIDPolicy"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProtocolProfile"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AssertionConsumerServiceID"), 0), + (GPtrArray *)g_datalist_get_data(&gd, "AuthnContextClassRef"), + (GPtrArray *)g_datalist_get_data(&gd, "AuthnContextStatementRef"), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "AuthnContextComparison"), 0), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RelayState"), 0), + proxyCount, + (GPtrArray *)g_datalist_get_data(&gd, "IDPList"), + lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "consent"), 0)); } - lasso_node_dump(lares->node, "iso-8859-1", 1); + lasso_node_dump(lares->request_node, "iso-8859-1", 1); if (lares->node == NULL) { return (NULL); } if (xmlStrEqual((xmlChar *)lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0), "true")) { - *isPassive = TRUE; + lares->isPassive = TRUE; } else { - *isPassive = FALSE; + lares->isPassive = FALSE; } if (xmlStrEqual(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0), "true")){ @@ -287,24 +287,23 @@ lasso_authn_response_create(xmlChar *query, /* we can freed gd */ g_datalist_clear(&gd); - *mustAuthenticate = FALSE; - //if ((forceAuthn == TRUE) || (isAuthenticated == TRUE)) { - if (forceAuthn == TRUE && isAuthenticated == TRUE && *isPassive != TRUE) { - *mustAuthenticate = TRUE; + lares->mustAuthenticate = FALSE; + if ((forceAuthn == TRUE || isAuthenticated == FALSE) && lares->isPassive == FALSE) { + lares->mustAuthenticate = TRUE; } return (lares); } gint -lasso_authn_response_build(lassoAuthnResponse *lares, - const xmlChar *providerID, - gboolean authentication_result, - GPtrArray *nameIdentifiers) +lasso_authn_response_init(lassoAuthnResponse *lares, + const xmlChar *providerID, + gboolean authentication_result) { LassoNode *response; + LassoNode *status, *status_code; xmlChar *content; - gint status_code = 0; + gint status_code_value = 1; response = lasso_lib_authn_response_new(); @@ -319,53 +318,78 @@ lasso_authn_response_build(lassoAuthnResponse *lares, lasso_lib_authn_response_set_providerID(LASSO_LIB_AUTHN_RESPONSE(response), providerID); + /* StatusCode value */ if (authentication_result == TRUE) { content = lasso_node_get_content(lasso_node_get_child(lares->request_node, "NameIDPolicy")); - if (content == NULL) { - printf("Pas de NameIDPolicy\n"); - status_code = 1; + if (xmlStrEqual(content, "none") || content == NULL) { + printf("Pas de NameIDPolicy ou None\n"); + status_code_value = 0; } - else - printf("NameIDPolicy = %s\n", content); xmlFree(content); } else - status_code = 0; + status_code_value = 0; + /* Add Status */ + status = lasso_samlp_status_new(); + status_code = lasso_samlp_status_code_new(); + if (status_code_value == 0) + lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code), lassoSamlStatusCodeRequestDenied); + else + lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code), lassoSamlStatusCodeSuccess); + lasso_samlp_status_set_statusCode(LASSO_SAMLP_STATUS(status), LASSO_SAMLP_STATUS_CODE(status_code)); + lasso_samlp_response_set_status(LASSO_SAMLP_RESPONSE(response), LASSO_SAMLP_STATUS(status)); + + /* RelayState */ content = lasso_node_get_content(lasso_node_get_child(lares->request_node, "RelayState")); if (content != NULL) { lasso_lib_authn_response_set_relayState(LASSO_LIB_AUTHN_RESPONSE(response), content); } xmlFree(content); + /* InResponseTo */ + content = xmlNodeGetContent((xmlNodePtr)lasso_node_get_attr(lares->request_node, "RequestID")); + if (content != NULL) { + lasso_samlp_response_abstract_set_inResponseTo(LASSO_SAMLP_RESPONSE_ABSTRACT(response), + content); + } + xmlFree(content); + lares->node = response; } -LassoNode * -lasso_response_build_full(LassoNode *request, - const xmlChar *providerID) +gint +lasso_authn_response_add_assertion(lassoAuthnResponse *lares, + LassoNode *assertion) { - LassoNode *response; - - response = lasso_samlp_response_new(); - - lasso_samlp_response_abstract_set_responseID(LASSO_SAMLP_RESPONSE_ABSTRACT(response), - (const xmlChar *)lasso_build_unique_id(32)); - lasso_samlp_response_abstract_set_majorVersion(LASSO_SAMLP_RESPONSE_ABSTRACT(response), - lassoSamlMajorVersion); - lasso_samlp_response_abstract_set_minorVersion(LASSO_SAMLP_RESPONSE_ABSTRACT(response), - lassoSamlMinorVersion); - lasso_samlp_response_abstract_set_issueInstance(LASSO_SAMLP_RESPONSE_ABSTRACT(response), - lasso_get_current_time()); - - return (response); + xmlDocPtr doc; + LassoNode *signature; + + /* FIXME : Signature */ + doc = xmlNewDoc("1.0"); // <--- + xmlAddChild((xmlNodePtr)doc, LASSO_NODE_GET_CLASS(lares->node)->get_xmlNode(lares->node)); + + signature = lasso_ds_signature_new(doc, xmlSecTransformRsaSha1Id); + lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), + LASSO_DS_SIGNATURE(signature)); + lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(lares->node), + LASSO_LIB_ASSERTION(assertion)); + lasso_ds_signature_sign(LASSO_DS_SIGNATURE(signature), + lares->private_key, + lares->certificate); + + lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(lares->node), + LASSO_LIB_ASSERTION(assertion)); + + return (0); } LassoNode * -lasso_assertion_build(const xmlChar *inResponseTo, +lasso_assertion_build(lassoAuthnResponse *lares, const xmlChar *issuer) { - LassoNode *assertion, *subject; + LassoNode *assertion, *statement, *subject; + xmlChar *content; assertion = lasso_lib_assertion_new(); @@ -378,40 +402,103 @@ lasso_assertion_build(const xmlChar *inResponseTo, lasso_saml_assertion_set_issueInstance(LASSO_SAML_ASSERTION(assertion), lasso_get_current_time()); - lasso_lib_assertion_set_inResponseTo(LASSO_LIB_ASSERTION(assertion), - inResponseTo); - lasso_saml_assertion_set_issuer(LASSO_SAML_ASSERTION(assertion), issuer); - + + /* InResponseTo */ + content = xmlNodeGetContent((xmlNodePtr)lasso_node_get_attr(lares->request_node, "RequestID")); + if (content != NULL) { + lasso_lib_assertion_set_inResponseTo(LASSO_LIB_ASSERTION(assertion), + content); + } + xmlFree(content); + return (assertion); } +gint +lasso_assertion_add_authenticationStatement(LassoNode *assertion, + LassoNode *statement) +{ + lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion), + LASSO_LIB_AUTHENTICATION_STATEMENT(statement)); + return (1); +} + LassoNode * -lasso_authenticationStatement_build(const xmlChar *authenticationMethod, - LassoNode *nameIdentifier, - LassoNode *idpProvidedNameIdentifier) +lasso_authentication_statement_build(const xmlChar *authenticationMethod, + const xmlChar *sessionIndex, + const xmlChar *reauthenticateOnOrAfter, + const xmlChar *nameIdentifier, + const xmlChar *nameQualifier, + const xmlChar *format, + const xmlChar *idp_nameIdentifier, + const xmlChar *idp_nameQualifier, + const xmlChar *idp_format, + const xmlChar *confirmationMethod) { LassoNode *statement, *subject; - + LassoNode *identifier, *idp_identifier, *subject_confirmation; + statement = lasso_lib_authentication_statement_new(); - lasso_saml_authentication_statement_set_authenticationMethod(LASSO_SAML_AUTHENTICATION_STATEMENT(statement), authenticationMethod); - lasso_saml_authentication_statement_set_authenticationInstant(LASSO_SAML_AUTHENTICATION_STATEMENT(statement), lasso_get_current_time()); - + if (sessionIndex != NULL) { + lasso_lib_authentication_statement_set_sessionIndex(LASSO_LIB_AUTHENTICATION_STATEMENT(statement), + sessionIndex); + } + lasso_lib_authentication_statement_set_reauthenticateOnOrAfter(LASSO_LIB_AUTHENTICATION_STATEMENT(statement), + reauthenticateOnOrAfter); + subject = lasso_lib_subject_new(); - + identifier = lasso_saml_name_identifier_new(nameIdentifier); + lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(identifier), + nameQualifier); + lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(identifier), + format); lasso_saml_subject_set_nameIdentifier(LASSO_SAML_SUBJECT(subject), - LASSO_SAML_NAME_IDENTIFIER(nameIdentifier)); - + LASSO_SAML_NAME_IDENTIFIER(identifier)); + idp_identifier = lasso_lib_idp_provided_name_identifier_new(idp_nameIdentifier); + lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(idp_identifier), + idp_nameQualifier); + lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(idp_identifier), + idp_format); + lasso_saml_subject_set_nameIdentifier(LASSO_SAML_SUBJECT(subject), + LASSO_SAML_NAME_IDENTIFIER(idp_identifier)); lasso_lib_subject_set_idpProvidedNameIdentifier(LASSO_LIB_SUBJECT(subject), - LASSO_LIB_IDP_PROVIDED_NAME_IDENTIFIER(idpProvidedNameIdentifier)); - - lasso_saml_subject_statement_abstract_set_subject(LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(statement), - LASSO_SAML_SUBJECT(subject)); - + LASSO_LIB_IDP_PROVIDED_NAME_IDENTIFIER(idp_identifier)); + subject_confirmation = lasso_saml_subject_confirmation_new(); + lasso_saml_subject_confirmation_set_subjectConfirmationMethod(LASSO_SAML_SUBJECT_CONFIRMATION(subject_confirmation), + confirmationMethod); + lasso_saml_subject_set_subjectConfirmation(LASSO_SAML_SUBJECT(subject), + LASSO_SAML_SUBJECT_CONFIRMATION(subject_confirmation)); + + if (confirmationMethod != NULL) { + lasso_saml_subject_statement_abstract_set_subject(LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(statement), + LASSO_SAML_SUBJECT(subject)); + } + return (statement); } + +LassoNode * +lasso_response_build_full(LassoNode *request, + const xmlChar *providerID) +{ + LassoNode *response; + + response = lasso_samlp_response_new(); + + lasso_samlp_response_abstract_set_responseID(LASSO_SAMLP_RESPONSE_ABSTRACT(response), + (const xmlChar *)lasso_build_unique_id(32)); + lasso_samlp_response_abstract_set_majorVersion(LASSO_SAMLP_RESPONSE_ABSTRACT(response), + lassoSamlMajorVersion); + lasso_samlp_response_abstract_set_minorVersion(LASSO_SAMLP_RESPONSE_ABSTRACT(response), + lassoSamlMinorVersion); + lasso_samlp_response_abstract_set_issueInstance(LASSO_SAMLP_RESPONSE_ABSTRACT(response), + lasso_get_current_time()); + + return (response); +} diff --git a/lasso/Attic/protocols/single_sign_on_and_federation.h b/lasso/Attic/protocols/single_sign_on_and_federation.h index 16f0bad6..dfa81ab7 100644 --- a/lasso/Attic/protocols/single_sign_on_and_federation.h +++ b/lasso/Attic/protocols/single_sign_on_and_federation.h @@ -44,48 +44,60 @@ struct _lassoAuthnResponse { LassoNode *node; xmlChar *request_query; LassoNode *request_node; + gboolean isPassive; + gboolean mustAuthenticate; const xmlChar *public_key; const xmlChar *private_key; + const xmlChar *certificate; }; -lassoAuthnRequest *lasso_authn_request_build(const xmlChar *providerID, - const xmlChar *nameIDPolicy, - const xmlChar *forceAuthn, - const xmlChar *isPassive, - const xmlChar *protocolProfile, - const xmlChar *assertionConsumerServiceID, - GPtrArray *authnContextClassRefs, - GPtrArray *authnContextStatementRefs, - const xmlChar *authnContextComparison, - const xmlChar *relayState, - gint proxyCount, - GPtrArray *idpList, - const xmlChar *consent); +lassoAuthnRequest *lasso_authn_request_create(const xmlChar *providerID, + const xmlChar *nameIDPolicy, + const xmlChar *forceAuthn, + const xmlChar *isPassive, + const xmlChar *protocolProfile, + const xmlChar *assertionConsumerServiceID, + GPtrArray *authnContextClassRefs, + GPtrArray *authnContextStatementRefs, + const xmlChar *authnContextComparison, + const xmlChar *relayState, + gint proxyCount, + GPtrArray *idpList, + const xmlChar *consent); lassoAuthnResponse *lasso_authn_response_create(xmlChar *query, gboolean verifySignature, const xmlChar *public_key, const xmlChar *private_key, - gboolean isAuthenticated, - gboolean *isPassive, - gboolean *mustAuthenticate, - GPtrArray *authenticationMethods, - xmlChar *authnContextComparison); + const xmlChar *certificate, + gboolean isAuthenticated); -gint lasso_authn_response_build(lassoAuthnResponse *lares, - const xmlChar *providerID, - gboolean authentication_result, - GPtrArray *nameIdentifiers); +gint lasso_authn_response_init(lassoAuthnResponse *lares, + const xmlChar *providerID, + gboolean authentication_result); -LassoNode *lasso_response_build_full(LassoNode *request, - const xmlChar *providerID); +gint lasso_authn_response_add_assertion(lassoAuthnResponse *lares, + LassoNode *assertion); -LassoNode *lasso_assertion_build(const xmlChar *inResponseTo, +LassoNode *lasso_assertion_build(lassoAuthnResponse *lares, const xmlChar *issuer); -LassoNode *lasso_authenticationStatement_build(const xmlChar *authenticationMethod, - LassoNode *nameIdentifier, - LassoNode *idpProvidedNameIdentifier); +gint lasso_assertion_add_authenticationStatement(LassoNode *assertion, + LassoNode *statement); + +LassoNode *lasso_authentication_statement_build(const xmlChar *authenticationMethod, + const xmlChar *sessionIndex, + const xmlChar *reauthenticateOnOrAfter, + const xmlChar *nameIdentifier, + const xmlChar *nameQualifier, + const xmlChar *format, + const xmlChar *idp_nameIdentifier, + const xmlChar *idp_nameQualifier, + const xmlChar *idp_format, + const xmlChar *confirmationMethod); + +LassoNode *lasso_response_build_full(LassoNode *request, + const xmlChar *providerID); #ifdef __cplusplus } diff --git a/lasso/xml/lib_idp_provided_name_identifier.c b/lasso/xml/lib_idp_provided_name_identifier.c index 224e85f7..9c17a33e 100644 --- a/lasso/xml/lib_idp_provided_name_identifier.c +++ b/lasso/xml/lib_idp_provided_name_identifier.c @@ -72,7 +72,14 @@ GType lasso_lib_idp_provided_name_identifier_get_type() { return this_type; } -LassoNode* lasso_lib_idp_provided_name_identifier_new() { - return LASSO_NODE(g_object_new(LASSO_TYPE_LIB_IDP_PROVIDED_NAME_IDENTIFIER, +LassoNode* lasso_lib_idp_provided_name_identifier_new(xmlChar *content) { + LassoNode *node; + + g_assert(content != NULL); + + node = LASSO_NODE(g_object_new(LASSO_TYPE_LIB_IDP_PROVIDED_NAME_IDENTIFIER, NULL)); + xmlNodeSetContent(LASSO_NODE_GET_CLASS(node)->get_xmlNode(node), + content); + return (node); } diff --git a/lasso/xml/lib_idp_provided_name_identifier.h b/lasso/xml/lib_idp_provided_name_identifier.h index b91e042c..0de7d485 100644 --- a/lasso/xml/lib_idp_provided_name_identifier.h +++ b/lasso/xml/lib_idp_provided_name_identifier.h @@ -51,7 +51,7 @@ struct _LassoLibIDPProvidedNameIdentifierClass { }; LASSO_EXPORT GType lasso_lib_idp_provided_name_identifier_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_idp_provided_name_identifier_new(void); +LASSO_EXPORT LassoNode* lasso_lib_idp_provided_name_identifier_new(xmlChar *content); #ifdef __cplusplus } diff --git a/lasso/xml/lib_subject.c b/lasso/xml/lib_subject.c index 1c3a3446..38314708 100644 --- a/lasso/xml/lib_subject.c +++ b/lasso/xml/lib_subject.c @@ -29,11 +29,11 @@ The schema fragment (liberty-idff-protocols-schema-v1.2.xsd): <xs:complexType name="SubjectType"> <xs:complexContent> - <xs:extension base="saml:SubjectType"> - <xs:sequence> - <xs:element ref="IDPProvidedNameIdentifier"/> - </xs:sequence> - </xs:extension> + <xs:extension base="saml:SubjectType"> + <xs:sequence> + <xs:element ref="IDPProvidedNameIdentifier"/> + </xs:sequence> + </xs:extension> </xs:complexContent> </xs:complexType> <xs:element name="Subject" type="SubjectType" substitutionGroup="saml:Subject"/> diff --git a/lasso/xml/strings.c b/lasso/xml/strings.c index 0a432ac4..38cfcd0f 100644 --- a/lasso/xml/strings.c +++ b/lasso/xml/strings.c @@ -46,8 +46,6 @@ const gchar lassoLibAuthnContextComparisonBetter[] = "better"; /* StatusCodes */ const gchar lassoLibStatusCodeFederationDoesNotExist[] = "lib:FederationDoesNotExist"; const gchar lassoLibStatusCodeNoPassive[] = "lib:NoPassive"; -const gchar lassoLibStatusCodeRequestDenied[] = "lib:RequestDenied"; -const gchar lassoLibStatusCodeSuccess[] = "lib:Success"; /*****************************************************************************/ /* SAML */ @@ -57,3 +55,20 @@ const gchar lassoLibStatusCodeSuccess[] = "lib:Success"; const gchar lassoSamlMajorVersion[] = "1"; const gchar lassoSamlMinorVersion[] = "0"; +/* StatusCodes */ +const gchar lassoSamlStatusCodeRequestDenied[] = "Samlp:RequestDenied"; +const gchar lassoSamlStatusCodeSuccess[] = "Samlp:Success"; + +/* AuthenticationMethods */ +const gchar lassoSamlAuthenticationMethodPassword[] = "urn:oasis:names:tc:SAML:1.0:am:password"; +const gchar lassoSamlAuthenticationMethodKerberos[] = "urn:ietf:rfc:1510"; +const gchar lassoSamlAuthenticationMethodSecureRemotePassword[] = "urn:ietf:rfc:2945"; +const gchar lassoSamlAuthenticationMethodHardwareToken[] = "urn:oasis:names:tc:SAML:1.0:am:HardwareToken"; +const gchar lassoSamlAuthenticationMethodSmartcardPki[] = "urn:ietf:rfc:2246"; +const gchar lassoSamlAuthenticationMethodSoftwarePki[] = "urn:oasis:names:tc:SAML:1.0:am:X509-PKI"; +const gchar lassoSamlAuthenticationMethodPGP[] = "urn:oasis:names:tc:SAML:1.0:am:PGP"; +const gchar lassoSamlAuthenticationMethodSPki[] = "urn:oasis:names:tc:SAML:1.0:am:SPKI"; +const gchar lassoSamlAuthenticationMethodXkms[] = "urn:oasis:names:tc:SAML:1.0:am:XKMS"; +const gchar lassoSamlAuthenticationMethodXmlSign[] = "urn:ietf:rfc:3075"; +const gchar lassoSamlAuthenticationMethodUnspecified[] = "urn:oasis:names:tc:SAML:1.0:am:unspecified"; + diff --git a/lasso/xml/strings.h b/lasso/xml/strings.h index 298c31d9..4104e560 100644 --- a/lasso/xml/strings.h +++ b/lasso/xml/strings.h @@ -54,8 +54,6 @@ LASSO_EXPORT_VAR const gchar lassoLibAuthnContextComparisonBetter[]; /* StatusCodes */ LASSO_EXPORT_VAR const gchar lassoLibStatusCodeFederationDoesNotExist[]; LASSO_EXPORT_VAR const gchar lassoLibStatusCodeNoPassive[]; -LASSO_EXPORT_VAR const gchar lassoLibStatusCodeRequestDenied[]; -LASSO_EXPORT_VAR const gchar lassoLibStatusCodeSuccess[]; /*****************************************************************************/ /* SAML */ @@ -65,6 +63,23 @@ LASSO_EXPORT_VAR const gchar lassoLibStatusCodeSuccess[]; LASSO_EXPORT_VAR const gchar lassoSamlMajorVersion[]; LASSO_EXPORT_VAR const gchar lassoSamlMinorVersion[]; +/* StatusCodes */ +LASSO_EXPORT_VAR const gchar lassoSamlStatusCodeRequestDenied[]; +LASSO_EXPORT_VAR const gchar lassoSamlStatusCodeSuccess[]; + +/* AuthenticationMethods */ +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodPassword[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodKerberos[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodSecureRemotePassword[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodHardwareToken[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodSmartcardPki[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodSoftwarePki[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodPGP[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodSPki[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodXkms[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodXmlSign[]; +LASSO_EXPORT_VAR const gchar lassoSamlAuthenticationMethodUnspecified[]; + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/python/lassomod.c b/python/lassomod.c index 1f5a2b8c..fc97e55e 100644 --- a/python/lassomod.c +++ b/python/lassomod.c @@ -42,7 +42,7 @@ static PyMethodDef lasso_methods[] = { /* py_single_sign_on_and_federation.h */ {"authn_request_getattr", authn_request_getattr, METH_VARARGS}, - {"authn_request_build", authn_request_build, METH_VARARGS}, + {"authn_request_create", authn_request_create, METH_VARARGS}, {NULL, NULL} /* End of Methods Sentinel */ }; diff --git a/python/protocols/py_single_sign_on_and_federation.c b/python/protocols/py_single_sign_on_and_federation.c index 04c90c80..a65b8d30 100644 --- a/python/protocols/py_single_sign_on_and_federation.c +++ b/python/protocols/py_single_sign_on_and_federation.c @@ -67,7 +67,7 @@ PyObject *authn_request_getattr(PyObject *self, PyObject *args) { /******************************************************************************/ -PyObject *authn_request_build(PyObject *self, PyObject *args) { +PyObject *authn_request_create(PyObject *self, PyObject *args) { PyObject *authnContextClassRefs_obj, *authnContextStatementRefs_obj; PyObject *idpList_obj; const xmlChar *providerID; @@ -94,19 +94,19 @@ PyObject *authn_request_build(PyObject *self, PyObject *args) { &idpList, &consent)) return NULL; - request = lasso_authn_request_build(providerID, - nameIDPolicy, - forceAuthn, - isPassive, - protocolProfile, - assertionConsumerServiceID, - NULL, - NULL, - authnContextComparison, - relayState, - proxyCount, - NULL, - consent); + request = lasso_authn_request_create(providerID, + nameIDPolicy, + forceAuthn, + isPassive, + protocolProfile, + assertionConsumerServiceID, + NULL, + NULL, + authnContextComparison, + relayState, + proxyCount, + NULL, + consent); return (lassoAuthnRequest_wrap(request)); } diff --git a/python/protocols/py_single_sign_on_and_federation.h b/python/protocols/py_single_sign_on_and_federation.h index bfd79d5f..ea331756 100644 --- a/python/protocols/py_single_sign_on_and_federation.h +++ b/python/protocols/py_single_sign_on_and_federation.h @@ -36,6 +36,6 @@ typedef struct { PyObject *lassoAuthnRequest_wrap(lassoAuthnRequest *request); PyObject *authn_request_getattr(PyObject *self, PyObject *args); -PyObject *authn_request_build(PyObject *self, PyObject *args); +PyObject *authn_request_create(PyObject *self, PyObject *args); #endif /* __PYLASSO_PY_SINGLE_SIGN_ON_AND_FEDERATION_H__ */ |