diff options
-rw-r--r-- | lasso/id-ff/login.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 31f34ded..ce18735a 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -807,7 +807,7 @@ lasso_login_build_authn_request_msg(LassoLogin *login) LassoProvider *provider, *remote_provider; LassoProfile *profile; char *md_authnRequestsSigned, *url, *query, *lareq, *protocolProfile; - LassoProviderRole role; + LassoProviderRole role, remote_role; gboolean must_sign; gint ret = 0; @@ -836,10 +836,13 @@ lasso_login_build_authn_request_msg(LassoLogin *login) role = provider->role; provider->role = LASSO_PROVIDER_ROLE_SP; /* we act as an SP for sure here */ + remote_role = remote_provider->role; + remote_provider->role = LASSO_PROVIDER_ROLE_IDP; /* and remote is IdP */ if (lasso_provider_has_protocol_profile(remote_provider, LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON, protocolProfile) == FALSE) { provider->role = role; + remote_provider->role = remote_role; return LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE; } @@ -847,7 +850,10 @@ lasso_login_build_authn_request_msg(LassoLogin *login) md_authnRequestsSigned = lasso_provider_get_metadata_one(provider, "AuthnRequestsSigned"); must_sign = (md_authnRequestsSigned && strcmp(md_authnRequestsSigned, "true") == 0); g_free(md_authnRequestsSigned); + + /* restore original roles */ provider->role = role; + remote_provider->role = remote_role; if (!must_sign) LASSO_SAMLP_REQUEST_ABSTRACT( |