summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lasso/id-ff/login.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 31f34ded..ce18735a 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -807,7 +807,7 @@ lasso_login_build_authn_request_msg(LassoLogin *login)
LassoProvider *provider, *remote_provider;
LassoProfile *profile;
char *md_authnRequestsSigned, *url, *query, *lareq, *protocolProfile;
- LassoProviderRole role;
+ LassoProviderRole role, remote_role;
gboolean must_sign;
gint ret = 0;
@@ -836,10 +836,13 @@ lasso_login_build_authn_request_msg(LassoLogin *login)
role = provider->role;
provider->role = LASSO_PROVIDER_ROLE_SP; /* we act as an SP for sure here */
+ remote_role = remote_provider->role;
+ remote_provider->role = LASSO_PROVIDER_ROLE_IDP; /* and remote is IdP */
if (lasso_provider_has_protocol_profile(remote_provider,
LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON, protocolProfile) == FALSE) {
provider->role = role;
+ remote_provider->role = remote_role;
return LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE;
}
@@ -847,7 +850,10 @@ lasso_login_build_authn_request_msg(LassoLogin *login)
md_authnRequestsSigned = lasso_provider_get_metadata_one(provider, "AuthnRequestsSigned");
must_sign = (md_authnRequestsSigned && strcmp(md_authnRequestsSigned, "true") == 0);
g_free(md_authnRequestsSigned);
+
+ /* restore original roles */
provider->role = role;
+ remote_provider->role = remote_role;
if (!must_sign)
LASSO_SAMLP_REQUEST_ABSTRACT(
generated by cgit (git 2.34.1) at 2024-09-21 16:15:45 +0000