diff options
| -rwxr-xr-x | bindings/python/tests/binding_tests.py | 1 | ||||
| -rwxr-xr-x | bindings/python/tests/profiles_tests.py | 51 | ||||
| -rw-r--r-- | lasso/saml-2.0/login.c | 8 | ||||
| -rw-r--r-- | lasso/saml-2.0/profile.c | 12 | ||||
| -rw-r--r-- | tests/data/idp5-saml2/metadata.xml | 3 | ||||
| -rw-r--r-- | tests/data/sp5-saml2/metadata.xml | 3 |
6 files changed, 57 insertions, 21 deletions
diff --git a/bindings/python/tests/binding_tests.py b/bindings/python/tests/binding_tests.py index bd621215..89039d2e 100755 --- a/bindings/python/tests/binding_tests.py +++ b/bindings/python/tests/binding_tests.py @@ -293,7 +293,6 @@ class BindingTestCase(unittest.TestCase): mdata = os.path.join(dataDir, 'sp7-saml2', 'metadata.xml') password = file(os.path.join(dataDir, 'sp7-saml2', 'password')).read().strip() server = lasso.Server(mdata, pkey, password) - print server assert isinstance(server, lasso.Server) server_dump = server.dump() assert server_dump diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py index 42cac2f9..c923f87f 100755 --- a/bindings/python/tests/profiles_tests.py +++ b/bindings/python/tests/profiles_tests.py @@ -208,6 +208,42 @@ class LoginTestCase(unittest.TestCase): self.failUnless('<action2>do action 2</action2>' in extensionsList[0]) self.failUnless('<action3>do action 3</action3>' in extensionsList[0]) + def test05(self): + '''SAMLv2 Authn request emitted and received using Artifact binding''' + + sp = lasso.Server( + os.path.join(dataDir, 'sp5-saml2/metadata.xml'), + os.path.join(dataDir, 'sp5-saml2/private-key.pem')) + assert sp + sp.addProvider( + lasso.PROVIDER_ROLE_IDP, + os.path.join(dataDir, 'idp5-saml2/metadata.xml')) + sp_login = lasso.Login(sp) + assert sp_login + sp_login.initAuthnRequest(None, lasso.HTTP_METHOD_ARTIFACT_GET) + sp_login.buildAuthnRequestMsg() + sp_login_dump = sp_login.dump() + idp = lasso.Server( + os.path.join(dataDir, 'idp5-saml2/metadata.xml'), + os.path.join(dataDir, 'idp5-saml2/private-key.pem')) + idp.addProvider( + lasso.PROVIDER_ROLE_SP, + os.path.join(dataDir, 'sp5-saml2/metadata.xml')) + idp_login = lasso.Login(idp) + idp_login.initRequest(sp_login.msgUrl.split('?')[1], lasso.HTTP_METHOD_ARTIFACT_GET) + idp_login.buildRequestMsg() + sp_login2 = lasso.Login.newFromDump(sp, sp_login_dump) + assert isinstance(sp_login2, lasso.Login) + assert idp_login.msgBody + sp_login2.processRequestMsg(idp_login.msgBody) + sp_login2.buildResponseMsg() + assert sp_login2.msgBody + try: + idp_login.processResponseMsg(sp_login2.msgBody) + except: + print idp_login.response + raise + assert isinstance(idp_login.request, lasso.Samlp2AuthnRequest) class LogoutTestCase(unittest.TestCase): def test01(self): @@ -294,21 +330,6 @@ class LogoutTestCase(unittest.TestCase): else: self.fail('Logout processResponseMsg should have failed.') - def test05(self): - """IDP logout; testing logout dump & newFromDump().""" - - lassoServer = lasso.Server( - os.path.join(dataDir, 'idp1-la/metadata.xml'), - os.path.join(dataDir, 'idp1-la/private-key-raw.pem'), - None, - os.path.join(dataDir, 'idp1-la/certificate.pem')) - lassoServer.addProvider( - lasso.PROVIDER_ROLE_SP, - os.path.join(dataDir, 'sp1-la/metadata.xml'), - os.path.join(dataDir, 'sp1-la/public-key.pem'), - os.path.join(dataDir, 'sp1-la/certificate.pem')) - - class DefederationTestCase(unittest.TestCase): def test01(self): """IDP initiated defederation; testing processNotificationMsg with non Liberty query.""" diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 7b80ffc3..229f9540 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -52,6 +52,7 @@ #include "../xml/saml-2.0/saml2_attribute_value.h" #include "../xml/saml-2.0/saml2_name_id.h" #include "../xml/saml-2.0/saml2_xsd.h" +#include "../xml/saml-2.0/samlp2_artifact_response.h" #include "../utils.h" @@ -1078,8 +1079,11 @@ lasso_saml20_login_process_response_msg(LassoLogin *login, gchar *response_msg) if (rc) { return rc; } - - return lasso_saml20_login_process_response_status_and_assertion(login); + if (LASSO_IS_SAMLP2_ARTIFACT_RESPONSE(login->parent.response)) { + return lasso_saml20_login_process_authn_request_msg(login, NULL); + } else { + return lasso_saml20_login_process_response_status_and_assertion(login); + } } static gint diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c index e6e2c9d1..4b993671 100644 --- a/lasso/saml-2.0/profile.c +++ b/lasso/saml-2.0/profile.c @@ -424,10 +424,16 @@ lasso_saml20_profile_process_artifact_response(LassoProfile *profile, const char goto_cleanup_if_fail_with_rc(profile->response != NULL, critical_error(LASSO_PROFILE_ERROR_INVALID_RESPONSE)); if (artifact_response->any == NULL) { - lasso_release_gobject(profile->response); - goto_cleanup_with_rc(LASSO_PROFILE_ERROR_MISSING_RESPONSE); + rc = LASSO_PROFILE_ERROR_MISSING_RESPONSE; + } else { + if (LASSO_IS_SAMLP2_REQUEST_ABSTRACT(artifact_response->any)) { + lasso_assign_gobject(profile->request, artifact_response->any); + } else if (LASSO_IS_SAMLP2_STATUS_RESPONSE(artifact_response->any)) { + lasso_assign_gobject(profile->response, artifact_response->any); + } else { + rc = LASSO_PROFILE_ERROR_INVALID_RESPONSE; + } } - lasso_assign_gobject(profile->response, artifact_response->any); cleanup: lasso_release_gobject(artifact_response); diff --git a/tests/data/idp5-saml2/metadata.xml b/tests/data/idp5-saml2/metadata.xml index 8ce19176..d6910f67 100644 --- a/tests/data/idp5-saml2/metadata.xml +++ b/tests/data/idp5-saml2/metadata.xml @@ -82,6 +82,9 @@ LlTxKnCrWAXftSm1rNtewTsF <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp5/singleSignOnSOAP" /> + <SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" + Location="http://idp5/singleSignOnArtifact" /> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="en">Entr'ouvert</OrganizationName> diff --git a/tests/data/sp5-saml2/metadata.xml b/tests/data/sp5-saml2/metadata.xml index 6b36d97a..da2d693c 100644 --- a/tests/data/sp5-saml2/metadata.xml +++ b/tests/data/sp5-saml2/metadata.xml @@ -64,6 +64,9 @@ LlTxKnCrWAXftSm1rNtewTsF </ds:KeyInfo> </KeyDescriptor> + <ArtifactResolutionService isDefault="true" index="0" + Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="http://sp5/artifact" /> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://sp5/singleLogoutSOAP" /> |