summaryrefslogtreecommitdiffstats
path: root/lasso
diff options
context:
space:
mode:
Diffstat (limited to 'lasso')
-rw-r--r--lasso/Attic/protocols/elements/authentication_statement.c60
-rw-r--r--lasso/Attic/protocols/elements/authentication_statement.h2
-rw-r--r--lasso/id-ff/login.c71
3 files changed, 32 insertions, 101 deletions
diff --git a/lasso/Attic/protocols/elements/authentication_statement.c b/lasso/Attic/protocols/elements/authentication_statement.c
index 110e8f6f..32d16e87 100644
--- a/lasso/Attic/protocols/elements/authentication_statement.c
+++ b/lasso/Attic/protocols/elements/authentication_statement.c
@@ -69,7 +69,7 @@ GType lasso_authentication_statement_get_type() {
LassoNode*
lasso_authentication_statement_new(const xmlChar *authenticationMethod,
const xmlChar *reauthenticateOnOrAfter,
- LassoSamlNameIdentifier *identifier,
+ LassoSamlNameIdentifier *sp_identifier,
LassoSamlNameIdentifier *idp_identifier)
{
LassoNode *statement;
@@ -78,12 +78,8 @@ lasso_authentication_statement_new(const xmlChar *authenticationMethod
gchar *str;
xmlChar *time;
- if (identifier != NULL) {
- g_return_val_if_fail(LASSO_IS_SAML_NAME_IDENTIFIER(identifier), NULL);
- }
g_return_val_if_fail(LASSO_IS_SAML_NAME_IDENTIFIER(idp_identifier), NULL);
-
statement = LASSO_NODE(g_object_new(LASSO_TYPE_AUTHENTICATION_STATEMENT, NULL));
lasso_saml_authentication_statement_set_authenticationMethod(LASSO_SAML_AUTHENTICATION_STATEMENT(statement),
@@ -96,46 +92,42 @@ lasso_authentication_statement_new(const xmlChar *authenticationMethod
reauthenticateOnOrAfter);
subject = lasso_lib_subject_new();
- if (identifier == NULL) {
- /* create a new NameIdentifier and use idp_identifier data to fill it */
- str = lasso_node_get_content(LASSO_NODE(idp_identifier), NULL);
- new_identifier = lasso_saml_name_identifier_new(str);
- xmlFree(str);
- str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "NameQualifier", NULL);
- if (str != NULL) {
- lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(new_identifier), str);
- xmlFree(str);
+ if (sp_identifier == NULL) {
+ if (idp_identifier != NULL) {
+ new_identifier = lasso_node_copy(LASSO_NODE(idp_identifier));
}
- str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "Format", NULL);
- if (str != NULL) {
- lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(new_identifier), str);
- xmlFree(str);
+ else {
+ message(G_LOG_LEVEL_CRITICAL, "Failed to create the authentication statement, both name identifiers are NULL\n");
+ lasso_node_destroy(statement);
+ return (NULL);
}
}
else {
- new_identifier = lasso_node_copy(LASSO_NODE(identifier));
+ new_identifier = lasso_node_copy(LASSO_NODE(sp_identifier));
}
lasso_saml_subject_set_nameIdentifier(LASSO_SAML_SUBJECT(subject),
LASSO_SAML_NAME_IDENTIFIER(new_identifier));
lasso_node_destroy(new_identifier);
- /* create a new IdpProvidedNameIdentifier and use idp_identifier data to fill it */
- str = lasso_node_get_content(LASSO_NODE(idp_identifier), NULL);
- new_idp_identifier = lasso_lib_idp_provided_name_identifier_new(str);
- xmlFree(str);
- str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "NameQualifier", NULL);
- if (str != NULL) {
- lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str);
- xmlFree(str);
- }
- str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "Format", NULL);
- if (str != NULL) {
- lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str);
+ if (sp_identifier != NULL) {
+ /* create a new IdpProvidedNameIdentifier and use idp_identifier data to fill it */
+ str = lasso_node_get_content(LASSO_NODE(idp_identifier), NULL);
+ new_idp_identifier = lasso_lib_idp_provided_name_identifier_new(str);
xmlFree(str);
+ str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "NameQualifier", NULL);
+ if (str != NULL) {
+ lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str);
+ xmlFree(str);
+ }
+ str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "Format", NULL);
+ if (str != NULL) {
+ lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str);
+ xmlFree(str);
+ }
+ lasso_lib_subject_set_idpProvidedNameIdentifier(LASSO_LIB_SUBJECT(subject),
+ LASSO_LIB_IDP_PROVIDED_NAME_IDENTIFIER(new_idp_identifier));
+ lasso_node_destroy(new_idp_identifier);
}
- lasso_lib_subject_set_idpProvidedNameIdentifier(LASSO_LIB_SUBJECT(subject),
- LASSO_LIB_IDP_PROVIDED_NAME_IDENTIFIER(new_idp_identifier));
- lasso_node_destroy(new_idp_identifier);
/* SubjectConfirmation & Subject */
subject_confirmation = lasso_saml_subject_confirmation_new();
diff --git a/lasso/Attic/protocols/elements/authentication_statement.h b/lasso/Attic/protocols/elements/authentication_statement.h
index 4ee99c59..0b354349 100644
--- a/lasso/Attic/protocols/elements/authentication_statement.h
+++ b/lasso/Attic/protocols/elements/authentication_statement.h
@@ -55,7 +55,7 @@ struct _LassoAuthenticationStatementClass {
LASSO_EXPORT GType lasso_authentication_statement_get_type (void);
LASSO_EXPORT LassoNode* lasso_authentication_statement_new (const xmlChar *authenticationMethod,
const xmlChar *reauthenticateOnOrAfter,
- LassoSamlNameIdentifier *identifier,
+ LassoSamlNameIdentifier *sp_identifier,
LassoSamlNameIdentifier *idp_identifier);
#ifdef __cplusplus
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 4489028b..67bb64aa 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -47,61 +47,6 @@ struct _LassoLoginPrivate
/*****************************************************************************/
/**
- * lasso_login_get_assertion_nameIdentifier:
- * @assertion: an assertion
- * @err: return location for an allocated GError, or NULL to ignore errors
- *
- * An assertion may contain 2 NameIdentifier elements (one called NameIdentifier
- * and the other called IDPProvidedNameIdentifier).
- * If contents of the 2 name identifiers are equal then returns one of both
- * else returns the NameIdentifier content.
- * If both contents are NULL or NameIdentifier elements are missing then
- * returns NULL.
- *
- * Return value: a newly allocated string or NULL
- **/
-static gchar*
-lasso_login_get_assertion_nameIdentifier(LassoNode *assertion,
- GError **err)
-{
- xmlChar *ni, *idp_ni;
-
- if (err != NULL && *err != NULL) {
- g_set_error(err, g_quark_from_string("Lasso"),
- LASSO_PARAM_ERROR_ERR_CHECK_FAILED,
- lasso_strerror(LASSO_PARAM_ERROR_ERR_CHECK_FAILED));
- g_return_val_if_fail (err == NULL || *err == NULL, NULL);
- }
- if (LASSO_IS_NODE(assertion) == FALSE) {
- g_set_error(err, g_quark_from_string("Lasso"),
- LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ,
- lasso_strerror(LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ));
- g_return_val_if_fail(LASSO_IS_NODE(assertion), NULL);
- }
-
- ni = lasso_node_get_child_content(assertion, "NameIdentifier", NULL, NULL);
- idp_ni = lasso_node_get_child_content(assertion, "IDPProvidedNameIdentifier",
- NULL, NULL);
-
- if (xmlStrEqual(ni, idp_ni) && idp_ni != NULL) {
- xmlFree(ni);
- return (idp_ni);
- }
- else {
- xmlFree(idp_ni);
- if (ni != NULL) {
- return (ni);
- }
- else {
- g_set_error(err, g_quark_from_string("Lasso"),
- LASSO_ERROR_UNDEFINED,
- "NameIdentifier value not found in Assertion element.\n");
- return (NULL);
- }
- }
-}
-
-/**
* lasso_login_add_response_assertion:
* @login: a Login
* @federation: a Federation
@@ -153,20 +98,10 @@ lasso_login_add_response_assertion(LassoLogin *login,
LASSO_SAML_AUTHENTICATION_STATEMENT(as));
}
else {
- message(G_LOG_LEVEL_CRITICAL, "Failed to build the AuthenticationStatement element of the Assertion.\n");
ret = -2;
goto done;
}
- /* store NameIdentifier */
- LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err);
- if (LASSO_PROFILE(login)->nameIdentifier == NULL) {
- message(G_LOG_LEVEL_CRITICAL, err->message);
- ret = err->code;
- g_error_free(err);
- goto done;
- }
-
/* FIXME : How to know if the assertion must be signed or unsigned ? */
/* signature should be added at end */
ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
@@ -267,6 +202,9 @@ lasso_login_process_federation(LassoLogin *login)
/* TODO */
}
+ /* store the IDP name identifier */
+ LASSO_PROFILE(login)->nameIdentifier = lasso_node_get_content(federation->local_nameIdentifier, NULL);
+
done:
lasso_federation_destroy(federation);
xmlFree(nameIDPolicy);
@@ -312,7 +250,8 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) {
}
/* store NameIdentifier */
- LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err);
+ LASSO_PROFILE(login)->nameIdentifier = lasso_node_get_child_content(assertion, "NameIdentifier",
+ NULL, &err);
if (LASSO_PROFILE(login)->nameIdentifier == NULL) {
message(G_LOG_LEVEL_CRITICAL, err->message);
ret = err->code;
generated by cgit (git 2.34.1) at 2024-09-21 17:57:34 +0000