summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | [saml2] for any RequestDenied SAML2 response return ↵Benjamin Dauvergne2011-04-211-0/+3
| | | | | | | | LASSO_PROFILE_ERROR_REQUEST_DENIED as error
* | [core] add a generic LASSO_PROFILE_ERROR_REQUEST_DENIEDBenjamin Dauvergne2011-04-212-1/+9
| |
* | [core] make LassoServerLoadMetadataFlag enum a typedefBenjamin Dauvergne2011-04-204-10/+10
| |
* | Merge branch 'load-federation'Benjamin Dauvergne2011-04-1418-37/+27842
|\ \
| * | [tools] redirect xmlsec errors to lasso error handlerBenjamin Dauvergne2011-04-141-0/+12
| | |
| * | [tools] use LASSO_LOG_DOMAIN instead of magic constantBenjamin Dauvergne2011-04-141-3/+4
| | |
| * | [Makefile] move lasso/xml/tools.h to public headersBenjamin Dauvergne2011-04-141-2/+2
| | |
| * | [core] add flags parameter to lasso_server_load_metadata to tune signature ↵Benjamin Dauvergne2011-04-146-31/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | checking on metadata files The flags parameter allows to control the checking of digital signature upon EntityDescriptor and EntitiesDescriptor nodes in SAML 2.0 metadata files. The default behaviour is to check all found signatures and to inherit signature from EntitiesDescriptor to their children. By only enabling checking of EntityDescrtiptor node signatures it's also possible to only check signature at the EntityDescriptor level and so only trust individual entities and not the aggregating provider.
| * | [core] update documentation of lasso_server_load_metadataBenjamin Dauvergne2011-04-041-7/+8
| | |
| * | [core] make lasso_server_load_metadata load any metadata fileBenjamin Dauvergne2011-04-045-36/+110
| | | | | | | | | | | | | | | | | | | | | The new code can load metadata file with a EntityDescriptor root node, and with nested EntitiesDescriptor. Idea and prototype by Olav Morken.
| * | [server] in lasso_server_load_metadata do not duplicate checks already made ↵Benjamin Dauvergne2011-04-041-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | by lasso_verify_signature lasso_verify_signature already checks that reference is to the given signed node, be it referenced through an ID or through an empty reference.
| * | [xml] if signature reference is empty check that signed node is the document ↵Benjamin Dauvergne2011-04-041-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | root An empty reference means the complete document, so the signed node is the root element of this document. We must check that the parameter signe_node dmatches our assumption.
| * | [core] rename lasso_server_load_federation to lasso_server_load_metadataBenjamin Dauvergne2011-04-044-19/+13
| | | | | | | | | | | | | | | | | | | | | The aim of this function is now to load any metadata file, and to replace completely the use of lasso_server_add_provider. The metadata content argument is replaced by a metadata file path to more closely match other APIs.
| * | [core] add a loaded_entity_ids output parameter to lasso_server_load_federationBenjamin Dauvergne2011-03-306-7/+24
| | | | | | | | | | | | | | | It allows to know which entity has been loaded from the metadata file. It must be freed by the caller.
| * | [core] add a blacklisted_entity_ids parameter to lasso_server_load_federationBenjamin Dauvergne2011-03-305-7/+18
| | | | | | | | | | | | The goal is to prevent loading of provider known to have problems.
| * | [tests] remove spurious outputBenjamin Dauvergne2011-03-291-2/+0
| | |
| * | [tests] continue improving the lasso_server_load_federation test casesBenjamin Dauvergne2011-03-291-2/+4
| | |
| * | [tests] test lasso_server_load_federationBenjamin Dauvergne2011-03-292-0/+38
| | | | | | | | | | | | | | | The test operates on the metadata file of the french university network Renater.
| * | [tests] add renater federation metadata file for testingBenjamin Dauvergne2011-03-291-0/+27414
| | |
| * | [core] add a lasso_server_load_federation methodBenjamin Dauvergne2011-03-292-0/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method allows to load providers in bulk from what is called a federation file, i.e a SAML metadata file containing declarations for more than one provider. Those file are usually signed to bind some trust to its content, so lasso_server_load_federation can take an optional file path to a certificate chain file used to check the signature on the given XML content. Only same document signature is accepted (i.e. there must be only one XML signature reference and it should be to the empty string meaning the « current » document).
| * | [core] add a private constructor to build LassoProvider object from an xmlNodeBenjamin Dauvergne2011-03-293-17/+41
| | | | | | | | | | | | | | | | | | | | | | | | I'm not sure of the need outside lasso so I will let this method private for the moment. It's an helper method for the lasso_server_load_federation method which traverses an EntitiesDescriptor node to find all the EntityDescriptor contained inside.
| * | [saml2] add and internal method to load a federation metadata fileBenjamin Dauvergne2011-03-292-0/+52
| | | | | | | | | | | | | | | | | | | | | It only loads one kind of provider (idp or sp). It's currently impossible for a provider to have the two roles at the same time toward a given LassoServer object, i.e. the current service is a service provider or an identity provider, it cannot be the two at the same time.
| * | [saml2] improve reporting of errors when loading a provider metadata fileBenjamin Dauvergne2011-03-291-2/+7
| | |
| * | [xml] allow empty reference in XML signature (document signature)Benjamin Dauvergne2011-03-292-7/+20
| | |
| * | [xml] make id_attr_name parameter optional for lasso_verify_signatureBenjamin Dauvergne2011-03-291-4/+6
| | |
* | | [web] update download pageBenjamin Dauvergne2011-04-041-1/+1
|/ /
* | [xml] fix lasso_node_get_xmlnode_for_any_typeBenjamin Dauvergne2011-03-071-1/+10
| | | | | | | | | | | | | | xmlCopyPropList does not copy the property list into the target it just copy it with respect to the target (mainly for namespace references). This patch adds the real copy into the target node.
* | [core] add missing namespace definitions to internal objectsBenjamin Dauvergne2011-03-0110-6/+37
| | | | | | | | | | | | | | Identity, Lecp, Login, Logout, NameIdentifierMapping, NameRegistration, Session, AssertionQuery, Ecp and NameIdManagement objects were missing a namespace association to their GObject class. It broke when you try to dump a node created by lasso_node_new_from_dump.
* | [tests] add test case for multiple load and dump of the same objectBenjamin Dauvergne2011-03-011-0/+72
| |
* | [debian] adapt packaging to official section overridesFrédéric Péters2011-02-081-2/+2
| |
* | [debian] sync packaging with official packageFrédéric Péters2011-02-085-87/+113
| |
* | Merge branch 'master' of git@dev.entrouvert.org:lassoBenjamin Dauvergne2011-01-252-44/+45
|\ \
| * | [Fedora RPM] spec file updateJean-Marc Liger2011-01-251-43/+44
| | |
| * | [php5] Comments starting with '#' are deprecatedFrédéric Péters2011-01-141-1/+1
| | |
* | | [tests] change perfs to accept a second parameter giving the data files to useBenjamin Dauvergne2011-01-2411-14/+397
|/ / | | | | | | | | Also add metadata files to check performance with 512 and 1024 bit RSA keys.
* | Remove right column with download, binary packages and source linksBenjamin Dauvergne2011-01-051-21/+0
| | | | | | | | It is redundant with other columns.
* | [web] fix date and version in news 19Benjamin Dauvergne2011-01-051-1/+1
| |
* | [web] fix typo in news for release 2.3.5Benjamin Dauvergne2011-01-051-1/+1
| |
* | Merge branch 'hotfixes-2.3.5'Benjamin Dauvergne2011-01-056-5/+80
|\|
| * [ŕelease] Add release notes, update doap files and websiteBenjamin Dauvergne2011-01-055-3/+68
| |
| * [dist] create Changelog directly from gitBenjamin Dauvergne2011-01-051-2/+12
| |
* | [tests] adapt Makefile.am to new path of metadata dirBenjamin Dauvergne2011-01-042-2/+3
| |
* | Merge branch 'hotfixes-2.3.5'Benjamin Dauvergne2011-01-0415-10/+28
|\|
| * [wsf] fix wsf preprocessor conditionalsBenjamin Dauvergne2011-01-046-2/+9
| |
| * [bindings python] configure basic loggingBenjamin Dauvergne2011-01-043-0/+9
| |
| * [ghashtable] add G_GNUC_UNUSED to remove unused static functions warningBenjamin Dauvergne2011-01-041-3/+3
| |
| * [saml2] when parsing short numbers reinitialize errnoBenjamin Dauvergne2011-01-041-1/+3
| |
| * [bindings perl] fix get_hash_of_objectsBenjamin Dauvergne2011-01-041-1/+1
| |
| * [bindings php5] remove hardcoding the php5 cli interpreterBenjamin Dauvergne2011-01-043-3/+3
| | | | | | | | | | The test script did fail under Centos/Fedora because the interpreter for php5 is named php.
* | Merge branch 'hotfixes-2.3.5'Benjamin Dauvergne2010-12-220-0/+0
|\|
generated by cgit (git 2.34.1) at 2026-01-07 23:49:56 +0000