summaryrefslogtreecommitdiffstats
path: root/lasso/id-ff/login.c
Commit message (Collapse)AuthorAgeFilesLines
* login: complete document of lasso_login_process_authn_response_msg on ↵Benjamin Dauvergne2014-05-211-1/+32
| | | | expectable error codes
* Fix license boilerplatesSimo Sorce2013-12-031-2/+1
| | | | | | | Instad of referring to an old FSF address, point the reader to the FSF website where the latest licenses and addresses are published. Signed-off-by: Simo Sorce <simo@redhat.com>
* id-ff/login.c: initialize role status of sp and idp in ↵Benjamin Dauvergne2013-09-271-1/+10
| | | | lasso_login_init_authn_request
* fix warnings about unused but set variablesBenjamin Dauvergne2013-09-081-2/+0
|
* [id-ff 1.2] change websso with artifact binding to work as SAML 2.0Benjamin Dauvergne2011-12-231-21/+48
| | | | | | | | | | | | | | | | | The old way of transmiting the assertion to return via the session is kept, but a new way more semblable to the one used in the SAML 2.0 code is added. After lasso_login_build_artifact_msg() you must save the return of lasso_profile_get_artifact_message() linked to the value of the artifact obtained via lasso_profile_get_artifact(). In the artifact-resolve endpoint you must find the artifact message corresponding to the return value of lasso_profile_get_artifact() reinstall the artifact message using lasso_profile_set_artifact_message() just before calling lasso_login_build_response_msg(). This change is necessary for ID-FF 1.2 SSO profile to work with the thin-sessions.
* [id-ff 1.2] in lasso_login_build_assertion() always add the assertion to the ↵Benjamin Dauvergne2011-12-221-7/+4
| | | | response
* [id-ff 1.2] provision the SessionIndex into the assertionsBenjamin Dauvergne2011-12-221-0/+6
| | | | Without it SLO session management is broken.
* [xml] rewrite schema directed serialization/deserialization methodsBenjamin Dauvergne2011-12-161-15/+9
| | | | | | | | | | | | | | | | | | | | | | | | The new implementations of lasso_node_impl_init_from_xml now validate namespace of all child nodes befores parsing. It stops on any error. For node which implement their own parsing of an attribute or a node, it must declare an XmlSnippet with an offset field set to 0. The 0 value is invalid for public GObject structure (it's the place of the GObject machinery like the reference count). The 0 offset can be used for XmlSnippet in a private structure, so never set the offset to 0 with the flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode virtual method. Other ameliorations in this commit is the possibility to set attributes with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The syntax for an attribute is inspired by the element tree API from Python: {namespace}attribute_name an example: {http://www.w3.org/2001/XMLSchema-instance}type for the classic xsi:type attribute.
* [id-ff] move LassoLogin to use LassoSignatureContextBenjamin Dauvergne2011-12-081-92/+49
|
* [core] multiple decryption keys supportBenjamin Dauvergne2011-11-211-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | This commit complements the support for multiple signing certificate support in the metadata files. The use-case is still key roll-over. The structure LassoServerPrivateData was changed to accomodate multiple decryption keys, and so: xmlSecKey *encryption_private_key became: GList *encryption_private_keys All uses of this key were replaced by a loop over this list, terminating with the first key to be able to decrypt the content. The private key passed to lasso_server_new() or lasso_server_new_from_buffers() is first added to the list of decryption keys. Any other call to lasso_server_set_encryption_private_key_with_password() or lasso_server_set_encryption_private_key() will add a new key to the list.
* [core] finish transition from single encryption key to multiple onesBenjamin Dauvergne2011-05-301-2/+2
| | | | | Some code still reference provider->private->encryption_public_key, this commit make them use lasso_provider_get_encryption_public_key().
* [core] add missing namespace definitions to internal objectsBenjamin Dauvergne2011-03-011-0/+1
| | | | | | | Identity, Lecp, Login, Logout, NameIdentifierMapping, NameRegistration, Session, AssertionQuery, Ecp and NameIdManagement objects were missing a namespace association to their GObject class. It broke when you try to dump a node created by lasso_node_new_from_dump.
* [wsf] fix wsf preprocessor conditionalsBenjamin Dauvergne2011-01-041-0/+1
|
* [ID-FFv1.2] in lasso_login_process_authn_request_msg() adopt simpler ↵Benjamin Dauvergne2010-10-061-16/+26
| | | | | | | | | | | | | | | | behaviour for checking signatures There is two sources of advice for signature checking: AuthnRequestsSigned attribute in service provider metadata files and value of lasso_profile_get_signature_verify_hint(). If lasso_profile_get_signature_verify_hint() forbid to check signature, we do not check. If the SP advise to check signature, we check. If lasso_profile_get_signature_verify_hint() forces to check signature, we do not check. In all other cases we only check if a signature is present, i.e. we ignore the error LASSO_DS_ERROR_SIGNATURE_NOT_FOUND.
* [ID-FFv1.2] make lasso_login_process_authn_request_msg() return ↵Benjamin Dauvergne2010-10-061-1/+5
| | | | LASSO_PROFILE_ERROR_INVALID_MSG if received request is not a lib:AuthnRequest
* [SAMLv2&ID-FFv1.2] improve documentation of ↵Benjamin Dauvergne2010-10-061-12/+108
| | | | lasso_login_process_authn_request_msg
* [Core] add missing annotation to lasso_*_dump functionsBenjamin Dauvergne2010-09-271-1/+1
| | | | | The string returned by these functions is newly allocated and must be freed by the caller.
* [ID-FFv1.2] move all user of lasso_node_export_to_query to ↵Benjamin Dauvergne2010-07-161-4/+5
| | | | lasso_node_export_to_query_with_password
* ID-FFv1.2: for idp initiated sso accept any nameIdPolicyBenjamin Dauvergne2010-06-061-7/+0
| | | | * IdP initiated SSO can be of any kind, no need to limit it.
* Change <p> tags to <para>Benjamin Dauvergne2010-05-011-2/+2
|
* Initialize all uninitialized rc variablesBenjamin Dauvergne2010-04-301-2/+2
|
* Fix wrong change g_free -> lasso_release inside example codeBenjamin Dauvergne2010-04-221-2/+2
|
* Improve safety by replacing all g_list_free use by lasso_release_listBenjamin Dauvergne2010-04-221-6/+1
|
* Improve safety by replacing all g_free use by lasso_releaseBenjamin Dauvergne2010-04-221-2/+2
|
* Start an example listing for an IdP SingleSignOn endpointBenjamin Dauvergne2010-04-221-0/+34
|
* Login: remove symbol markers in example codeBenjamin Dauvergne2010-04-191-8/+8
|
* Fix documentation problemsBenjamin Dauvergne2010-04-191-4/+4
|
* Docs: remove from documentation comments characters outside ASCII for python ↵Benjamin Dauvergne2010-04-061-5/+5
| | | | bindings
* update documentation of lasso_login_build_authn_response_msgBenjamin Dauvergne2010-03-271-1/+35
|
* update documentation of lasso_login_build_authn_request_msgBenjamin Dauvergne2010-03-271-11/+36
|
* improve documentation of lasso_login_build_artifact_msgBenjamin Dauvergne2010-03-271-1/+30
|
* use lasso_release_gobject in lasso_login_destroyBenjamin Dauvergne2010-03-271-1/+1
|
* update lasso_login_accept_sso documentationBenjamin Dauvergne2010-03-271-9/+23
|
* ID-FF&SAML2: complete documentation of lasso_login_build_assertionBenjamin Dauvergne2010-03-271-5/+27
|
* SAML 2.0: add support for attribute, authentication and authorization ↵Benjamin Dauvergne2010-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | authorities metadata * server.c,serverprivate.h: add new private method lasso_server_get_firs_providerID_by_role(server, role)w * defederation.c: use new private method lasso_server_get_first_providerID_by_role for find providerID when the argument remote_providerID is null in lasso_defederation_init_notification. * lasso/id-ff/login.c (lasso_login_init_authn_request): use new private method lasso_server_get_first_providerID_by_role. * provider.h: add thre new provider role (authn,pdp,attribute) and four new services (authn,assertionid,attribute,authz) and also a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for array sizing. * provider.h: add a LAST member to LassoMdProtocolType enum. * providerprivate.h,provider.c: - removes separate hashtable for descriptors depending on provider role, use only one table named Descriptors. - use the LAST members of enumerations to dimention static string arrays. * provider.h: add a LAST member to the e
* Add complete error code listing for lasso_login_process_response_msgBenjamin Dauvergne2010-02-101-1/+25
| | | | | * lasso/id-ff/login.c: list all error codes and their semantic with respect to this call.
* Update code example for LassoLoginBenjamin Dauvergne2010-02-101-14/+78
| | | | | * lasso/id-ff/login.c: add code for intializaing request for SAML 2.0, shows how to handler errors codes.
* Core: use lasso_node_new_from_dump to implement _new_from_dump methodsBenjamin Dauvergne2010-02-041-10/+6
| | | | | | | | * provider.c: add annotation for nullable arguments (necessary for bindings of new_from_buffer). * server.c: add annotations, allow to set encryption_private_key from buffers
* Core: document return values of lasso_login_validate_request_msgBenjamin Dauvergne2010-02-011-1/+17
|
* SAML 2.0: fix annotations, documentation and signaturesBenjamin Dauvergne2010-01-291-2/+2
|
* Core Node: add args to lasso_node_encrypt to set recipient of an encrypted ↵Benjamin Dauvergne2010-01-121-1/+1
| | | | element
* SAML 2.0: overhaul for ubuquitous binding support, still need work for ↵Benjamin Dauvergne2010-01-121-1/+1
| | | | HTTP-Artefact
* Core Login: in login.c, add assertion accessorBenjamin Dauvergne2010-01-041-0/+20
| | | | | | | | | | | * docs/reference/lasso/lasso-sections.txt: declare new function * lasso/id-ff/login.c lasso/id-ff/login.h: add new function lasso_login_get_assertion. * lasso/saml-2.0/login.c: store created assertions * lasso/id-ff/login.h: make assertion field private for bindings.
* Fix double g_object_unrefBenjamin Dauvergne2009-11-301-2/+0
| | | | | | * lasso/id-ff/login.c: status is already freed by lasso_assign_gobject, do not free it first with lasso_node_destroy.
* ID-FF1.2 and SAML2: remove direct access to profile->server->providersBenjamin Dauvergne2009-10-301-19/+11
| | | | | | * client of LassoServer should use lasso_server_get_provider. * LASSO_PROFILE_ERRROR_UNKNOWN_PROVIDER was a mistake, it is superfluous, use LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
* Change setting of default NameIDFormat for SAML 2.0 loginBenjamin Dauvergne2009-09-291-5/+11
| | | | | | | | | | * saml-2.0/login.c: in lasso_saml20_login_init_authn_request, lasso_saml20_login_init_idp_initiated_authn_request, if the service provider provided a list of supported name id formats, use the first one as default for new AuthnRequest. * id-ff/login.c: modify documentation to report the new way of choosing a default.
* Complete documentation of lasso_login_init_authn_request concerning the ↵Benjamin Dauvergne2009-09-291-10/+16
| | | | | | | | NameIDFormat * lasso/id-ff/login.c: in lasso_login_init_authn_request, add docbook formatting, add remarks about the different NameIDFormat for ID-FF 1.2 and SAML 2.0.
* All: Rework include files handling, separated ID-WSF code from SAML2/ID-FF codeBenjamin Dauvergne2009-08-261-123/+25
| | | | | | | | | | | | | * nearly all C files: change includes for relative paths. * lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level public include files for ID-WSF 1.0 and ID-WSF 2.0. * lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*: remove most of the code related to ID-WSF and push into lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c, lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c. * lasso/id-wsf-2.0/saml2_login.c, lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF 2.0 support in SAML2 SSO profile.
* ID-FF&Core: Seal public field of LassoSessionBenjamin Dauvergne2009-08-261-1/+1
| | | | | | | | | | | | | | | | | | * id-ff/session.h: seal public fields. * id-ff/session.c, id-ff/sessionprivate.h: add accessors for reading the is_dirty flag and counting store assertions. * id-ff/logout.c, id-ff/login.c, saml-2.0/login.c, saml-2.0/logout.c, saml-2.0/profile.c: use the new accessors. * id-ff/profile.c: include the private header file, use the new accessors, and remove unnecessary setting of is_dirty to FALSE (it should be false at instanciation). * utils.h: add a macro to access private content, prepare for using G_TYPE_INSTANCE_GET_PRIVATE and the GObject infrastructure for private structures eventually.
* ID-FF 1.2: Fix leaks, reduce codeBenjamin Dauvergne2009-04-301-132/+107
| | | | | | | | | | * id-ff/login.c: * id-ff/logout.c: * id-ff/profile.c: * id-ff/provider.c: * id-ff/server.c: fix leaks by using field setting macros which frees previous values, it also reduce code length sometimes.
generated by cgit (git 2.34.1) at 2026-01-06 04:54:47 +0000