summaryrefslogtreecommitdiffstats
path: root/lasso/saml-2.0/profile.c
Commit message (Collapse)AuthorAgeFilesLines
* SAML 2.0: report missing request when creating artifact resolve response, ↵Benjamin Dauvergne2010-01-141-1/+4
| | | | fix typo in lasso_saml20_profile_build_post_response_msg
* in saml-2.0/profile.c, in lasso_saml20_build_response_msg, when no url is ↵Benjamin Dauvergne2010-01-121-8/+13
| | | | given, only stop for bindings needing one
* in saml-2.0/profile.c, in lasso_saml20_profile_init_response make direct accessBenjamin Dauvergne2010-01-121-2/+1
|
* in saml-2.0/profile.c, in lasso_saml20_init_request better check for ↵Benjamin Dauvergne2010-01-121-14/+19
| | | | supported bindings, do not check for identity or session, report SESSION_NOT_FOUND only if first_in_session is used, do not stop on missing name_id.
* Core Node: add args to lasso_node_encrypt to set recipient of an encrypted ↵Benjamin Dauvergne2010-01-121-1/+2
| | | | element
* SAML 2.0: overhaul for ubuquitous binding support, still need work for ↵Benjamin Dauvergne2010-01-121-325/+377
| | | | HTTP-Artefact
* Core: in profile.c, make lasso_profile_get_nameIdentifier work for transient ↵Benjamin Dauvergne2010-01-121-159/+129
| | | | | | | | | | federations * lasso/id-ff/profile.c: if no LassoIdentity is accessible try to get a name identifier through the assertion in the LassoSession object. This allows the logout profile to work without an identity object (which is normal since logout does not modify the federation status).
* SAML 2.0: add new function to factorize adding signature to a messageBenjamin Dauvergne2010-01-121-0/+50
|
* in lasso_saml20_profile_export_to_query, checks return valuesBenjamin Dauvergne2009-12-041-0/+3
| | | | | | * lasso/saml-2.0/profile.c: in lasso_saml20_profile_export_to_query, check return value of of lasso_node_build_query and lasso_query_sign.
* Remove message level signature on redirect messagesBenjamin Dauvergne2009-11-301-18/+52
| | | | | * lasso/saml-2.0/profile.c: remove message level signatures before building query strings.
* Add more check to remove_signatureBenjamin Dauvergne2009-11-301-1/+1
| | | | | * lasso/saml-2.0/profile.c: check for NULL when accessing klass datas.
* SAML2: change lasso_saml20_profile_set_response_status signatureBenjamin Dauvergne2009-10-301-22/+9
| | | | | | | | | | | | | | * lasso/saml-2.0/profile.c: * lasso/saml-2.0/profileprivate.h: make lasso_saml20_profile_set_response_status2 the new implementation of lasso_saml20_profile_set_response_status. add helper macros to set success, responder and requester first level status code. * saml-2.0/assertion_query.c: * saml-2.0/login.c: * saml-2.0/logout.c: * saml-2.0/name_id_management.c: adapt consumers to the new signature.
* SAML2: use the static get_provider helper method in generic profile methodsBenjamin Dauvergne2009-10-301-16/+4
| | | | | | * lasso/saml-2.0/profile.c: instead of accessing directly profile->server use the helper method get_provider.
* ID-FF1.2 and SAML2: remove direct access to profile->server->providersBenjamin Dauvergne2009-10-301-9/+14
| | | | | | * client of LassoServer should use lasso_server_get_provider. * LASSO_PROFILE_ERRROR_UNKNOWN_PROVIDER was a mistake, it is superfluous, use LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
* All: Rework include files handling, separated ID-WSF code from SAML2/ID-FF codeBenjamin Dauvergne2009-08-261-16/+16
| | | | | | | | | | | | | * nearly all C files: change includes for relative paths. * lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level public include files for ID-WSF 1.0 and ID-WSF 2.0. * lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*: remove most of the code related to ID-WSF and push into lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c, lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c. * lasso/id-wsf-2.0/saml2_login.c, lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF 2.0 support in SAML2 SSO profile.
* ID-FF&Core: Seal public field of LassoSessionBenjamin Dauvergne2009-08-261-4/+12
| | | | | | | | | | | | | | | | | | * id-ff/session.h: seal public fields. * id-ff/session.c, id-ff/sessionprivate.h: add accessors for reading the is_dirty flag and counting store assertions. * id-ff/logout.c, id-ff/login.c, saml-2.0/login.c, saml-2.0/logout.c, saml-2.0/profile.c: use the new accessors. * id-ff/profile.c: include the private header file, use the new accessors, and remove unnecessary setting of is_dirty to FALSE (it should be false at instanciation). * utils.h: add a macro to access private content, prepare for using G_TYPE_INSTANCE_GET_PRIVATE and the GObject infrastructure for private structures eventually.
* Do not remove signatures on assertion when using HTTP RedirectBenjamin Dauvergne2009-06-151-2/+1
| | | | | | | * lasso/saml-2.0/profile.c: HTTP Redirect binding mandate to remove signature at the SAML message level, but signatures at the assertion, especially if the SP asked for it, must be preserved.
* SAML 2.0: Fix many leaksBenjamin Dauvergne2009-04-301-51/+43
| | | | | | | | | | | * lasso/saml-2.0/login.c: * lasso/saml-2.0/logout.c: * lasso/saml-2.0/name_id_management.c: * lasso/saml-2.0/profile.c: * lasso/saml-2.0/provider.c: do not mix g_malloc strings with libxml strings, use the string/gobject handling macros as much as possible, be a good memory citizen, don't put your elbows on the table.
* More work on signature validation for SAML 2.0Benjamin Dauvergne2009-04-271-6/+28
| | | | | | | | | | | | | | | | | * lasso/saml-2.0/profile.c: in lasso_saml20_profile_process_any_request and lasso_saml20_profile_process_any_response do not make signature validation failure as call failure, just store the result in profile->signature_status and let the upper level functions handle what to do with it. also add documentation about those two functions. * lasso/saml-2.0/logout.c: * lasso/saml-2.0/name_id_management.c: handle new signature_status semantic. * lasso/saml-2.0/login.c: add internal documentation for lasso_saml20_login_process_authn_response_msg.
* lasso_saml20_profile_init_artifact_resolve(): check http_methodBenjamin Dauvergne2009-04-271-1/+3
| | | | | | | * lasso/saml-2.0/profile.c: check the given http_method it must one in - LASSO_HTTP_METHOD_ARTIFACT_POST, - LASSO_HTTP_METHOD_ARTIFACT_GET.
* SAML 2.0: Use new API lasso_url_add_parameterBenjamin Dauvergne2009-04-221-8/+2
| | | | | | * lasso/saml-2.0/profile.c: use new API lasso_url_add_parameter to handle RelayState parameter creation.
* SAML 2.0: Update generic relaystate handlingBenjamin Dauvergne2009-03-271-27/+10
| | | | | | | * lasso/saml-2.0/profile.c: in lasso_saml20_profile_build_redirect_request_msg and lasso_saml20_profile_build_redirect_response, use new function lasso_saml20_profile_build_http_redirect.
* SAML 2.0: add direct treatment of relaystate for HTTP-Redirect bindingBenjamin Dauvergne2009-03-271-0/+1
| | | | | | | | | | | | | | | | | | * lasso/saml-2.0/login.c: In lasso_saml20_login_process_authn_request_msg change handling of relayState do not rely upon parsing by the node object, but extract directly from the query string. Use new function lasso_get_relaystate_from_query. * lasso/saml-2.0/logout.c: In lasso_saml20_logout_process_request_msg change handling of relayState do not rely upon parsing by the node object, but extract directly from the query string. * lasso/saml-2.0/profile.c: In lasso_saml20_profile_init_artifact_resolve, add handling of the relayState transmitted to the assertion consumer URL. * lasso/saml-2.0/name_id_management.c: In lasso_name_id_management_process_request_msg change handling of relayState do not rely upon parsing by the node object, but extract directly from the query string.
* SAML 2.0: Add helper function to implement the HTTP-Redirect bindingBenjamin Dauvergne2009-03-271-1/+149
| | | | | | | | | | | | * lasso/saml-2.0/profile.c, lasso/saml-2.0/profileprivate.h: - remove_all_signature traverse a tree of LassoNode objects to unset all signature_type field in on nodes supporting signature generation. - lasso_saml20_profile_export_to_query does the job of generateing the url containing the message content and the relaystate, then sign it using lasso_query_sign. - lasso_saml20_profile_build_http_redirect use those two functions and the metadatas to build the signed redirect url.
* SAML 2.0: add internal generic implementationBenjamin Dauvergne2009-03-271-28/+861
| | | | | | | | | | | | | | | | | | | | | | | | | | * lasso/saml-2.0/profile.c: * lasso/saml-2.0/profileprivate.h: the current effort is to simplify implementation code in saml-2.0 and much of the other frameworks. Those new methods: lasso_saml20_init_request lasso_saml20_profile_process_name_identifier_decryption lasso_saml20_profile_process_soap_request lasso_saml20_profile_process_soap_response lasso_saml20_profile_process_any_request lasso_saml20_profile_process_any_response lasso_saml20_profile_setup_request_signing lasso_saml20_profile_build_request_msg lasso_saml20_profile_build_response lasso_saml20_profile_init_response should help reduce code in login.c, logout.c, name_id_management.c and assertion_query.c. They should also permit to make all profiles at the same level of binding support (GET,REDIRECT,POST,ARTIFACT_GET,ARTIFACT_POST). Those function centralize error code handling, initialization of commong class (LassoSamlp2StatusResponse and LassoSamlp2RequestAbstract) and also the handling of NameID decryption.
* Core: do not mix public and private headersBenjamin Dauvergne2009-03-271-0/+1
| | | | | * lots of files: explicitely load the internal header xml/private.h where needed.
* * Remove ending blanksBenjamin Dauvergne2008-09-121-5/+5
|
* * Remove warnings:Benjamin Dauvergne2008-09-121-1/+1
| | | | | | | | | | - remove unused parameter from private function signatures - remove unused variable - initialize variable potentially accessed uninitialized - add G_GNUC_UNUSED if function is public or adhering to an interface, and a parameter is unused. - if ID-WSF is not compiled in, define stubs with G_GNUC_UNUSED on parameters. The goal is to compile with -Werror.
* added a missing referenceDamien Laniel2008-05-211-2/+2
|
* added some more missing unreferenceDamien Laniel2008-05-211-0/+1
|
* * validate input in lasso_profile_is_saml_queryBenjamin Dauvergne2008-05-131-0/+1
|
* error checking when processing artifact response.Frederic Peters2007-10-191-2/+15
|
* updated Copyright dates in all filesDamien Laniel2007-05-301-1/+1
|
* removed memory leak (GPtrArray was not freed) by directly accessing assertionsFrederic Peters2007-01-031-19/+15
| | | | from their hash table instead of an intermediary GPtrArray.
* changed test against assertions which could yield a uselessFrederic Peters2006-12-271-4/+1
| | | | LASSO_ERROR_UNDEFINED
* fixed a few (harmless) warnings detected when compiling with -WallFrederic Peters2006-12-211-0/+1
| | | | -Wmissing-declarations -Wdeclaration-after-statement
* SAMLv2 compliance fix (mostly RelayState and affiliations related)Frederic Peters2006-12-071-7/+17
|
* re-enabling saml2 signature checkFrederic Peters2006-11-291-1/+0
|
* return -1 was not cuteDamien Laniel2006-11-241-1/+1
|
* Added an original node to encrypted elements, only in dumps, for the dump to ↵Damien Laniel2006-11-231-1/+35
| | | | be readable
* Encrypt and decrypt AssertionDamien Laniel2006-11-211-3/+0
|
* Replaced some LASSO_ERROR_UNDEFINED with real error codesDamien Laniel2006-11-141-2/+2
|
* fix saml2 artifact decodingFrederic Peters2006-11-031-4/+6
|
* new lasso_profile_is_saml_query functionFrederic Peters2006-11-021-0/+23
|
* include authentication statement in saml2 assertionFrederic Peters2006-10-301-0/+1
|
* saml2 artifacts include an endpoint index; fill it with 0 for the moment.Frederic Peters2006-10-301-4/+5
|
* use new error code for missing artifactFrederic Peters2006-10-291-1/+4
|
* starting SAML 2 logoutFrederic Peters2005-11-211-2/+2
|
* SAML 2.0 support (only web-sso for the moment)Frederic Peters2005-11-201-0/+277
generated by cgit (git 2.34.1) at 2024-10-03 02:46:53 +0000