| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
response signature if forbidden
- build_response_msg will report signature error in response status
code when called without an initialized response (without a call to
validate_request)
- process_response_msg now use
lasso_saml20_profile_check_signature_status to check the signature
status only if permitted.
|
| |
|
|
|
|
|
|
| |
And also handle the signature verification hint. If process_msg fails,
you must just call build_response_msg directly.
Only check the signature on the response if asked, most applications
should not care.
|
| |
|
|
|
|
|
|
| |
The check was missing for processing of logout requests, name id
management request and assertion query responses.
A new internal function lasso_saml20_profile_check_signature_status is
added.
|
| |
|
|
|
|
| |
Code in core source file which depend upon ID-WSF symbols have been
conditionalized, and each id-wsf source file now include directly its
need string header.
|
| |
|
|
| |
It is mandated by the specification.
|
| |\ |
|
| | |
| |
| |
| | |
Report detailf of the failure through warning log.
|
| | |
| |
| |
| | |
lasso specific status code
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
binding
Previously content was stored as the result of lasso_node_dump method
then reloaded, and then serialized again as part of the ArtifactResponse
message. lasso_node_dump was ignoring all hint to sign node, but keeping
the needed parameters around. That's not what must be done, the
signature should happen at the generation of the artifact and the result
must manipulated as is (i.e. XML content) and never moved back to the
land of LassoNode objects.
Now the content is:
- first removed of any signature at the message level, because the
ArtifactResponse will take care of this, (any signature under this
level (like at the assertion) is kept),
- serialized using lasso_node_export_to_xml,
- reloaded using lasso_xml_parse_memory,
- and put into the ArtifactResponse using a
lasso_misc_text_node_new_with_xml_node.
|
| | |
| |
| |
| | |
It is only used in lasso/saml-2.0/profile.c anyway.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Generic signature parameters (attached as qdata to nodes) is now
reloaded when initializing a node from XML for a node type with a
signature snippet in its metadatas.
It fixes the problematic usage of ciphered private keys with the
HTTP-Artifact binding (which needs to keep a copy of the AuthnResponse
around and to sign it later).
|
| | |
| |
| |
| |
| | |
This function does integer parsing and range checks, it returns TRUE if
all goes well.
|
| | |
| |
| |
| |
| |
| | |
enumerations
It helps making range checks.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add string constants for signature method, signature type, private key
(file path or content), private key password and certificate (file path
or content).
Add cast for xmlChar constant strings definition in python bindings, it
assumed all constant strings were char*.
|
| | | |
|
| | |
| |
| |
| | |
This is really not supported by the SAMLv2 protocol.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
direct use of lasso_provider_get_metadata_one_for_role
The first is trying to use provider->role to know which kind of role
descriptor to lookup, but for the server object this field is 0 and when
building authn request we know that we want our default NameIDFormat for
the SP sso descriptor.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The new way of storing endpoints allows to keep ordering between
endpoints with respect to the order of the index and isDefault field for
indexed endpoint type, and to the XML node orders for other endpoints.
It also simplifies the code.
|
| | |
| |
| |
| | |
The contained string must be disallocated if the object is destroyed.
|
| | |
| |
| |
| |
| | |
This new C structure will allow to filter ID-FFv1.2 and SAMLv2 endpoints
more easily.
|
| | |
| |
| |
| |
| | |
This commit also reject negative integers from being parsed (all integers
in SAMLv2 and ID-FFv1.2 schemas are positive integers).
|
| | |
| |
| |
| |
| |
| | |
INVALID_REQUEST not NO_DEFAULT_ENDPOINT
This is the right status to return.
|
| |/
|
|
| |
This change broke the API, revert it.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic is now simpler:
- first lasso_saml20_profile_process_any_response check the signature
on the message
- then lasso_saml20_login_process_response_status_and_assertion
traverse all the assertions:
- if the message is signed all assertion from the same issuer are
automatically accepted,
- if the message is not signed, or the signature validation failed,
or the assertion has a different issuer than the message, we check
the signature directly on the assertion. If any of the assertions
fails the signature check, the result will be
LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE.
The public field profile->signature_status will contain only the message
level signature status, each assertion signature status is not
accessible. That will change when signature and key handling is
reworked.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
assertion need to be signed
If the message is signed, the assertion is also covered, but if only the
assertion is signed, there is no error to report. If the caller ask for
forcing the validation of message signature, then we report an error.
This commit also add checking for the binding used, if it is not
HTTP-Post lasso_login_process_authn_response_msg will now report an
error.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* support private key with new internal API in signature setting
methods
Plug lasso_node_set_signature into
lasso_profile_saml20_setup_message_signature and
lasso_server_saml2_assertion_setup_signature.
* also use lasso_node_get_signature in has_signature
* add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch
cases
For AuthnResponse checking the semantic is now that if HINT_FORCE is
used we verify message signature *and* assertion signature. If
HINT_MAYBE is used we check the assertion signature if its issuer
differs from the message issuer.
|
| |
|
|
| |
lasso_node_export_to_query_with_password
|
| |
|
|
|
|
|
|
|
|
|
|
| |
parameters
The node containing signature do not handle the private keys passwords.
As the fields for signature parameters are part of the public ABI we
cannot add the password field to the public structure for those nodes.
Instead we use the new quark annotation accessed through
lasso_node_get/set_signature, and if the sign_type parameter is non-NULL
we use it instead of the parameters stored in the public structure.
This is a gross hack :( but at least it is documented.
|
| | |
|
| | |
|
| |
|
|
| |
We force use of the password through a custom OpenSSL password callback.
|
