From 3e87282db3c00bc18a72b43385b155c8213e599b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Wed, 6 Oct 2010 18:43:57 +0200
Subject: [docs lasso-book] add figures to the tarball
---
docs/lasso-book/figures/Makefile.am | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/lasso-book/figures/Makefile.am b/docs/lasso-book/figures/Makefile.am
index 4873db98..dd23b956 100644
--- a/docs/lasso-book/figures/Makefile.am
+++ b/docs/lasso-book/figures/Makefile.am
@@ -49,4 +49,5 @@ slo-sp-soap-4.svg: slo-sp-soap.svg step.xsl
slo-sp-soap-5.svg: slo-sp-soap.svg step.xsl
slo-sp-soap-6.svg: slo-sp-soap.svg step.xsl
-EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg
+EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg \
+ $(FIGURES_PNG_FILES) $(GENERATED_FIGURES_SVG_FILES)
--
cgit
From 6b2a21d116d9191eb5f27d204e5137465d6daa2e Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Thu, 7 Oct 2010 18:38:21 +0200
Subject: [core] adapt lasso_provider_get_assertion_consumer_service_url for
SAMLv2
---
lasso/id-ff/provider.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index fe3f42be..d7cf8810 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -145,6 +145,18 @@ lasso_provider_get_assertion_consumer_service_url(LassoProvider *provider, const
char *name = NULL;
char *assertion_consumer_service_url = NULL;
+ if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) {
+ int sid = -1;
+ if (service_id != NULL) {
+ if (lasso_string_to_xsd_integer(service_id, &sid)) {
+ if (sid < 0) {
+ sid = -1;
+ }
+ }
+ }
+ return lasso_saml20_provider_get_assertion_consumer_service_url(provider, sid);
+ }
+
if (service_id == NULL)
service_id = provider->private_data->default_assertion_consumer;
name = g_strdup_printf("AssertionConsumerServiceURL %s", service_id);
--
cgit
From 4bf2a6c0c02629f87990f7e7436b2685953267d3 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Thu, 7 Oct 2010 18:39:06 +0200
Subject: [SAMLv2] fix bad double free bug in
lasso_saml20_provider_get_assertion_consumer_service_url_by_binding
---
lasso/saml-2.0/provider.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 15cf2a81..3d62ba4d 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -690,7 +690,7 @@ lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(LassoProvide
lasso_strisequal(endpoint_type->kind,kind) &&
lasso_strisequal(endpoint_type->binding,binding))
{
- return endpoint_type->url;
+ return g_strdup(endpoint_type->url);
}
}
return NULL;
--
cgit
From 3872f17fcd7b07727e7a7a28f7749c850f0495b8 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Thu, 7 Oct 2010 18:48:28 +0200
Subject: [SAMLv2] handle unknown provider in artifact resolve, and also alow
to ignore signature validation
In lasso_saml20_profile_process_artifact_resolve, we know take a short
path with an error when the remote provider is unknown and we also
respect the lasso_profile_get_signature_verify_hint() when checking the
signature on the artifact resolve message.
---
lasso/saml-2.0/profile.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 18f7d64c..40f6fe89 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -345,6 +345,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
{
LassoProvider *remote_provider;
int rc = 0;
+ LassoProfileSignatureVerifyHint sig_verify_hint;
/* FIXME: parse only one time the message, reuse the parsed document for signature
* validation */
@@ -355,13 +356,21 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
if (! LASSO_IS_SAMLP2_ARTIFACT_RESOLVE(profile->request)) {
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
+ lasso_assign_string(profile->private_data->artifact,
+ LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
+
+ sig_verify_hint = lasso_profile_get_signature_verify_hint(profile);
lasso_assign_string(profile->remote_providerID, LASSO_SAMLP2_REQUEST_ABSTRACT(
profile->request)->Issuer->content);
remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
- profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
- LASSO_MESSAGE_FORMAT_SOAP);
+ goto_cleanup_if_fail_with_rc(remote_provider, LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER);
+
+ if (sig_verify_hint != LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) {
+ profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
+ LASSO_MESSAGE_FORMAT_SOAP);
+ }
switch (lasso_profile_get_signature_verify_hint(profile)) {
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
@@ -374,9 +383,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
break;
}
- lasso_assign_string(profile->private_data->artifact,
- LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
-
+cleanup:
return rc;
}
--
cgit
From 270f1743f0dd1bc9ce90fbc7afa69c39de4d1846 Mon Sep 17 00:00:00 2001
From: Jérôme Schneider
Date: Wed, 6 Oct 2010 17:37:37 +0200
Subject: Add missing include
---
lasso/saml-2.0/provider.c | 2 ++
lasso/xml/xml.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 3d62ba4d..67ecc9f8 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -24,6 +24,8 @@
#define _POSIX_SOURCE
+#include
+
#include "../xml/private.h"
#include
#include
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index e143bbff..c43608b3 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -33,7 +33,7 @@
#include "private.h"
#include
-
+#include
#include
#include
--
cgit
From 758fe88dada513c9a3d50adf091318b10cc8b165 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Fri, 8 Oct 2010 14:10:26 +0200
Subject: [xml] fix waring on use of strndup on pardus
---
lasso/xml/xml.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index c43608b3..0251d479 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -31,9 +31,12 @@
*
*/
+#define _GNU_SOURCE /* for use of strndup */
+
#include "private.h"
#include
#include
+#include
#include
#include
--
cgit
From 0325ce08670e9b5429dd2463266d2c0f89044f5b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Mon, 4 Oct 2010 14:30:15 +0200
Subject: Update release notes and website for release 2.3.4
---
NEWS | 22 ++++++++++++++++++++++
lasso.doap | 4 ++++
website/web/doap.rdf | 4 ++++
website/web/download/index.xml | 2 +-
website/web/index.xml | 7 +++----
website/web/news/18-release-2.3.4.xml | 16 ++++++++++++++++
6 files changed, 50 insertions(+), 5 deletions(-)
create mode 100644 website/web/news/18-release-2.3.4.xml
diff --git a/NEWS b/NEWS
index 25b8d386..6b84baa9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,28 @@
NEWS
====
+2.3.4 - Otober 8th 2010
+-----------------------
+
+14 commits, 10 files changed, 199 insertions, 49 deletions
+
+Generic
+ * fix warning for compiling on pardus and EL5
+ * the release tarball now contains the figures for the documentation
+ * lasso_login_process_authn_request documentation gained details on returned errors
+
+SAMLv2:
+ * report unknown provider instead an error on parameter value when resolving
+ and artifact in an assertionConsumer endpoint and the provider is not
+ registered into the server object.
+ * lasso_provider_get_assertion_consumer_url now use specific SAMLv2 methods
+ * fixed a bug in the ordering of indexed endpoints which produced error when
+ looking up the defualt assertion consumer. It also improved ordering in
+ presence of the attribute isDefault="false".
+
+ID-FFv1.2:
+ * respect the signature verify hint when handling authn requests
+
2.3.3 - October 1st 2010
------------------------
diff --git a/lasso.doap b/lasso.doap
index 81d9fe85..0c92cd39 100644
--- a/lasso.doap
+++ b/lasso.doap
@@ -61,6 +61,10 @@
+
+ 2010-10-08
+ 2.3.4
+
2010-10-01
2.3.3
diff --git a/website/web/doap.rdf b/website/web/doap.rdf
index 81d9fe85..0c92cd39 100644
--- a/website/web/doap.rdf
+++ b/website/web/doap.rdf
@@ -61,6 +61,10 @@
+
+ 2010-10-08
+ 2.3.4
+
2010-10-01
2.3.3
diff --git a/website/web/download/index.xml b/website/web/download/index.xml
index df890276..e4fd34fc 100644
--- a/website/web/download/index.xml
+++ b/website/web/download/index.xml
@@ -10,7 +10,7 @@
Lasso is licensed under the GNU GPL and the latest release
is available here as a gzipped tarball:
- lasso-2.3.2.tar.gz
+ lasso-2.3.4.tar.gz
Binary Downloads
diff --git a/website/web/index.xml b/website/web/index.xml
index cf2e521d..d3d65f5c 100644
--- a/website/web/index.xml
+++ b/website/web/index.xml
@@ -46,10 +46,9 @@
- The most recent version of Lasso is 2.3.3. You can
- download
- the 2.3.2 tarball here or get more options on the general 2.3.4. You can
+ download
+ the 2.3.4 tarball here or get more options on the general download page.
diff --git a/website/web/news/18-release-2.3.4.xml b/website/web/news/18-release-2.3.4.xml
new file mode 100644
index 00000000..cb493266
--- /dev/null
+++ b/website/web/news/18-release-2.3.4.xml
@@ -0,0 +1,16 @@
+
+
+
2010-10-08: Released 2.3.4
+
+
+ Lasso 2.3.4 have been released.
+ Download 2.3.4 now
+
+
+
+ What changed ?
+ Fix bug on ordering of assertionConsumer endpoints, and problem of
+ compilation on Pardus and EL5 distributions.
+
+
+
--
cgit