1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
/* $Id$
*
* Lasso - A free implementation of the Liberty Alliance specifications.
*
* Copyright (C) 2004 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: Nicolas Clapies <nclapies@entrouvert.com>
* Valery Febvre <vfebvre@easter-eggs.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <lasso/xml/lib_assertion.h>
/*
Authentication assertions provided in an <AuthnResponse> element MUST be of
type AssertionType, which is an extension of saml:AssertionType, so that the
RequestID attribute from the original <AuthnRequest> MAY be included in the
InResponseTo attribute in the <Assertion> element. This is done because it is
not required that the <AuthnResponse> element itself be signed. Instead, the
individual <Assertion> elements contained MUST each be signed. Note that it is
optional for the InResponseTo to be present. Its absence indicates that the
<AuthnResponse> has been unilaterally sent by the identity provider without a
corresponding <AuthnRequest> message from the service provider. If the
attribute is present, it MUST be set to the RequestID of the original
<AuthnRequest>.
The schema fragment is as follows:
<xs:element name="Assertion" type="AssertionType" substitutionGroup="saml:Assertion" />
<xs:complexType name="AssertionType">
<xs:complexContent>
<xs:extension base="saml:AssertionType">
<xs:attribute name="InResponseTo" type="xs:NCName" use="optional"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
*/
/*****************************************************************************/
/* public methods */
/*****************************************************************************/
void
lasso_lib_assertion_set_inResponseTo(LassoLibAssertion *node,
const xmlChar *inResponseTo)
{
LassoNodeClass *class;
g_assert(LASSO_IS_LIB_ASSERTION(node));
g_assert(inResponseTo != NULL);
class = LASSO_NODE_GET_CLASS(node);
class->set_prop(LASSO_NODE (node), "InResponseTo", inResponseTo);
}
/*****************************************************************************/
/* instance and class init functions */
/*****************************************************************************/
static void
lasso_lib_assertion_instance_init(LassoLibAssertion *node)
{
LassoNodeClass *class = LASSO_NODE_GET_CLASS(LASSO_NODE(node));
class->set_ns(LASSO_NODE(node), lassoLibHRef, lassoLibPrefix);
class->set_name(LASSO_NODE(node), "Assertion");
}
static void
lasso_lib_assertion_class_init(LassoLibAssertionClass *klass) {
}
GType lasso_lib_assertion_get_type() {
static GType this_type = 0;
if (!this_type) {
static const GTypeInfo this_info = {
sizeof (LassoLibAssertionClass),
NULL,
NULL,
(GClassInitFunc) lasso_lib_assertion_class_init,
NULL,
NULL,
sizeof(LassoLibAssertion),
0,
(GInstanceInitFunc) lasso_lib_assertion_instance_init,
};
this_type = g_type_register_static(LASSO_TYPE_SAML_ASSERTION,
"LassoLibAssertion",
&this_info, 0);
}
return this_type;
}
LassoNode* lasso_lib_assertion_new() {
return LASSO_NODE(g_object_new(LASSO_TYPE_LIB_ASSERTION, NULL));
}
|