27
27
#include <lasso/saml-2.0/providerprivate.h>
28
28
#include <lasso/saml-2.0/profileprivate.h>
29
#include <lasso/saml-2.0/profile.h>
30
31
#include <lasso/id-ff/providerprivate.h>
31
32
#include <lasso/id-ff/profile.h>
38
39
#include <lasso/xml/saml-2.0/samlp2_name_id_mapping_response.h>
39
40
#include <lasso/xml/saml-2.0/samlp2_status_response.h>
40
41
#include <lasso/xml/saml-2.0/samlp2_response.h>
42
#include <lasso/xml/saml-2.0/saml2_assertion.h>
43
44
static char* lasso_saml20_profile_build_artifact(LassoProvider *provider);
73
74
lasso_saml20_profile_build_artifact(LassoProvider *provider)
75
xmlSecByte samlArt[42], *b64_samlArt;
76
xmlSecByte samlArt[44], *b64_samlArt;
76
77
char *source_succinct_id;
81
82
/* Artifact Format is described in saml-bindings-2.0-os, 3.6.4.2. */
82
83
memcpy(samlArt, "\000\004", 2); /* type code */
83
memcpy(samlArt+2, source_succinct_id, 20);
84
lasso_build_random_sequence((char*)samlArt+22, 20);
84
memcpy(samlArt+2, "\000\000", 2); /* XXX: Endpoint index */
85
memcpy(samlArt+4, source_succinct_id, 20);
86
lasso_build_random_sequence((char*)samlArt+24, 20);
86
88
xmlFree(source_succinct_id);
87
b64_samlArt = xmlSecBase64Encode(samlArt, 42, 0);
89
b64_samlArt = xmlSecBase64Encode(samlArt, 44, 0);
89
91
ret = g_strdup((char*)b64_samlArt);
90
92
xmlFree(b64_samlArt);
102
104
status->StatusCode->Value = g_strdup(status_code_value);
104
106
if (strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_SUCCESS) != 0 &&
105
strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_VERSION_MISMATCH) != 0) {
107
strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_VERSION_MISMATCH) != 0 &&
108
strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_REQUESTER) != 0) {
106
109
status->StatusCode->Value = g_strdup(LASSO_SAML2_STATUS_CODE_RESPONDER);
107
110
status->StatusCode->StatusCode = LASSO_SAMLP2_STATUS_CODE(
108
111
lasso_samlp2_status_code_new());
133
136
char **query_fields;
134
137
char *artifact_b64 = NULL, *provider_succinct_id_b64;
135
138
char provider_succinct_id[21];
137
140
LassoSamlp2RequestAbstract *request;
140
143
if (method == LASSO_HTTP_METHOD_ARTIFACT_GET) {
141
144
query_fields = urlencoded_to_strings(msg);
142
145
for (i=0; query_fields[i]; i++) {
143
if (strncmp(query_fields[i], "SAMLArt=", 8) != 0) {
146
if (strncmp(query_fields[i], "SAMLart=", 8) != 0) {
144
147
xmlFree(query_fields[i]);
148
151
xmlFree(query_fields[i]);
150
153
g_free(query_fields);
154
if (artifact_b64 == NULL) {
155
return LASSO_PROFILE_ERROR_MISSING_ARTIFACT;
152
158
artifact_b64 = g_strdup(msg);
155
i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 43);
156
if (i < 0 || i > 42) {
161
i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 45);
162
if (i < 0 || i > 44) {
157
163
g_free(artifact_b64);
158
return LASSO_ERROR_UNDEFINED;
164
return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
161
167
if (artifact[0] != 0 || artifact[1] != 4) { /* wrong type code */
162
168
g_free(artifact_b64);
163
return LASSO_ERROR_UNDEFINED;
169
return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
166
memcpy(provider_succinct_id, artifact+2, 20);
172
/* XXX: index endpoint */
174
memcpy(provider_succinct_id, artifact+4, 20);
167
175
provider_succinct_id[20] = 0;
169
177
provider_succinct_id_b64 = (char*)xmlSecBase64Encode((xmlChar*)provider_succinct_id, 20, 0);
232
240
lasso_saml20_profile_build_artifact_response(LassoProfile *profile)
234
242
LassoSamlp2StatusResponse *response;
235
LassoNode *resp = lasso_node_new_from_dump(profile->private_data->artifact_message);
237
return LASSO_ERROR_UNDEFINED;
243
LassoNode *resp = NULL;
239
246
response = LASSO_SAMLP2_STATUS_RESPONSE(lasso_samlp2_artifact_response_new());
240
LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any = resp;
247
if (profile->private_data->artifact_message) {
248
resp = lasso_node_new_from_dump(profile->private_data->artifact_message);
249
LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any = resp;
241
251
response->ID = lasso_build_unique_id(32);
242
252
response->Version = g_strdup("2.0");
243
253
response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
253
263
response->private_key_file = g_strdup(profile->server->private_key);
254
264
response->certificate_file = g_strdup(profile->server->certificate);
266
profile->response = LASSO_NODE(response);
256
profile->response = LASSO_NODE(response);
257
lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS);
269
lasso_saml20_profile_set_response_status(profile,
270
LASSO_SAML2_STATUS_CODE_REQUESTER);
272
lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS);
259
274
profile->msg_body = lasso_node_export_to_soap(profile->response);
268
283
response = lasso_node_new_from_soap(msg);
269
284
/* XXX: check status code */
271
285
profile->response = g_object_ref(LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any);
272
286
lasso_node_destroy(response);
292
* lasso_saml20_profile_is_saml_query:
293
* @query: HTTP query string
295
* Tests the query string to know if the URL is called as the result of a
296
* SAML redirect (action initiated elsewhere) or not.
298
* Return value: TRUE if SAML query, FALSE otherwise
301
lasso_profile_is_saml_query(const gchar *query)
303
gchar *parameters[] = {
304
"SAMLRequest=", "SAMLResponse=", "SAMLart=", NULL };
307
for (i=0; parameters[i]; i++) {
308
if (strstr(query, parameters[i]))
317
lasso_saml20_profile_set_session_from_dump_decrypt(
318
gpointer key, LassoSaml2Assertion *assertion, gpointer data)
320
if (LASSO_IS_SAML2_ASSERTION(assertion) == FALSE) {
324
if (assertion->Subject != NULL && assertion->Subject->EncryptedID != NULL) {
325
assertion->Subject->NameID = LASSO_SAML2_NAME_ID(
326
assertion->Subject->EncryptedID->original_data);
327
assertion->Subject->EncryptedID = NULL;
332
lasso_saml20_profile_set_session_from_dump(LassoProfile *profile)
334
if (profile->session != NULL && profile->session->assertions != NULL) {
335
g_hash_table_foreach(profile->session->assertions,
336
(GHFunc)lasso_saml20_profile_set_session_from_dump_decrypt,