1
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
5
<title>LassoLogin</title>
6
<meta name="generator" content="DocBook XSL Stylesheets V1.75.2">
7
<link rel="home" href="index.html" title="Lasso Reference Manual">
8
<link rel="up" href="idff.html" title="Identity Federation Framework - ID-FF 1.2 profiles">
9
<link rel="prev" href="idff.html" title="Identity Federation Framework - ID-FF 1.2 profiles">
10
<link rel="next" href="lasso-LassoLogout.html" title="LassoLogout">
11
<meta name="generator" content="GTK-Doc V1.17 (XML mode)">
12
<link rel="stylesheet" href="style.css" type="text/css">
14
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
15
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2">
17
<td><a accesskey="p" href="idff.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
18
<td><a accesskey="u" href="idff.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
19
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
20
<th width="100%" align="center">Lasso Reference Manual</th>
21
<td><a accesskey="n" href="lasso-LassoLogout.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
23
<tr><td colspan="5" class="shortcuts">
24
<a href="#lasso-login.synopsis" class="shortcut">Top</a>
26
<a href="#lasso-login.description" class="shortcut">Description</a>
29
<div class="refentry">
30
<a name="lasso-login"></a><div class="titlepage"></div>
31
<div class="refnamediv"><table width="100%"><tr>
33
<h2><span class="refentrytitle"><a name="lasso-login.top_of_page"></a>LassoLogin</span></h2>
34
<p>LassoLogin — Single Sign-On and Federation Profile</p>
36
<td valign="top" align="right"></td>
38
<div class="refsynopsisdiv">
39
<a name="lasso-login.synopsis"></a><h2>Synopsis</h2>
40
<pre class="synopsis">enum <a class="link" href="lasso-login.html#LassoLoginProtocolProfile" title="enum LassoLoginProtocolProfile">LassoLoginProtocolProfile</a>;
41
struct <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin">LassoLogin</a>;
42
<a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * <a class="link" href="lasso-login.html#lasso-login-new" title="lasso_login_new ()">lasso_login_new</a> (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>);
43
<a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * <a class="link" href="lasso-login.html#lasso-login-new-from-dump" title="lasso_login_new_from_dump ()">lasso_login_new_from_dump</a> (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>,
44
<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *dump</code></em>);
45
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-accept-sso" title="lasso_login_accept_sso ()">lasso_login_accept_sso</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
46
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-artifact-msg" title="lasso_login_build_artifact_msg ()">lasso_login_build_artifact_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
47
<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);
48
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()">lasso_login_build_assertion</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
49
<em class="parameter"><code>const <span class="type">char</span> *authenticationMethod</code></em>,
50
<em class="parameter"><code>const <span class="type">char</span> *authenticationInstant</code></em>,
51
<em class="parameter"><code>const <span class="type">char</span> *reauthenticateOnOrAfter</code></em>,
52
<em class="parameter"><code>const <span class="type">char</span> *notBefore</code></em>,
53
<em class="parameter"><code>const <span class="type">char</span> *notOnOrAfter</code></em>);
54
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-authn-request-msg" title="lasso_login_build_authn_request_msg ()">lasso_login_build_authn_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
55
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-authn-response-msg" title="lasso_login_build_authn_response_msg ()">lasso_login_build_authn_response_msg</a>
56
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
57
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-request-msg" title="lasso_login_build_request_msg ()">lasso_login_build_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
58
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-response-msg" title="lasso_login_build_response_msg ()">lasso_login_build_response_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
59
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);
60
<span class="returnvalue">void</span> <a class="link" href="lasso-login.html#lasso-login-destroy" title="lasso_login_destroy ()">lasso_login_destroy</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
61
<a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="returnvalue">gchar</span></a> * <a class="link" href="lasso-login.html#lasso-login-dump" title="lasso_login_dump ()">lasso_login_dump</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
62
<a class="link" href="lasso-node.html#LassoNode" title="struct LassoNode"><span class="returnvalue">LassoNode</span></a> * <a class="link" href="lasso-login.html#lasso-login-get-assertion" title="lasso_login_get_assertion ()">lasso_login_get_assertion</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
63
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()">lasso_login_init_authn_request</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
64
<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>,
65
<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);
66
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-init-idp-initiated-authn-request" title="lasso_login_init_idp_initiated_authn_request ()">lasso_login_init_idp_initiated_authn_request</a>
67
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
68
<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);
69
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()">lasso_login_init_request</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
70
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>,
71
<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> response_http_method</code></em>);
72
<a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> <a class="link" href="lasso-login.html#lasso-login-must-ask-for-consent" title="lasso_login_must_ask_for_consent ()">lasso_login_must_ask_for_consent</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
73
<a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> <a class="link" href="lasso-login.html#lasso-login-must-authenticate" title="lasso_login_must_authenticate ()">lasso_login_must_authenticate</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);
74
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-authn-request-msg" title="lasso_login_process_authn_request_msg ()">lasso_login_process_authn_request_msg</a>
75
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
76
<em class="parameter"><code>const <span class="type">char</span> *authn_request_msg</code></em>);
77
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-authn-response-msg" title="lasso_login_process_authn_response_msg ()">lasso_login_process_authn_response_msg</a>
78
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
79
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *authn_response_msg</code></em>);
80
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-paos-response-msg" title="lasso_login_process_paos_response_msg ()">lasso_login_process_paos_response_msg</a>
81
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
82
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *msg</code></em>);
83
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-request-msg" title="lasso_login_process_request_msg ()">lasso_login_process_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
84
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *request_msg</code></em>);
85
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-response-msg" title="lasso_login_process_response_msg ()">lasso_login_process_response_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
86
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>);
87
<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-validate-request-msg" title="lasso_login_validate_request_msg ()">lasso_login_validate_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
88
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> authentication_result</code></em>,
89
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> is_consent_obtained</code></em>);
92
<div class="refsect1">
93
<a name="lasso-login.description"></a><h2>Description</h2>
95
The Single Sign On process allows a user to log in once to an identity
96
provider (IdP), and to be then transparently loged in to the required
97
service providers (SP) belonging to the IP "circle of trust". Subordinating
98
different identities of the same user within a circle of trust to a unique
99
IP is called "Identity Federation". The liberty Alliance specifications
100
allows, thanks to this federation, strong and unique authentication coupled
101
with control by the user of his personal informations. The explicit user
102
agreement is necessary before proceeding to Identity Federation.
107
The service provider must implement the following process:
109
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
110
<li class="listitem"><p>creating an authentication request with
111
<a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()"><code class="function">lasso_login_init_authn_request()</code></a>;</p></li>
112
<li class="listitem"><p>sending it to the identity provider with
113
<a class="link" href="lasso-login.html#lasso-login-build-authn-request-msg" title="lasso_login_build_authn_request_msg ()"><code class="function">lasso_login_build_authn_request_msg()</code></a>;</p></li>
114
<li class="listitem">
115
<p>receiving and processing the answer:
117
<div class="itemizedlist"><ul class="itemizedlist" type="circle">
118
<li class="listitem">either an authentication response with
119
<a class="link" href="lasso-login.html#lasso-login-process-authn-response-msg" title="lasso_login_process_authn_response_msg ()"><code class="function">lasso_login_process_authn_response_msg()</code></a>
121
<li class="listitem">or an artifact with <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> then sending the
122
request to the IdP with <a class="link" href="lasso-login.html#lasso-login-build-request-msg" title="lasso_login_build_request_msg ()"><code class="function">lasso_login_build_request_msg()</code></a> and processing the
123
new answer with <a class="link" href="lasso-login.html#lasso-login-process-response-msg" title="lasso_login_process_response_msg ()"><code class="function">lasso_login_process_response_msg()</code></a>.</li>
135
<p>Our first example shows how to initiate a request toward an ID-FF 1.2 or SAML 2.0 identity
136
provider. It supposes that we already initialized a <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> object with the metadatas or our
137
provider (and its private key if we want to sign the request), and that we added the metadatas of
138
the targetted IdP with the method <a class="link" href="lasso-LassoServer.html#lasso-server-add-provider" title="lasso_server_add_provider ()"><code class="function">lasso_server_add_provider()</code></a>. </p>
143
<div class="example">
144
<a name="id3165200"></a><p class="title"><b>Example 1. Service Provider Login URL</b></p>
145
<div class="example-contents"><pre class="programlisting">
147
int rc; // hold return codes
149
login = lasso_login_new(server);
150
rc = lasso_login_init_authn_request(login, "http://identity-provider-id/",
151
LASSO_HTTP_METHOD_REDIRECT);
153
... // handle errors, most of them are related to bad initialization
156
// customize AuthnRequest
157
// protocolProfile is the protocolProfile of the provider http://identity-provider-id/
158
if (protocolProfile == LASSO_LIBERTY_1_2) {
159
LassoLibAuthnRequest *request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request);
160
request->NameIDPolicy = strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
161
request->ForceAuthn = TRUE;
162
request->IsPassive = FALSE;
163
// tell the IdP how to return the response
164
request->ProtocolProfile = strdup(LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART);
165
} else if (protocolProfile == LASSO_SAML_2_0) {
166
LassoSamlp2AuthnRequest *request = LASSO_SAMLP2_AUTHN_REQUEST(LASSO_PROFILE(login)->request);
167
if (request->NameIDPolicy->Format) {
168
g_free(request->NameIDPolicy->Format);
170
request->NameIDPolicy->Format = g_strdup(LASSO_NAME_IDENTIFIER_FORMAT_PERSISTENT);
171
// Allow creation of new federation
173
request->NameIDPolicy->AllowCreate = 1;
174
request->ForceAuthn = TRUE;
175
request->IsPassive = FALSE;
176
// tell the IdP how to return the response
177
if (request->ProtocolBinding) {
178
g_free(request->ProtocolBinding);
180
// here we expect an artifact response, it could be post, redirect or PAOS.
181
request->ProtocolBinding = g_strdup(LASSO_SAML2_METADATA_BINDING_ARTIFACT);
183
// Lasso will choose whether to sign the request by looking at the IdP
184
// metadatas and at our metadatas, but you can always force him to sign or to
185
// not sign using the method lasso_profile_set_signature_hint() on the
186
// LassoLogin object.
188
rc = lasso_login_build_authn_request_msg(login);
190
.... // handle errors
191
// could be that the requested binding (POST, Redirect, etc..) is not supported (LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE)
192
// or that we could not sign the request (LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED).
195
// redirect user to identity provider
196
// we chose the Redirect binding, so we have to generate a redirect HTTP response to the URL returned by Lasso
197
printf("Location: %s\n\nRedirected to IdP\n", LASSO_PROFILE(login)->msg_url);
200
<p><br class="example-break">
204
<p>Next example shows how to receive the response from the identity
205
provider for ID-FF 1.2.</p>
210
<div class="example">
211
<a name="id3165268"></a><p class="title"><b>Example 2. Service Provider Assertion Consumer Service URL for ID-FF 1.2</b></p>
212
<div class="example-contents"><pre class="programlisting">
214
char *request_method = getenv("REQUEST_METHOD");
215
char *artifact_msg = NULL, *lares = NULL, *lareq = NULL;
216
char *name_identifier;
217
lassoHttpMethod method;
220
login = lasso_login_new(server);
221
if (strcmp(request_method, "GET") == 0) {
222
artifact_msg = getenv("QUERY_STRING");
223
method = LASSO_HTTP_METHOD_REDIRECT;
225
// read submitted form; if it has a LAREQ field, put it in lareq,
226
// if it has a LARES field, put it in lares
228
artifact_msg = lareq;
230
response_msg = lares;
234
method = LASSO_HTTP_METHOD_POST;
238
// we received an artifact response,
239
// it means we did not really receive the response,
240
// only a token to redeem the real response from the identity
241
// provider through a SOAP resolution call
242
rc = lasso_login_init_request(login, artifact_msg, method);
245
// there is usually no error at this step, only
246
// if the IdP response is malformed
248
rc = lasso_login_build_request_msg(login);
251
// as for AuthnRequest generation, it generally is caused
252
// by a bad initialization like an impossibility to load
255
// makes a SOAP call, soap_call is NOT a Lasso function
256
soap_answer_msg = soap_call(LASSO_PROFILE(login)->msg_url,
257
LASSO_PROFILE(login)->msg_body);
258
rc = lasso_login_process_response_msg(login, soap_answer_msg);
261
// here you can know if the IdP refused the request,
263
} else if (response_msg) {
264
lasso_login_process_authn_response_msg(login, response_msg);
267
// looks up name_identifier in local file, database, whatever and gets back
268
// two things: identity_dump and session_dump
269
name_identifier = LASSO_PROFILE(login)->nameIdentifier
270
lasso_profile_set_identity_from_dump(LASSO_PROFILE(login), identity_dump);
271
lasso_profile_set_session_from_dump(LASSO_PROFILE(login), session_dump);
273
lasso_login_accept_sso(login);
275
if (lasso_profile_is_identity_dirty(LASSO_PROFILE(login))) {
276
LassoIdentity *identity;
278
identity = lasso_profile_get_identity(LASSO_PROFILE(login));
279
identity_dump = lasso_identity_dump(identity);
280
// record identity_dump in file, database...
283
if (lasso_profile_is_session_dirty(LASSO_PROFILE(login))) {
284
LassoSession *session;
286
session = lasso_profile_get_session(LASSO_PROFILE(login));
287
session_dump = lasso_session_dump(session);
288
// record session_dump in file, database...
291
// redirect user anywhere
292
printf("Location: %s\n\nRedirected to site root\n", login->msg_url);
295
<p><br class="example-break">
299
<p>The implement an IdP you must create a single sign-on service endpoint, the needed APIs for
300
this are <a class="link" href="lasso-login.html#lasso-login-process-authn-request-msg" title="lasso_login_process_authn_request_msg ()"><code class="function">lasso_login_process_authn_request_msg()</code></a>, <a class="link" href="lasso-login.html#lasso-login-validate-request-msg" title="lasso_login_validate_request_msg ()"><code class="function">lasso_login_validate_request_msg()</code></a>,
301
<a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()"><code class="function">lasso_login_build_assertion()</code></a>, <a class="link" href="lasso-login.html#lasso-login-build-authn-response-msg" title="lasso_login_build_authn_response_msg ()"><code class="function">lasso_login_build_authn_response_msg()</code></a> and
302
<a class="link" href="lasso-login.html#lasso-login-build-artifact-msg" title="lasso_login_build_artifact_msg ()"><code class="function">lasso_login_build_artifact_msg()</code></a>. You will have to chose between
303
<a class="link" href="lasso-login.html#lasso-login-build-authn-response-msg" title="lasso_login_build_authn_response_msg ()"><code class="function">lasso_login_build_authn_response_msg()</code></a> and <a class="link" href="lasso-login.html#lasso-login-build-artifact-msg" title="lasso_login_build_artifact_msg ()"><code class="function">lasso_login_build_artifact_msg()</code></a> depending on the
304
requested protocol for the response by the service provider</p>
309
<div class="example">
310
<a name="id3156102"></a><p class="title"><b>Example 3. Identity provider single sign-on service</b></p>
311
<div class="example-contents"><pre class="programlisting">
313
char *request_method = getenv("REQUEST_METHOD");
314
char *artifact_msg = NULL, *lares = NULL, *lareq = NULL;
315
char *name_identifier;
316
lassoHttpMethod method;
319
login = lasso_login_new(server);
320
if (strcmp(request_method, 'GET')) { // AuthnRequest send with the HTTP-Redirect binding
322
lasso_profile_set_signature_verify_hint(LASSO_PROFILE(login),
323
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);
324
rc = lasso_process_authn_request_msg(login, getenv("QUERY_STRING"));
334
<p><br class="example-break">
337
<div class="refsect1">
338
<a name="lasso-login.details"></a><h2>Details</h2>
339
<div class="refsect2">
340
<a name="LassoLoginProtocolProfile"></a><h3>enum LassoLoginProtocolProfile</h3>
341
<pre class="programlisting">typedef enum {
342
LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART = 1,
343
LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST,
344
LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP,
345
LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT,
346
} LassoLoginProtocolProfile;
349
Identifies the four possible profiles for Single Sign-On and Federation. It defined how the
350
response to authentication request will transmitted to the service provider.
352
<div class="variablelist"><table border="0">
353
<col align="left" valign="top">
356
<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-ART:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART</code></span></p></td>
357
<td>response is transmitted through a redirect request with
358
an artifact, followed by an artifact resolution request by the service provider.
362
<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-POST:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST</code></span></p></td>
363
<td>response is transmitted through a POST.
367
<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-LECP:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP</code></span></p></td>
368
<td>response is transmitted in a PAOS response (see
369
<a class="link" href="lasso-LassoLecp.html#LassoLecp" title="struct LassoLecp"><span class="type">LassoLecp</span></a>).
373
<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-REDIRECT:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT</code></span></p></td>
374
<td>response is transmitted through a redirect.
381
<div class="refsect2">
382
<a name="LassoLogin"></a><h3>struct LassoLogin</h3>
383
<pre class="programlisting">struct LassoLogin {
386
LassoLoginProtocolProfile protocolProfile;
387
gchar *assertionArtifact;
391
Single sign-on profile for the current transaction; possibly an
392
assertionArtifact to be used by the service provider in its
393
"assertionConsumerServiceURL" and the assertion created or received for the
396
<div class="variablelist"><table border="0">
397
<col align="left" valign="top">
400
<td><p><span class="term"><a class="link" href="lasso-LassoProfile.html#LassoProfile" title="struct LassoProfile"><span class="type">LassoProfile</span></a> <em class="structfield"><code><a name="LassoLogin.parent"></a>parent</code></em>;</span></p></td>
404
<td><p><span class="term"><a class="link" href="lasso-login.html#LassoLoginProtocolProfile" title="enum LassoLoginProtocolProfile"><span class="type">LassoLoginProtocolProfile</span></a> <em class="structfield"><code><a name="LassoLogin.protocolProfile"></a>protocolProfile</code></em>;</span></p></td>
405
<td>the kind of binding used for this authentication request.</td>
408
<td><p><span class="term"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *<em class="structfield"><code><a name="LassoLogin.assertionArtifact"></a>assertionArtifact</code></em>;</span></p></td>
409
<td>a string representing the artifact received through an artifact resolution.
416
<div class="refsect2">
417
<a name="lasso-login-new"></a><h3>lasso_login_new ()</h3>
418
<pre class="programlisting"><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * lasso_login_new (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>);</pre>
420
Creates a new <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>.
422
<div class="variablelist"><table border="0">
423
<col align="left" valign="top">
426
<td><p><span class="term"><em class="parameter"><code>server</code></em> :</span></p></td>
427
<td>the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a>
431
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
432
<td>a newly created <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object; or NULL if an error
439
<div class="refsect2">
440
<a name="lasso-login-new-from-dump"></a><h3>lasso_login_new_from_dump ()</h3>
441
<pre class="programlisting"><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * lasso_login_new_from_dump (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>,
442
<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *dump</code></em>);</pre>
444
Restores the <em class="parameter"><code>dump</code></em> to a new <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>.
446
<div class="variablelist"><table border="0">
447
<col align="left" valign="top">
450
<td><p><span class="term"><em class="parameter"><code>server</code></em> :</span></p></td>
451
<td>the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a>
455
<td><p><span class="term"><em class="parameter"><code>dump</code></em> :</span></p></td>
456
<td>XML login dump</td>
459
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
460
<td>a newly created <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>; or NULL if an error occured.</td>
466
<div class="refsect2">
467
<a name="lasso-login-accept-sso"></a><h3>lasso_login_accept_sso ()</h3>
468
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_accept_sso (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
470
Gets the assertion of the response and adds it to the <a class="link" href="lasso-LassoSession.html#LassoSession" title="struct LassoSession"><span class="type">LassoSession</span></a> object.
471
Builds a federation with the 2 name identifiers of the assertion
472
and adds it into the identity.
473
If the session or the identity are NULL, they are created.
475
<div class="variablelist"><table border="0">
476
<col align="left" valign="top">
479
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
480
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
484
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
486
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
487
<li class="listitem"><p>
488
<a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
490
<li class="listitem"><p>
491
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-RESPONSE:CAPS" title="LASSO_PROFILE_ERROR_MISSING_RESPONSE"><span class="type">LASSO_PROFILE_ERROR_MISSING_RESPONSE</span></a> if no response is present in the login profile object;
492
usually because no call to lasso_login_process_authn_response_msg was done;
494
<li class="listitem"><p>
495
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-ASSERTION:CAPS" title="LASSO_PROFILE_ERROR_MISSING_ASSERTION"><span class="type">LASSO_PROFILE_ERROR_MISSING_ASSERTION</span></a> if the response does not contain an assertion,
497
<li class="listitem"><p>
498
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-NAME-IDENTIFIER-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span></a> if the assertion does not contain a NameID element,
500
<li class="listitem"><p>
501
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-NAME-IDENTIFIER:CAPS" title="LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER"><span class="type">LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER</span></a> same as
502
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-NAME-IDENTIFIER-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span></a>,
504
<li class="listitem"><p>
505
<a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-ASSERTION-REPLAY:CAPS" title="LASSO_LOGIN_ERROR_ASSERTION_REPLAY"><span class="type">LASSO_LOGIN_ERROR_ASSERTION_REPLAY</span></a> if the assertion has already been used.
514
<div class="refsect2">
515
<a name="lasso-login-build-artifact-msg"></a><h3>lasso_login_build_artifact_msg ()</h3>
516
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_artifact_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
517
<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);</pre>
519
Builds a SAML artifact. Depending of the HTTP method, the data for the sending of
520
the artifact are stored in <em class="parameter"><code>msg_url</code></em> (REDIRECT) or <em class="parameter"><code>msg_url</code></em>, <em class="parameter"><code>msg_body</code></em> and
521
<em class="parameter"><code>msg_relayState</code></em> (POST).
523
<div class="variablelist"><table border="0">
524
<col align="left" valign="top">
527
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
528
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
532
<td><p><span class="term"><em class="parameter"><code>http_method</code></em> :</span></p></td>
533
<td>the HTTP method to send the artifact (REDIRECT or POST)</td>
536
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
538
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
539
<li class="listitem"><p>
540
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
542
<li class="listitem"><p>
543
LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no remote provider ID was setup in the login
544
profile object, it's usually done by lasso_login_process_authn_request_msg,
546
<li class="listitem"><p>
547
LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT
548
or LASSO_HTTP_METHOD_POST (ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or
549
LASSO_HTTP_METHOD_ARTIFACT_POST (SAML 2.0 case) for SAML 2.0),
551
<li class="listitem"><p>
552
LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE if the current protocolProfile is not
554
<li class="listitem"><p>
555
LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART (only for ID-FF 1.2),
557
<li class="listitem"><p>
558
LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider is not known to our server object
559
which impeach us to find a service endpoint,
561
<li class="listitem"><p>
562
LASSO_PROFILE_ERROR_MISSING_RESPONSE if the response object is missing,
564
<li class="listitem"><p>
565
LASSO_PROFILE_ERROR_MISSING_STATUS_CODE if the response object is missing a status code,
574
<div class="refsect2">
575
<a name="lasso-login-build-assertion"></a><h3>lasso_login_build_assertion ()</h3>
576
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_assertion (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
577
<em class="parameter"><code>const <span class="type">char</span> *authenticationMethod</code></em>,
578
<em class="parameter"><code>const <span class="type">char</span> *authenticationInstant</code></em>,
579
<em class="parameter"><code>const <span class="type">char</span> *reauthenticateOnOrAfter</code></em>,
580
<em class="parameter"><code>const <span class="type">char</span> *notBefore</code></em>,
581
<em class="parameter"><code>const <span class="type">char</span> *notOnOrAfter</code></em>);</pre>
583
Builds an assertion and stores it in profile session.
584
<em class="parameter"><code>authenticationInstant</code></em>, reauthenticateOnOrAfter, <em class="parameter"><code>notBefore</code></em> and
585
<em class="parameter"><code>notOnOrAfter</code></em> may be NULL. If <em class="parameter"><code>authenticationInstant</code></em> is NULL, the current
586
time will be used. Time values must be encoded in UTC.
589
Construct the authentication assertion for the response. It must be called after validating the
590
request using <a class="link" href="lasso-login.html#lasso-login-validate-request-msg" title="lasso_login_validate_request_msg ()"><code class="function">lasso_login_validate_request_msg()</code></a>. The created assertion is accessed using
591
<a class="link" href="lasso-login.html#lasso-login-get-assertion" title="lasso_login_get_assertion ()"><code class="function">lasso_login_get_assertion()</code></a>.
593
<div class="variablelist"><table border="0">
594
<col align="left" valign="top">
597
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
598
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
602
<td><p><span class="term"><em class="parameter"><code>authenticationMethod</code></em> :</span></p></td>
603
<td>the authentication method</td>
606
<td><p><span class="term"><em class="parameter"><code>authenticationInstant</code></em> :</span></p></td>
607
<td>the time at which the authentication took place</td>
610
<td><p><span class="term"><em class="parameter"><code>notBefore</code></em> :</span></p></td>
611
<td>the earliest time instant at which the assertion is valid</td>
614
<td><p><span class="term"><em class="parameter"><code>notOnOrAfter</code></em> :</span></p></td>
615
<td>the time instant at which the assertion has expired</td>
618
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
620
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
621
<li class="listitem"><p>
622
<a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
624
<li class="listitem"><p>
625
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-IDENTITY-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND</span></a> if no identity object was found in the login profile object.
627
<li class="listitem"><p>
628
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-RESPONSE:CAPS" title="LASSO_PROFILE_ERROR_MISSING_RESPONSE"><span class="type">LASSO_PROFILE_ERROR_MISSING_RESPONSE</span></a> if no response object is present ( it is normally initialized
629
by <a class="link" href="lasso-login.html#lasso-login-process-authn-request-msg" title="lasso_login_process_authn_request_msg ()"><code class="function">lasso_login_process_authn_request_msg()</code></a> )
631
<li class="listitem"><p>
632
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-FEDERATION-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND</span></a> if a <a class="link" href="lasso-SAML-2.0-Strings.html#LASSO-SAML2-NAME-IDENTIFIER-FORMAT-PERSISTENT:CAPS" title="LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT"><span class="type">LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT</span></a> or <a class="link" href="lasso-SAML-2.0-Strings.html#LASSO-SAML2-NAME-IDENTIFIER-FORMAT-ENCRYPTED:CAPS" title="LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED"><span class="type">LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED</span></a> NameID format is asked and no corresponding federation was found in the <a class="link" href="lasso-LassoIdentity.html#LassoIdentity" title="struct LassoIdentity"><span class="type">LassoIdentity</span></a> object,
634
<li class="listitem"><p>
635
<a class="link" href="lasso-Error-Codes.html#LASSO-SERVER-ERROR-PROVIDER-NOT-FOUND:CAPS" title="LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND"><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span></a> if encryption is needed and the request issuing provider is unknown (it as not been registered in the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> object),
637
<li class="listitem"><p>
638
<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-ENCRYPTION-FAILED:CAPS" title="LASSO_DS_ERROR_ENCRYPTION_FAILED"><span class="type">LASSO_DS_ERROR_ENCRYPTION_FAILED</span></a> if encryption is needed but it failed,
647
<div class="refsect2">
648
<a name="lasso-login-build-authn-request-msg"></a><h3>lasso_login_build_authn_request_msg ()</h3>
649
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_authn_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
651
Converts profile authentication request (<em class="parameter"><code>request</code></em> member) into a Liberty message, either an URL
652
in HTTP-Redirect profile or an URL and a field value in Browser-POST (form) profile.
655
The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the eventual field value (LAREQ) is set into the
656
<em class="parameter"><code>msg_body</code></em> member.
658
<div class="variablelist"><table border="0">
659
<col align="left" valign="top">
662
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
663
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
667
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
669
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
670
<li class="listitem"><p>
671
<a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
673
<li class="listitem"><p>
674
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-REMOTE-PROVIDERID:CAPS" title="LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID"><span class="type">LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID</span></a> if not remote provider ID was setup&160;- it usually
675
means that <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> was not called before,
677
<li class="listitem"><p>
678
<a class="link" href="lasso-Error-Codes.html#LASSO-SERVER-ERROR-PROVIDER-NOT-FOUND:CAPS" title="LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND"><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span></a> if the remote provider ID is not registered in the server
681
<li class="listitem"><p>
682
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-UNSUPPORTED-PROFILE:CAPS" title="LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE"><span class="type">LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE</span></a> if the SSO profile is not supported by the targeted
685
<li class="listitem"><p>
686
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-BUILDING-QUERY-FAILED:CAPS" title="LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED"><span class="type">LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED</span></a> if the building of the query part of the redirect URL
687
or of the body of the POST content failed&160;- it only happens with the <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-REDIRECT:CAPS"><span class="type">LASSO_HTTP_METHOD_REDIRECT</span></a>,
688
<a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-POST:CAPS"><span class="type">LASSO_HTTP_METHOD_POST</span></a>, <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-ARTIFACT-GET:CAPS"><span class="type">LASSO_HTTP_METHOD_ARTIFACT_GET</span></a> and
689
<a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-ARTIFACT-POST:CAPS"><span class="type">LASSO_HTTP_METHOD_ARTIFACT_POST</span></a> bindings&160;-,
691
<li class="listitem"><p>
692
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-UNKNOWN-PROFILE-URL:CAPS" title="LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL"><span class="type">LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL</span></a> if the metadata of the remote provider does not contain
693
an url for the SSO profile,
695
<li class="listitem"><p>
696
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-REQUEST:CAPS" title="LASSO_PROFILE_ERROR_INVALID_REQUEST"><span class="type">LASSO_PROFILE_ERROR_INVALID_REQUEST</span></a> if the request object is not of the needed type, is usually
697
means that <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> was not called before,
699
<li class="listitem"><p>
700
<span class="type">LASSO_PROFILE_MISSING_REQUEST</span> if the request object is missing,
702
<li class="listitem"><p>
703
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-HTTP-METHOD:CAPS" title="LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD"><span class="type">LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD</span></a> if the current setted <em class="parameter"><code>http_method</code></em> on the <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
713
<div class="refsect2">
714
<a name="lasso-login-build-authn-response-msg"></a><h3>lasso_login_build_authn_response_msg ()</h3>
715
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_authn_response_msg
716
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
718
Converts profile authentication response (<em class="parameter"><code>response</code></em> member) into a Liberty
722
The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the field value (LARES) is set
723
into the <em class="parameter"><code>msg_body</code></em> member.
725
<div class="variablelist"><table border="0">
726
<col align="left" valign="top">
729
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
730
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
734
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
736
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
737
<li class="listitem"><p>
738
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
740
<li class="listitem"><p>
741
LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE if the current protocol profile is not
743
<li class="listitem"><p>
744
LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST or LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP,
746
<li class="listitem"><p>
747
LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider ID is not registered in the server
750
<li class="listitem"><p>
751
LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL if the metadata of the remote provider does not contain
752
an URL for the assertion consuming service,
754
<li class="listitem"><p>
755
LASSO_PROFILE_ERROR_MISSING_SERVER the server object is needed to sign a message and it is
758
<li class="listitem"><p>
759
LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED the private key for signing could not be found,
761
<li class="listitem"><p>
762
LASSO_PROFILE_ERROR_MISSING_RESPONSE if the response object is missing,
764
<li class="listitem"><p>
765
LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE if the SSO profile is not supported by the targeted
768
<li class="listitem"><p>
769
LASSO_PROFILE_BUILDING_QUERY_FAILED if using <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-REDIRECT:CAPS"><span class="type">LASSO_HTTP_METHOD_REDIRECT</span></a> building of the redirect
772
<li class="listitem"><p>
773
LASSO_PROFILE_BUILDING_MSG_FAILED if using <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-POST:CAPS"><span class="type">LASSO_HTTP_METHOD_POST</span></a>, <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-SOAP:CAPS"><span class="type">LASSO_HTTP_METHOD_SOAP</span></a> or
774
<a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-PAOS:CAPS"><span class="type">LASSO_HTTP_METHOD_PAOS</span></a> and building the <em class="parameter"><code>msg_body</code></em> failed.
783
<div class="refsect2">
784
<a name="lasso-login-build-request-msg"></a><h3>lasso_login_build_request_msg ()</h3>
785
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
787
Produce a SOAP Artifact Resolve message. It must follows a call to
788
<a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> on the artifact message.
789
Converts artifact request into a Liberty SOAP message.
792
The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the SOAP message is set into the
793
<em class="parameter"><code>msg_body</code></em> member. You should POST the <em class="parameter"><code>msg_body</code></em> to the <em class="parameter"><code>msg_url</code></em> afterward.
795
<div class="variablelist"><table border="0">
796
<col align="left" valign="top">
799
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
800
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
804
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
806
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
807
LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if not remote provider ID was setup -- it usually
808
means that lasso_login_init_request was not called before,
809
LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider ID is not registered in the server
816
<div class="refsect2">
817
<a name="lasso-login-build-response-msg"></a><h3>lasso_login_build_response_msg ()</h3>
818
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_response_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
819
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);</pre>
821
Converts profile assertion response (<em class="parameter"><code>response</code></em> member) into a Liberty SOAP
822
messageresponse message.
825
The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the SOAP message is set into the
826
<em class="parameter"><code>msg_body</code></em> member.
828
<div class="variablelist"><table border="0">
829
<col align="left" valign="top">
832
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
833
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
837
<td><p><span class="term"><em class="parameter"><code>remote_providerID</code></em> :</span></p></td>
838
<td>service provider ID</td>
841
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
842
<td>0 on success; or a negative value otherwise.
843
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
844
LASSO_PROFILE_ERROR_SESSION_NOT_FOUND if no session object was found in the login profile object
845
-- it should be created by <a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()"><code class="function">lasso_login_build_assertion()</code></a> if you did not set it manually before
846
calling <a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()"><code class="function">lasso_login_build_assertion()</code></a>.</td>
852
<div class="refsect2">
853
<a name="lasso-login-destroy"></a><h3>lasso_login_destroy ()</h3>
854
<pre class="programlisting"><span class="returnvalue">void</span> lasso_login_destroy (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
856
Destroys a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object.
859
<em class="parameter"><code>Deprecated</code></em>: Since <span class="type">2.2.1</span>, use <a href="http://library.gnome.org/devel/gobject/unstable/gobject-The-Base-Object-Type.html#g-object-unref"><code class="function">g_object_unref()</code></a> instead.
861
<div class="variablelist"><table border="0">
862
<col align="left" valign="top">
864
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
865
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
871
<div class="refsect2">
872
<a name="lasso-login-dump"></a><h3>lasso_login_dump ()</h3>
873
<pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="returnvalue">gchar</span></a> * lasso_login_dump (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
875
Dumps <em class="parameter"><code>login</code></em> content to an XML string.
877
<div class="variablelist"><table border="0">
878
<col align="left" valign="top">
881
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
882
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
886
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
887
<td>the dump string. It must be freed by the caller. <span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span>
894
<div class="refsect2">
895
<a name="lasso-login-get-assertion"></a><h3>lasso_login_get_assertion ()</h3>
896
<pre class="programlisting"><a class="link" href="lasso-node.html#LassoNode" title="struct LassoNode"><span class="returnvalue">LassoNode</span></a> * lasso_login_get_assertion (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
898
Return the last build assertion.
900
<div class="variablelist"><table border="0">
901
<col align="left" valign="top">
904
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
905
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object</td>
908
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
909
<td>a <a class="link" href="lasso-node.html#LassoNode" title="struct LassoNode"><span class="type">LassoNode</span></a> representing the build assertion (generally a <a class="link" href="lasso-LassoSamlAssertion.html#LassoSamlAssertion" title="struct LassoSamlAssertion"><span class="type">LassoSamlAssertion</span></a> when
910
using ID-FF 1.2 or a <a class="link" href="lasso-LassoSaml2Assertion.html#LassoSaml2Assertion" title="struct LassoSaml2Assertion"><span class="type">LassoSaml2Assertion</span></a> when using SAML 2.0)</td>
916
<div class="refsect2">
917
<a name="lasso-login-init-authn-request"></a><h3>lasso_login_init_authn_request ()</h3>
918
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_init_authn_request (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
919
<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>,
920
<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);</pre>
923
<p>Initializes a new AuthnRequest from current service provider to remote
924
identity provider specified in <em class="parameter"><code>remote_providerID</code></em> (if NULL the first known
925
identity provider is used).</p>
930
<p>For ID-FF 1.2 the default NameIDPolicy in an AuthnRequest is None, which imply that a
931
federation must already exist on the IdP side.</p>
936
<p>For SAML 2.0 the default NameIDPolicy is the first listed in the metadatas of the current
937
provider, or if none is specified, Transient, which ask the IdP to give a one-time
941
<div class="variablelist"><table border="0">
942
<col align="left" valign="top">
945
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
946
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
950
<td><p><span class="term"><em class="parameter"><code>remote_providerID:(allow-none)</code></em> :</span></p></td>
951
<td>the providerID of the identity provider (may be NULL)</td>
954
<td><p><span class="term"><em class="parameter"><code>http_method</code></em> :</span></p></td>
955
<td>HTTP method to use for request transmission. <span class="annotation">[<acronym title="Default parameter value (for in case the shadows-to function has less parameters)."><span class="acronym">default</span></acronym> LASSO_HTTP_METHOD_REDIRECT]</span>
959
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
960
<td>0 on success; or <div class="itemizedlist"><ul class="itemizedlist" type="disc">
961
<li class="listitem"><p>LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,</p></li>
962
<li class="listitem"><p>LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if <em class="parameter"><code>remote_providerID</code></em> is NULL and no default remote
963
provider could be found from the server object -- usually the first one in the order of adding to
964
the server object --,</p></li>
965
<li class="listitem"><p>LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the <em class="parameter"><code>remote_providerID</code></em> is not known to our server object.</p></li>
966
<li class="listitem"><p>LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT
967
or LASSO_HTTP_METHOD_POST,</p></li>
968
<li class="listitem"><p>LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED if creation of the request object failed.</p></li>
976
<div class="refsect2">
977
<a name="lasso-login-init-idp-initiated-authn-request"></a><h3>lasso_login_init_idp_initiated_authn_request ()</h3>
978
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_init_idp_initiated_authn_request
979
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
980
<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);</pre>
983
<p>Generates an authentication response without matching authentication
989
<p>The choice of NameIDFormat is the same as for <a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()"><code class="function">lasso_login_init_authn_request()</code></a> but with the
990
target <em class="parameter"><code>remote_providerID</code></em> as the current provider</p>
995
<p>If <em class="parameter"><code>remote_providerID</code></em> is NULL, the first known provider is used.</p>
998
<div class="variablelist"><table border="0">
999
<col align="left" valign="top">
1002
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1003
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>.</td>
1006
<td><p><span class="term"><em class="parameter"><code>remote_providerID</code></em> :</span></p></td>
1007
<td>the providerID of the remote service provider (may be
1011
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1012
<td>0 on success; or a negative value otherwise. Error codes are the same as
1013
<a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()"><code class="function">lasso_login_init_authn_request()</code></a>.</td>
1019
<div class="refsect2">
1020
<a name="lasso-login-init-request"></a><h3>lasso_login_init_request ()</h3>
1021
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_init_request (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
1022
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>,
1023
<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> response_http_method</code></em>);</pre>
1025
Initializes an artifact request. <em class="parameter"><code>response_msg</code></em> is either the query string
1026
(in redirect mode) or the form LAREQ field (in browser-post mode).
1027
It should only be used if you received an artifact message, <em class="parameter"><code>response_msg</code></em> must be content of the
1028
artifact field for the POST artifact binding of the query string for the REDIRECT artifact
1029
binding. You must set the <em class="parameter"><code>response_http_method</code></em> argument according to the way you received the
1032
<div class="variablelist"><table border="0">
1033
<col align="left" valign="top">
1036
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1037
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1041
<td><p><span class="term"><em class="parameter"><code>response_msg</code></em> :</span></p></td>
1042
<td>the authentication response received</td>
1045
<td><p><span class="term"><em class="parameter"><code>response_http_method</code></em> :</span></p></td>
1046
<td>the method used to receive the authentication
1050
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1051
<td>0 on success; or
1052
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
1053
<li class="listitem"><p>
1054
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
1056
<li class="listitem"><p>
1057
LASSO_PARAM_ERROR_INVALID_VALUE if <em class="parameter"><code>response_msg</code></em> is NULL,
1059
<li class="listitem"><p>
1060
LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT
1061
or LASSO_HTTP_METHOD_POST (in the ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or
1062
LASSO_HTTP_METHOD_ARTIFACT_POST (in the SAML 2.0 case),
1064
<li class="listitem"><p>
1065
LASSO_PROFILE_ERROR_MISSING_ARTIFACT if no artifact field was found in the query string (only
1066
possible for the LASSO_HTTP_METHOD_REDIRECT case),
1068
<li class="listitem"><p>
1069
LASSO_PROFILE_ERROR_INVALID_ARTIFACT if decoding of the artifact failed -- whether because
1070
the base64 encoding is invalid or because the type code is wrong --,
1072
<li class="listitem"><p>
1073
LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no provider ID could be found corresponding to
1074
the hash contained in the artifact.
1083
<div class="refsect2">
1084
<a name="lasso-login-must-ask-for-consent"></a><h3>lasso_login_must_ask_for_consent ()</h3>
1085
<pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> lasso_login_must_ask_for_consent (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
1087
Evaluates if consent must be asked to the Principal to federate him.
1089
<div class="variablelist"><table border="0">
1090
<col align="left" valign="top">
1093
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1094
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1098
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1100
<a href="http://library.gnome.org/devel/glib/unstable/glib-Standard-Macros.html#TRUE:CAPS"><code class="literal">TRUE</code></a> if consent must be asked</td>
1106
<div class="refsect2">
1107
<a name="lasso-login-must-authenticate"></a><h3>lasso_login_must_authenticate ()</h3>
1108
<pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> lasso_login_must_authenticate (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>
1110
Evaluates if user must be authenticated.
1112
<div class="variablelist"><table border="0">
1113
<col align="left" valign="top">
1116
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1117
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1121
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1123
<a href="http://library.gnome.org/devel/glib/unstable/glib-Standard-Macros.html#TRUE:CAPS"><code class="literal">TRUE</code></a> if user must be authenticated</td>
1129
<div class="refsect2">
1130
<a name="lasso-login-process-authn-request-msg"></a><h3>lasso_login_process_authn_request_msg ()</h3>
1131
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_authn_request_msg
1132
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
1133
<em class="parameter"><code>const <span class="type">char</span> *authn_request_msg</code></em>);</pre>
1135
Processes received authentication request, checks it is signed correctly,
1136
checks if requested protocol profile is supported, etc.
1138
<div class="variablelist"><table border="0">
1139
<col align="left" valign="top">
1142
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1143
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1147
<td><p><span class="term"><em class="parameter"><code>authn_request_msg</code></em> :</span></p></td>
1148
<td>the authentication request received</td>
1151
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1152
<td>0 on success; or
1153
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
1154
<li class="listitem"><p>
1155
<a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is no a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,
1157
<li class="listitem"><p>
1158
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-REQUEST:CAPS" title="LASSO_PROFILE_ERROR_MISSING_REQUEST"><span class="type">LASSO_PROFILE_ERROR_MISSING_REQUEST</span></a> if <em class="parameter"><code>authn_request_msg</code></em> is <a href="http://library.gnome.org/devel/glib/unstable/glib-Standard-Macros.html#NULL:CAPS"><span class="type">NULL</span></a> and no request as actually
1159
been processed or initialized &<span class="type">151</span>; see <a class="link" href="lasso-login.html#lasso-login-init-idp-initiated-authn-request" title="lasso_login_init_idp_initiated_authn_request ()"><code class="function">lasso_login_init_idp_initiated_authn_request()</code></a>,
1161
<li class="listitem"><p>
1162
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-MSG:CAPS" title="LASSO_PROFILE_ERROR_INVALID_MSG"><span class="type">LASSO_PROFILE_ERROR_INVALID_MSG</span></a> if the content of <em class="parameter"><code>authn_request_msg</code></em> cannot be parsed to as a
1163
valid lib:AuthnRequest messages for any support binding (mainly HTTP-Redirect, HTTP-Post and
1166
<li class="listitem"><p>
1167
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-ISSUER:CAPS" title="LASSO_PROFILE_ERROR_MISSING_ISSUER"><span class="type">LASSO_PROFILE_ERROR_MISSING_ISSUER</span></a> if the parsed samlp2:AuthnRequest does not have a proper Issuer element,
1169
<li class="listitem"><p>
1170
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-REQUEST:CAPS" title="LASSO_PROFILE_ERROR_INVALID_REQUEST"><span class="type">LASSO_PROFILE_ERROR_INVALID_REQUEST</span></a> if the parsed message does not validate as a valid
1171
samlp2:AuthnRequest (SAMLv2) i.e. if there is no Issuer, or mutually exclusive attributes are
1172
used (ProtocolBinding and AssertionConsumerServiceIndex),
1174
<li class="listitem"><p>
1175
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-PROTOCOLPROFILE:CAPS" title="LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE"><span class="type">LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE</span></a> if the protocolProfile (ID-FFv1.2) or the
1176
protocolBinding (SAMLv2) is unsupported by Lasso,
1178
<li class="listitem"><p>
1179
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-UNSUPPORTED-PROFILE:CAPS" title="LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE"><span class="type">LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE</span></a> if the protocolProfile (ID-FFv1.2) or the protocolBinding
1180
(SAMLv2) for the AssertionConsumer is unsupported by this provider implementation as indicated by
1183
<li class="listitem"><p>
1184
<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-UNKNOWN-PROVIDER:CAPS" title="LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER"><span class="type">LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER</span></a>, or
1185
<a class="link" href="lasso-Error-Codes.html#LASSO-SERVER-ERROR-PROVIDER-NOT-FOUND:CAPS" title="LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND"><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span></a> if the metadata for the issuer of the request are absent
1186
from the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> object of this profile,
1188
<li class="listitem"><p>
1189
<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-SIGNATURE-NOT-FOUND:CAPS" title="LASSO_DS_ERROR_SIGNATURE_NOT_FOUND"><span class="type">LASSO_DS_ERROR_SIGNATURE_NOT_FOUND</span></a> if no signature could be found and signature validation is
1190
forced &<span class="type">151</span>; by the service provider metadata with the AuthnRequestsSigned attribute
1191
(ID-FFv1.2&SAMLv2), the attribute WantAuthnRequestsSigned in the identity provider metadata file
1192
(SAMLv2) or as advised by the <a class="link" href="lasso-LassoProfile.html#lasso-profile-set-signature-verify-hint" title="lasso_profile_set_signature_verify_hint ()"><code class="function">lasso_profile_set_signature_verify_hint()</code></a> method),
1194
<li class="listitem"><p>
1195
<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-SIGNATURE-VERIFICATION-FAILED:CAPS" title="LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED"><span class="type">LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED</span></a> if the signature validation failed on a present
1198
<li class="listitem"><p>
1199
<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-INVALID-SIGNATURE:CAPS" title="LASSO_DS_ERROR_INVALID_SIGNATURE"><span class="type">LASSO_DS_ERROR_INVALID_SIGNATURE</span></a> if the signature was malformed and a signature was present,
1208
<div class="refsect2">
1209
<a name="lasso-login-process-authn-response-msg"></a><h3>lasso_login_process_authn_response_msg ()</h3>
1210
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_authn_response_msg
1211
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
1212
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *authn_response_msg</code></em>);</pre>
1214
Processes received authentication response.
1216
<div class="variablelist"><table border="0">
1217
<col align="left" valign="top">
1220
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1221
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1225
<td><p><span class="term"><em class="parameter"><code>authn_response_msg</code></em> :</span></p></td>
1226
<td>the authentication response received</td>
1229
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1230
<td>0 on success; or a negative value otherwise.</td>
1236
<div class="refsect2">
1237
<a name="lasso-login-process-paos-response-msg"></a><h3>lasso_login_process_paos_response_msg ()</h3>
1238
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_paos_response_msg
1239
(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
1240
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *msg</code></em>);</pre>
1243
<div class="refsect2">
1244
<a name="lasso-login-process-request-msg"></a><h3>lasso_login_process_request_msg ()</h3>
1245
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
1246
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *request_msg</code></em>);</pre>
1248
Processes received artifact request.
1250
<div class="variablelist"><table border="0">
1251
<col align="left" valign="top">
1254
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1255
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1259
<td><p><span class="term"><em class="parameter"><code>request_msg</code></em> :</span></p></td>
1260
<td>the artifact request received</td>
1263
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1264
<td>0 on success; or a negative value otherwise.</td>
1270
<div class="refsect2">
1271
<a name="lasso-login-process-response-msg"></a><h3>lasso_login_process_response_msg ()</h3>
1272
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_response_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
1273
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>);</pre>
1275
Processes received assertion response.
1277
<div class="variablelist"><table border="0">
1278
<col align="left" valign="top">
1281
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1282
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1286
<td><p><span class="term"><em class="parameter"><code>response_msg</code></em> :</span></p></td>
1287
<td>the assertion response received</td>
1290
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1291
<td>0 on success; or
1292
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
1293
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,</p></li>
1294
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-INVALID-VALUE:CAPS" title="LASSO_PARAM_ERROR_INVALID_VALUE"><span class="type">LASSO_PARAM_ERROR_INVALID_VALUE</span></a> if response_msg is NULL,</p></li>
1295
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-MSG:CAPS" title="LASSO_PROFILE_ERROR_INVALID_MSG"><span class="type">LASSO_PROFILE_ERROR_INVALID_MSG</span></a> if the message is not a <a class="link" href="lasso-LassoSamlpResponse.html#LassoSamlpResponse" title="struct LassoSamlpResponse"><span class="type">LassoSamlpResponse</span></a> (ID-FF 1.2) or a <span class="type">LassoSamlp2ResponseMsg</span> (SAML 2.0),</p></li>
1296
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-RESPONSE-DOES-NOT-MATCH-REQUEST:CAPS" title="LASSO_PROFILE_ERROR_RESPONSE_DOES_NOT_MATCH_REQUEST"><span class="type">LASSO_PROFILE_ERROR_RESPONSE_DOES_NOT_MATCH_REQUEST</span></a> if the response does not refer to the request or if the response refer to an unknown request and <code class="literal">strict-checking</code> is activated ,</p></li>
1297
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-REQUEST-DENIED:CAPS" title="LASSO_LOGIN_ERROR_REQUEST_DENIED"><span class="type">LASSO_LOGIN_ERROR_REQUEST_DENIED</span></a> the identity provided
1298
returned a failure status of "RequestDenied"</p></li>
1299
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-FEDERATION-NOT-FOUND:CAPS" title="LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND"><span class="type">LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND</span></a> if creation of a new
1300
federation was not allowed and none existed,</p></li>
1301
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-UNKNOWN-PRINCIPAL:CAPS" title="LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL"><span class="type">LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL</span></a> if authentication failed
1302
or/and if the user cancelled the authentication,</p></li>
1303
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-STATUS-NOT-SUCCESS:CAPS" title="LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS"><span class="type">LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS</span></a>, if the response status
1304
is a failure but we have no more precise error code to report it, you must
1305
look at the second level status in the response,</p></li>
1306
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-SERVER-ERROR-PROVIDER-NOT-FOUND:CAPS" title="LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND"><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span></a>, if the issuing
1307
provider of the assertion is unknown,</p></li>
1308
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-ISSUER:CAPS" title="LASSO_PROFILE_ERROR_INVALID_ISSUER"><span class="type">LASSO_PROFILE_ERROR_INVALID_ISSUER</span></a> the issuer of the
1309
assertion received, is not the expected one</p></li>
1310
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-NAME-IDENTIFIER-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span></a> no statement was fournd, or none statement contains a subject with a name identifier,</p></li>
1311
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-STATUS-CODE:CAPS" title="LASSO_PROFILE_ERROR_MISSING_STATUS_CODE"><span class="type">LASSO_PROFILE_ERROR_MISSING_STATUS_CODE</span></a> if the reponse is
1312
missing a <code class="literal">StatusCode</code> element,</p></li>
1313
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-ASSERTION:CAPS" title="LASSO_PROFILE_ERROR_MISSING_ASSERTION"><span class="type">LASSO_PROFILE_ERROR_MISSING_ASSERTION</span></a> if the message does
1314
not contain any assertion.</p></li>
1322
<div class="refsect2">
1323
<a name="lasso-login-validate-request-msg"></a><h3>lasso_login_validate_request_msg ()</h3>
1324
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_validate_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,
1325
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> authentication_result</code></em>,
1326
<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> is_consent_obtained</code></em>);</pre>
1328
Initializes a response to the authentication request received.
1330
<div class="variablelist"><table border="0">
1331
<col align="left" valign="top">
1334
<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>
1335
<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>
1339
<td><p><span class="term"><em class="parameter"><code>authentication_result</code></em> :</span></p></td>
1340
<td>whether user has authenticated succesfully</td>
1343
<td><p><span class="term"><em class="parameter"><code>is_consent_obtained</code></em> :</span></p></td>
1344
<td>whether user consent has been obtained</td>
1347
<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>
1348
<td>0 on success; or <div class="itemizedlist"><ul class="itemizedlist" type="disc">
1349
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,</p></li>
1350
<li class="listitem">
1351
<p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-REQUEST-DENIED:CAPS" title="LASSO_LOGIN_ERROR_REQUEST_DENIED"><span class="type">LASSO_LOGIN_ERROR_REQUEST_DENIED</span></a></p> if <em class="parameter"><code>authentication_result</code></em> if FALSE,</li>
1352
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-INVALID-SIGNATURE:CAPS" title="LASSO_LOGIN_ERROR_INVALID_SIGNATURE"><span class="type">LASSO_LOGIN_ERROR_INVALID_SIGNATURE</span></a> if signature validation of the request
1354
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-UNSIGNED-AUTHN-REQUEST:CAPS" title="LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST"><span class="type">LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST</span></a> if no signature was present on the
1356
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-FEDERATION-NOT-FOUND:CAPS" title="LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND"><span class="type">LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND</span></a> if federation policy is
1357
<a class="link" href="lasso-Strings-for-ID-FF-1.2.html#LASSO-LIB-NAMEID-POLICY-TYPE-NONE:CAPS" title="LASSO_LIB_NAMEID_POLICY_TYPE_NONE"><span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_NONE</span></a> and no federation was found in the <a class="link" href="lasso-LassoIdentity.html#LassoIdentity" title="struct LassoIdentity"><span class="type">LassoIdentity</span></a> object
1358
(ID-FF 1.2 case)</p></li>
1359
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-INVALID-NAMEIDPOLICY:CAPS" title="LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY"><span class="type">LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY</span></a> if request policy is not one of
1360
<a class="link" href="lasso-Strings-for-ID-FF-1.2.html#LASSO-LIB-NAMEID-POLICY-TYPE-FEDERATED:CAPS" title="LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED"><span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED</span></a> or <a class="link" href="lasso-Strings-for-ID-FF-1.2.html#LASSO-LIB-NAMEID-POLICY-TYPE-ANY:CAPS" title="LASSO_LIB_NAMEID_POLICY_TYPE_ANY"><span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_ANY</span></a> (ID-FF 1.2 case) or if no NameID policy was defined or the AllowCreate request flag is FALSE (SAML 2.0 case),</p></li>
1361
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-CONSENT-NOT-OBTAINED:CAPS" title="LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED"><span class="type">LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED</span></a> if <em class="parameter"><code>is_consent_obtained</code></em> is FALSE and
1362
conssent was necessary (for example if the request does not communicate that consent was already
1363
obtained from the user),</p></li>
1364
<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-SERVER-ERROR-PROVIDER-NOT-FOUND:CAPS" title="LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND"><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span></a> if the requesting provider is unknown,</p></li>
1373
<div class="footer">
1375
Generated by GTK-Doc V1.17</div>
b'\\ No newline at end of file'