~ubuntu-branches/ubuntu/quantal/lasso/quantal

<pre class="synopsis">enum <a class="link" href="lasso-login.html#LassoLoginProtocolProfile" title="enum LassoLoginProtocolProfile">LassoLoginProtocolProfile</a>;

struct <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin">LassoLogin</a>;

<a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * <a class="link" href="lasso-login.html#lasso-login-new" title="lasso_login_new ()">lasso_login_new</a> (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>);

<a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * <a class="link" href="lasso-login.html#lasso-login-new-from-dump" title="lasso_login_new_from_dump ()">lasso_login_new_from_dump</a> (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>,

<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *dump</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-accept-sso" title="lasso_login_accept_sso ()">lasso_login_accept_sso</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-artifact-msg" title="lasso_login_build_artifact_msg ()">lasso_login_build_artifact_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()">lasso_login_build_assertion</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code>const <span class="type">char</span> *authenticationMethod</code></em>,

<em class="parameter"><code>const <span class="type">char</span> *authenticationInstant</code></em>,

<em class="parameter"><code>const <span class="type">char</span> *reauthenticateOnOrAfter</code></em>,

<em class="parameter"><code>const <span class="type">char</span> *notBefore</code></em>,

<em class="parameter"><code>const <span class="type">char</span> *notOnOrAfter</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-authn-request-msg" title="lasso_login_build_authn_request_msg ()">lasso_login_build_authn_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-authn-response-msg" title="lasso_login_build_authn_response_msg ()">lasso_login_build_authn_response_msg</a>

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-request-msg" title="lasso_login_build_request_msg ()">lasso_login_build_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-build-response-msg" title="lasso_login_build_response_msg ()">lasso_login_build_response_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);

<span class="returnvalue">void</span> <a class="link" href="lasso-login.html#lasso-login-destroy" title="lasso_login_destroy ()">lasso_login_destroy</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="returnvalue">gchar</span></a> * <a class="link" href="lasso-login.html#lasso-login-dump" title="lasso_login_dump ()">lasso_login_dump</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<a class="link" href="lasso-node.html#LassoNode" title="struct LassoNode"><span class="returnvalue">LassoNode</span></a> * <a class="link" href="lasso-login.html#lasso-login-get-assertion" title="lasso_login_get_assertion ()">lasso_login_get_assertion</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()">lasso_login_init_authn_request</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>,

<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-init-idp-initiated-authn-request" title="lasso_login_init_idp_initiated_authn_request ()">lasso_login_init_idp_initiated_authn_request</a>

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()">lasso_login_init_request</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>,

<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> response_http_method</code></em>);

<a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> <a class="link" href="lasso-login.html#lasso-login-must-ask-for-consent" title="lasso_login_must_ask_for_consent ()">lasso_login_must_ask_for_consent</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> <a class="link" href="lasso-login.html#lasso-login-must-authenticate" title="lasso_login_must_authenticate ()">lasso_login_must_authenticate</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-authn-request-msg" title="lasso_login_process_authn_request_msg ()">lasso_login_process_authn_request_msg</a>

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code>const <span class="type">char</span> *authn_request_msg</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-authn-response-msg" title="lasso_login_process_authn_response_msg ()">lasso_login_process_authn_response_msg</a>

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *authn_response_msg</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-paos-response-msg" title="lasso_login_process_paos_response_msg ()">lasso_login_process_paos_response_msg</a>

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *msg</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-request-msg" title="lasso_login_process_request_msg ()">lasso_login_process_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *request_msg</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-process-response-msg" title="lasso_login_process_response_msg ()">lasso_login_process_response_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>);

<span class="returnvalue">lasso_error_t</span> <a class="link" href="lasso-login.html#lasso-login-validate-request-msg" title="lasso_login_validate_request_msg ()">lasso_login_validate_request_msg</a> (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> authentication_result</code></em>,

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> is_consent_obtained</code></em>);

</pre>

</div>

<a name="lasso-login.description"></a><h2>Description</h2>

<p>

The Single Sign On process allows a user to log in once to an identity

provider (IdP), and to be then transparently loged in to the required

service providers (SP) belonging to the IP "circle of trust". Subordinating

different identities of the same user within a circle of trust to a unique

IP is called "Identity Federation". The liberty Alliance specifications

100

allows, thanks to this federation, strong and unique authentication coupled

101

with control by the user of his personal informations. The explicit user

102

agreement is necessary before proceeding to Identity Federation.

103

</p>

104

<p>

105

</p>

106

<p>

107

The service provider must implement the following process:

108

</p>

109

110

<li class="listitem"><p>creating an authentication request with

111

<a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()"><code class="function">lasso_login_init_authn_request()</code></a>;</p></li>

112

<li class="listitem"><p>sending it to the identity provider with

113

<a class="link" href="lasso-login.html#lasso-login-build-authn-request-msg" title="lasso_login_build_authn_request_msg ()"><code class="function">lasso_login_build_authn_request_msg()</code></a>;</p></li>

114

115

<p>receiving and processing the answer:

116

</p>

117

118

<li class="listitem">either an authentication response with

119

<a class="link" href="lasso-login.html#lasso-login-process-authn-response-msg" title="lasso_login_process_authn_response_msg ()"><code class="function">lasso_login_process_authn_response_msg()</code></a>

120

</li>

121

<li class="listitem">or an artifact with <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> then sending the

122

request to the IdP with <a class="link" href="lasso-login.html#lasso-login-build-request-msg" title="lasso_login_build_request_msg ()"><code class="function">lasso_login_build_request_msg()</code></a> and processing the

123

new answer with <a class="link" href="lasso-login.html#lasso-login-process-response-msg" title="lasso_login_process_response_msg ()"><code class="function">lasso_login_process_response_msg()</code></a>.</li>

124

</ul></div>

125

<p>

126

</p>

127

</li>

128

</ul></div>

129

<p>

130

</p>

131

<p>

132

</p>

133

<p>

134

</p>

135

<p>Our first example shows how to initiate a request toward an ID-FF 1.2 or SAML 2.0 identity

136

provider. It supposes that we already initialized a <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> object with the metadatas or our

137

provider (and its private key if we want to sign the request), and that we added the metadatas of

138

the targetted IdP with the method <a class="link" href="lasso-LassoServer.html#lasso-server-add-provider" title="lasso_server_add_provider ()"><code class="function">lasso_server_add_provider()</code></a>. </p>

139

<p>

140

</p>

141

<p>

142

</p>

143

144

<a name="id3165200"></a><p class="title"><b>Example 1. Service Provider Login URL</b></p>

145

146

LassoLogin *login;

147

int rc; // hold return codes

148

149

150

rc = lasso_login_init_authn_request(login, "http://identity-provider-id/",

151

LASSO_HTTP_METHOD_REDIRECT);

152

if (rc != 0) {

153

... // handle errors, most of them are related to bad initialization

154

}

155

156

// customize AuthnRequest

157

// protocolProfile is the protocolProfile of the provider http://identity-provider-id/

158

if (protocolProfile == LASSO_LIBERTY_1_2) {

159

LassoLibAuthnRequest *request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request);

160

request->NameIDPolicy = strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);

161

request->ForceAuthn = TRUE;

162

request->IsPassive = FALSE;

163

// tell the IdP how to return the response

164

request->ProtocolProfile = strdup(LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART);

165

} else if (protocolProfile == LASSO_SAML_2_0) {

166

LassoSamlp2AuthnRequest *request = LASSO_SAMLP2_AUTHN_REQUEST(LASSO_PROFILE(login)->request);

167

if (request->NameIDPolicy->Format) {

168

g_free(request->NameIDPolicy->Format);

169

}

170

request->NameIDPolicy->Format = g_strdup(LASSO_NAME_IDENTIFIER_FORMAT_PERSISTENT);

171

// Allow creation of new federation

172

173

request->NameIDPolicy->AllowCreate = 1;

174

request->ForceAuthn = TRUE;

175

request->IsPassive = FALSE;

176

// tell the IdP how to return the response

177

if (request->ProtocolBinding) {

178

g_free(request->ProtocolBinding);

179

}

180

// here we expect an artifact response, it could be post, redirect or PAOS.

181

request->ProtocolBinding = g_strdup(LASSO_SAML2_METADATA_BINDING_ARTIFACT);

182

}

183

// Lasso will choose whether to sign the request by looking at the IdP

184

// metadatas and at our metadatas, but you can always force him to sign or to

185

// not sign using the method lasso_profile_set_signature_hint() on the

186

// LassoLogin object.

187

188

rc = lasso_login_build_authn_request_msg(login);

189

if (rc != 0) {

190

.... // handle errors

191

// could be that the requested binding (POST, Redirect, etc..) is not supported (LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE)

192

// or that we could not sign the request (LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED).

193

}

194

195

// redirect user to identity provider

196

// we chose the Redirect binding, so we have to generate a redirect HTTP response to the URL returned by Lasso

197

printf("Location: %s\n\nRedirected to IdP\n", LASSO_PROFILE(login)->msg_url);

198

</pre></div>

199

</div>

200

201

</p>

202

<p>

203

</p>

204

<p>Next example shows how to receive the response from the identity

205

provider for ID-FF 1.2.</p>

206

<p>

207

</p>

208

<p>

209

</p>

210

211

<a name="id3165268"></a><p class="title"><b>Example 2. Service Provider Assertion Consumer Service URL for ID-FF 1.2</b></p>

212

213

LassoLogin *login;

214

char *request_method = getenv("REQUEST_METHOD");

215

char *artifact_msg = NULL, *lares = NULL, *lareq = NULL;

216

char *name_identifier;

217

lassoHttpMethod method;

218

int rc = 0;

219

220

221

if (strcmp(request_method, "GET") == 0) {

222

artifact_msg = getenv("QUERY_STRING");

223

method = LASSO_HTTP_METHOD_REDIRECT;

224

} else {

225

// read submitted form; if it has a LAREQ field, put it in lareq,

226

// if it has a LARES field, put it in lares

227

if (lareq) {

228

artifact_msg = lareq;

229

} else if (lares) {

230

response_msg = lares;

231

} else {

232

// bail out

233

}

234

method = LASSO_HTTP_METHOD_POST;

235

}

236

237

if (artifact_msg) {

238

// we received an artifact response,

239

// it means we did not really receive the response,

240

// only a token to redeem the real response from the identity

241

// provider through a SOAP resolution call

242

rc = lasso_login_init_request(login, artifact_msg, method);

243

if (rc != 0) {

244

... // handle errors

245

// there is usually no error at this step, only

246

// if the IdP response is malformed

247

}

248

rc = lasso_login_build_request_msg(login);

249

if (rc != 0) {

250

... // handle errors

251

// as for AuthnRequest generation, it generally is caused

252

// by a bad initialization like an impossibility to load

253

// the private key.

254

}

255

// makes a SOAP call, soap_call is NOT a Lasso function

256

soap_answer_msg = soap_call(LASSO_PROFILE(login)->msg_url,

257

LASSO_PROFILE(login)->msg_body);

258

rc = lasso_login_process_response_msg(login, soap_answer_msg);

259

if (rc != 0) {

260

... // handle errors

261

// here you can know if the IdP refused the request,

262

}

263

} else if (response_msg) {

264

lasso_login_process_authn_response_msg(login, response_msg);

265

}

266

267

// looks up name_identifier in local file, database, whatever and gets back

268

// two things: identity_dump and session_dump

269

name_identifier = LASSO_PROFILE(login)->nameIdentifier

270

lasso_profile_set_identity_from_dump(LASSO_PROFILE(login), identity_dump);

271

lasso_profile_set_session_from_dump(LASSO_PROFILE(login), session_dump);

272

273

lasso_login_accept_sso(login);

274

275

if (lasso_profile_is_identity_dirty(LASSO_PROFILE(login))) {

276

LassoIdentity *identity;

277

char *identity_dump;

278

identity = lasso_profile_get_identity(LASSO_PROFILE(login));

279

identity_dump = lasso_identity_dump(identity);

280

// record identity_dump in file, database...

281

}

282

283

if (lasso_profile_is_session_dirty(LASSO_PROFILE(login))) {

284

LassoSession *session;

285

char *session_dump;

286

session = lasso_profile_get_session(LASSO_PROFILE(login));

287

session_dump = lasso_session_dump(session);

288

// record session_dump in file, database...

289

}

290

291

// redirect user anywhere

292

printf("Location: %s\n\nRedirected to site root\n", login->msg_url);

293

</pre></div>

294

</div>

295

296

</p>

297

<p>

298

</p>

299

<p>The implement an IdP you must create a single sign-on service endpoint, the needed APIs for

300

this are <a class="link" href="lasso-login.html#lasso-login-process-authn-request-msg" title="lasso_login_process_authn_request_msg ()"><code class="function">lasso_login_process_authn_request_msg()</code></a>, <a class="link" href="lasso-login.html#lasso-login-validate-request-msg" title="lasso_login_validate_request_msg ()"><code class="function">lasso_login_validate_request_msg()</code></a>,

301

<a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()"><code class="function">lasso_login_build_assertion()</code></a>, <a class="link" href="lasso-login.html#lasso-login-build-authn-response-msg" title="lasso_login_build_authn_response_msg ()"><code class="function">lasso_login_build_authn_response_msg()</code></a> and

302

<a class="link" href="lasso-login.html#lasso-login-build-artifact-msg" title="lasso_login_build_artifact_msg ()"><code class="function">lasso_login_build_artifact_msg()</code></a>. You will have to chose between

303

<a class="link" href="lasso-login.html#lasso-login-build-authn-response-msg" title="lasso_login_build_authn_response_msg ()"><code class="function">lasso_login_build_authn_response_msg()</code></a> and <a class="link" href="lasso-login.html#lasso-login-build-artifact-msg" title="lasso_login_build_artifact_msg ()"><code class="function">lasso_login_build_artifact_msg()</code></a> depending on the

304

requested protocol for the response by the service provider</p>

305

<p>

306

</p>

307

<p>

308

</p>

309

310

<a name="id3156102"></a><p class="title"><b>Example 3. Identity provider single sign-on service</b></p>

311

312

LassoLogin *login;

313

char *request_method = getenv("REQUEST_METHOD");

314

char *artifact_msg = NULL, *lares = NULL, *lareq = NULL;

315

char *name_identifier;

316

lassoHttpMethod method;

317

int rc = 0;

318

319

320

if (strcmp(request_method, 'GET')) { // AuthnRequest send with the HTTP-Redirect binding

321

322

lasso_profile_set_signature_verify_hint(LASSO_PROFILE(login),

323

LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);

324

rc = lasso_process_authn_request_msg(login, getenv("QUERY_STRING"));

325

if (rc != 0) {

326

// handle errors

327

}

328

329

330

} else {

331

332

</pre></div>

333

</div>

334

335

</p>

336

</div>

337

338

<a name="lasso-login.details"></a><h2>Details</h2>

339

340

<a name="LassoLoginProtocolProfile"></a><h3>enum LassoLoginProtocolProfile</h3>

341

<pre class="programlisting">typedef enum {

342

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART = 1,

343

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST,

344

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP,

345

LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT,

346

} LassoLoginProtocolProfile;

347

</pre>

348

<p>

349

Identifies the four possible profiles for Single Sign-On and Federation. It defined how the

350

response to authentication request will transmitted to the service provider.

351

</p>

352

353

354

<tbody>

355

<tr>

356

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-ART:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART</code></span></p></td>

357

<td>response is transmitted through a redirect request with

358

an artifact, followed by an artifact resolution request by the service provider.

359

</td>

360

</tr>

361

<tr>

362

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-POST:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST</code></span></p></td>

363

<td>response is transmitted through a POST.

364

</td>

365

</tr>

366

<tr>

367

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-LECP:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP</code></span></p></td>

368

<td>response is transmitted in a PAOS response (see

369

<a class="link" href="lasso-LassoLecp.html#LassoLecp" title="struct LassoLecp"><span class="type">LassoLecp</span></a>).

370

</td>

371

</tr>

372

<tr>

373

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-REDIRECT:CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT</code></span></p></td>

374

<td>response is transmitted through a redirect.

375

</td>

376

</tr>

377

</tbody>

378

</table></div>

379

</div>

380

<hr>

381

382

<a name="LassoLogin"></a><h3>struct LassoLogin</h3>

383

<pre class="programlisting">struct LassoLogin {

384

LassoProfile parent;

385

386

LassoLoginProtocolProfile protocolProfile;

387

gchar *assertionArtifact;

388

};

389

</pre>

390

<p>

391

Single sign-on profile for the current transaction; possibly an

392

assertionArtifact to be used by the service provider in its

393

"assertionConsumerServiceURL" and the assertion created or received for the

394

principal.

395

</p>

396

397

398

<tbody>

399

<tr>

400

<td><p><span class="term"><a class="link" href="lasso-LassoProfile.html#LassoProfile" title="struct LassoProfile"><span class="type">LassoProfile</span></a> <em class="structfield"><code><a name="LassoLogin.parent"></a>parent</code></em>;</span></p></td>

401

402

</tr>

403

<tr>

404

<td><p><span class="term"><a class="link" href="lasso-login.html#LassoLoginProtocolProfile" title="enum LassoLoginProtocolProfile"><span class="type">LassoLoginProtocolProfile</span></a> <em class="structfield"><code><a name="LassoLogin.protocolProfile"></a>protocolProfile</code></em>;</span></p></td>

405

<td>the kind of binding used for this authentication request.</td>

406

</tr>

407

<tr>

408

<td><p><span class="term"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *<em class="structfield"><code><a name="LassoLogin.assertionArtifact"></a>assertionArtifact</code></em>;</span></p></td>

409

<td>a string representing the artifact received through an artifact resolution.

410

request</td>

411

</tr>

412

</tbody>

413

</table></div>

414

</div>

415

<hr>

416

417

<a name="lasso-login-new"></a><h3>lasso_login_new ()</h3>

418

<pre class="programlisting"><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * lasso_login_new (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>);</pre>

419

<p>

420

Creates a new <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>.

421

</p>

422

423

424

<tbody>

425

<tr>

426

<td><p><span class="term"><em class="parameter"><code>server</code></em> :</span></p></td>

427

<td>the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a>

428

</td>

429

</tr>

430

<tr>

431

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

432

<td>a newly created <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object; or NULL if an error

433

occured</td>

434

</tr>

435

</tbody>

436

</table></div>

437

</div>

438

<hr>

439

440

<a name="lasso-login-new-from-dump"></a><h3>lasso_login_new_from_dump ()</h3>

441

<pre class="programlisting"><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="returnvalue">LassoLogin</span></a> * lasso_login_new_from_dump (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>,

442

<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *dump</code></em>);</pre>

443

<p>

444

Restores the <em class="parameter"><code>dump</code></em> to a new <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>.

445

</p>

446

447

448

<tbody>

449

<tr>

450

<td><p><span class="term"><em class="parameter"><code>server</code></em> :</span></p></td>

451

<td>the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a>

452

</td>

453

</tr>

454

<tr>

455

456

<td>XML login dump</td>

457

</tr>

458

<tr>

459

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

460

<td>a newly created <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>; or NULL if an error occured.</td>

461

</tr>

462

</tbody>

463

</table></div>

464

</div>

465

<hr>

466

467

<a name="lasso-login-accept-sso"></a><h3>lasso_login_accept_sso ()</h3>

468

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_accept_sso (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

469

<p>

470

Gets the assertion of the response and adds it to the <a class="link" href="lasso-LassoSession.html#LassoSession" title="struct LassoSession"><span class="type">LassoSession</span></a> object.

471

Builds a federation with the 2 name identifiers of the assertion

472

and adds it into the identity.

473

If the session or the identity are NULL, they are created.

474

</p>

475

476

477

<tbody>

478

<tr>

479

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

480

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

481

</td>

482

</tr>

483

<tr>

484

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

485

<td>0 on success; or

486

487

488

<a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,

489

</p></li>

490

491

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-RESPONSE:CAPS" title="LASSO_PROFILE_ERROR_MISSING_RESPONSE"><span class="type">LASSO_PROFILE_ERROR_MISSING_RESPONSE</span></a> if no response is present in the login profile object;

492

usually because no call to lasso_login_process_authn_response_msg was done;

493

</p></li>

494

495

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-ASSERTION:CAPS" title="LASSO_PROFILE_ERROR_MISSING_ASSERTION"><span class="type">LASSO_PROFILE_ERROR_MISSING_ASSERTION</span></a> if the response does not contain an assertion,

496

</p></li>

497

498

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-NAME-IDENTIFIER-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span></a> if the assertion does not contain a NameID element,

499

</p></li>

500

501

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-NAME-IDENTIFIER:CAPS" title="LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER"><span class="type">LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER</span></a> same as

502

503

</p></li>

504

505

<a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-ASSERTION-REPLAY:CAPS" title="LASSO_LOGIN_ERROR_ASSERTION_REPLAY"><span class="type">LASSO_LOGIN_ERROR_ASSERTION_REPLAY</span></a> if the assertion has already been used.

506

</p></li>

507

</ul></div>

508

</td>

509

</tr>

510

</tbody>

511

</table></div>

512

</div>

513

<hr>

514

515

<a name="lasso-login-build-artifact-msg"></a><h3>lasso_login_build_artifact_msg ()</h3>

516

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_artifact_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

517

<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);</pre>

518

<p>

519

Builds a SAML artifact. Depending of the HTTP method, the data for the sending of

520

the artifact are stored in <em class="parameter"><code>msg_url</code></em> (REDIRECT) or <em class="parameter"><code>msg_url</code></em>, <em class="parameter"><code>msg_body</code></em> and

521

<em class="parameter"><code>msg_relayState</code></em> (POST).

522

</p>

523

524

525

<tbody>

526

<tr>

527

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

528

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

529

</td>

530

</tr>

531

<tr>

532

<td><p><span class="term"><em class="parameter"><code>http_method</code></em> :</span></p></td>

533

<td>the HTTP method to send the artifact (REDIRECT or POST)</td>

534

</tr>

535

<tr>

536

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

537

<td>0 on success; or

538

539

540

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,

541

</p></li>

542

543

LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no remote provider ID was setup in the login

544

profile object, it's usually done by lasso_login_process_authn_request_msg,

545

</p></li>

546

547

LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT

548

or LASSO_HTTP_METHOD_POST (ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or

549

LASSO_HTTP_METHOD_ARTIFACT_POST (SAML 2.0 case) for SAML 2.0),

550

</p></li>

551

552

LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE if the current protocolProfile is not

553

</p></li>

554

555

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART (only for ID-FF 1.2),

556

</p></li>

557

558

LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider is not known to our server object

559

which impeach us to find a service endpoint,

560

</p></li>

561

562

LASSO_PROFILE_ERROR_MISSING_RESPONSE if the response object is missing,

563

</p></li>

564

565

LASSO_PROFILE_ERROR_MISSING_STATUS_CODE if the response object is missing a status code,

566

</p></li>

567

</ul></div>

568

</td>

569

</tr>

570

</tbody>

571

</table></div>

572

</div>

573

<hr>

574

575

<a name="lasso-login-build-assertion"></a><h3>lasso_login_build_assertion ()</h3>

576

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_assertion (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

577

<em class="parameter"><code>const <span class="type">char</span> *authenticationMethod</code></em>,

578

<em class="parameter"><code>const <span class="type">char</span> *authenticationInstant</code></em>,

579

<em class="parameter"><code>const <span class="type">char</span> *reauthenticateOnOrAfter</code></em>,

580

<em class="parameter"><code>const <span class="type">char</span> *notBefore</code></em>,

581

<em class="parameter"><code>const <span class="type">char</span> *notOnOrAfter</code></em>);</pre>

582

<p>

583

Builds an assertion and stores it in profile session.

584

<em class="parameter"><code>authenticationInstant</code></em>, reauthenticateOnOrAfter, <em class="parameter"><code>notBefore</code></em> and

585

<em class="parameter"><code>notOnOrAfter</code></em> may be NULL. If <em class="parameter"><code>authenticationInstant</code></em> is NULL, the current

586

time will be used. Time values must be encoded in UTC.

587

</p>

588

<p>

589

Construct the authentication assertion for the response. It must be called after validating the

590

request using <a class="link" href="lasso-login.html#lasso-login-validate-request-msg" title="lasso_login_validate_request_msg ()"><code class="function">lasso_login_validate_request_msg()</code></a>. The created assertion is accessed using

591

<a class="link" href="lasso-login.html#lasso-login-get-assertion" title="lasso_login_get_assertion ()"><code class="function">lasso_login_get_assertion()</code></a>.

592

</p>

593

594

595

<tbody>

596

<tr>

597

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

598

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

599

</td>

600

</tr>

601

<tr>

602

<td><p><span class="term"><em class="parameter"><code>authenticationMethod</code></em> :</span></p></td>

603

<td>the authentication method</td>

604

</tr>

605

<tr>

606

<td><p><span class="term"><em class="parameter"><code>authenticationInstant</code></em> :</span></p></td>

607

<td>the time at which the authentication took place</td>

608

</tr>

609

<tr>

610

<td><p><span class="term"><em class="parameter"><code>notBefore</code></em> :</span></p></td>

611

<td>the earliest time instant at which the assertion is valid</td>

612

</tr>

613

<tr>

614

<td><p><span class="term"><em class="parameter"><code>notOnOrAfter</code></em> :</span></p></td>

615

<td>the time instant at which the assertion has expired</td>

616

</tr>

617

<tr>

618

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

619

<td>0 on success; or

620

621

622

623

</p></li>

624

625

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-IDENTITY-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND</span></a> if no identity object was found in the login profile object.

626

</p></li>

627

628

629

by <a class="link" href="lasso-login.html#lasso-login-process-authn-request-msg" title="lasso_login_process_authn_request_msg ()"><code class="function">lasso_login_process_authn_request_msg()</code></a> )

630

</p></li>

631

632

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-FEDERATION-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND</span></a> if a <a class="link" href="lasso-SAML-2.0-Strings.html#LASSO-SAML2-NAME-IDENTIFIER-FORMAT-PERSISTENT:CAPS" title="LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT"><span class="type">LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT</span></a> or <a class="link" href="lasso-SAML-2.0-Strings.html#LASSO-SAML2-NAME-IDENTIFIER-FORMAT-ENCRYPTED:CAPS" title="LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED"><span class="type">LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED</span></a> NameID format is asked and no corresponding federation was found in the <a class="link" href="lasso-LassoIdentity.html#LassoIdentity" title="struct LassoIdentity"><span class="type">LassoIdentity</span></a> object,

633

</p></li>

634

635

<a class="link" href="lasso-Error-Codes.html#LASSO-SERVER-ERROR-PROVIDER-NOT-FOUND:CAPS" title="LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND"><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span></a> if encryption is needed and the request issuing provider is unknown (it as not been registered in the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> object),

636

</p></li>

637

638

<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-ENCRYPTION-FAILED:CAPS" title="LASSO_DS_ERROR_ENCRYPTION_FAILED"><span class="type">LASSO_DS_ERROR_ENCRYPTION_FAILED</span></a> if encryption is needed but it failed,

639

</p></li>

640

</ul></div>

641

</td>

642

</tr>

643

</tbody>

644

</table></div>

645

</div>

646

<hr>

647

648

<a name="lasso-login-build-authn-request-msg"></a><h3>lasso_login_build_authn_request_msg ()</h3>

649

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_authn_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

650

<p>

651

Converts profile authentication request (<em class="parameter"><code>request</code></em> member) into a Liberty message, either an URL

652

in HTTP-Redirect profile or an URL and a field value in Browser-POST (form) profile.

653

</p>

654

<p>

655

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the eventual field value (LAREQ) is set into the

656

<em class="parameter"><code>msg_body</code></em> member.

657

</p>

658

659

660

<tbody>

661

<tr>

662

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

663

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

664

</td>

665

</tr>

666

<tr>

667

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

668

<td>0 on success; or

669

670

671

672

</p></li>

673

674

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-REMOTE-PROVIDERID:CAPS" title="LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID"><span class="type">LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID</span></a> if not remote provider ID was setup&160;- it usually

675

means that <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> was not called before,

676

</p></li>

677

678

679

object,

680

</p></li>

681

682

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-UNSUPPORTED-PROFILE:CAPS" title="LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE"><span class="type">LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE</span></a> if the SSO profile is not supported by the targeted

683

provider,

684

</p></li>

685

686

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-BUILDING-QUERY-FAILED:CAPS" title="LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED"><span class="type">LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED</span></a> if the building of the query part of the redirect URL

687

or of the body of the POST content failed&160;- it only happens with the <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-REDIRECT:CAPS"><span class="type">LASSO_HTTP_METHOD_REDIRECT</span></a>,

688

<a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-POST:CAPS"><span class="type">LASSO_HTTP_METHOD_POST</span></a>, <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-ARTIFACT-GET:CAPS"><span class="type">LASSO_HTTP_METHOD_ARTIFACT_GET</span></a> and

689

<a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-ARTIFACT-POST:CAPS"><span class="type">LASSO_HTTP_METHOD_ARTIFACT_POST</span></a> bindings&160;-,

690

</p></li>

691

692

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-UNKNOWN-PROFILE-URL:CAPS" title="LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL"><span class="type">LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL</span></a> if the metadata of the remote provider does not contain

693

an url for the SSO profile,

694

</p></li>

695

696

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-REQUEST:CAPS" title="LASSO_PROFILE_ERROR_INVALID_REQUEST"><span class="type">LASSO_PROFILE_ERROR_INVALID_REQUEST</span></a> if the request object is not of the needed type, is usually

697

means that <a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> was not called before,

698

</p></li>

699

700

<span class="type">LASSO_PROFILE_MISSING_REQUEST</span> if the request object is missing,

701

</p></li>

702

703

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-HTTP-METHOD:CAPS" title="LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD"><span class="type">LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD</span></a> if the current setted <em class="parameter"><code>http_method</code></em> on the <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

704

object is invalid.

705

</p></li>

706

</ul></div>

707

</td>

708

</tr>

709

</tbody>

710

</table></div>

711

</div>

712

<hr>

713

714

<a name="lasso-login-build-authn-response-msg"></a><h3>lasso_login_build_authn_response_msg ()</h3>

715

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_authn_response_msg

716

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

717

<p>

718

Converts profile authentication response (<em class="parameter"><code>response</code></em> member) into a Liberty

719

message.

720

</p>

721

<p>

722

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the field value (LARES) is set

723

into the <em class="parameter"><code>msg_body</code></em> member.

724

</p>

725

726

727

<tbody>

728

<tr>

729

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

730

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

731

</td>

732

</tr>

733

<tr>

734

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

735

<td>0 on success; or

736

737

738

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,

739

</p></li>

740

741

LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE if the current protocol profile is not

742

</p></li>

743

744

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST or LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP,

745

</p></li>

746

747

LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider ID is not registered in the server

748

object,

749

</p></li>

750

751

LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL if the metadata of the remote provider does not contain

752

an URL for the assertion consuming service,

753

</p></li>

754

755

LASSO_PROFILE_ERROR_MISSING_SERVER the server object is needed to sign a message and it is

756

missing,

757

</p></li>

758

759

LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED the private key for signing could not be found,

760

</p></li>

761

762

LASSO_PROFILE_ERROR_MISSING_RESPONSE if the response object is missing,

763

</p></li>

764

765

LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE if the SSO profile is not supported by the targeted

766

provider,

767

</p></li>

768

769

LASSO_PROFILE_BUILDING_QUERY_FAILED if using <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-REDIRECT:CAPS"><span class="type">LASSO_HTTP_METHOD_REDIRECT</span></a> building of the redirect

770

URL failed,

771

</p></li>

772

773

LASSO_PROFILE_BUILDING_MSG_FAILED if using <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-POST:CAPS"><span class="type">LASSO_HTTP_METHOD_POST</span></a>, <a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-SOAP:CAPS"><span class="type">LASSO_HTTP_METHOD_SOAP</span></a> or

774

<a class="link" href="lasso-LassoProvider.html#LASSO-HTTP-METHOD-PAOS:CAPS"><span class="type">LASSO_HTTP_METHOD_PAOS</span></a> and building the <em class="parameter"><code>msg_body</code></em> failed.

775

</p></li>

776

</ul></div>

777

</td>

778

</tr>

779

</tbody>

780

</table></div>

781

</div>

782

<hr>

783

784

<a name="lasso-login-build-request-msg"></a><h3>lasso_login_build_request_msg ()</h3>

785

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

786

<p>

787

Produce a SOAP Artifact Resolve message. It must follows a call to

788

<a class="link" href="lasso-login.html#lasso-login-init-request" title="lasso_login_init_request ()"><code class="function">lasso_login_init_request()</code></a> on the artifact message.

789

Converts artifact request into a Liberty SOAP message.

790

</p>

791

<p>

792

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the SOAP message is set into the

793

<em class="parameter"><code>msg_body</code></em> member. You should POST the <em class="parameter"><code>msg_body</code></em> to the <em class="parameter"><code>msg_url</code></em> afterward.

794

</p>

795

796

797

<tbody>

798

<tr>

799

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

800

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

801

</td>

802

</tr>

803

<tr>

804

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

805

<td>0 on success; or

806

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,

807

LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if not remote provider ID was setup -- it usually

808

means that lasso_login_init_request was not called before,

809

LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider ID is not registered in the server

810

object.</td>

811

</tr>

812

</tbody>

813

</table></div>

814

</div>

815

<hr>

816

817

<a name="lasso-login-build-response-msg"></a><h3>lasso_login_build_response_msg ()</h3>

818

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_build_response_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

819

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);</pre>

820

<p>

821

Converts profile assertion response (<em class="parameter"><code>response</code></em> member) into a Liberty SOAP

822

messageresponse message.

823

</p>

824

<p>

825

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the SOAP message is set into the

826

<em class="parameter"><code>msg_body</code></em> member.

827

</p>

828

829

830

<tbody>

831

<tr>

832

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

833

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

834

</td>

835

</tr>

836

<tr>

837

<td><p><span class="term"><em class="parameter"><code>remote_providerID</code></em> :</span></p></td>

838

<td>service provider ID</td>

839

</tr>

840

<tr>

841

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

842

<td>0 on success; or a negative value otherwise.

843

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,

844

LASSO_PROFILE_ERROR_SESSION_NOT_FOUND if no session object was found in the login profile object

845

-- it should be created by <a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()"><code class="function">lasso_login_build_assertion()</code></a> if you did not set it manually before

846

calling <a class="link" href="lasso-login.html#lasso-login-build-assertion" title="lasso_login_build_assertion ()"><code class="function">lasso_login_build_assertion()</code></a>.</td>

847

</tr>

848

</tbody>

849

</table></div>

850

</div>

851

<hr>

852

853

<a name="lasso-login-destroy"></a><h3>lasso_login_destroy ()</h3>

854

<pre class="programlisting"><span class="returnvalue">void</span> lasso_login_destroy (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

855

<p>

856

Destroys a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object.

857

</p>

858

<p>

859

<em class="parameter"><code>Deprecated</code></em>: Since <span class="type">2.2.1</span>, use <a href="http://library.gnome.org/devel/gobject/unstable/gobject-The-Base-Object-Type.html#g-object-unref"><code class="function">g_object_unref()</code></a> instead.

860

</p>

861

862

863

864

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

865

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

866

</td>

867

</tr></tbody>

868

</table></div>

869

</div>

870

<hr>

871

872

<a name="lasso-login-dump"></a><h3>lasso_login_dump ()</h3>

873

<pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="returnvalue">gchar</span></a> * lasso_login_dump (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

874

<p>

875

Dumps <em class="parameter"><code>login</code></em> content to an XML string.

876

</p>

877

878

879

<tbody>

880

<tr>

881

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

882

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

883

</td>

884

</tr>

885

<tr>

886

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

887

<td>the dump string. It must be freed by the caller. <span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span>

888

</td>

889

</tr>

890

</tbody>

891

</table></div>

892

</div>

893

<hr>

894

895

<a name="lasso-login-get-assertion"></a><h3>lasso_login_get_assertion ()</h3>

896

<pre class="programlisting"><a class="link" href="lasso-node.html#LassoNode" title="struct LassoNode"><span class="returnvalue">LassoNode</span></a> * lasso_login_get_assertion (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

897

<p>

898

Return the last build assertion.

899

</p>

900

901

902

<tbody>

903

<tr>

904

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

905

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object</td>

906

</tr>

907

<tr>

908

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

909

<td>a <a class="link" href="lasso-node.html#LassoNode" title="struct LassoNode"><span class="type">LassoNode</span></a> representing the build assertion (generally a <a class="link" href="lasso-LassoSamlAssertion.html#LassoSamlAssertion" title="struct LassoSamlAssertion"><span class="type">LassoSamlAssertion</span></a> when

910

using ID-FF 1.2 or a <a class="link" href="lasso-LassoSaml2Assertion.html#LassoSaml2Assertion" title="struct LassoSaml2Assertion"><span class="type">LassoSaml2Assertion</span></a> when using SAML 2.0)</td>

911

</tr>

912

</tbody>

913

</table></div>

914

</div>

915

<hr>

916

917

<a name="lasso-login-init-authn-request"></a><h3>lasso_login_init_authn_request ()</h3>

918

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_init_authn_request (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

919

<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>,

920

<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> http_method</code></em>);</pre>

921

<p>

922

</p>

923

<p>Initializes a new AuthnRequest from current service provider to remote

924

identity provider specified in <em class="parameter"><code>remote_providerID</code></em> (if NULL the first known

925

identity provider is used).</p>

926

<p>

927

</p>

928

<p>

929

</p>

930

<p>For ID-FF 1.2 the default NameIDPolicy in an AuthnRequest is None, which imply that a

931

federation must already exist on the IdP side.</p>

932

<p>

933

</p>

934

<p>

935

</p>

936

<p>For SAML 2.0 the default NameIDPolicy is the first listed in the metadatas of the current

937

provider, or if none is specified, Transient, which ask the IdP to give a one-time

938

federation</p>

939

<p>

940

</p>

941

942

943

<tbody>

944

<tr>

945

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

946

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

947

</td>

948

</tr>

949

<tr>

950

<td><p><span class="term"><em class="parameter"><code>remote_providerID:(allow-none)</code></em> :</span></p></td>

951

<td>the providerID of the identity provider (may be NULL)</td>

952

</tr>

953

<tr>

954

<td><p><span class="term"><em class="parameter"><code>http_method</code></em> :</span></p></td>

955

<td>HTTP method to use for request transmission. <span class="annotation">[<acronym title="Default parameter value (for in case the shadows-to function has less parameters)."><span class="acronym">default</span></acronym> LASSO_HTTP_METHOD_REDIRECT]</span>

956

</td>

957

</tr>

958

<tr>

959

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

960

<td>0 on success; or <div class="itemizedlist"><ul class="itemizedlist" type="disc">

961

<li class="listitem"><p>LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,</p></li>

962

<li class="listitem"><p>LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if <em class="parameter"><code>remote_providerID</code></em> is NULL and no default remote

963

provider could be found from the server object -- usually the first one in the order of adding to

964

the server object --,</p></li>

965

<li class="listitem"><p>LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the <em class="parameter"><code>remote_providerID</code></em> is not known to our server object.</p></li>

966

<li class="listitem"><p>LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT

967

or LASSO_HTTP_METHOD_POST,</p></li>

968

<li class="listitem"><p>LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED if creation of the request object failed.</p></li>

969

</ul></div>

970

</td>

971

</tr>

972

</tbody>

973

</table></div>

974

</div>

975

<hr>

976

977

<a name="lasso-login-init-idp-initiated-authn-request"></a><h3>lasso_login_init_idp_initiated_authn_request ()</h3>

978

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_init_idp_initiated_authn_request

979

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

980

<em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *remote_providerID</code></em>);</pre>

981

<p>

982

</p>

983

<p>Generates an authentication response without matching authentication

984

request.</p>

985

<p>

986

</p>

987

<p>

988

</p>

989

<p>The choice of NameIDFormat is the same as for <a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()"><code class="function">lasso_login_init_authn_request()</code></a> but with the

990

target <em class="parameter"><code>remote_providerID</code></em> as the current provider</p>

991

<p>

992

</p>

993

<p>

994

</p>

995

<p>If <em class="parameter"><code>remote_providerID</code></em> is NULL, the first known provider is used.</p>

996

<p>

997

</p>

998

999

1000

<tbody>

1001

<tr>

1002

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1003

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>.</td>

1004

</tr>

1005

<tr>

1006

<td><p><span class="term"><em class="parameter"><code>remote_providerID</code></em> :</span></p></td>

1007

<td>the providerID of the remote service provider (may be

1008

NULL)</td>

1009

</tr>

1010

<tr>

1011

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1012

<td>0 on success; or a negative value otherwise. Error codes are the same as

1013

<a class="link" href="lasso-login.html#lasso-login-init-authn-request" title="lasso_login_init_authn_request ()"><code class="function">lasso_login_init_authn_request()</code></a>.</td>

1014

</tr>

1015

</tbody>

1016

</table></div>

1017

</div>

1018

<hr>

1019

1020

<a name="lasso-login-init-request"></a><h3>lasso_login_init_request ()</h3>

1021

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_init_request (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

1022

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>,

1023

1024

<p>

1025

Initializes an artifact request. <em class="parameter"><code>response_msg</code></em> is either the query string

1026

(in redirect mode) or the form LAREQ field (in browser-post mode).

1027

It should only be used if you received an artifact message, <em class="parameter"><code>response_msg</code></em> must be content of the

1028

artifact field for the POST artifact binding of the query string for the REDIRECT artifact

1029

binding. You must set the <em class="parameter"><code>response_http_method</code></em> argument according to the way you received the

1030

artifact message.

1031

</p>

1032

1033

1034

<tbody>

1035

<tr>

1036

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1037

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1038

</td>

1039

</tr>

1040

<tr>

1041

<td><p><span class="term"><em class="parameter"><code>response_msg</code></em> :</span></p></td>

1042

<td>the authentication response received</td>

1043

</tr>

1044

<tr>

1045

<td><p><span class="term"><em class="parameter"><code>response_http_method</code></em> :</span></p></td>

1046

<td>the method used to receive the authentication

1047

response</td>

1048

</tr>

1049

<tr>

1050

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1051

<td>0 on success; or

1052

1053

1054

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,

1055

</p></li>

1056

1057

LASSO_PARAM_ERROR_INVALID_VALUE if <em class="parameter"><code>response_msg</code></em> is NULL,

1058

</p></li>

1059

1060

LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT

1061

or LASSO_HTTP_METHOD_POST (in the ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or

1062

LASSO_HTTP_METHOD_ARTIFACT_POST (in the SAML 2.0 case),

1063

</p></li>

1064

1065

LASSO_PROFILE_ERROR_MISSING_ARTIFACT if no artifact field was found in the query string (only

1066

possible for the LASSO_HTTP_METHOD_REDIRECT case),

1067

</p></li>

1068

1069

LASSO_PROFILE_ERROR_INVALID_ARTIFACT if decoding of the artifact failed -- whether because

1070

the base64 encoding is invalid or because the type code is wrong --,

1071

</p></li>

1072

1073

LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no provider ID could be found corresponding to

1074

the hash contained in the artifact.

1075

</p></li>

1076

</ul></div>

1077

</td>

1078

</tr>

1079

</tbody>

1080

</table></div>

1081

</div>

1082

<hr>

1083

1084

<a name="lasso-login-must-ask-for-consent"></a><h3>lasso_login_must_ask_for_consent ()</h3>

1085

<pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> lasso_login_must_ask_for_consent (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

1086

<p>

1087

Evaluates if consent must be asked to the Principal to federate him.

1088

</p>

1089

1090

1091

<tbody>

1092

<tr>

1093

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1094

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1095

</td>

1096

</tr>

1097

<tr>

1098

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1099

<td>

1100

<a href="http://library.gnome.org/devel/glib/unstable/glib-Standard-Macros.html#TRUE:CAPS"><code class="literal">TRUE</code></a> if consent must be asked</td>

1101

</tr>

1102

</tbody>

1103

</table></div>

1104

</div>

1105

<hr>

1106

1107

<a name="lasso-login-must-authenticate"></a><h3>lasso_login_must_authenticate ()</h3>

1108

<pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a> lasso_login_must_authenticate (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>);</pre>

1109

<p>

1110

Evaluates if user must be authenticated.

1111

</p>

1112

1113

1114

<tbody>

1115

<tr>

1116

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1117

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1118

</td>

1119

</tr>

1120

<tr>

1121

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1122

<td>

1123

<a href="http://library.gnome.org/devel/glib/unstable/glib-Standard-Macros.html#TRUE:CAPS"><code class="literal">TRUE</code></a> if user must be authenticated</td>

1124

</tr>

1125

</tbody>

1126

</table></div>

1127

</div>

1128

<hr>

1129

1130

<a name="lasso-login-process-authn-request-msg"></a><h3>lasso_login_process_authn_request_msg ()</h3>

1131

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_authn_request_msg

1132

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

1133

<em class="parameter"><code>const <span class="type">char</span> *authn_request_msg</code></em>);</pre>

1134

<p>

1135

Processes received authentication request, checks it is signed correctly,

1136

checks if requested protocol profile is supported, etc.

1137

</p>

1138

1139

1140

<tbody>

1141

<tr>

1142

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1143

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1144

</td>

1145

</tr>

1146

<tr>

1147

<td><p><span class="term"><em class="parameter"><code>authn_request_msg</code></em> :</span></p></td>

1148

<td>the authentication request received</td>

1149

</tr>

1150

<tr>

1151

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1152

<td>0 on success; or

1153

1154

1155

<a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is no a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,

1156

</p></li>

1157

1158

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-REQUEST:CAPS" title="LASSO_PROFILE_ERROR_MISSING_REQUEST"><span class="type">LASSO_PROFILE_ERROR_MISSING_REQUEST</span></a> if <em class="parameter"><code>authn_request_msg</code></em> is <a href="http://library.gnome.org/devel/glib/unstable/glib-Standard-Macros.html#NULL:CAPS"><span class="type">NULL</span></a> and no request as actually

1159

been processed or initialized &<span class="type">151</span>; see <a class="link" href="lasso-login.html#lasso-login-init-idp-initiated-authn-request" title="lasso_login_init_idp_initiated_authn_request ()"><code class="function">lasso_login_init_idp_initiated_authn_request()</code></a>,

1160

</p></li>

1161

1162

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-MSG:CAPS" title="LASSO_PROFILE_ERROR_INVALID_MSG"><span class="type">LASSO_PROFILE_ERROR_INVALID_MSG</span></a> if the content of <em class="parameter"><code>authn_request_msg</code></em> cannot be parsed to as a

1163

valid lib:AuthnRequest messages for any support binding (mainly HTTP-Redirect, HTTP-Post and

1164

SOAP),

1165

</p></li>

1166

1167

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-ISSUER:CAPS" title="LASSO_PROFILE_ERROR_MISSING_ISSUER"><span class="type">LASSO_PROFILE_ERROR_MISSING_ISSUER</span></a> if the parsed samlp2:AuthnRequest does not have a proper Issuer element,

1168

</p></li>

1169

1170

1171

samlp2:AuthnRequest (SAMLv2) i.e. if there is no Issuer, or mutually exclusive attributes are

1172

used (ProtocolBinding and AssertionConsumerServiceIndex),

1173

</p></li>

1174

1175

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-PROTOCOLPROFILE:CAPS" title="LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE"><span class="type">LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE</span></a> if the protocolProfile (ID-FFv1.2) or the

1176

protocolBinding (SAMLv2) is unsupported by Lasso,

1177

</p></li>

1178

1179

1180

(SAMLv2) for the AssertionConsumer is unsupported by this provider implementation as indicated by

1181

its metadata file,

1182

</p></li>

1183

1184

<a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-UNKNOWN-PROVIDER:CAPS" title="LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER"><span class="type">LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER</span></a>, or

1185

1186

from the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> object of this profile,

1187

</p></li>

1188

1189

<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-SIGNATURE-NOT-FOUND:CAPS" title="LASSO_DS_ERROR_SIGNATURE_NOT_FOUND"><span class="type">LASSO_DS_ERROR_SIGNATURE_NOT_FOUND</span></a> if no signature could be found and signature validation is

1190

forced &<span class="type">151</span>; by the service provider metadata with the AuthnRequestsSigned attribute

1191

(ID-FFv1.2&SAMLv2), the attribute WantAuthnRequestsSigned in the identity provider metadata file

1192

(SAMLv2) or as advised by the <a class="link" href="lasso-LassoProfile.html#lasso-profile-set-signature-verify-hint" title="lasso_profile_set_signature_verify_hint ()"><code class="function">lasso_profile_set_signature_verify_hint()</code></a> method),

1193

</p></li>

1194

1195

<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-SIGNATURE-VERIFICATION-FAILED:CAPS" title="LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED"><span class="type">LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED</span></a> if the signature validation failed on a present

1196

signature,

1197

</p></li>

1198

1199

<a class="link" href="lasso-Error-Codes.html#LASSO-DS-ERROR-INVALID-SIGNATURE:CAPS" title="LASSO_DS_ERROR_INVALID_SIGNATURE"><span class="type">LASSO_DS_ERROR_INVALID_SIGNATURE</span></a> if the signature was malformed and a signature was present,

1200

</p></li>

1201

</ul></div>

1202

</td>

1203

</tr>

1204

</tbody>

1205

</table></div>

1206

</div>

1207

<hr>

1208

1209

<a name="lasso-login-process-authn-response-msg"></a><h3>lasso_login_process_authn_response_msg ()</h3>

1210

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_authn_response_msg

1211

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

1212

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *authn_response_msg</code></em>);</pre>

1213

<p>

1214

Processes received authentication response.

1215

</p>

1216

1217

1218

<tbody>

1219

<tr>

1220

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1221

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1222

</td>

1223

</tr>

1224

<tr>

1225

<td><p><span class="term"><em class="parameter"><code>authn_response_msg</code></em> :</span></p></td>

1226

<td>the authentication response received</td>

1227

</tr>

1228

<tr>

1229

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1230

<td>0 on success; or a negative value otherwise.</td>

1231

</tr>

1232

</tbody>

1233

</table></div>

1234

</div>

1235

<hr>

1236

1237

<a name="lasso-login-process-paos-response-msg"></a><h3>lasso_login_process_paos_response_msg ()</h3>

1238

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_paos_response_msg

1239

(<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

1240

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *msg</code></em>);</pre>

1241

</div>

1242

<hr>

1243

1244

<a name="lasso-login-process-request-msg"></a><h3>lasso_login_process_request_msg ()</h3>

1245

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

1246

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *request_msg</code></em>);</pre>

1247

<p>

1248

Processes received artifact request.

1249

</p>

1250

1251

1252

<tbody>

1253

<tr>

1254

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1255

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1256

</td>

1257

</tr>

1258

<tr>

1259

<td><p><span class="term"><em class="parameter"><code>request_msg</code></em> :</span></p></td>

1260

<td>the artifact request received</td>

1261

</tr>

1262

<tr>

1263

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1264

<td>0 on success; or a negative value otherwise.</td>

1265

</tr>

1266

</tbody>

1267

</table></div>

1268

</div>

1269

<hr>

1270

1271

<a name="lasso-login-process-response-msg"></a><h3>lasso_login_process_response_msg ()</h3>

1272

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_process_response_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

1273

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *response_msg</code></em>);</pre>

1274

<p>

1275

Processes received assertion response.

1276

</p>

1277

1278

1279

<tbody>

1280

<tr>

1281

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1282

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1283

</td>

1284

</tr>

1285

<tr>

1286

<td><p><span class="term"><em class="parameter"><code>response_msg</code></em> :</span></p></td>

1287

<td>the assertion response received</td>

1288

</tr>

1289

<tr>

1290

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1291

<td>0 on success; or

1292

1293

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-BAD-TYPE-OR-NULL-OBJ:CAPS" title="LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ"><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span></a> if login is not a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> object,</p></li>

1294

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PARAM-ERROR-INVALID-VALUE:CAPS" title="LASSO_PARAM_ERROR_INVALID_VALUE"><span class="type">LASSO_PARAM_ERROR_INVALID_VALUE</span></a> if response_msg is NULL,</p></li>

1295

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-MSG:CAPS" title="LASSO_PROFILE_ERROR_INVALID_MSG"><span class="type">LASSO_PROFILE_ERROR_INVALID_MSG</span></a> if the message is not a <a class="link" href="lasso-LassoSamlpResponse.html#LassoSamlpResponse" title="struct LassoSamlpResponse"><span class="type">LassoSamlpResponse</span></a> (ID-FF 1.2) or a <span class="type">LassoSamlp2ResponseMsg</span> (SAML 2.0),</p></li>

1296

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-RESPONSE-DOES-NOT-MATCH-REQUEST:CAPS" title="LASSO_PROFILE_ERROR_RESPONSE_DOES_NOT_MATCH_REQUEST"><span class="type">LASSO_PROFILE_ERROR_RESPONSE_DOES_NOT_MATCH_REQUEST</span></a> if the response does not refer to the request or if the response refer to an unknown request and <code class="literal">strict-checking</code> is activated ,</p></li>

1297

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-REQUEST-DENIED:CAPS" title="LASSO_LOGIN_ERROR_REQUEST_DENIED"><span class="type">LASSO_LOGIN_ERROR_REQUEST_DENIED</span></a> the identity provided

1298

returned a failure status of "RequestDenied"</p></li>

1299

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-FEDERATION-NOT-FOUND:CAPS" title="LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND"><span class="type">LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND</span></a> if creation of a new

1300

federation was not allowed and none existed,</p></li>

1301

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-UNKNOWN-PRINCIPAL:CAPS" title="LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL"><span class="type">LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL</span></a> if authentication failed

1302

or/and if the user cancelled the authentication,</p></li>

1303

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-STATUS-NOT-SUCCESS:CAPS" title="LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS"><span class="type">LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS</span></a>, if the response status

1304

is a failure but we have no more precise error code to report it, you must

1305

look at the second level status in the response,</p></li>

1306

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-SERVER-ERROR-PROVIDER-NOT-FOUND:CAPS" title="LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND"><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span></a>, if the issuing

1307

provider of the assertion is unknown,</p></li>

1308

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-INVALID-ISSUER:CAPS" title="LASSO_PROFILE_ERROR_INVALID_ISSUER"><span class="type">LASSO_PROFILE_ERROR_INVALID_ISSUER</span></a> the issuer of the

1309

assertion received, is not the expected one</p></li>

1310

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-NAME-IDENTIFIER-NOT-FOUND:CAPS" title="LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND"><span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span></a> no statement was fournd, or none statement contains a subject with a name identifier,</p></li>

1311

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-STATUS-CODE:CAPS" title="LASSO_PROFILE_ERROR_MISSING_STATUS_CODE"><span class="type">LASSO_PROFILE_ERROR_MISSING_STATUS_CODE</span></a> if the reponse is

1312

missing a <code class="literal">StatusCode</code> element,</p></li>

1313

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-PROFILE-ERROR-MISSING-ASSERTION:CAPS" title="LASSO_PROFILE_ERROR_MISSING_ASSERTION"><span class="type">LASSO_PROFILE_ERROR_MISSING_ASSERTION</span></a> if the message does

1314

not contain any assertion.</p></li>

1315

</ul></div>

1316

</td>

1317

</tr>

1318

</tbody>

1319

</table></div>

1320

</div>

1321

<hr>

1322

1323

<a name="lasso-login-validate-request-msg"></a><h3>lasso_login_validate_request_msg ()</h3>

1324

<pre class="programlisting"><span class="returnvalue">lasso_error_t</span> lasso_login_validate_request_msg (<em class="parameter"><code><a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a> *login</code></em>,

1325

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> authentication_result</code></em>,

1326

<em class="parameter"><code><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="type">gboolean</span></a> is_consent_obtained</code></em>);</pre>

1327

<p>

1328

Initializes a response to the authentication request received.

1329

</p>

1330

1331

1332

<tbody>

1333

<tr>

1334

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1335

<td>a <a class="link" href="lasso-login.html#LassoLogin" title="struct LassoLogin"><span class="type">LassoLogin</span></a>

1336

</td>

1337

</tr>

1338

<tr>

1339

<td><p><span class="term"><em class="parameter"><code>authentication_result</code></em> :</span></p></td>

1340

<td>whether user has authenticated succesfully</td>

1341

</tr>

1342

<tr>

1343

<td><p><span class="term"><em class="parameter"><code>is_consent_obtained</code></em> :</span></p></td>

1344

<td>whether user consent has been obtained</td>

1345

</tr>

1346

<tr>

1347

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1348

<td>0 on success; or <div class="itemizedlist"><ul class="itemizedlist" type="disc">

1349

1350

1351

<p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-REQUEST-DENIED:CAPS" title="LASSO_LOGIN_ERROR_REQUEST_DENIED"><span class="type">LASSO_LOGIN_ERROR_REQUEST_DENIED</span></a></p> if <em class="parameter"><code>authentication_result</code></em> if FALSE,</li>

1352

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-INVALID-SIGNATURE:CAPS" title="LASSO_LOGIN_ERROR_INVALID_SIGNATURE"><span class="type">LASSO_LOGIN_ERROR_INVALID_SIGNATURE</span></a> if signature validation of the request

1353

failed,</p></li>

1354

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-UNSIGNED-AUTHN-REQUEST:CAPS" title="LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST"><span class="type">LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST</span></a> if no signature was present on the

1355

request,</p></li>

1356

1357

<a class="link" href="lasso-Strings-for-ID-FF-1.2.html#LASSO-LIB-NAMEID-POLICY-TYPE-NONE:CAPS" title="LASSO_LIB_NAMEID_POLICY_TYPE_NONE"><span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_NONE</span></a> and no federation was found in the <a class="link" href="lasso-LassoIdentity.html#LassoIdentity" title="struct LassoIdentity"><span class="type">LassoIdentity</span></a> object

1358

(ID-FF 1.2 case)</p></li>

1359

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-INVALID-NAMEIDPOLICY:CAPS" title="LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY"><span class="type">LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY</span></a> if request policy is not one of

1360

<a class="link" href="lasso-Strings-for-ID-FF-1.2.html#LASSO-LIB-NAMEID-POLICY-TYPE-FEDERATED:CAPS" title="LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED"><span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED</span></a> or <a class="link" href="lasso-Strings-for-ID-FF-1.2.html#LASSO-LIB-NAMEID-POLICY-TYPE-ANY:CAPS" title="LASSO_LIB_NAMEID_POLICY_TYPE_ANY"><span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_ANY</span></a> (ID-FF 1.2 case) or if no NameID policy was defined or the AllowCreate request flag is FALSE (SAML 2.0 case),</p></li>

1361

<li class="listitem"><p><a class="link" href="lasso-Error-Codes.html#LASSO-LOGIN-ERROR-CONSENT-NOT-OBTAINED:CAPS" title="LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED"><span class="type">LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED</span></a> if <em class="parameter"><code>is_consent_obtained</code></em> is FALSE and

1362

conssent was necessary (for example if the request does not communicate that consent was already

1363

obtained from the user),</p></li>

1364

1365

</ul></div>

1366

</td>

1367

</tr>

1368

</tbody>

1369

</table></div>

1370

</div>

1371

</div>

1372

</div>

1373

1374

<hr>

1375

Generated by GTK-Doc V1.17</div>

1376

</body>

1377

</html>

b'\\ No newline at end of file'

Older »