~ubuntu-branches/ubuntu/trusty/lasso/trusty-proposed

<code class="function">lasso_login_build_authn_response_msg()</code> and <code class="function">lasso_login_build_artifact_msg()</code> depending on the

350

requested protocol for the response by the service provider</p>

351

<p>

352

</p>

353

<p>

354

</p>

355

356

<a name="id2692613"></a><p class="title"><b>Example 3. Identity provider single sign-on service</b></p>

357

358

LassoLogin *login;

359

char *request_method = getenv("REQUEST_METHOD");

360

char *artifact_msg = NULL, *lares = NULL, *lareq = NULL;

361

char *name_identifier;

362

lassoHttpMethod method;

363

int rc = 0;

364

365

366

if (strcmp(request_method, 'GET')) { // AuthnRequest send with the HTTP-Redirect binding

367

368

lasso_profile_set_signature_verify_hint(LASSO_PROFILE(login),

369

LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);

370

rc = lasso_process_authn_request_msg(login, getenv("QUERY_STRING"));

371

if (rc != 0) {

372

// handle errors

373

}

374

375

376

} else {

377

378

</pre></div>

379

</div>

380

381

</div>

382

383

<a name="lasso-LassoLogin.details"></a><h2>Details</h2>

384

385

<a name="LassoLoginProtocolProfile"></a><h3>enum LassoLoginProtocolProfile</h3>

386

<pre class="programlisting">typedef enum {

387

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART = 1,

388

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST,

389

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP,

390

LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT,

391

} LassoLoginProtocolProfile;

392

</pre>

393

<p>

394

Identifies the four possible profiles for Single Sign-On and Federation. It defined how the

395

response to authentication request will transmitted to the service provider.</p>

396

397

398

<tbody>

399

<tr>

400

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-ART--CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART</code></span></p></td>

401

<td> response is transmitted through a redirect request with

402

an artifact, followed by an artifact resolution request by the service provider.

403

</td>

404

</tr>

405

<tr>

406

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-POST--CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST</code></span></p></td>

407

<td> response is transmitted through a POST.

408

</td>

409

</tr>

410

<tr>

411

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-BRWS-LECP--CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP</code></span></p></td>

412

<td> response is transmitted in a PAOS response (see

413

<span class="type">LassoLecp</span>).

414

</td>

415

</tr>

416

<tr>

417

<td><p><a name="LASSO-LOGIN-PROTOCOL-PROFILE-REDIRECT--CAPS"></a><span class="term"><code class="literal">LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT</code></span></p></td>

418

<td> response is transmitted through a redirect.

419

</td>

420

</tr>

421

</tbody>

422

</table></div>

423

</div>

424

<hr>

425

426

<a name="LassoLogin"></a><h3>LassoLogin</h3>

427

<pre class="programlisting">typedef struct {

428

LassoProfile parent;

429

430

LassoLoginProtocolProfile protocolProfile;

431

gchar *assertionArtifact;

432

} LassoLogin;

433

</pre>

434

<p>

435

Single sign-on profile for the current transaction; possibly an

436

assertionArtifact to be used by the service provider in its

437

"assertionConsumerServiceURL" and the assertion created or received for the

438

principal.</p>

439

440

441

<tbody>

442

<tr>

443

<td><p><span class="term">LassoProfile <em class="structfield"><code>parent</code></em>;</span></p></td>

444

445

</tr>

446

<tr>

447

<td><p><span class="term">LassoLoginProtocolProfile <em class="structfield"><code>protocolProfile</code></em>;</span></p></td>

448

<td> the kind of binding used for this authentication request.

449

</td>

450

</tr>

451

<tr>

452

<td><p><span class="term"><a

453

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

454

>gchar</a> *<em class="structfield"><code>assertionArtifact</code></em>;</span></p></td>

455

<td> a string representing the artifact received through an artifact resolution.

456

request

457

</td>

458

</tr>

459

</tbody>

460

</table></div>

461

</div>

462

<hr>

463

464

<a name="lasso-login-new"></a><h3>lasso_login_new ()</h3>

465

<pre class="programlisting">LassoLogin* lasso_login_new (LassoServer *server);</pre>

466

<p>

467

Creates a new <span class="type">LassoLogin</span>.</p>

468

469

470

<tbody>

471

<tr>

472

<td><p><span class="term"><em class="parameter"><code>server</code></em> :</span></p></td>

473

<td> the <span class="type">LassoServer</span>

474

</td>

475

</tr>

476

<tr>

477

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

478

<td> a newly created <span class="type">LassoLogin</span> object; or NULL if an error

479

occured

480

</td>

481

</tr>

482

</tbody>

483

</table></div>

484

</div>

485

<hr>

486

487

<a name="lasso-login-new-from-dump"></a><h3>lasso_login_new_from_dump ()</h3>

488

<pre class="programlisting">LassoLogin* lasso_login_new_from_dump (LassoServer *server,

489

const <a

490

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

491

>gchar</a> *dump);</pre>

492

<p>

493

Restores the <em class="parameter"><code>dump</code></em> to a new <span class="type">LassoLogin</span>.</p>

494

495

496

<tbody>

497

<tr>

498

<td><p><span class="term"><em class="parameter"><code>server</code></em> :</span></p></td>

499

<td> the <span class="type">LassoServer</span>

500

</td>

501

</tr>

502

<tr>

503

504

<td> XML login dump

505

</td>

506

</tr>

507

<tr>

508

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

509

<td> a newly created <span class="type">LassoLogin</span>; or NULL if an error occured.

510

</td>

511

</tr>

512

</tbody>

513

</table></div>

514

</div>

515

<hr>

516

517

<a name="lasso-login-accept-sso"></a><h3>lasso_login_accept_sso ()</h3>

518

<pre class="programlisting">lasso_error_t lasso_login_accept_sso (LassoLogin *login);</pre>

519

<p>

520

Gets the assertion of the response and adds it to the <span class="type">LassoSession</span> object.

521

Builds a federation with the 2 name identifiers of the assertion

522

and adds it into the identity.

523

If the session or the identity are NULL, they are created.</p>

524

525

526

<tbody>

527

<tr>

528

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

529

<td> a <span class="type">LassoLogin</span>

530

</td>

531

</tr>

532

<tr>

533

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

534

<td> 0 on success; or

535

536

537

<span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span> if login is not a <span class="type">LassoLogin</span> object,

538

</p></li>

539

540

<span class="type">LASSO_PROFILE_ERROR_MISSING_RESPONSE</span> if no response is present in the login profile object;

541

usually because no call to lasso_login_process_authn_response_msg was done;

542

</p></li>

543

544

<span class="type">LASSO_PROFILE_ERROR_MISSING_ASSERTION</span> if the response does not contain an assertion,

545

</p></li>

546

547

<span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span> if the assertion does not contain a NameID element,

548

</p></li>

549

550

<span class="type">LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER</span> same as

551

<span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span>,

552

</p></li>

553

554

<span class="type">LASSO_LOGIN_ERROR_ASSERTION_REPLAY</span> if the assertion has already been used.

555

</p></li>

556

</ul></div>

557

</td>

558

</tr>

559

</tbody>

560

</table></div>

561

</div>

562

<hr>

563

564

<a name="lasso-login-build-artifact-msg"></a><h3>lasso_login_build_artifact_msg ()</h3>

565

<pre class="programlisting">lasso_error_t lasso_login_build_artifact_msg (LassoLogin *login,

566

LassoHttpMethod http_method);</pre>

567

<p>

568

Builds a SAML artifact. Depending of the HTTP method, the data for the sending of

569

the artifact are stored in <em class="parameter"><code>msg_url</code></em> (REDIRECT) or <em class="parameter"><code>msg_url</code></em>, <em class="parameter"><code>msg_body</code></em> and

570

<em class="parameter"><code>msg_relayState</code></em> (POST).</p>

571

572

573

<tbody>

574

<tr>

575

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

576

<td> a <span class="type">LassoLogin</span>

577

</td>

578

</tr>

579

<tr>

580

<td><p><span class="term"><em class="parameter"><code>http_method</code></em> :</span></p></td>

581

<td> the HTTP method to send the artifact (REDIRECT or POST)

582

</td>

583

</tr>

584

<tr>

585

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

586

<td> 0 on success; or

587

588

589

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <span class="type">LassoLogin</span> object,

590

</p></li>

591

592

LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no remote provider ID was setup in the login

593

profile object, it's usually done by lasso_login_process_authn_request_msg,

594

</p></li>

595

596

LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT

597

or LASSO_HTTP_METHOD_POST (ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or

598

LASSO_HTTP_METHOD_ARTIFACT_POST (SAML 2.0 case) for SAML 2.0),

599

</p></li>

600

601

LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE if the current protocolProfile is not

602

</p></li>

603

604

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART (only for ID-FF 1.2),

605

</p></li>

606

607

LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider is not known to our server object

608

which impeach us to find a service endpoint,

609

</p></li>

610

611

LASSO_PROFILE_ERROR_MISSING_RESPONSE if the response object is missing,

612

</p></li>

613

614

LASSO_PROFILE_ERROR_MISSING_STATUS_CODE if the response object is missing a status code,

615

</p></li>

616

</ul></div>

617

618

</td>

619

</tr>

620

</tbody>

621

</table></div>

622

</div>

623

<hr>

624

625

<a name="lasso-login-build-assertion"></a><h3>lasso_login_build_assertion ()</h3>

626

<pre class="programlisting">lasso_error_t lasso_login_build_assertion (LassoLogin *login,

627

const char *authenticationMethod,

628

const char *authenticationInstant,

629

const char *reauthenticateOnOrAfter,

630

const char *notBefore,

631

const char *notOnOrAfter);</pre>

632

<p>

633

Builds an assertion and stores it in profile session.

634

<em class="parameter"><code>authenticationInstant</code></em>, reauthenticateOnOrAfter, <em class="parameter"><code>notBefore</code></em> and

635

<em class="parameter"><code>notOnOrAfter</code></em> may be NULL. If <em class="parameter"><code>authenticationInstant</code></em> is NULL, the current

636

time will be used. Time values must be encoded in UTC.

637

</p>

638

<p>

639

Construct the authentication assertion for the response. It must be called after validating the

640

request using <code class="function">lasso_login_validate_request_msg()</code>. The created assertion is accessed using

641

<code class="function">lasso_login_get_assertion()</code>.</p>

642

643

644

<tbody>

645

<tr>

646

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

647

<td> a <span class="type">LassoLogin</span>

648

</td>

649

</tr>

650

<tr>

651

<td><p><span class="term"><em class="parameter"><code>authenticationMethod</code></em> :</span></p></td>

652

<td> the authentication method

653

</td>

654

</tr>

655

<tr>

656

<td><p><span class="term"><em class="parameter"><code>authenticationInstant</code></em> :</span></p></td>

657

<td> the time at which the authentication took place

658

</td>

659

</tr>

660

<tr>

661

<td><p><span class="term"><em class="parameter"><code>notBefore</code></em> :</span></p></td>

662

<td> the earliest time instant at which the assertion is valid

663

</td>

664

</tr>

665

<tr>

666

<td><p><span class="term"><em class="parameter"><code>notOnOrAfter</code></em> :</span></p></td>

667

<td> the time instant at which the assertion has expired

668

</td>

669

</tr>

670

<tr>

671

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

672

<td> 0 on success; or

673

674

675

<span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span> if login is not a <span class="type">LassoLogin</span> object,

676

</p></li>

677

678

<span class="type">LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND</span> if no identity object was found in the login profile object.

679

</p></li>

680

681

<span class="type">LASSO_PROFILE_ERROR_MISSING_RESPONSE</span> if no response object is present ( it is normally initialized

682

by <code class="function">lasso_login_process_authn_request_msg()</code> )

683

</p></li>

684

685

<span class="type">LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND</span> if a <span class="type">LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT</span> or <span class="type">LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED</span> NameID format is asked and no corresponding federation was found in the <span class="type">LassoIdentity</span> object,

686

</p></li>

687

688

<span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span> if encryption is needed and the request issuing provider is unknown (it as not been registered in the <span class="type">LassoServer</span> object),

689

</p></li>

690

691

<span class="type">LASSO_DS_ERROR_ENCRYPTION_FAILED</span> if encryption is needed but it failed,

692

</p></li>

693

</ul></div>

694

695

</td>

696

</tr>

697

</tbody>

698

</table></div>

699

</div>

700

<hr>

701

702

<a name="lasso-login-build-authn-request-msg"></a><h3>lasso_login_build_authn_request_msg ()</h3>

703

<pre class="programlisting">lasso_error_t lasso_login_build_authn_request_msg (LassoLogin *login);</pre>

704

<p>

705

Converts profile authentication request (<em class="parameter"><code>request</code></em> member) into a Liberty message, either an URL

706

in HTTP-Redirect profile or an URL and a field value in Browser-POST (form) profile.

707

</p>

708

<p>

709

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the eventual field value (LAREQ) is set into the

710

<em class="parameter"><code>msg_body</code></em> member.</p>

711

712

713

<tbody>

714

<tr>

715

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

716

<td> a <span class="type">LassoLogin</span>

717

</td>

718

</tr>

719

<tr>

720

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

721

<td> 0 on success; or

722

723

724

<span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span> if login is not a <span class="type">LassoLogin</span> object,

725

</p></li>

726

727

<span class="type">LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID</span> if not remote provider ID was setup&160;- it usually

728

means that <code class="function">lasso_login_init_request()</code> was not called before,

729

</p></li>

730

731

<span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span> if the remote provider ID is not registered in the server

732

object,

733

</p></li>

734

735

<span class="type">LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE</span> if the SSO profile is not supported by the targeted

736

provider,

737

</p></li>

738

739

<span class="type">LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED</span> if the building of the query part of the redirect URL

740

or of the body of the POST content failed&160;- it only happens with the <span class="type">LASSO_HTTP_METHOD_REDIRECT</span>,

741

<span class="type">LASSO_HTTP_METHOD_POST</span>, <span class="type">LASSO_HTTP_METHOD_ARTIFACT_GET</span> and

742

<span class="type">LASSO_HTTP_METHOD_ARTIFACT_POST</span> bindings&160;-,

743

</p></li>

744

745

<span class="type">LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL</span> if the metadata of the remote provider does not contain

746

an url for the SSO profile,

747

</p></li>

748

749

<span class="type">LASSO_PROFILE_ERROR_INVALID_REQUEST</span> if the request object is not of the needed type, is usually

750

means that <code class="function">lasso_login_init_request()</code> was not called before,

751

</p></li>

752

753

<span class="type">LASSO_PROFILE_MISSING_REQUEST</span> if the request object is missing,

754

</p></li>

755

756

<span class="type">LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD</span> if the current setted <em class="parameter"><code>http_method</code></em> on the <span class="type">LassoLogin</span>

757

object is invalid.

758

</p></li>

759

</ul></div>

760

</td>

761

</tr>

762

</tbody>

763

</table></div>

764

</div>

765

<hr>

766

767

<a name="lasso-login-build-authn-response-msg"></a><h3>lasso_login_build_authn_response_msg ()</h3>

768

<pre class="programlisting">lasso_error_t lasso_login_build_authn_response_msg

769

(LassoLogin *login);</pre>

770

<p>

771

Converts profile authentication response (<em class="parameter"><code>response</code></em> member) into a Liberty

772

message.

773

</p>

774

<p>

775

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the field value (LARES) is set

776

into the <em class="parameter"><code>msg_body</code></em> member.</p>

777

778

779

<tbody>

780

<tr>

781

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

782

<td> a <span class="type">LassoLogin</span>

783

</td>

784

</tr>

785

<tr>

786

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

787

<td> 0 on success; or

788

789

790

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <span class="type">LassoLogin</span> object,

791

</p></li>

792

793

LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE if the current protocol profile is not

794

</p></li>

795

796

LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST or LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP,

797

</p></li>

798

799

LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider ID is not registered in the server

800

object,

801

</p></li>

802

803

LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL if the metadata of the remote provider does not contain

804

an URL for the assertion consuming service,

805

</p></li>

806

807

LASSO_PROFILE_ERROR_MISSING_SERVER the server object is needed to sign a message and it is

808

missing,

809

</p></li>

810

811

LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED the private key for signing could not be found,

812

</p></li>

813

814

LASSO_PROFILE_ERROR_MISSING_RESPONSE if the response object is missing,

815

</p></li>

816

817

LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE if the SSO profile is not supported by the targeted

818

provider,

819

</p></li>

820

821

LASSO_PROFILE_BUILDING_QUERY_FAILED if using <span class="type">LASSO_HTTP_METHOD_REDIRECT</span> building of the redirect

822

URL failed,

823

</p></li>

824

825

LASSO_PROFILE_BUILDING_MSG_FAILED if using <span class="type">LASSO_HTTP_METHOD_POST</span>, <span class="type">LASSO_HTTP_METHOD_SOAP</span> or

826

<span class="type">LASSO_HTTP_METHOD_PAOS</span> and building the <em class="parameter"><code>msg_body</code></em> failed.

827

</p></li>

828

</ul></div>

829

830

</td>

831

</tr>

832

</tbody>

833

</table></div>

834

</div>

835

<hr>

836

837

<a name="lasso-login-build-request-msg"></a><h3>lasso_login_build_request_msg ()</h3>

838

<pre class="programlisting">lasso_error_t lasso_login_build_request_msg (LassoLogin *login);</pre>

839

<p>

840

Produce a SOAP Artifact Resolve message. It must follows a call to

841

<code class="function">lasso_login_init_request()</code> on the artifact message.

842

Converts artifact request into a Liberty SOAP message.

843

</p>

844

<p>

845

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the SOAP message is set into the

846

<em class="parameter"><code>msg_body</code></em> member. You should POST the <em class="parameter"><code>msg_body</code></em> to the <em class="parameter"><code>msg_url</code></em> afterward.</p>

847

848

849

<tbody>

850

<tr>

851

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

852

<td> a <span class="type">LassoLogin</span>

853

</td>

854

</tr>

855

<tr>

856

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

857

<td> 0 on success; or

858

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <span class="type">LassoLogin</span> object,

859

LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if not remote provider ID was setup -- it usually

860

means that lasso_login_init_request was not called before,

861

LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider ID is not registered in the server

862

object.

863

864

</td>

865

</tr>

866

</tbody>

867

</table></div>

868

</div>

869

<hr>

870

871

<a name="lasso-login-build-response-msg"></a><h3>lasso_login_build_response_msg ()</h3>

872

<pre class="programlisting">lasso_error_t lasso_login_build_response_msg (LassoLogin *login,

873

874

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

875

>gchar</a> *remote_providerID);</pre>

876

<p>

877

Converts profile assertion response (<em class="parameter"><code>response</code></em> member) into a Liberty SOAP

878

messageresponse message.

879

</p>

880

<p>

881

The URL is set into the <em class="parameter"><code>msg_url</code></em> member and the SOAP message is set into the

882

<em class="parameter"><code>msg_body</code></em> member.</p>

883

884

885

<tbody>

886

<tr>

887

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

888

<td> a <span class="type">LassoLogin</span>

889

</td>

890

</tr>

891

<tr>

892

<td><p><span class="term"><em class="parameter"><code>remote_providerID</code></em> :</span></p></td>

893

<td> service provider ID

894

</td>

895

</tr>

896

<tr>

897

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

898

<td> 0 on success; or a negative value otherwise.

899

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <span class="type">LassoLogin</span> object,

900

LASSO_PROFILE_ERROR_SESSION_NOT_FOUND if no session object was found in the login profile object

901

calling <code class="function">lasso_login_build_assertion()</code>.

902

903

</td>

904

</tr>

905

</tbody>

906

</table></div>

907

</div>

908

<hr>

909

910

<a name="lasso-login-destroy"></a><h3>lasso_login_destroy ()</h3>

911

<pre class="programlisting">void lasso_login_destroy (LassoLogin *login);</pre>

912

<p>

913

Destroys a <span class="type">LassoLogin</span> object.

914

</p>

915

<p>

916

<em class="parameter"><code>Deprecated</code></em>: Since <span class="type">2</span>.2.1, use <a

917

href="http://library.gnome.org/devel/gobject/unstable/gobject-The-Base-Object-Type.html#g-object-unref"

918

><code class="function">g_object_unref()</code></a> instead.</p>

919

920

921

922

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

923

<td> a <span class="type">LassoLogin</span>

924

</td>

925

</tr></tbody>

926

</table></div>

927

</div>

928

<hr>

929

930

<a name="lasso-login-dump"></a><h3>lasso_login_dump ()</h3>

931

<pre class="programlisting"><a

932

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

933

>gchar</a>* lasso_login_dump (LassoLogin *login);</pre>

934

<p>

935

Dumps <em class="parameter"><code>login</code></em> content to an XML string.</p>

936

937

938

<tbody>

939

<tr>

940

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

941

<td> a <span class="type">LassoLogin</span>

942

</td>

943

</tr>

944

<tr>

945

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

946

<td> the dump string. It must be freed by the caller.. <a href="http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?query=transfer"><span class="acronym">transfer</span></a> full. </td>

947

</tr>

948

</tbody>

949

</table></div>

950

</div>

951

<hr>

952

953

<a name="lasso-login-get-assertion"></a><h3>lasso_login_get_assertion ()</h3>

954

<pre class="programlisting">LassoNode * lasso_login_get_assertion (LassoLogin *login);</pre>

955

<p>

956

Return the last build assertion.</p>

957

958

959

<tbody>

960

<tr>

961

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

962

<td> a <span class="type">LassoLogin</span> object

963

</td>

964

</tr>

965

<tr>

966

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

967

<td> a <span class="type">LassoNode</span> representing the build assertion (generally a <span class="type">LassoSamlAssertion</span> when

968

using ID-FF 1.2 or a <span class="type">LassoSaml2Assertion</span> when using SAML 2.0)

969

</td>

970

</tr>

971

</tbody>

972

</table></div>

973

</div>

974

<hr>

975

976

<a name="lasso-login-init-authn-request"></a><h3>lasso_login_init_authn_request ()</h3>

977

<pre class="programlisting">lasso_error_t lasso_login_init_authn_request (LassoLogin *login,

978

const <a

979

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

980

>gchar</a> *remote_providerID,

981

LassoHttpMethod http_method);</pre>

982

<p>

983

</p>

984

<p>Initializes a new AuthnRequest from current service provider to remote

985

identity provider specified in <em class="parameter"><code>remote_providerID</code></em> (if NULL the first known

986

identity provider is used).</p>

987

<p>

988

</p>

989

<p>

990

</p>

991

<p>For ID-FF 1.2 the default NameIDPolicy in an AuthnRequest is None, which imply that a

992

federation must already exist on the IdP side.</p>

993

<p>

994

</p>

995

<p>

996

</p>

997

<p>For SAML 2.0 the default NameIDPolicy is the first listed in the metadatas of the current

998

provider, or if none is specified, Transient, which ask the IdP to give a one-time

999

federation</p>

1000

1001

1002

<tbody>

1003

<tr>

1004

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1005

<td> a <span class="type">LassoLogin</span>

1006

</td>

1007

</tr>

1008

<tr>

1009

<td><p><span class="term"><em class="parameter"><code>remote_providerID:(allow-none)</code></em> :</span></p></td>

1010

<td> the providerID of the identity provider (may be NULL)

1011

</td>

1012

</tr>

1013

<tr>

1014

<td><p><span class="term"><em class="parameter"><code>http_method</code></em> :</span></p></td>

1015

<td> HTTP method to use for request transmission. <acronym title="Default parameter value (for in case the shadows-to function has less parameters)."><span class="acronym">default</span></acronym> LASSO_HTTP_METHOD_REDIRECT. </td>

1016

</tr>

1017

<tr>

1018

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1019

<td> 0 on success; or <div class="itemizedlist"><ul class="itemizedlist" type="disc">

1020

<li class="listitem"><p>LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <span class="type">LassoLogin</span> object,</p></li>

1021

<li class="listitem"><p>LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if <em class="parameter"><code>remote_providerID</code></em> is NULL and no default remote

1022

provider could be found from the server object -- usually the first one in the order of adding to

1023

the server object --,</p></li>

1024

<li class="listitem"><p>LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the <em class="parameter"><code>remote_providerID</code></em> is not known to our server object.</p></li>

1025

<li class="listitem"><p>LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT

1026

or LASSO_HTTP_METHOD_POST,</p></li>

1027

<li class="listitem"><p>LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED if creation of the request object failed.</p></li>

1028

</ul></div>

1029

1030

</td>

1031

</tr>

1032

</tbody>

1033

</table></div>

1034

</div>

1035

<hr>

1036

1037

<a name="lasso-login-init-idp-initiated-authn-request"></a><h3>lasso_login_init_idp_initiated_authn_request ()</h3>

1038

<pre class="programlisting">lasso_error_t lasso_login_init_idp_initiated_authn_request

1039

(LassoLogin *login,

1040

const <a

1041

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

1042

>gchar</a> *remote_providerID);</pre>

1043

<p>

1044

</p>

1045

<p>Generates an authentication response without matching authentication

1046

request.</p>

1047

<p>

1048

</p>

1049

<p>

1050

</p>

1051

<p>The choice of NameIDFormat is the same as for <code class="function">lasso_login_init_authn_request()</code> but with the

1052

target <em class="parameter"><code>remote_providerID</code></em> as the current provider</p>

1053

<p>

1054

</p>

1055

<p>

1056

</p>

1057

<p>If <em class="parameter"><code>remote_providerID</code></em> is NULL, the first known provider is used.</p>

1058

1059

1060

<tbody>

1061

<tr>

1062

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1063

<td> a <span class="type">LassoLogin</span>.

1064

</td>

1065

</tr>

1066

<tr>

1067

<td><p><span class="term"><em class="parameter"><code>remote_providerID</code></em> :</span></p></td>

1068

<td> the providerID of the remote service provider (may be

1069

NULL)

1070

</td>

1071

</tr>

1072

<tr>

1073

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1074

<td> 0 on success; or a negative value otherwise. Error codes are the same as

1075

<code class="function">lasso_login_init_authn_request()</code>.

1076

</td>

1077

</tr>

1078

</tbody>

1079

</table></div>

1080

</div>

1081

<hr>

1082

1083

<a name="lasso-login-init-request"></a><h3>lasso_login_init_request ()</h3>

1084

<pre class="programlisting">lasso_error_t lasso_login_init_request (LassoLogin *login,

1085

1086

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

1087

>gchar</a> *response_msg,

1088

LassoHttpMethod response_http_method);</pre>

1089

<p>

1090

Initializes an artifact request. <em class="parameter"><code>response_msg</code></em> is either the query string

1091

(in redirect mode) or the form LAREQ field (in browser-post mode).

1092

It should only be used if you received an artifact message, <em class="parameter"><code>response_msg</code></em> must be content of the

1093

artifact field for the POST artifact binding of the query string for the REDIRECT artifact

1094

binding. You must set the <em class="parameter"><code>response_http_method</code></em> argument according to the way you received the

1095

artifact message.</p>

1096

1097

1098

<tbody>

1099

<tr>

1100

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1101

<td> a <span class="type">LassoLogin</span>

1102

</td>

1103

</tr>

1104

<tr>

1105

<td><p><span class="term"><em class="parameter"><code>response_msg</code></em> :</span></p></td>

1106

<td> the authentication response received

1107

</td>

1108

</tr>

1109

<tr>

1110

<td><p><span class="term"><em class="parameter"><code>response_http_method</code></em> :</span></p></td>

1111

<td> the method used to receive the authentication

1112

response

1113

</td>

1114

</tr>

1115

<tr>

1116

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1117

<td> 0 on success; or

1118

1119

1120

LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a <span class="type">LassoLogin</span> object,

1121

</p></li>

1122

1123

LASSO_PARAM_ERROR_INVALID_VALUE if <em class="parameter"><code>response_msg</code></em> is NULL,

1124

</p></li>

1125

1126

LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT

1127

or LASSO_HTTP_METHOD_POST (in the ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or

1128

LASSO_HTTP_METHOD_ARTIFACT_POST (in the SAML 2.0 case),

1129

</p></li>

1130

1131

LASSO_PROFILE_ERROR_MISSING_ARTIFACT if no artifact field was found in the query string (only

1132

possible for the LASSO_HTTP_METHOD_REDIRECT case),

1133

</p></li>

1134

1135

LASSO_PROFILE_ERROR_INVALID_ARTIFACT if decoding of the artifact failed -- whether because

1136

the base64 encoding is invalid or because the type code is wrong --,

1137

</p></li>

1138

1139

LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no provider ID could be found corresponding to

1140

the hash contained in the artifact.

1141

</p></li>

1142

</ul></div>

1143

1144

</td>

1145

</tr>

1146

</tbody>

1147

</table></div>

1148

</div>

1149

<hr>

1150

1151

<a name="lasso-login-must-ask-for-consent"></a><h3>lasso_login_must_ask_for_consent ()</h3>

1152

<pre class="programlisting"><a

1153

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"

1154

>gboolean</a> lasso_login_must_ask_for_consent (LassoLogin *login);</pre>

1155

<p>

1156

Evaluates if consent must be asked to the Principal to federate him.</p>

1157

1158

1159

<tbody>

1160

<tr>

1161

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1162

<td> a <span class="type">LassoLogin</span>

1163

</td>

1164

</tr>

1165

<tr>

1166

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1167

<td> <code class="literal">TRUE</code> if consent must be asked

1168

</td>

1169

</tr>

1170

</tbody>

1171

</table></div>

1172

</div>

1173

<hr>

1174

1175

<a name="lasso-login-must-authenticate"></a><h3>lasso_login_must_authenticate ()</h3>

1176

<pre class="programlisting"><a

1177

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"

1178

>gboolean</a> lasso_login_must_authenticate (LassoLogin *login);</pre>

1179

<p>

1180

Evaluates if user must be authenticated.</p>

1181

1182

1183

<tbody>

1184

<tr>

1185

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1186

<td> a <span class="type">LassoLogin</span>

1187

</td>

1188

</tr>

1189

<tr>

1190

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1191

<td> <code class="literal">TRUE</code> if user must be authenticated

1192

</td>

1193

</tr>

1194

</tbody>

1195

</table></div>

1196

</div>

1197

<hr>

1198

1199

<a name="lasso-login-process-authn-request-msg"></a><h3>lasso_login_process_authn_request_msg ()</h3>

1200

<pre class="programlisting">lasso_error_t lasso_login_process_authn_request_msg

1201

(LassoLogin *login,

1202

const char *authn_request_msg);</pre>

1203

<p>

1204

Processes received authentication request, checks it is signed correctly,

1205

checks if requested protocol profile is supported, etc.</p>

1206

1207

1208

<tbody>

1209

<tr>

1210

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1211

<td> a <span class="type">LassoLogin</span>

1212

</td>

1213

</tr>

1214

<tr>

1215

<td><p><span class="term"><em class="parameter"><code>authn_request_msg</code></em> :</span></p></td>

1216

<td> the authentication request received

1217

</td>

1218

</tr>

1219

<tr>

1220

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1221

<td> 0 on success; or

1222

1223

1224

<span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span> if login is no a <span class="type">LassoLogin</span> object,

1225

</p></li>

1226

1227

<span class="type">LASSO_PROFILE_ERROR_MISSING_REQUEST</span> if <em class="parameter"><code>authn_request_msg</code></em> is <span class="type">NULL</span> and no request as actually

1228

been processed or initialized &<span class="type">151</span>; see <code class="function">lasso_login_init_idp_initiated_authn_request()</code>,

1229

1230

</p></li>

1231

1232

<span class="type">LASSO_PROFILE_ERROR_INVALID_MSG</span> if the content of <em class="parameter"><code>authn_request_msg</code></em> cannot be parsed to as a

1233

valid lib:AuthnRequest messages for any support binding (mainly HTTP-Redirect, HTTP-Post and

1234

SOAP),

1235

</p></li>

1236

1237

1238

<span class="type">LASSO_PROFILE_ERROR_MISSING_ISSUER</span> if the parsed samlp2:AuthnRequest does not have a proper Issuer element,

1239

</p></li>

1240

1241

1242

<span class="type">LASSO_PROFILE_ERROR_INVALID_REQUEST</span> if the parsed message does not validate as a valid

1243

samlp2:AuthnRequest (SAMLv2) i.e. if there is no Issuer, or mutually exclusive attributes are

1244

used (ProtocolBinding and AssertionConsumerServiceIndex),

1245

</p></li>

1246

1247

1248

<span class="type">LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE</span> if the protocolProfile (ID-FFv1.2) or the

1249

protocolBinding (SAMLv2) is unsupported by Lasso,

1250

</p></li>

1251

1252

1253

<span class="type">LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE</span> if the protocolProfile (ID-FFv1.2) or the protocolBinding

1254

(SAMLv2) for the AssertionConsumer is unsupported by this provider implementation as indicated by

1255

its metadata file,

1256

</p></li>

1257

1258

1259

<span class="type">LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER</span>, or

1260

<span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span> if the metadata for the issuer of the request are absent

1261

from the <span class="type">LassoServer</span> object of this profile,

1262

</p></li>

1263

1264

1265

<span class="type">LASSO_DS_ERROR_SIGNATURE_NOT_FOUND</span> if no signature could be found and signature validation is

1266

forced &<span class="type">151</span>; by the service provider metadata with the AuthnRequestsSigned attribute

1267

(ID-FFv1.2&SAMLv2), the attribute WantAuthnRequestsSigned in the identity provider metadata file

1268

(SAMLv2) or as advised by the <code class="function">lasso_profile_set_signature_verify_hint()</code> method),

1269

</p></li>

1270

1271

1272

<span class="type">LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED</span> if the signature validation failed on a present

1273

signature,

1274

</p></li>

1275

1276

<span class="type">LASSO_DS_ERROR_INVALID_SIGNATURE</span> if the signature was malformed and a signature was present,

1277

</p></li>

1278

</ul></div>

1279

1280

</td>

1281

</tr>

1282

</tbody>

1283

</table></div>

1284

</div>

1285

<hr>

1286

1287

<a name="lasso-login-process-authn-response-msg"></a><h3>lasso_login_process_authn_response_msg ()</h3>

1288

<pre class="programlisting">lasso_error_t lasso_login_process_authn_response_msg

1289

(LassoLogin *login,

1290

1291

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

1292

>gchar</a> *authn_response_msg);</pre>

1293

<p>

1294

Processes received authentication response.</p>

1295

1296

1297

<tbody>

1298

<tr>

1299

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1300

<td> a <span class="type">LassoLogin</span>

1301

</td>

1302

</tr>

1303

<tr>

1304

<td><p><span class="term"><em class="parameter"><code>authn_response_msg</code></em> :</span></p></td>

1305

<td> the authentication response received

1306

</td>

1307

</tr>

1308

<tr>

1309

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1310

<td> 0 on success; or a negative value otherwise.

1311

</td>

1312

</tr>

1313

</tbody>

1314

</table></div>

1315

</div>

1316

<hr>

1317

1318

<a name="lasso-login-process-paos-response-msg"></a><h3>lasso_login_process_paos_response_msg ()</h3>

1319

<pre class="programlisting">lasso_error_t lasso_login_process_paos_response_msg

1320

(LassoLogin *login,

1321

1322

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

1323

>gchar</a> *msg);</pre>

1324

</div>

1325

<hr>

1326

1327

<a name="lasso-login-process-request-msg"></a><h3>lasso_login_process_request_msg ()</h3>

1328

<pre class="programlisting">lasso_error_t lasso_login_process_request_msg (LassoLogin *login,

1329

1330

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

1331

>gchar</a> *request_msg);</pre>

1332

<p>

1333

Processes received artifact request.</p>

1334

1335

1336

<tbody>

1337

<tr>

1338

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1339

<td> a <span class="type">LassoLogin</span>

1340

</td>

1341

</tr>

1342

<tr>

1343

<td><p><span class="term"><em class="parameter"><code>request_msg</code></em> :</span></p></td>

1344

<td> the artifact request received

1345

</td>

1346

</tr>

1347

<tr>

1348

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1349

<td> 0 on success; or a negative value otherwise.

1350

</td>

1351

</tr>

1352

</tbody>

1353

</table></div>

1354

</div>

1355

<hr>

1356

1357

<a name="lasso-login-process-response-msg"></a><h3>lasso_login_process_response_msg ()</h3>

1358

<pre class="programlisting">lasso_error_t lasso_login_process_response_msg (LassoLogin *login,

1359

1360

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"

1361

>gchar</a> *response_msg);</pre>

1362

<p>

1363

Processes received assertion response.</p>

1364

1365

1366

<tbody>

1367

<tr>

1368

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1369

<td> a <span class="type">LassoLogin</span>

1370

</td>

1371

</tr>

1372

<tr>

1373

<td><p><span class="term"><em class="parameter"><code>response_msg</code></em> :</span></p></td>

1374

<td> the assertion response received

1375

</td>

1376

</tr>

1377

<tr>

1378

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1379

<td> 0 on success; or

1380

1381

<li class="listitem"><p><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span> if login is not a <span class="type">LassoLogin</span> object,</p></li>

1382

<li class="listitem"><p><span class="type">LASSO_PARAM_ERROR_INVALID_VALUE</span> if response_msg is NULL,</p></li>

1383

<li class="listitem"><p><span class="type">LASSO_PROFILE_ERROR_INVALID_MSG</span> if the message is not a <span class="type">LassoSamlpResponse</span> (ID-FF 1.2) or a <span class="type">LassoSamlp2ResponseMsg</span> (SAML 2.0),</p></li>

1384

<li class="listitem"><p><span class="type">LASSO_PROFILE_ERROR_RESPONSE_DOES_NOT_MATCH_REQUEST</span> if the response does not refer to the request or if the response refer to an unknown request and <code class="literal">strict-checking</code> is activated ,</p></li>

1385

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_REQUEST_DENIED</span> the identity provided

1386

returned a failure status of "RequestDenied"</p></li>

1387

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND</span> if creation of a new

1388

federation was not allowed and none existed,</p></li>

1389

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL</span> if authentication failed

1390

or/and if the user cancelled the authentication,</p></li>

1391

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS</span>, if the response status

1392

is a failure but we have no more precise error code to report it, you must

1393

look at the second level status in the response,</p></li>

1394

<li class="listitem"><p><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span>, if the issuing

1395

provider of the assertion is unknown,</p></li>

1396

<li class="listitem"><p><span class="type">LASSO_PROFILE_ERROR_INVALID_ISSUER</span> the issuer of the

1397

assertion received, is not the expected one</p></li>

1398

<li class="listitem"><p><span class="type">LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND</span> no statement was fournd, or none statement contains a subject with a name identifier,</p></li>

1399

<li class="listitem"><p><span class="type">LASSO_PROFILE_ERROR_MISSING_STATUS_CODE</span> if the reponse is

1400

missing a <code class="literal">StatusCode</code> element,</p></li>

1401

<li class="listitem"><p><span class="type">LASSO_PROFILE_ERROR_MISSING_ASSERTION</span> if the message does

1402

not contain any assertion.</p></li>

1403

</ul></div>

1404

</td>

1405

</tr>

1406

</tbody>

1407

</table></div>

1408

</div>

1409

<hr>

1410

1411

<a name="lasso-login-validate-request-msg"></a><h3>lasso_login_validate_request_msg ()</h3>

1412

<pre class="programlisting">lasso_error_t lasso_login_validate_request_msg (LassoLogin *login,

1413

1414

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"

1415

>gboolean</a> authentication_result,

1416

1417

href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"

1418

>gboolean</a> is_consent_obtained);</pre>

1419

<p>

1420

Initializes a response to the authentication request received.</p>

1421

1422

1423

<tbody>

1424

<tr>

1425

<td><p><span class="term"><em class="parameter"><code>login</code></em> :</span></p></td>

1426

<td> a <span class="type">LassoLogin</span>

1427

</td>

1428

</tr>

1429

<tr>

1430

<td><p><span class="term"><em class="parameter"><code>authentication_result</code></em> :</span></p></td>

1431

<td> whether user has authenticated succesfully

1432

</td>

1433

</tr>

1434

<tr>

1435

<td><p><span class="term"><em class="parameter"><code>is_consent_obtained</code></em> :</span></p></td>

1436

<td> whether user consent has been obtained

1437

</td>

1438

</tr>

1439

<tr>

1440

<td><p><span class="term"><span class="emphasis"><em>Returns</em></span> :</span></p></td>

1441

<td> 0 on success; or <div class="itemizedlist"><ul class="itemizedlist" type="disc">

1442

<li class="listitem"><p><span class="type">LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ</span> if login is not a <span class="type">LassoLogin</span> object,</p></li>

1443

1444

<p><span class="type">LASSO_LOGIN_ERROR_REQUEST_DENIED</span></p> if <em class="parameter"><code>authentication_result</code></em> if FALSE,</li>

1445

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_INVALID_SIGNATURE</span> if signature validation of the request

1446

failed,</p></li>

1447

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST</span> if no signature was present on the

1448

request,</p></li>

1449

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND</span> if federation policy is

1450

<span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_NONE</span> and no federation was found in the <span class="type">LassoIdentity</span> object

1451

(ID-FF 1.2 case)</p></li>

1452

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY</span> if request policy is not one of

1453

<span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED</span> or <span class="type">LASSO_LIB_NAMEID_POLICY_TYPE_ANY</span> (ID-FF 1.2 case) or if no NameID policy was defined or the AllowCreate request flag is FALSE (SAML 2.0 case),</p></li>

1454

<li class="listitem"><p><span class="type">LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED</span> if <em class="parameter"><code>is_consent_obtained</code></em> is FALSE and

1455

conssent was necessary (for example if the request does not communicate that consent was already

1456

obtained from the user),</p></li>

1457

<li class="listitem"><p><span class="type">LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND</span> if the requesting provider is unknown,</p></li>

1458

</ul></div>

1459

</td>

1460

</tr>

1461

</tbody>

1462

</table></div>

1463

</div>

1464

</div>

1465

</div>

1466

1467

<hr>

1468

Generated by GTK-Doc V1.11</div>

1469

</body>

1470

</html>

Older »