1
/* $Id: login.c,v 1.96 2004/09/06 17:49:19 fpeters Exp $
3
* Lasso - A free implementation of the Liberty Alliance specifications.
5
* Copyright (C) 2004 Entr'ouvert
6
* http://lasso.entrouvert.org
8
* Authors: Nicolas Clapies <nclapies@entrouvert.com>
9
* Valery Febvre <vfebvre@easter-eggs.com>
11
* This program is free software; you can redistribute it and/or modify
12
* it under the terms of the GNU General Public License as published by
13
* the Free Software Foundation; either version 2 of the License, or
14
* (at your option) any later version.
16
* This program is distributed in the hope that it will be useful,
17
* but WITHOUT ANY WARRANTY; without even the implied warranty of
18
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19
* GNU General Public License for more details.
21
* You should have received a copy of the GNU General Public License
22
* along with this program; if not, write to the Free Software
23
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27
#include <glib/gprintf.h>
28
#include <xmlsec/base64.h>
30
#include <lasso/xml/errors.h>
32
#include <lasso/protocols/artifact.h>
33
#include <lasso/protocols/provider.h>
34
#include <lasso/protocols/elements/authentication_statement.h>
36
#include <lasso/environs/login.h>
38
static GObjectClass *parent_class = NULL;
40
struct _LassoLoginPrivate
42
gboolean dispose_has_run;
45
/*****************************************************************************/
47
/*****************************************************************************/
50
* lasso_login_add_response_assertion:
52
* @federation: a Federation
53
* @authenticationMethod: the authentication method
54
* @reauthenticateOnOrAfter: the reauthenticate on or after time
56
* Adds an assertion into the samlp:Response.
57
* Assertion is also stored in session property. If session property
58
* is NULL, a new session is build before.
59
* The NameIdentifier of the assertion is stored into nameIdentifier
62
* Return value: 0 on success or a negative value otherwise.
65
lasso_login_add_response_assertion(LassoLogin *login,
66
LassoFederation *federation,
67
const gchar *authenticationMethod,
68
const gchar *reauthenticateOnOrAfter)
70
LassoNode *assertion = NULL, *as;
75
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
76
g_return_val_if_fail (LASSO_IS_FEDERATION(federation),
77
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
79
/* get RequestID to build Assertion */
80
requestID = lasso_node_get_attr_value(LASSO_NODE(LASSO_PROFILE(login)->request),
82
if (requestID == NULL) {
83
message(G_LOG_LEVEL_CRITICAL, err->message);
88
assertion = lasso_assertion_new(LASSO_PROFILE(login)->server->providerID,
92
as = lasso_authentication_statement_new(authenticationMethod,
93
reauthenticateOnOrAfter,
94
LASSO_SAML_NAME_IDENTIFIER(federation->remote_nameIdentifier),
95
LASSO_SAML_NAME_IDENTIFIER(federation->local_nameIdentifier));
97
lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion),
98
LASSO_SAML_AUTHENTICATION_STATEMENT(as));
105
/* FIXME : How to know if the assertion must be signed or unsigned ? */
106
/* signature should be added at end */
107
ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
108
LASSO_PROFILE(login)->server->signature_method,
109
LASSO_PROFILE(login)->server->private_key,
110
LASSO_PROFILE(login)->server->certificate);
112
lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE(login)->response),
115
/* store assertion in session object */
116
if (LASSO_PROFILE(login)->session == NULL) {
117
LASSO_PROFILE(login)->session = lasso_session_new();
119
lasso_session_add_assertion(LASSO_PROFILE(login)->session,
120
LASSO_PROFILE(login)->remote_providerID,
125
lasso_node_destroy(as);
126
lasso_node_destroy(assertion);
132
lasso_login_process_federation(LassoLogin *login)
134
LassoFederation *federation;
135
LassoNode *nameIdentifier;
136
xmlChar *id, *nameIDPolicy, *consent = NULL;
140
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
142
/* verify if an identity exists else create it */
143
if (LASSO_PROFILE(login)->identity == NULL) {
144
LASSO_PROFILE(login)->identity = lasso_identity_new();
146
federation = lasso_identity_get_federation(LASSO_PROFILE(login)->identity,
147
LASSO_PROFILE(login)->remote_providerID);
148
nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE(login)->request,
149
"NameIDPolicy", lassoLibHRef, NULL);
150
if (nameIDPolicy == NULL || xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone)) {
151
if (federation == NULL) {
152
lasso_profile_set_response_status(LASSO_PROFILE(login),
153
lassoLibStatusCodeFederationDoesNotExist);
158
else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeFederated)) {
159
debug("NameIDPolicy is federated\n");
160
consent = lasso_node_get_attr_value(LASSO_PROFILE(login)->request,
162
if (consent != NULL) {
163
if (!xmlStrEqual(consent, lassoLibConsentObtained)) {
164
lasso_profile_set_response_status(LASSO_PROFILE(login),
165
lassoSamlStatusCodeRequestDenied);
166
message(G_LOG_LEVEL_WARNING, "Consent not obtained");
172
lasso_profile_set_response_status(LASSO_PROFILE(login),
173
lassoSamlStatusCodeRequestDenied);
174
message(G_LOG_LEVEL_WARNING, err->message);
179
if (federation == NULL) {
180
federation = lasso_federation_new(LASSO_PROFILE(login)->remote_providerID);
182
/* set local NameIdentifier in federation */
183
id = lasso_build_unique_id(32);
184
nameIdentifier = lasso_saml_name_identifier_new(id);
186
lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(nameIdentifier),
187
LASSO_PROFILE(login)->server->providerID);
188
lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(nameIdentifier),
189
lassoLibNameIdentifierFormatFederated);
190
lasso_federation_set_local_nameIdentifier(federation, nameIdentifier);
191
lasso_node_destroy(nameIdentifier);
193
lasso_identity_add_federation(LASSO_PROFILE(login)->identity,
194
LASSO_PROFILE(login)->remote_providerID,
198
debug("Ok, a federation was found.\n");
201
else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) {
205
/* store the IDP name identifier */
206
LASSO_PROFILE(login)->nameIdentifier = lasso_node_get_content(federation->local_nameIdentifier, NULL);
209
lasso_federation_destroy(federation);
210
xmlFree(nameIDPolicy);
217
lasso_login_process_response_status_and_assertion(LassoLogin *login) {
218
LassoNode *assertion = NULL, *status = NULL, *statusCode = NULL;
219
LassoProvider *idp = NULL;
220
gchar *statusCode_value = NULL;
224
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
226
/* check StatusCode value */
227
status = lasso_node_get_child(LASSO_PROFILE(login)->response,
228
"Status", lassoSamlProtocolHRef, &err);
229
if (status == NULL) {
230
/* nico : return a code error if status code not found */
234
statusCode = lasso_node_get_child(status, "StatusCode", lassoSamlProtocolHRef, &err);
235
if (statusCode == NULL) {
236
/* nico : return a code error if status code not found */
240
statusCode_value = lasso_node_get_attr_value(statusCode, "Value", &err);
241
if (statusCode_value != NULL) {
242
if (!xmlStrEqual(statusCode_value, lassoSamlStatusCodeSuccess)) {
244
/* nico : go to done */
249
/* check assertion */
250
/* nico : removed ref on err pointer */
251
assertion = lasso_node_get_child(LASSO_PROFILE(login)->response,
253
NULL, /* lassoLibHRef, FIXME changed for SourceID */
256
if (assertion != NULL) {
257
idp = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server,
258
LASSO_PROFILE(login)->remote_providerID,
260
/* verify signature */
262
/* FIXME detect X509Data ? */
263
/* signature_check = lasso_node_verify_x509_signature(assertion, idp->ca_certificate); */
264
ret = lasso_node_verify_signature(assertion, idp->public_key);
270
message(G_LOG_LEVEL_CRITICAL, err->message);
276
/* store NameIdentifier */
277
LASSO_PROFILE(login)->nameIdentifier = lasso_node_get_child_content(assertion, "NameIdentifier",
279
if (LASSO_PROFILE(login)->nameIdentifier == NULL) {
280
message(G_LOG_LEVEL_CRITICAL, err->message);
286
/* nico : dont return a code error if no assertion found */
288
/* /\* no assertion found *\/ */
289
/* debug(err->message); */
290
/* ret = err->code; */
291
/* g_clear_error(&err); */
292
/* /\* we continue *\/ */
298
message(G_LOG_LEVEL_CRITICAL, err->message);
303
xmlFree(statusCode_value);
304
lasso_node_destroy(statusCode);
305
lasso_node_destroy(status);
306
lasso_node_destroy(assertion);
311
/*****************************************************************************/
313
/*****************************************************************************/
316
* lasso_login_accept_sso:
317
* @login: a LassoLogin
319
* Gets the assertion of the response and adds it into the session.
320
* Builds a federation with the 2 name identifiers of the assertion
321
* and adds it into the identity.
322
* If the session or the identity are NULL, they are created.
324
* Return value: 0 on success and a negative value otherwise.
327
lasso_login_accept_sso(LassoLogin *login)
329
LassoNode *assertion = NULL;
330
LassoNode *ni = NULL;
331
LassoNode *idp_ni, *idp_ni_copy = NULL;
332
LassoFederation *federation = NULL;
336
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
338
if(LASSO_PROFILE(login)->identity == NULL) {
339
LASSO_PROFILE(login)->identity = lasso_identity_new();
341
if(LASSO_PROFILE(login)->session == NULL) {
342
LASSO_PROFILE(login)->session = lasso_session_new();
345
if (LASSO_PROFILE(login)->response != NULL) {
346
assertion = lasso_node_get_child(LASSO_PROFILE(login)->response,
348
NULL, /* lassoLibHRef, FIXME changed for SourceID */
350
if (assertion == NULL) {
351
message(G_LOG_LEVEL_CRITICAL, err->message);
357
/* put response assertion in session object */
358
lasso_session_add_assertion(LASSO_PROFILE(login)->session,
359
LASSO_PROFILE(login)->remote_providerID,
362
/* get the 2 NameIdentifiers and put them in identity object */
363
ni = lasso_node_get_child(assertion, "NameIdentifier",
364
lassoSamlAssertionHRef, &err);
365
/* 1 - the saml:NameIdentifier SHOULD exists */
367
message(G_LOG_LEVEL_CRITICAL, err->message);
372
/* 2 - the lib:IDPProvidedNameIdentifier */
373
idp_ni = lasso_node_get_child(assertion, "IDPProvidedNameIdentifier",
375
if (idp_ni != NULL) {
376
idp_ni_copy = lasso_node_copy(idp_ni);
377
lasso_node_destroy(idp_ni);
378
/* transform the lib:IDPProvidedNameIdentifier into a saml:NameIdentifier */
379
LASSO_NODE_GET_CLASS(idp_ni_copy)->set_name(idp_ni_copy, "NameIdentifier");
380
LASSO_NODE_GET_CLASS(idp_ni_copy)->set_ns(idp_ni_copy,
381
lassoSamlAssertionHRef,
382
lassoSamlAssertionPrefix);
385
/* create federation */
386
federation = lasso_federation_new(LASSO_PROFILE(login)->remote_providerID);
387
if (ni != NULL && idp_ni_copy != NULL) {
388
lasso_federation_set_local_nameIdentifier(federation, ni);
389
lasso_federation_set_remote_nameIdentifier(federation, idp_ni_copy);
392
lasso_federation_set_remote_nameIdentifier(federation, ni);
394
/* add federation in identity */
395
lasso_identity_add_federation(LASSO_PROFILE(login)->identity,
396
LASSO_PROFILE(login)->remote_providerID,
398
lasso_federation_destroy(federation);
401
message(G_LOG_LEVEL_CRITICAL, "response attribute is empty.\n");
405
lasso_node_destroy(ni);
406
lasso_node_destroy(idp_ni_copy);
407
lasso_node_destroy(assertion);
413
* lasso_login_build_artifact_msg:
414
* @login: a LassoLogin
415
* @authentication_result: the authentication result
416
* @authenticationMethod: the authentication method
417
* @reauthenticateOnOrAfter: the time at, or after which the service provider
418
* reauthenticates the Principal with the identity provider
419
* @http_method: the HTTP method to send the artifact (REDIRECT or POST)
421
* Builds an artifact. Depending of the HTTP method, the data for the sending of
422
* the artifact are stored in msg_url (REDIRECT) or msg_url, msg_body and
423
* msg_relayState (POST).
425
* Return value: 0 on success and a negative value otherwise.
428
lasso_login_build_artifact_msg(LassoLogin *login,
429
gboolean authentication_result,
430
const gchar *authenticationMethod,
431
const gchar *reauthenticateOnOrAfter,
432
lassoHttpMethod http_method)
434
LassoFederation *federation = NULL;
435
LassoProvider *remote_provider;
437
xmlChar samlArt[42+1], *b64_samlArt, *relayState;
438
xmlChar *assertionHandle, *identityProviderSuccinctID;
442
LassoNodeClass *assertion_class;
443
LassoNode *assertion_node;
444
xmlNodePtr assertion_xmlNode;
446
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
447
g_return_val_if_fail(authenticationMethod != NULL && reauthenticateOnOrAfter != NULL,
448
LASSO_PARAM_ERROR_INVALID_VALUE);
450
if (http_method != lassoHttpMethodRedirect && http_method != lassoHttpMethodPost) {
451
message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT or POST\n.");
455
/* ProtocolProfile must be BrwsArt */
456
if (login->protocolProfile != lassoLoginProtocolProfileBrwsArt) {
457
message(G_LOG_LEVEL_CRITICAL, "Failed to build artifact message, an AuthnResponse is required by ProtocolProfile.\n");
461
if (authentication_result == 0) {
462
lasso_profile_set_response_status(LASSO_PROFILE(login),
463
lassoSamlStatusCodeRequestDenied);
467
lasso_login_process_federation(login);
468
federation = lasso_identity_get_federation(LASSO_PROFILE(login)->identity,
469
LASSO_PROFILE(login)->remote_providerID);
470
/* fill the response with the assertion */
471
if (federation != NULL) {
472
lasso_login_add_response_assertion(login,
474
authenticationMethod,
475
reauthenticateOnOrAfter);
476
lasso_federation_destroy(federation);
480
/* save response dump */
481
/* login->response_dump = lasso_node_export_to_soap(LASSO_PROFILE(login)->response); */
483
/* nico : doesn't dump the response anymore, instead store the assertion */
484
login->assertion = NULL;
485
assertion_node = lasso_node_get_child(LASSO_PROFILE(login)->response, "Assertion", NULL, NULL);
486
if (assertion_node != NULL) {
487
login->assertion = g_object_new(LASSO_TYPE_ASSERTION,
491
assertion_class = LASSO_NODE_GET_CLASS(assertion_node);
492
assertion_xmlNode = xmlCopyNode(assertion_class->get_xmlNode(LASSO_NODE(assertion_node)), 1);
494
assertion_class = LASSO_NODE_GET_CLASS(login->assertion);
495
assertion_class->set_xmlNode(LASSO_NODE(login->assertion), assertion_xmlNode);
497
lasso_node_destroy(assertion_node);
500
/* build artifact infos */
501
remote_provider = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server,
502
LASSO_PROFILE(login)->remote_providerID,
504
/* liberty-idff-bindings-profiles-v1.2.pdf p.25 */
505
url = lasso_provider_get_assertionConsumerServiceURL(remote_provider, lassoProviderTypeSp, NULL);
506
identityProviderSuccinctID = lasso_sha1(LASSO_PROFILE(login)->server->providerID);
507
assertionHandle = lasso_build_random_sequence(20);
509
/* g_sprintf(samlArt, "%c%c%s%s", 0, 3, identityProviderSuccinctID, assertionHandle); */
510
g_sprintf(samlArt, "%c%c", 0, 3); /* ByteCode */
512
samlArt[i+2] = identityProviderSuccinctID[i];
515
samlArt[i+22] = assertionHandle[i];
517
xmlFree(assertionHandle);
518
xmlFree(identityProviderSuccinctID);
519
b64_samlArt = xmlSecBase64Encode((const xmlSecByte *)samlArt, 42, 0);
520
relayState = lasso_node_get_child_content(LASSO_PROFILE(login)->request,
521
"RelayState", NULL, NULL);
523
switch (http_method) {
524
case lassoHttpMethodRedirect:
525
LASSO_PROFILE(login)->msg_url = g_new(gchar, 1024+1);
526
g_sprintf(LASSO_PROFILE(login)->msg_url, "%s?SAMLart=%s", url, b64_samlArt);
527
if (relayState != NULL) {
528
g_sprintf(LASSO_PROFILE(login)->msg_url, "%s&RelayState=%s",
529
LASSO_PROFILE(login)->msg_url, relayState);
532
case lassoHttpMethodPost:
533
LASSO_PROFILE(login)->msg_url = g_strdup(url);
534
LASSO_PROFILE(login)->msg_body = g_strdup(b64_samlArt);
535
if (relayState != NULL) {
536
LASSO_PROFILE(login)->msg_relayState = g_strdup(relayState);
542
login->assertionArtifact = g_strdup(b64_samlArt);
544
xmlFree(b64_samlArt);
551
* lasso_login_build_authn_request_msg:
552
* @login: a LassoLogin
553
* @remote_providerID: the providerID of the identity provider
555
* Builds an authentication request. Depending of the SSO protocol profile of
556
* the identity provider (defined in metadata file), the data for the sending of
557
* the request are stored in msg_url (GET) or msg_url and msg_body (POST).
559
* Return value: 0 on success and a negative value otherwise.
562
lasso_login_build_authn_request_msg(LassoLogin *login,
563
const gchar *remote_providerID)
565
LassoProvider *provider, *remote_provider;
566
xmlChar *md_authnRequestsSigned = NULL;
567
xmlChar *request_protocolProfile = NULL;
575
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
576
g_return_val_if_fail(remote_providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
578
LASSO_PROFILE(login)->remote_providerID = g_strdup(remote_providerID);
580
provider = LASSO_PROVIDER(LASSO_PROFILE(login)->server);
581
remote_provider = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server,
582
LASSO_PROFILE(login)->remote_providerID,
584
if (remote_provider == NULL) {
590
/* check if authnRequest must be signed */
591
md_authnRequestsSigned = lasso_provider_get_authnRequestsSigned(provider, &err);
592
if (md_authnRequestsSigned != NULL) {
593
must_sign = xmlStrEqual(md_authnRequestsSigned, "true");
594
xmlFree(md_authnRequestsSigned);
597
/* AuthnRequestsSigned metadata is required in metadata */
598
message(G_LOG_LEVEL_CRITICAL, err->message);
604
/* get SingleSignOnServiceURL metadata */
605
url = lasso_provider_get_singleSignOnServiceURL(remote_provider, &err);
607
/* SingleSignOnServiceURL metadata is required */
608
message(G_LOG_LEVEL_CRITICAL, err->message);
614
if (login->http_method == lassoHttpMethodRedirect) {
615
/* REDIRECT -> query */
617
query = lasso_node_export_to_query(LASSO_PROFILE(login)->request,
618
LASSO_PROFILE(login)->server->signature_method,
619
LASSO_PROFILE(login)->server->private_key);
621
message(G_LOG_LEVEL_CRITICAL, "Failed to create AuthnRequest query (signed).\n");
627
query = lasso_node_export_to_query(LASSO_PROFILE(login)->request, 0, NULL);
629
message(G_LOG_LEVEL_CRITICAL, "Failed to create AuthnRequest query.\n");
634
/* alloc msg_url (+2 for the ? and \0) */
635
LASSO_PROFILE(login)->msg_url = (gchar *) g_new(gchar, strlen(url) + strlen(query) + 2);
636
g_sprintf(LASSO_PROFILE(login)->msg_url, "%s?%s", url, query);
637
LASSO_PROFILE(login)->msg_body = NULL;
640
else if (login->http_method == lassoHttpMethodPost) {
641
/* POST -> formular */
643
ret = lasso_samlp_request_abstract_sign_signature_tmpl(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request),
644
LASSO_PROFILE(login)->server->private_key,
645
LASSO_PROFILE(login)->server->certificate);
650
lareq = lasso_node_export_to_base64(LASSO_PROFILE(login)->request);
652
LASSO_PROFILE(login)->msg_url = g_strdup(url);
653
LASSO_PROFILE(login)->msg_body = lareq;
656
message(G_LOG_LEVEL_CRITICAL, "Failed to export AuthnRequest (Base64 encoded).\n");
661
message(G_LOG_LEVEL_CRITICAL, "Invalid SingleSignOnProtocolProfile.\n");
666
xmlFree(request_protocolProfile);
672
* lasso_login_build_authn_response_msg:
673
* @login: a LassoLogin
674
* @authentication_result: the authentication result
675
* @authenticationMethod: the authentication method
676
* @reauthenticateOnOrAfter: the time at, or after which the service provider
677
* reauthenticates the Principal with the identity provider
679
* Builds an authentication response. The data for the sending of the response
680
* are stored in msg_url and msg_body.
682
* Return value: 0 on success and a negative value otherwise.
685
lasso_login_build_authn_response_msg(LassoLogin *login,
686
gboolean authentication_result,
687
const gchar *authenticationMethod,
688
const gchar *reauthenticateOnOrAfter)
690
LassoProvider *remote_provider;
691
LassoFederation *federation;
693
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
695
/* ProtocolProfile must be BrwsPost */
696
if (login->protocolProfile != lassoLoginProtocolProfileBrwsPost) {
697
message(G_LOG_LEVEL_CRITICAL, "Failed to build AuthnResponse message, an Artifact is required by ProtocolProfile.\n");
701
if (authentication_result == 0) {
702
lasso_profile_set_response_status(LASSO_PROFILE(login),
703
lassoSamlStatusCodeRequestDenied);
707
lasso_login_process_federation(login);
708
federation = lasso_identity_get_federation(LASSO_PROFILE(login)->identity,
709
LASSO_PROFILE(login)->remote_providerID);
710
/* fill the response with the assertion */
711
if (federation != NULL) {
712
lasso_login_add_response_assertion(login,
714
authenticationMethod,
715
reauthenticateOnOrAfter);
716
lasso_federation_destroy(federation);
720
remote_provider = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server,
721
LASSO_PROFILE(login)->remote_providerID,
723
/* return an authnResponse (base64 encoded) */
724
LASSO_PROFILE(login)->msg_body = lasso_node_export_to_base64(LASSO_PROFILE(login)->response);
725
LASSO_PROFILE(login)->msg_url = lasso_provider_get_assertionConsumerServiceURL(remote_provider,
733
lasso_login_build_request_msg(LassoLogin *login)
735
LassoProvider *remote_provider;
739
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
742
ret= lasso_samlp_request_abstract_sign_signature_tmpl(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request),
743
LASSO_PROFILE(login)->server->private_key,
744
LASSO_PROFILE(login)->server->certificate);
745
LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(LASSO_PROFILE(login)->request);
747
/* get msg_url (SOAP Endpoint) */
748
remote_provider = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server,
749
LASSO_PROFILE(login)->remote_providerID,
754
LASSO_PROFILE(login)->msg_url = lasso_provider_get_soapEndpoint(remote_provider,
755
lassoProviderTypeIdp, &err);
762
message(G_LOG_LEVEL_CRITICAL, err->message);
769
lasso_login_build_response_msg(LassoLogin *login)
771
LassoNode *status, *status_code;
772
LassoNode *response, *assertion;
773
LassoNodeClass *class;
775
g_return_val_if_fail(LASSO_IS_LOGIN(login), -1);
777
response = lasso_response_new();
779
/* set status code */
780
status = lasso_samlp_status_new();
781
status_code = lasso_samlp_status_code_new();
782
lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code),
783
lassoSamlStatusCodeSuccess);
785
lasso_samlp_status_set_statusCode(LASSO_SAMLP_STATUS(status),
786
LASSO_SAMLP_STATUS_CODE(status_code));
788
lasso_samlp_response_set_status(LASSO_SAMLP_RESPONSE(response),
789
LASSO_SAMLP_STATUS(status));
790
lasso_node_destroy(status_code);
791
lasso_node_destroy(status);
794
if (LASSO_IS_ASSERTION(login->assertion) == TRUE) {
795
assertion = lasso_node_copy(LASSO_NODE(login->assertion));
797
class = LASSO_NODE_GET_CLASS(response);
798
class->add_child(LASSO_NODE(response), assertion, TRUE);
801
LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(response);
807
lasso_login_destroy(LassoLogin *login)
809
g_object_unref(G_OBJECT(login));
813
lasso_login_dump(LassoLogin *login)
816
gchar *parent_dump, *dump;
817
gchar protocolProfile[6];
819
g_return_val_if_fail(LASSO_IS_LOGIN(login), NULL);
821
parent_dump = lasso_profile_dump(LASSO_PROFILE(login), "Login");
822
node = lasso_node_new_from_dump(parent_dump);
825
g_sprintf(protocolProfile, "%d", login->protocolProfile);
826
LASSO_NODE_GET_CLASS(node)->new_child(node, "ProtocolProfile", protocolProfile, FALSE);
828
/* nico : Added dump of assertion */
829
if (login->assertion != NULL) {
830
LASSO_NODE_GET_CLASS(node)->add_child(node, LASSO_NODE(login->assertion), FALSE);
833
if (login->assertionArtifact != NULL) {
834
LASSO_NODE_GET_CLASS(node)->new_child(node, "AssertionArtifact", login->assertionArtifact, FALSE);
836
if (login->response_dump != NULL) {
837
LASSO_NODE_GET_CLASS(node)->new_child(node, "ResponseDump", login->response_dump, FALSE);
840
dump = lasso_node_export(node);
841
lasso_node_destroy(node);
847
lasso_login_get_assertion(LassoLogin *login)
849
LassoNodeClass *class;
850
LassoAssertion *assertion;
851
xmlNodePtr assertion_xmlNode;
853
g_return_val_if_fail(LASSO_IS_LOGIN(login), NULL);
855
if (LASSO_IS_ASSERTION(login->assertion) == FALSE) {
859
assertion = g_object_new(LASSO_TYPE_ASSERTION,
863
class = LASSO_NODE_GET_CLASS(login->assertion);
864
assertion_xmlNode = xmlCopyNode(class->get_xmlNode(login->assertion), 1);
866
class = LASSO_NODE_GET_CLASS(assertion);
867
class->set_xmlNode(LASSO_NODE(assertion), assertion_xmlNode);
873
lasso_login_init_authn_request(LassoLogin *login,
874
lassoHttpMethod http_method)
876
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
877
if (http_method != lassoHttpMethodRedirect && http_method != lassoHttpMethodPost) {
878
message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it must be REDIRECT or POST\n.");
879
return LASSO_PARAM_ERROR_INVALID_VALUE;
882
login->http_method = http_method;
884
if (http_method == lassoHttpMethodPost) {
885
LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID,
886
lassoSignatureTypeWithX509,
887
lassoSignatureMethodRsaSha1);
890
LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID,
891
lassoSignatureTypeNone,
895
if (LASSO_PROFILE(login)->request == NULL) {
899
LASSO_PROFILE(login)->request_type = lassoMessageTypeAuthnRequest;
905
lasso_login_init_from_authn_request_msg(LassoLogin *login,
906
gchar *authn_request_msg,
907
lassoHttpMethod authn_request_http_method)
910
LassoProvider *remote_provider;
911
gchar *protocolProfile;
912
xmlChar *md_authnRequestsSigned;
913
gboolean must_verify_signature = FALSE;
917
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
918
g_return_val_if_fail(authn_request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
920
if (authn_request_http_method != lassoHttpMethodRedirect && \
921
authn_request_http_method != lassoHttpMethodPost && \
922
authn_request_http_method != lassoHttpMethodSoap) {
923
message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT, POST or SOAP (LECP)\n.");
927
server = LASSO_PROFILE(login)->server;
929
/* rebuild request */
930
switch (authn_request_http_method) {
931
case lassoHttpMethodRedirect:
932
/* LibAuthnRequest send by method GET */
933
LASSO_PROFILE(login)->request = lasso_authn_request_new_from_export(authn_request_msg,
934
lassoNodeExportTypeQuery);
936
case lassoHttpMethodPost:
937
/* LibAuthnRequest send by method POST */
938
LASSO_PROFILE(login)->request = lasso_authn_request_new_from_export(authn_request_msg,
939
lassoNodeExportTypeBase64);
941
case lassoHttpMethodSoap:
942
/* LibAuthnRequest send by method SOAP - useful only for LECP */
943
LASSO_PROFILE(login)->request = lasso_authn_request_new_from_export(authn_request_msg,
944
lassoNodeExportTypeSoap);
949
/* verify ASSO_PROFILE(login)-request is an AuthnRequest object */
950
if ( LASSO_IS_AUTHN_REQUEST(LASSO_PROFILE(login)->request) == FALSE ) {
951
message(G_LOG_LEVEL_CRITICAL, "Message is not an AuthnRequest\n");
955
LASSO_PROFILE(login)->request_type = lassoMessageTypeAuthnRequest;
957
/* get ProtocolProfile in lib:AuthnRequest */
958
protocolProfile = lasso_node_get_child_content(LASSO_PROFILE(login)->request,
959
"ProtocolProfile", NULL, NULL);
960
if (protocolProfile == NULL) {
961
login->protocolProfile = lassoLoginProtocolProfileBrwsArt;
963
else if (xmlStrEqual(protocolProfile, lassoLibProtocolProfileBrwsArt)) {
964
login->protocolProfile = lassoLoginProtocolProfileBrwsArt;
966
else if (xmlStrEqual(protocolProfile, lassoLibProtocolProfileBrwsPost)) {
967
login->protocolProfile = lassoLoginProtocolProfileBrwsPost;
969
xmlFree(protocolProfile);
972
switch (login->protocolProfile) {
973
case lassoLoginProtocolProfileBrwsPost:
974
/* create LibAuthnResponse */
975
LASSO_PROFILE(login)->response = lasso_authn_response_new(LASSO_PROFILE(login)->server->providerID,
976
LASSO_PROFILE(login)->request);
977
LASSO_PROFILE(login)->response_type = lassoMessageTypeAuthnResponse;
979
case lassoLoginProtocolProfileBrwsArt:
980
/* create SamlpResponse */
981
LASSO_PROFILE(login)->response = lasso_response_new();
982
LASSO_PROFILE(login)->response_type = lassoMessageTypeResponse;
986
/* get remote ProviderID */
987
LASSO_PROFILE(login)->remote_providerID = lasso_node_get_child_content(LASSO_PROFILE(login)->request,
988
"ProviderID", NULL, NULL);
990
remote_provider = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server,
991
LASSO_PROFILE(login)->remote_providerID,
993
if (remote_provider != NULL) {
994
/* Is authnRequest signed ? */
995
md_authnRequestsSigned = lasso_provider_get_authnRequestsSigned(remote_provider, &err);
996
if (md_authnRequestsSigned != NULL) {
997
must_verify_signature = xmlStrEqual(md_authnRequestsSigned, "true");
998
xmlFree(md_authnRequestsSigned);
1001
message(G_LOG_LEVEL_CRITICAL, err->message);
1008
message(G_LOG_LEVEL_CRITICAL, err->message);
1014
/* verify request signature */
1015
if (must_verify_signature) {
1016
switch (authn_request_http_method) {
1017
case lassoHttpMethodGet:
1018
case lassoHttpMethodRedirect:
1019
ret = lasso_query_verify_signature(authn_request_msg,
1020
remote_provider->public_key,
1021
LASSO_PROFILE(login)->server->private_key);
1023
case lassoHttpMethodPost:
1024
/* FIXME detect X509Data ? */
1025
/* ret = lasso_node_verify_x509_signature(LASSO_PROFILE(login)->request, */
1026
/* remote_provider->ca_certificate); */
1027
ret = lasso_node_verify_signature(LASSO_PROFILE(login)->request,
1028
remote_provider->public_key);
1035
/* Modify StatusCode if signature is not OK */
1036
if (ret == LASSO_DS_ERROR_INVALID_SIGNATURE || ret == LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
1038
case LASSO_DS_ERROR_INVALID_SIGNATURE:
1039
lasso_profile_set_response_status(LASSO_PROFILE(login),
1040
lassoLibStatusCodeInvalidSignature);
1042
case LASSO_DS_ERROR_SIGNATURE_NOT_FOUND: /* Unsigned AuthnRequest */
1043
lasso_profile_set_response_status(LASSO_PROFILE(login),
1044
lassoLibStatusCodeUnsignedAuthnRequest);
1054
lasso_login_init_request(LassoLogin *login,
1055
gchar *response_msg,
1056
lassoHttpMethod response_http_method)
1058
LassoNode *response = NULL;
1059
xmlChar *artifact, *b64_identityProviderSuccinctID;
1063
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
1064
g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
1066
if (response_http_method != lassoHttpMethodRedirect && \
1067
response_http_method != lassoHttpMethodPost) {
1068
message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT or POST\n.");
1072
/* rebuild response (artifact) */
1073
switch (response_http_method) {
1074
case lassoHttpMethodRedirect:
1075
/* artifact by REDIRECT */
1076
response = lasso_artifact_new_from_query(response_msg);
1078
case lassoHttpMethodPost:
1079
/* artifact by POST */
1080
response = lasso_artifact_new_from_lares(response_msg, NULL);
1085
LASSO_PROFILE(login)->response = response;
1086
LASSO_PROFILE(login)->response_type = lassoMessageTypeArtifact;
1088
/* get remote identityProviderSuccinctID */
1089
b64_identityProviderSuccinctID = lasso_artifact_get_b64IdentityProviderSuccinctID(LASSO_ARTIFACT(response), &err);
1090
if (b64_identityProviderSuccinctID != NULL) {
1091
LASSO_PROFILE(login)->remote_providerID = lasso_server_get_providerID_from_hash(LASSO_PROFILE(login)->server,
1092
b64_identityProviderSuccinctID);
1093
xmlFree(b64_identityProviderSuccinctID);
1096
message(G_LOG_LEVEL_CRITICAL, err->message);
1098
g_clear_error(&err);
1101
/* create SamlpRequest */
1102
artifact = lasso_artifact_get_samlArt(LASSO_ARTIFACT(LASSO_PROFILE(login)->response), &err);
1103
if (artifact != NULL) {
1104
LASSO_PROFILE(login)->request = lasso_request_new(artifact);
1105
LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
1109
message(G_LOG_LEVEL_CRITICAL, err->message);
1111
g_clear_error(&err);
1118
lasso_login_must_authenticate(LassoLogin *login)
1120
gboolean must_authenticate = FALSE;
1121
gboolean isPassive = TRUE;
1122
gboolean forceAuthn = FALSE;
1125
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
1127
/* verify if the user must be authenticated or not */
1128
str = lasso_node_get_child_content(LASSO_PROFILE(login)->request, "IsPassive",
1131
if (xmlStrEqual(str, "false")) {
1137
str = lasso_node_get_child_content(LASSO_PROFILE(login)->request, "ForceAuthn",
1140
if (xmlStrEqual(str, "true")) {
1146
if ((forceAuthn == TRUE || LASSO_PROFILE(login)->session == NULL) && isPassive == FALSE) {
1147
must_authenticate = TRUE;
1149
else if (LASSO_PROFILE(login)->identity == NULL && isPassive == TRUE) {
1150
lasso_profile_set_response_status(LASSO_PROFILE(login),
1151
lassoLibStatusCodeNoPassive);
1154
return must_authenticate;
1158
lasso_login_process_authn_response_msg(LassoLogin *login,
1159
gchar *authn_response_msg)
1161
gint ret1 = 0, ret2 = 0;
1164
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
1165
g_return_val_if_fail(authn_response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
1167
LASSO_PROFILE(login)->response = lasso_authn_response_new_from_export(authn_response_msg,
1168
lassoNodeExportTypeBase64);
1169
LASSO_PROFILE(login)->response_type = lassoMessageTypeAuthnResponse;
1171
LASSO_PROFILE(login)->remote_providerID = lasso_node_get_child_content(LASSO_PROFILE(login)->response,
1175
if (LASSO_PROFILE(login)->remote_providerID == NULL) {
1176
message(G_LOG_LEVEL_CRITICAL, err->message);
1181
LASSO_PROFILE(login)->msg_relayState = lasso_node_get_child_content(LASSO_PROFILE(login)->response,
1186
ret2 = lasso_login_process_response_status_and_assertion(login);
1188
return ret2 == 0 ? ret1 : ret2;
1192
lasso_login_process_request_msg(LassoLogin *login,
1198
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
1199
g_return_val_if_fail(request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
1201
/* rebuild samlp:Request with request_msg */
1202
LASSO_PROFILE(login)->request = lasso_request_new_from_export(request_msg,
1203
lassoNodeExportTypeSoap);
1204
if (LASSO_PROFILE(login)->request == NULL) {
1205
message(G_LOG_LEVEL_CRITICAL, "Failed to rebuild samlp:Request with request message.\n");
1206
return LASSO_ERROR_UNDEFINED;
1208
LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
1210
/* get AssertionArtifact */
1211
login->assertionArtifact = lasso_node_get_child_content(LASSO_PROFILE(login)->request,
1212
"AssertionArtifact",
1213
lassoSamlProtocolHRef, &err);
1215
message(G_LOG_LEVEL_CRITICAL, err->message);
1224
lasso_login_process_response_msg(LassoLogin *login,
1225
gchar *response_msg)
1227
g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
1228
g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
1230
/* rebuild samlp:Response with response_msg */
1231
LASSO_PROFILE(login)->response = lasso_response_new_from_export(response_msg,
1232
lassoNodeExportTypeSoap);
1233
if (LASSO_PROFILE(login)->response == NULL) {
1234
message(G_LOG_LEVEL_CRITICAL, "Failed to rebuild samlp:Response with response message.\n");
1235
return LASSO_ERROR_UNDEFINED;
1237
LASSO_PROFILE(login)->response_type = lassoMessageTypeResponse;
1239
return lasso_login_process_response_status_and_assertion(login);
1243
lasso_login_set_assertion(LassoLogin *login,
1244
LassoAssertion *assertion)
1246
LassoNodeClass *assertion_class;
1247
xmlNodePtr assertion_xmlNode;
1249
g_return_val_if_fail(LASSO_IS_LOGIN(login), -1);
1250
g_return_val_if_fail(LASSO_IS_ASSERTION(assertion), -1);
1252
login->assertion = LASSO_NODE(g_object_new(LASSO_TYPE_ASSERTION,
1253
"use_xsitype", TRUE,
1256
assertion_xmlNode = xmlCopyNode(LASSO_NODE_GET_CLASS(assertion)->get_xmlNode(LASSO_NODE(assertion)), 1);
1257
assertion_class = LASSO_NODE_GET_CLASS(login->assertion);
1258
assertion_class->set_xmlNode(LASSO_NODE(login->assertion), assertion_xmlNode);
1264
lasso_login_set_assertion_from_dump(LassoLogin *login,
1265
gchar *assertion_dump)
1267
LassoNodeClass *assertion_class;
1268
LassoNode *assertion_node;
1269
xmlNodePtr assertion_xmlNode;
1271
g_return_val_if_fail(LASSO_IS_LOGIN(login), -1);
1272
g_return_val_if_fail(assertion_dump != NULL, -1);
1274
login->assertion = LASSO_NODE(g_object_new(LASSO_TYPE_ASSERTION,
1275
"use_xsitype", TRUE,
1278
assertion_node = lasso_node_new_from_dump(assertion_dump);
1279
assertion_xmlNode = xmlCopyNode(LASSO_NODE_GET_CLASS(assertion_node)->get_xmlNode(LASSO_NODE(assertion_node)), 1);
1280
assertion_class = LASSO_NODE_GET_CLASS(login->assertion);
1281
assertion_class->set_xmlNode(LASSO_NODE(login->assertion), assertion_xmlNode);
1286
/*****************************************************************************/
1287
/* overrided parent class methods */
1288
/*****************************************************************************/
1291
lasso_login_dispose(LassoLogin *login)
1293
if (login->private->dispose_has_run == TRUE) {
1296
login->private->dispose_has_run = TRUE;
1298
debug("Login object 0x%x disposed ...\n", login);
1300
/* unref reference counted objects */
1302
parent_class->dispose(G_OBJECT(login));
1306
lasso_login_finalize(LassoLogin *login)
1308
debug("Login object 0x%x finalized ...\n", login);
1310
g_free(login->assertionArtifact);
1311
g_free(login->response_dump);
1313
g_free (login->private);
1315
parent_class->finalize(G_OBJECT(login));
1318
/*****************************************************************************/
1319
/* instance and class init functions */
1320
/*****************************************************************************/
1323
lasso_login_instance_init(GTypeInstance *instance,
1326
LassoLogin *login = LASSO_LOGIN(instance);
1328
login->private = g_new (LassoLoginPrivate, 1);
1329
login->private->dispose_has_run = FALSE;
1331
login->protocolProfile = 0;
1332
login->assertionArtifact = NULL;
1333
login->response_dump = NULL;
1337
lasso_login_class_init(LassoLoginClass *class)
1339
GObjectClass *gobject_class = G_OBJECT_CLASS(class);
1341
parent_class = g_type_class_peek_parent(class);
1342
/* override parent class methods */
1343
gobject_class->dispose = (void *)lasso_login_dispose;
1344
gobject_class->finalize = (void *)lasso_login_finalize;
1347
GType lasso_login_get_type() {
1348
static GType this_type = 0;
1351
static const GTypeInfo this_info = {
1352
sizeof (LassoLoginClass),
1355
(GClassInitFunc) lasso_login_class_init,
1360
(GInstanceInitFunc) lasso_login_instance_init,
1363
this_type = g_type_register_static(LASSO_TYPE_PROFILE,
1371
lasso_login_new(LassoServer *server)
1375
g_return_val_if_fail(LASSO_IS_SERVER(server), NULL);
1377
login = LASSO_LOGIN(g_object_new(LASSO_TYPE_LOGIN,
1378
"server", lasso_server_copy(server),
1385
lasso_login_new_from_dump(LassoServer *server,
1389
LassoNode *node_dump, *request_node = NULL, *response_node = NULL;
1390
gchar *protocolProfile, *export, *type;
1392
/* nico : assertion vars */
1393
LassoNode *assertion_node;
1394
LassoNodeClass *assertion_class;
1395
xmlNodePtr assertion_xmlNode;
1397
g_return_val_if_fail(LASSO_IS_SERVER(server), NULL);
1398
g_return_val_if_fail(dump != NULL, NULL);
1400
login = LASSO_LOGIN(g_object_new(LASSO_TYPE_LOGIN,
1401
"server", lasso_server_copy(server),
1404
node_dump = lasso_node_new_from_dump(dump);
1406
/* profile attributes */
1407
LASSO_PROFILE(login)->nameIdentifier = lasso_node_get_child_content(node_dump, "NameIdentifier",
1408
lassoLassoHRef, NULL);
1409
LASSO_PROFILE(login)->remote_providerID = lasso_node_get_child_content(node_dump, "RemoteProviderID",
1410
lassoLassoHRef, NULL);
1411
LASSO_PROFILE(login)->msg_url = lasso_node_get_child_content(node_dump, "MsgUrl",
1412
lassoLassoHRef, NULL);
1413
LASSO_PROFILE(login)->msg_body = lasso_node_get_child_content(node_dump, "MsgBody",
1414
lassoLassoHRef, NULL);
1415
LASSO_PROFILE(login)->msg_relayState = lasso_node_get_child_content(node_dump, "MsgRelayState",
1416
lassoLassoHRef, NULL);
1418
type = lasso_node_get_child_content(node_dump, "RequestType", lassoLassoHRef, NULL);
1419
LASSO_PROFILE(login)->request_type = atoi(type);
1422
/* rebuild request */
1423
if (LASSO_PROFILE(login)->request_type == lassoMessageTypeAuthnRequest) {
1424
request_node = lasso_node_get_child(node_dump, "AuthnRequest", lassoLibHRef, NULL);
1426
else if (LASSO_PROFILE(login)->request_type == lassoMessageTypeRequest) {
1427
request_node = lasso_node_get_child(node_dump, "Request", lassoSamlProtocolHRef, NULL);
1429
if (request_node != NULL) {
1430
export = lasso_node_export(request_node);
1431
if (LASSO_PROFILE(login)->request_type == lassoMessageTypeAuthnRequest) {
1432
LASSO_PROFILE(login)->request = lasso_authn_request_new_from_export(export,
1433
lassoNodeExportTypeXml);
1435
else if (LASSO_PROFILE(login)->request_type == lassoMessageTypeRequest) {
1436
LASSO_PROFILE(login)->request = lasso_request_new_from_export(export,
1437
lassoNodeExportTypeXml);
1440
lasso_node_destroy(request_node);
1443
type = lasso_node_get_child_content(node_dump, "ResponseType", lassoLassoHRef, NULL);
1444
LASSO_PROFILE(login)->response_type = atoi(type);
1447
/* rebuild response */
1448
if (LASSO_PROFILE(login)->response_type == lassoMessageTypeAuthnResponse) {
1449
response_node = lasso_node_get_child(node_dump, "AuthnResponse", lassoLibHRef, NULL);
1451
else if (LASSO_PROFILE(login)->response_type == lassoMessageTypeResponse) {
1452
response_node = lasso_node_get_child(node_dump, "Response", lassoSamlProtocolHRef, NULL);
1454
if (response_node != NULL) {
1455
export = lasso_node_export(response_node);
1456
if (LASSO_PROFILE(login)->response_type == lassoMessageTypeAuthnResponse) {
1457
LASSO_PROFILE(login)->response = lasso_authn_response_new_from_export(export,
1458
lassoNodeExportTypeXml);
1460
else if (LASSO_PROFILE(login)->response_type == lassoMessageTypeResponse) {
1461
LASSO_PROFILE(login)->response = lasso_response_new_from_export(export,
1462
lassoNodeExportTypeXml);
1465
lasso_node_destroy(response_node);
1468
type = lasso_node_get_child_content(node_dump, "ProviderType", lassoLassoHRef, NULL);
1469
LASSO_PROFILE(login)->provider_type = atoi(type);
1472
/* login attributes */
1473
/* nico : get the assertion */
1474
assertion_node = lasso_node_get_child(node_dump, "Assertion", NULL, NULL);
1475
if (assertion_node != NULL) {
1476
login->assertion = g_object_new(LASSO_TYPE_ASSERTION,
1477
"use_xsitype", TRUE,
1480
assertion_class = LASSO_NODE_GET_CLASS(assertion_node);
1481
assertion_xmlNode = xmlCopyNode(assertion_class->get_xmlNode(LASSO_NODE(assertion_node)), 1);
1483
assertion_class = LASSO_NODE_GET_CLASS(login->assertion);
1484
assertion_class->set_xmlNode(LASSO_NODE(login->assertion), assertion_xmlNode);
1485
lasso_node_destroy(assertion_node);
1488
protocolProfile = lasso_node_get_child_content(node_dump, "ProtocolProfile",
1489
lassoLassoHRef, NULL);
1490
if (protocolProfile != NULL) {
1491
login->protocolProfile = atoi(protocolProfile);
1492
xmlFree(protocolProfile);
1494
login->assertionArtifact = lasso_node_get_child_content(node_dump, "AssertionArtifact",
1495
lassoLassoHRef, NULL);
1496
login->response_dump = lasso_node_get_child_content(node_dump, "ResponseDump",
1497
lassoLassoHRef, NULL);
1499
lasso_node_destroy(node_dump);
added
removed
lasso/environs/login.c
