entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

[SAMLv2] handle unknown provider in artifact resolve, and also alow to ignore signature validation 

In lasso_saml20_profile_process_artifact_resolve, we know take a short
path with an error when the remote provider is unknown and we also
respect the lasso_profile_get_signature_verify_hint() when checking the
signature on the artifact resolve message.
This commit is contained in:
Benjamin Dauvergne 2010-10-07 18:48:28 +02:00
parent 4bf2a6c0c0
commit 3872f17fcd
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lasso/saml-2.0/profile.c
View File

@ -345,6 +345,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
{
LassoProvider *remote_provider;
int rc = 0;
LassoProfileSignatureVerifyHint sig_verify_hint;
/* FIXME: parse only one time the message, reuse the parsed document for signature
* validation */
@ -355,13 +356,21 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
if (! LASSO_IS_SAMLP2_ARTIFACT_RESOLVE(profile->request)) {
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
lasso_assign_string(profile->private_data->artifact,
LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
sig_verify_hint = lasso_profile_get_signature_verify_hint(profile);
lasso_assign_string(profile->remote_providerID, LASSO_SAMLP2_REQUEST_ABSTRACT(
profile->request)->Issuer->content);
remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
LASSO_MESSAGE_FORMAT_SOAP);
goto_cleanup_if_fail_with_rc(remote_provider, LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER);
if (sig_verify_hint != LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) {
profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
LASSO_MESSAGE_FORMAT_SOAP);
}
switch (lasso_profile_get_signature_verify_hint(profile)) {
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
@ -374,9 +383,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
break;
}
lasso_assign_string(profile->private_data->artifact,
LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
cleanup:
return rc;
}