Implement everything needed to support a SAMLv2 ECP client.
Re-implement lasso_ecp_process_authn_request_msg() and
lasso_ecp_process_response_msg() to use the Lasso XML serialization
subsystem with the ECP and PASO LassoNode's introduced earlier. This
replaces one-off explicit direct use of the libxml API with Lasso
common code. In the process provide support for 100% of the ECP and
PAOS SAMLv2 parameters, not just a subset. Include support for
receiving an IDPList from the SP in conjuction with selecting an IdP
known to the ECP client. Add extensive documentation.
Modify LassoSamlp2AuthnRequest to preserve it's original XML (enable
keep_xmlnode flag) so that when serializing the SOAP request the
LassoSamlp2AuthnRequest received from the SP is exactly duplicated.
Add the following internal static utility functions:
is_provider_in_sp_idplist()
is_idp_entry_in_entity_id_list()
intersect_sp_idplist_with_entity_id_list()
Add the following exported utility functions:
lasso_ecp_is_provider_in_sp_idplist()
lasso_ecp_is_idp_entry_known_idp_supporting_ecp()
lasso_ecp_set_known_sp_provided_idp_entries_supporting_ecp()
lasso_ecp_has_sp_idplist()
lasso_ecp_get_endpoint_url_by_entity_id()
lasso_ecp_process_sp_idp_list()
Add the following members to the ECP class:
message_id
response_consumer_url
relaystate
issuer
provider_name
is_passive
sp_idp_list
known_sp_provided_idp_entries_supporting_ecp
known_idp_entity_ids_supporting_ecp
Signed-off-by: John Dennis <jdennis@redhat.com>
License: MIT
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
Signed-off-by: Simo Sorce <simo@redhat.com>
To allow lasso_node_impl_init_from_xmlnode to do proper namespace
checking, child node which are not of the same namespace as their parent
in their XSD schema must have an explicit namespace declared in the
XmlSnippet.
* lasso/xml/saml-2.0/samlp2_authn_request.c,
lasso/xml/saml-2.0/samlp2_logout_request.c,
- (instance_init) remove initialization of relayState field
* lasso/xml/saml-2.0/samlp2_logout_response.c:
- (instance_init) remove empty function, since it
only initialized relayState.
- (lasso_samlp2_logout_reponse_get_type) remove instance_init
from the type initialization structure.
* lasso/xml/saml-2.0/samlp2_authn_request.h,
lasso/xml/saml-2.0/samlp2_logout_request.h,
lasso/xml/saml-2.0/samlp2_logout_response.h:
- (struct _LassoSamlp2*) mark relaystate field as deprecated.
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
Benjamin Dauvergne
John Dennis
Simo Sorce
Frédéric Péters
Damien Laniel