Benjamin Dauvergne
9d13fb1933
[core] fix wrong XML canonicalization when assertion is extracted without its namespace context
2011-11-22 00:18:33 +01:00
Benjamin Dauvergne
699f0e42d5
[misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5
...
- gcc now warns when you compate a typedef to the anonymous enum which
define it.
- some inline function in the zend.h header do compare between signed
and unsigned char.
2011-11-21 22:10:12 +01:00
Benjamin Dauvergne
346071a630
[wsf] fix wsf preprocessor conditionals
2011-01-04 16:43:06 +01:00
Benjamin Dauvergne
2b90dcd503
[saml2] when parsing short numbers reinitialize errno
2011-01-04 16:37:34 +01:00
Benjamin Dauvergne
d69649cc5d
[xml] fix null pointer access in lasso_node_get_encryption
2010-12-22 11:03:52 +01:00
Benjamin Dauvergne
cfd58003fa
[saml2] fix errors in lasso)provider_get_first_http_method when a binding is unknown
2010-12-21 16:38:57 +01:00
Benjamin Dauvergne
e401253f8d
[saml2 provider] change critical messages to debug messages
2010-12-21 10:58:48 +01:00
Benjamin Dauvergne
d8bff0dbb3
[saml2 profile] fix bug in binding_uri_to_http_method with the POST binding
2010-12-21 10:54:38 +01:00
Benjamin Dauvergne
aa9898693a
[saml login] suppress unused argument warning
2010-12-21 10:44:14 +01:00
Benjamin Dauvergne
126a9ac71c
[samlv2 logout] check that the assertion is well formed before accessing the subject nameid
2010-12-17 17:40:28 +01:00
Benjamin Dauvergne
8c28926304
[profile] prefer to lookup the session before the identity for looking up a name identifier;
2010-12-17 17:40:07 +01:00
Benjamin Dauvergne
d02bf096a5
[samlv2 logout] setup the NameID from the assertion
2010-12-17 17:36:17 +01:00
Benjamin Dauvergne
fd52e68094
[samlv2 login] do not setup conditions->notBefore/notOnOrAfter only notOnOrAfter on SubjectConfirmationData
2010-12-17 17:34:59 +01:00
Benjamin Dauvergne
4391f1ffb9
[saml2] make LASSO_SIGNATURE_VERIFY_HINT_FORCE as least as stringent as _MAYBE when checking signature on messages
2010-12-14 12:10:47 +01:00
Benjamin Dauvergne
4f5e6c6000
[xml] remove duplicate EncryptedKey around EncryptedData elements
...
The key is already embedded in the EncryptedData, so there is no need to
also fill the EncryptedKey field of the saml:EncryptedElement object.
2010-12-14 02:01:30 +01:00
Benjamin Dauvergne
b324c41237
[xml] add exportation of the encrypting public key in EncryptedData elements
...
This commit check if the given is a simple RSA key or a full certificate
and choose the better serialization method between RSAKeyValue and
X509Data.
2010-12-14 02:00:10 +01:00
Benjamin Dauvergne
447c610c9c
[tools] fix xml decryption
...
This commit rewrite the extraction of the EncryptedKey when it is
embedded inside the EncryptedData element, which seem to be the frequent
case.
2010-12-14 01:58:38 +01:00
Benjamin Dauvergne
185ce3c139
Merge with new field in custome element
2010-12-14 01:58:02 +01:00
Benjamin Dauvergne
355df68dfe
[saml2] use new encryption structure instead for internal field in LassoSaml2Assertion
2010-12-14 01:57:09 +01:00
Benjamin Dauvergne
ec5ec161f7
[xml] add field to contains encryption parameters inside CustomElement structure
2010-12-14 01:55:09 +01:00
Benjamin Dauvergne
b0c2fdab28
[utils] fix typo in lasso_assign_sec_key
2010-12-14 01:53:01 +01:00
Benjamin Dauvergne
f7dbcbb2b4
[saml2] do not set SPNameQualifier it should be reserved for SP member of an affiliation
2010-12-13 16:20:29 +01:00
Benjamin Dauvergne
76dc05434a
[SAMLv2] fix segfault in has_signature by initializing local variables
2010-10-20 15:42:59 +02:00
Benjamin Dauvergne
7d90d5e26a
[SAMLv2] delete an unused local variable
2010-10-11 09:58:16 +02:00
Benjamin Dauvergne
c36d6a90dd
[SAMLv2] user server->signature_method when signing request and response
2010-10-09 17:55:31 +02:00
Benjamin Dauvergne
4ebb7067a0
[core] check type of first argument of lasso_provider_get_assertion_consumer_url
2010-10-09 15:51:23 +02:00
Benjamin Dauvergne
758fe88dad
[xml] fix waring on use of strndup on pardus
2010-10-08 14:10:26 +02:00
Jérôme Schneider
270f1743f0
Add missing include <errno.h>
2010-10-08 14:10:02 +02:00
Benjamin Dauvergne
3872f17fcd
[SAMLv2] handle unknown provider in artifact resolve, and also alow to ignore signature validation
...
In lasso_saml20_profile_process_artifact_resolve, we know take a short
path with an error when the remote provider is unknown and we also
respect the lasso_profile_get_signature_verify_hint() when checking the
signature on the artifact resolve message.
2010-10-07 18:48:28 +02:00
Benjamin Dauvergne
4bf2a6c0c0
[SAMLv2] fix bad double free bug in lasso_saml20_provider_get_assertion_consumer_service_url_by_binding
2010-10-07 18:39:06 +02:00
Benjamin Dauvergne
6b2a21d116
[core] adapt lasso_provider_get_assertion_consumer_service_url for SAMLv2
2010-10-07 18:38:21 +02:00
Benjamin Dauvergne
5d56e4558e
[ID-FFv1.2] in lasso_login_process_authn_request_msg() adopt simpler behaviour for checking signatures
...
There is two sources of advice for signature checking:
AuthnRequestsSigned attribute in service provider metadata files and
value of lasso_profile_get_signature_verify_hint().
If lasso_profile_get_signature_verify_hint() forbid to check signature,
we do not check.
If the SP advise to check signature, we check.
If lasso_profile_get_signature_verify_hint() forces to check signature,
we do not check.
In all other cases we only check if a signature is present, i.e. we
ignore the error LASSO_DS_ERROR_SIGNATURE_NOT_FOUND.
2010-10-06 17:00:52 +02:00
Benjamin Dauvergne
58a3868361
[ID-FFv1.2] make lasso_login_process_authn_request_msg() return LASSO_PROFILE_ERROR_INVALID_MSG if received request is not a lib:AuthnRequest
2010-10-06 17:00:52 +02:00
Benjamin Dauvergne
7a27400a87
[SAMLv2] adopt same behaviour as ID-FFv1.2 for invalid AuthnRequest
2010-10-06 17:00:52 +02:00
Benjamin Dauvergne
6be8d9cfa8
[SAMLv2&ID-FFv1.2] improve documentation of lasso_login_process_authn_request_msg
2010-10-06 17:00:52 +02:00
Benjamin Dauvergne
06c2ec9d61
[SAMLv2] fix ordering of endpoints
...
Ordering by binding is wrong, first order by isDefault (as stated in
saml-metadata-2.0.pdf) then by index.
2010-10-06 17:00:52 +02:00
Benjamin Dauvergne
3d1d90ee31
[Core] change isdefault type in EndpointType structure
...
As integer we can represent the three value of isdefault:
- true
- false
- attribute absent
2010-10-06 17:00:52 +02:00
Benjamin Dauvergne
86f0f6b6f2
[SAMLv2] restore setting of SubjectConfirmationData->NotOnOrAfter
...
This was wrongly removed by me in commit
9d22f29e55
.
This is the responsability of the caller to adjust value on the
Conditions and SubjectConfirmationData independently after.
2010-10-01 17:44:40 +02:00
Benjamin Dauvergne
462c9a1cd0
[Core] replace all use of g_strcmp0 by lasso_strisequal and lasso_strisnotequal
...
Too much human errors with strcmp kind of functions. Also change name os
lasso_is_empty_string to lasso_strisempty.
2010-10-01 15:29:38 +02:00
Benjamin Dauvergne
b5fcbc6455
[Core] add helper API for string comparaison
...
It should remove most errors when comparing strings.
2010-10-01 15:13:49 +02:00
Benjamin Dauvergne
fe63f7a517
[SAMLv2] add missing compare to 0 introduced in 7386dc8189
...
I hate strcmp.
2010-10-01 12:22:17 +02:00
Benjamin Dauvergne
4c3af26a58
[SAMLv2] also initialize Destination for response messages
...
asynchronous bindings needs Destination attribute even for response
messages.
2010-09-30 10:58:50 +02:00
Benjamin Dauvergne
7386dc8189
[SAMLv2] when NidPolicy->Format is NULL or unspecified, return transient
...
Add more default cases.
2010-09-30 10:58:18 +02:00
Benjamin Dauvergne
cd7b3e92c5
[Core] fix break of lasso_profile_get_request_type_from_soap_msg from commit b9d535625
...
ManageNameIDRequest is not an ID-WSF kind of request.
2010-09-29 00:10:09 +02:00
Benjamin Dauvergne
4a970453de
[Core] add missing annotation to lasso_*_dump functions
...
The string returned by these functions is newly allocated and must be
freed by the caller.
2010-09-27 16:18:57 +02:00
Benjamin Dauvergne
b4e04a0716
[ID-WSFv1] fix other misuses of the macro lasso_foreach
2010-09-27 16:18:30 +02:00
Benjamin Dauvergne
6cc9ae7e32
[SAMLv2] fix wrong order in use of macro lasso_foreach
...
The first argument must be the iterator, the second is the iterable.
Also add a non-regression test with Googleapps metadata and and a
typical authn request.
2010-09-27 16:17:07 +02:00
Benjamin Dauvergne
5bcbb0e55f
[SAMLv2] fix early release of the request when using idp_initiaed login
2010-09-17 18:07:39 +02:00
Benjamin Dauvergne
1ffece0e57
[SAMLv2] fix memleak of request in lasso_name_id_management_process_request_msg
2010-09-17 18:01:31 +02:00
Benjamin Dauvergne
19aad7629a
[SAMLv2] fix memleak of request in lasso_saml20_login_process_authn_request_msg
2010-09-17 17:02:41 +02:00