The goal of those two methods is to allow IdP and SP to load metadata
dynamically without processing completely the incoming. Currently it's
impossible as message parsing and signature checking is done in the same
function.
When the same URL was used for many bindings, the current code did not
work. Now we use
lasso_saml20_provider_check_assertion_consumer_service_url() to validate
url and binding are matching, if no binding is suggested we take the
first one defined for this URL.
Using AssertionConsumerServiceIndex and any of the other assertion
consumer designator attributes is still forbidden.
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
Signed-off-by: Simo Sorce <simo@redhat.com>
- add a new SNIPPET_MANDATORY:
we could only indicate 0-1 and 0-* cardinalities, now we can also
indicate 1-1 and 1-* cardinalities.
- repect cadinalities when parsing an xmlNode tree into a LassoNode
tree.
- now any non expected log output is considered an error, by setting a
g_log default handler.
- block_lasso_logs()/unblock_lasso_logs() will block logging output at
the DEBUG level
- begin_check_do_log(level, message, endswith)/end_check_do_log() with
check that the only message emitted between the two macros is one
equals to "message" at the level "level", or ending (to work around
variable parts in a log message) with "message" if "endswith" is True.
LassoKey currenly store a LassoSignatureContext inside a
reference-counted and bindable object. It will be used to export API
around key management to bindings.
This test case is the first to abstract the workflow between two
LassoLogin object (for the idp and sp side). This part of the code could
be used to simplify the code of other tests in the future.
* use a direct mapping to map this class to SubjectConfirmationData
node having the xsi:type attribute.
* overload get_xmlNode method to add the xsi:type attribute on output.
The flags parameter allows to control the checking of digital signature
upon EntityDescriptor and EntitiesDescriptor nodes in SAML 2.0 metadata
files.
The default behaviour is to check all found signatures and to inherit
signature from EntitiesDescriptor to their children.
By only enabling checking of EntityDescrtiptor node signatures it's also
possible to only check signature at the EntityDescriptor level and so
only trust individual entities and not the aggregating provider.
The aim of this function is now to load any metadata file, and to
replace completely the use of lasso_server_add_provider.
The metadata content argument is replaced by a metadata file path to
more closely match other APIs.
John Dennis
Benjamin Dauvergne
Simo Sorce