entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

xml: adapt schema in saml2:AuthnContext (#29340) 

saml2:AuthnContext XML schema indicate that AuthenticatingAuthority is
an optional unbounded list of nodes, but the current Lasso schema only
handle an unique element. To prevent Lasso from refusing perfectly legal
messages, we add a rule to the Lasso ignoring other nodes after the
first one.
This commit is contained in:
Benjamin Dauvergne 2019-01-07 11:10:10 +01:00
parent 642182bdf4
commit 151ad17e04
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lasso/xml/saml-2.0/saml2_authn_context.c
View File

@ -71,6 +71,10 @@ static struct XmlSnippet schema_snippets[] = {
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL},
{ "AuthenticatingAuthority", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthenticatingAuthority), NULL, NULL, NULL},
/* Other AuthenticatingAuthority are just ignored, it's a work-around to at least accept correct SAML message.
* See https://dev.entrouvert.org/issues/29340 */
{ "AuthenticatingAuthority", SNIPPET_LIST_CONTENT | SNIPPET_OPTIONAL,
NULL, NULL, NULL, NULL},
{NULL, 0, 0, NULL, NULL, NULL}
};