Commit Graph

5236 Commits

Author SHA1 Message Date
Benjamin Dauvergne af4c8de947 [tests] remove work-around for letting ID-FF 1.2 tests work with the thin-sessions flag activated
But when thin-sessions is activated we use the new way of passing artifact
message content around.
2011-12-23 11:09:47 +01:00
Benjamin Dauvergne 7b3b7d6900 [id-ff 1.2] change websso with artifact binding to work as SAML 2.0
The old way of transmiting the assertion to return via the session is kept,
but a new way more semblable to the one used in the SAML 2.0 code is added.

After lasso_login_build_artifact_msg() you must save the return of
lasso_profile_get_artifact_message() linked to the value of the artifact
obtained via lasso_profile_get_artifact().

In the artifact-resolve endpoint you must find the artifact message
corresponding to the return value of lasso_profile_get_artifact()
reinstall the artifact message using lasso_profile_set_artifact_message()
just before calling lasso_login_build_response_msg().

This change is necessary for ID-FF 1.2 SSO profile to work with the
thin-sessions.
2011-12-23 10:56:27 +01:00
Benjamin Dauvergne 1907d66f1a [id-ff 1.2] in lasso_login_build_assertion() always add the assertion to the response 2011-12-22 18:55:52 +01:00
Benjamin Dauvergne 56d584ca69 [tests] protect the ID-FF 1.2 test cases from effect of the thin-sessions flag until it is migrated to work also with thin sessions 2011-12-22 18:22:12 +01:00
Benjamin Dauvergne 3dca5c2afa [doc] do some documentation fixing 2011-12-22 18:21:12 +01:00
Benjamin Dauvergne 26b341a276 [id-ff 1.2] provision the SessionIndex into the assertions
Without it SLO session management is broken.
2011-12-22 18:19:29 +01:00
Benjamin Dauvergne b016558d06 [id-ff 1.1] add support for multiple SessionIndex to lib:LogoutRequest
Combined with the new LassoSession storage for SessionIndex, it
should fix many bugs when doing SLO.
2011-12-22 18:18:23 +01:00
Benjamin Dauvergne ee4058bc22 [saml 2.0] use the new SessionIndex storage for SLO management
It shoulf fix any missing functionnalities regarding missing session indexes
in logout requests sent by identity providers or service providers.
2011-12-22 18:16:46 +01:00
Benjamin Dauvergne 7498143628 [core] add support for thin-sessions environment flag, to reduce size of LassoSession dumps 2011-12-22 18:13:48 +01:00
Benjamin Dauvergne b6466549f6 [core] add simpler storage for SessionIndexes in the LassoSession 2011-12-22 18:12:49 +01:00
Benjamin Dauvergne ccfa38bf31 [id-ff 1.2] add lasso_saml_name_identifier_equals() to compare NameIDs 2011-12-19 17:38:10 +01:00
Benjamin Dauvergne 476baa59f7 [saml2] fix lasso_saml20_logout_validate_request when more than one SessionIndex is sent 2011-12-16 18:12:42 +01:00
Benjamin Dauvergne f407bdf6aa [Makefile] add strings.h to the dsig module includes 2011-12-16 18:11:54 +01:00
Benjamin Dauvergne 10870cc327 [xml/saml2] replace magic string by a define 2011-12-16 14:31:12 +01:00
Benjamin Dauvergne 727f07b1ae Simplify useless complexity in include paths 2011-12-16 14:17:31 +01:00
Benjamin Dauvergne 4da5011001 [xml] in is_interaction_request.h move new field to the end of the structure fto limit ABI impact 2011-12-16 14:01:30 +01:00
Benjamin Dauvergne ff3ae1ea77 Merge branch 'rewrite-node-impl' 2011-12-16 12:18:52 +01:00
Benjamin Dauvergne e2c6b92f3f [tests] fix tests to comply with new implementation of parsing
The test around parsing of EncryptedAssertion was wrong since it was
missing the XMLEnc namespace declaration.
2011-12-16 11:39:24 +01:00
Benjamin Dauvergne 154812b401 [xml] rewrite schema directed serialization/deserialization methods
The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.

Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:

	{namespace}attribute_name

an example:

	{http://www.w3.org/2001/XMLSchema-instance}type

for the classic xsi:type attribute.
2011-12-16 11:39:24 +01:00
Benjamin Dauvergne 9a31985671 [xml] add LASSO_XMLENC_PREFIX and LASSO_XMLENC_HREF defines 2011-12-16 11:39:24 +01:00
Benjamin Dauvergne c087569c48 [xml] add missing nodes to LassoIsInteractionRequest 2011-12-16 11:39:24 +01:00
Benjamin Dauvergne 591a47002d [xml] change saml_advice.h to declarer the real node type
It also needed a change to bindings.py to parse struct as well as
typedef node classes.
2011-12-16 11:39:19 +01:00
Benjamin Dauvergne ed9c981989 [xml] complete missing namespace declarations for child nodes
To allow lasso_node_impl_init_from_xmlnode to do proper namespace
checking, child node which are not of the same namespace as their parent
in their XSD schema must have an explicit namespace declared in the
XmlSnippet.
2011-12-16 11:39:19 +01:00
Benjamin Dauvergne 41538948ce [core] mark private_data field of the LassoKey structure as private 2011-12-16 11:39:19 +01:00
Benjamin Dauvergne 65b94cc1f5 [tests] improve checking for log output
- now any non expected log output is considered an error, by setting a
  g_log default   handler.
- block_lasso_logs()/unblock_lasso_logs() will block logging output at
  the DEBUG level
- begin_check_do_log(level, message, endswith)/end_check_do_log() with
  check that the only message emitted between the two macros is one
  equals to "message" at the level "level", or ending (to work around
  variable parts in a log message) with "message" if "endswith" is True.
2011-12-16 11:39:18 +01:00
Benjamin Dauvergne c3467ed48c [tests] rename login test suite, with mentions of ID-FF 1.2 and SAML 2.0 2011-12-16 11:39:18 +01:00
Benjamin Dauvergne ba014d9ca6 [Makefile] fix missing soap11 nodes when compiling for Mingw 2011-12-16 11:39:18 +01:00
Benjamin Dauvergne 900de512f2 [core] fix uninitialized pointer to a GError structure 2011-12-16 11:39:18 +01:00
Benjamin Dauvergne f4fc26bb39 [core] move XMLDsig related nodes in their own sub-library, add X509Data node implementation
The goal is to use the KeyInfo structure as a transport format for our cryptographic keys
2011-12-16 11:39:18 +01:00
Benjamin Dauvergne c0d1dbbd95 remove debugging printf statement 2011-12-09 22:04:23 +01:00
Benjamin Dauvergne 18a10593fc [provider] fix doc comment 2011-12-08 18:11:46 +01:00
Benjamin Dauvergne 4eb0ae483e [id-ff] move LassoLogout to use LassoSignatureContext 2011-12-08 17:56:31 +01:00
Benjamin Dauvergne ba5746c39f [logging] add an error() macro 2011-12-08 17:56:31 +01:00
Benjamin Dauvergne 641702b346 [id-ff] move LassoLogin to use LassoSignatureContext 2011-12-08 17:56:31 +01:00
Benjamin Dauvergne 5e5c38b451 [core] rename lasso_provider_set_specific_signing_key to lasso_provider_set_server_signing_key 2011-12-05 14:25:34 +01:00
Benjamin Dauvergne a571c7517f [perfs] add command line options, add option to use shared secret key cryptography
Performance with HMAC-SHA1 is 100x the one with 2048 bits RSA.
2011-12-05 13:11:53 +01:00
Benjamin Dauvergne 5ba292521b [core] add the HMAC-SHA1 shared secret signature method 2011-12-05 13:11:53 +01:00
Benjamin Dauvergne 6c7114d5ce [core] refactor lasso_query_verify_signature and lasso_saml2_query_verify_signature
This commit introduces lasso_query_verify_helper which factorize
cryptographic operations.
2011-12-05 13:09:44 +01:00
Benjamin Dauvergne 42ca33315d [tests] use helper macros in id-ff test case 2011-12-05 12:03:31 +01:00
Benjamin Dauvergne 57241e3e86 [core] add lasso_provider_add_key to add other key for signature validation
The added key can be appended or prepended, depending on the need for the key:
 - rollover
 - improving performances (using simpler cryptographic algorithmss using shared secret keys)
2011-12-05 12:03:31 +01:00
Benjamin Dauvergne 109c562260 [core] add method lasso_provider_set_specific_signing_key
Using this method you can specify a signing which will be used for
communication with the specified provider instead of the one configured
on the LassoServer object. The main objective is to allow shared secret
cryptography instead of public key cryptography.
2011-12-05 12:03:14 +01:00
Benjamin Dauvergne 9836f4a40b [core] add a new class LassoKey
LassoKey currenly store a LassoSignatureContext inside a
reference-counted and bindable object. It will be used to export API
around key management to bindings.
2011-12-05 12:03:14 +01:00
Benjamin Dauvergne 2a63167627 [core] set the xmlSec log handler globally
The log handler is not set in lasso_init().
2011-12-05 12:03:13 +01:00
Benjamin Dauvergne 0c45b252dc [saml2] introduce a lasso_saml2_assertion_get_audirence_restrictions to factorize some code 2011-12-05 12:03:13 +01:00
Benjamin Dauvergne cd017964d0 [core] introduce the LassoSignatureContext context, to pass around signature parameters
This structure is used to pass around the signature algorithm
and the signature key.
2011-12-05 12:03:13 +01:00
Benjamin Dauvergne 71721b370c [core] add a lasso_base64_decode function 2011-12-05 12:03:13 +01:00
Benjamin Dauvergne dfacafb3b0 [core] replace explicit allocation of LassoProviderPrivate by use of g_type_class_add_private
The private part is allocated contiguously to the public structure data.
2011-12-05 12:03:13 +01:00
Benjamin Dauvergne dd5afa9522 [configure.ac] fix compilation on Mac Os X 2011-12-05 12:03:13 +01:00
Benjamin Dauvergne 490cc01bf2 [xml] use lasso_node_export_to_query_with_password to implement lasso_node_export_to_query 2011-12-05 12:03:13 +01:00
Benjamin Dauvergne e9212301d3 [tools] fix lasso_sha1 to return a glib allocated string 2011-12-05 12:03:13 +01:00