LassoProfile

LassoProfile — Base class for all identity profiles

Synopsis

struct              LassoProfile;
enum                LassoRequestType;
enum                LassoProfileSignatureHint;
enum                LassoProfileSignatureVerifyHint;
LassoRequestType    lasso_profile_get_request_type_from_soap_msg
                                                        (const gchar *soap);
lasso_error_t       lasso_profile_set_soap_fault_response
                                                        (LassoProfile *profile,
                                                         const char *faultcode,
                                                         const char *faultstring,
                                                         GList *details);
gboolean            lasso_profile_is_liberty_query      (const gchar *query);
LassoIdentity *     lasso_profile_get_identity          (LassoProfile *profile);
LassoSession *      lasso_profile_get_session           (LassoProfile *profile);
gboolean            lasso_profile_is_identity_dirty     (LassoProfile *profile);
gboolean            lasso_profile_is_session_dirty      (LassoProfile *profile);
lasso_error_t       lasso_profile_set_identity_from_dump
                                                        (LassoProfile *profile,
                                                         const gchar *dump);
lasso_error_t       lasso_profile_set_session_from_dump (LassoProfile *profile,
                                                         const gchar *dump);
LassoNode *         lasso_profile_get_nameIdentifier    (LassoProfile *profile);
char *              lasso_profile_get_artifact          (LassoProfile *profile);
char *              lasso_profile_get_artifact_message  (LassoProfile *profile);
void                lasso_profile_set_artifact_message  (LassoProfile *profile,
                                                         const char *message);
LassoServer *       lasso_profile_get_server            (LassoProfile *profile);
void                lasso_profile_set_signature_hint    (LassoProfile *profile,
                                                         LassoProfileSignatureHint signature_hint);
LassoProfileSignatureHint lasso_profile_get_signature_hint
                                                        (LassoProfile *profile);
void                lasso_profile_set_signature_verify_hint
                                                        (LassoProfile *profile,
                                                         LassoProfileSignatureVerifyHint signature_verify_hint);
LassoProfileSignatureVerifyHint lasso_profile_get_signature_verify_hint
                                                        (LassoProfile *profile);
LassoProviderRole   lasso_profile_sso_role_with         (LassoProfile *profile,
                                                         const char *remote_provider_id);
lasso_error_t       lasso_profile_get_signature_status  (LassoProfile *profile);

Description

Details

struct LassoProfile

struct LassoProfile {
	LassoNode parent;

	LassoServer *server;

	LassoNode *request;
	LassoNode *response;

	LassoNode *nameIdentifier;

	gchar *remote_providerID;

	gchar *msg_url;
	gchar *msg_body;
	gchar *msg_relayState;
};

LassoProfile, child class of LassoNode is the basis object of profiles object like LassoLogin, LassoLogout, LassoDefederation, LassoNameIdentifierMapping, LassoNameRegistration, LassoNameIdManagement or LassoAssertionQuery. It handles the minimal state used by all theses profiles.

LassoNode parent;

LassoServer *server;

LassoServer object representing the provider intiating this profile,

LassoNode *request;

the currently initialized request, or the last request parsed,

LassoNode *response;

the currently intialized request, or the last response parsed,

LassoNode *nameIdentifier;

for profiles which transmit a name identifier (that is, most of them), the parsed name identifier, can be a LassoSamlNameIdentifier or a LassoSaml2NameID,

gchar *remote_providerID;

the provider ID of the issuer of the last parsed message, whatever it is (a request or a response),

gchar *msg_url;

when generating a request or a response, it give the URL to contact

gchar *msg_body;

when generating a request or a response using HTTP POST binding (can be HTTP-SOAP or HTTP-Post binding), the body of the POST will be in this field,

gchar *msg_relayState;

put there the relaystate to put in the genereated URL for HTTP-Redirect or HTTP-Get binding.

enum LassoRequestType

typedef enum {
	LASSO_REQUEST_TYPE_INVALID = 0,
	LASSO_REQUEST_TYPE_LOGIN = 1,
	LASSO_REQUEST_TYPE_LOGOUT = 2,
	LASSO_REQUEST_TYPE_DEFEDERATION = 3,
	LASSO_REQUEST_TYPE_NAME_REGISTRATION = 4,
	LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING = 5,
	LASSO_REQUEST_TYPE_LECP = 6,
	LASSO_REQUEST_TYPE_DISCO_QUERY = 7,
	LASSO_REQUEST_TYPE_DISCO_MODIFY = 8,
	LASSO_REQUEST_TYPE_DST_QUERY = 9,
	LASSO_REQUEST_TYPE_DST_MODIFY = 10,
	LASSO_REQUEST_TYPE_SASL_REQUEST = 11,
	LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT = 12,
	LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER = 13,
	LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD = 14,
	LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY = 15
} LassoRequestType;

Request types (known for SOAP endpoints)

LASSO_REQUEST_TYPE_INVALID

invalid

LASSO_REQUEST_TYPE_LOGIN

Single Sign On and Federation

LASSO_REQUEST_TYPE_LOGOUT

Single Logout

LASSO_REQUEST_TYPE_DEFEDERATION

Federation Termination

LASSO_REQUEST_TYPE_NAME_REGISTRATION

Name Registration

LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING

Name Identifier Mapping

LASSO_REQUEST_TYPE_LECP

Liberty-Enabled Client / Proxy

LASSO_REQUEST_TYPE_DISCO_QUERY

ID-WSF 1.0 Discovery Query request

LASSO_REQUEST_TYPE_DISCO_MODIFY

ID-WSF 1.0 Discovery Modify Request

LASSO_REQUEST_TYPE_DST_QUERY

ID-WSF 1.0 Data Service Template Query request

LASSO_REQUEST_TYPE_DST_MODIFY

ID-WSF 1.0 Data Service Temaplte Modify request

LASSO_REQUEST_TYPE_SASL_REQUEST

ID-WSF 1.0 Authentication request

LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT

SAML 2.0 NameID Management request

LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER

ID-WSF 2.0 Discovery Service Metadata Register request

LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD

ID-WSF 2.0 Discovery Service Metadata Add Association request

LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY

ID-WSF 2.0 Discovery Query request

enum LassoProfileSignatureHint

typedef enum {
	LASSO_PROFILE_SIGNATURE_HINT_MAYBE  = 0,
	LASSO_PROFILE_SIGNATURE_HINT_FORCE  = 1,
	LASSO_PROFILE_SIGNATURE_HINT_FORBID = 2
} LassoProfileSignatureHint;

Advice a LassoProfile object about the policy for generating request and response signatures.

LASSO_PROFILE_SIGNATURE_HINT_MAYBE

let Lasso decide what to do.

LASSO_PROFILE_SIGNATURE_HINT_FORCE

generate and validate all signatures.

LASSO_PROFILE_SIGNATURE_HINT_FORBID

do not generate or validate any signature.

enum LassoProfileSignatureVerifyHint

typedef enum {
	LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE = 0,
	LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE = 1,
	LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE = 2,
	LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST
} LassoProfileSignatureVerifyHint;

Advice a LassoProfile object about the policy checking request and response signatures.

LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE

let Lasso decide what to do.

LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE

always check signatures.

LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE

check signatures but do not stop protocol handling on failures. The result of signature checking is still available in LassoProfile.signature_status

LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST


lasso_profile_get_request_type_from_soap_msg ()

LassoRequestType    lasso_profile_get_request_type_from_soap_msg
                                                        (const gchar *soap);

Looks up and return the type of the request in a SOAP message.

soap :

the SOAP message

Returns :

the type of request

lasso_profile_set_soap_fault_response ()

lasso_error_t       lasso_profile_set_soap_fault_response
                                                        (LassoProfile *profile,
                                                         const char *faultcode,
                                                         const char *faultstring,
                                                         GList *details);

Set the response to a SOAP fault, using faultcode, faultstring, and details to initialize it.

profile :

a LassoProfile object

faultcode :

the code for the SOAP fault

faultstring:(allow-none) :

the description for the SOAP fault

details :

a list of nodes to add as details. [element-type LassoNode][allow-none]

Returns :

0 if successful, an error code otherwise.

lasso_profile_is_liberty_query ()

gboolean            lasso_profile_is_liberty_query      (const gchar *query);

Tests the query string to know if the URL is called as the result of a Liberty redirect (action initiated elsewhere) or not.

query :

HTTP query string

Returns :

TRUE if Liberty query, FALSE otherwise

lasso_profile_get_identity ()

LassoIdentity *     lasso_profile_get_identity          (LassoProfile *profile);

Gets the identity bound to profile.

profile :

a LassoProfile

Returns :

the identity or NULL if it none was found. The LassoIdentity object is internally allocated and must not be freed by the caller. [transfer none]

lasso_profile_get_session ()

LassoSession *      lasso_profile_get_session           (LassoProfile *profile);

Gets the session bound to profile.

profile :

a LassoProfile

Returns :

the session or NULL if it none was found. The LassoSession object is internally allocated and must not be freed by the caller. [transfer none]

lasso_profile_is_identity_dirty ()

gboolean            lasso_profile_is_identity_dirty     (LassoProfile *profile);

Checks whether identity has been modified (and should therefore be saved).

profile :

a LassoProfile

Returns :

TRUE if identity has changed

lasso_profile_is_session_dirty ()

gboolean            lasso_profile_is_session_dirty      (LassoProfile *profile);

Checks whether session has been modified (and should therefore be saved).

profile :

a LassoProfile

Returns :

TRUE if session has changed

lasso_profile_set_identity_from_dump ()

lasso_error_t       lasso_profile_set_identity_from_dump
                                                        (LassoProfile *profile,
                                                         const gchar *dump);

Builds a new LassoIdentity object from XML dump and binds it to profile.

profile :

a LassoProfile

dump :

XML identity dump

Returns :

0 on success; or a negative value otherwise.

lasso_profile_set_session_from_dump ()

lasso_error_t       lasso_profile_set_session_from_dump (LassoProfile *profile,
                                                         const gchar *dump);

Builds a new LassoSession object from XML dump and binds it to profile.

profile :

a LassoProfile

dump :

XML session dump

Returns :

0 on success; or a negative value otherwise.

lasso_profile_get_nameIdentifier ()

LassoNode *         lasso_profile_get_nameIdentifier    (LassoProfile *profile);

Looks up appropriate federation in object and gets the service provider name identifier (which is actually a LassoSamlNameIdentifier in ID-FF 1.2 and LassoSaml2NameID in SAML 2.0).

profile :

a LassoProfile

Returns :

the name identifier or NULL if none was found. The LassoNode object is internally allocated and must not be freed by the caller. [transfer none]

lasso_profile_get_artifact ()

char *              lasso_profile_get_artifact          (LassoProfile *profile);

Return the artifact token

profile :

a LassoProfile object

Returns :

a newly allocated string or NULL. [transfer full][allow-none]

lasso_profile_get_artifact_message ()

char *              lasso_profile_get_artifact_message  (LassoProfile *profile);

Return the artifact message.

profile :

a LassoProfile object

Returns :

a newly allocated string or NULL. [transfer full][allow-none]

lasso_profile_set_artifact_message ()

void                lasso_profile_set_artifact_message  (LassoProfile *profile,
                                                         const char *message);

Set message as the content for the ArtifactResolve response.

profile :

a LassoProfile object

message :

the artifact message content

lasso_profile_get_server ()

LassoServer *       lasso_profile_get_server            (LassoProfile *profile);

Return the LassoServer linked to this profile object. A profile object should always contains one. It allows to find metadatas of other providers and to know our own metadatas.

profile :

a LassoProfile object

Returns :

a LassoServer or NULL if profile is not a LassoProfile or no LassoServer object was setup at the creation of this profile. [transfer none]

lasso_profile_set_signature_hint ()

void                lasso_profile_set_signature_hint    (LassoProfile *profile,
                                                         LassoProfileSignatureHint signature_hint);

By default each profile will choose to sign or not its messages, this method allow to force or forbid the signature of messages, on a per transaction basis.

profile :

a LassoProfile object

signature_hint :

wheter next produced messages should be signed or not (or let Lasso choose from implicit information).

lasso_profile_get_signature_hint ()

LassoProfileSignatureHint lasso_profile_get_signature_hint
                                                        (LassoProfile *profile);

Return the value of the signature hint attribute (see lasso_profile_set_signature_hint()).

profile :

a LassoProfile object

Returns :

a value in the enum type LassoProfileSignatureHint.

lasso_profile_set_signature_verify_hint ()

void                lasso_profile_set_signature_verify_hint
                                                        (LassoProfile *profile,
                                                         LassoProfileSignatureVerifyHint signature_verify_hint);

By default each profile will choose to verify or not its messages, this method allow to force or forbid the signature of messages, on a per transaction basis.

profile :

a LassoProfile object

signature_verify_hint :

whether next received message signatures should be checked or not (or let Lasso choose from implicit information).

lasso_profile_get_signature_verify_hint ()

LassoProfileSignatureVerifyHint lasso_profile_get_signature_verify_hint
                                                        (LassoProfile *profile);

Return the value of the signature verify hint attribute (see lasso_profile_set_signature_verify_hint()).

profile :

a LassoProfile object

Returns :

a value in the enum type LassoProfileSignatureVerifyHint.

lasso_profile_sso_role_with ()

LassoProviderRole   lasso_profile_sso_role_with         (LassoProfile *profile,
                                                         const char *remote_provider_id);

Returns whether the current provider is a service provider relatively to another provider. It uses the LassoProfile.identity to find if a federation qualifier by the given provider exists or the reverse.

profile :

a LassoProfile object

remote_provider_id :

the identifier of a provider

Returns :

LASSO_PROVIDER_ROLE_NONE if nothing can be said, LASSO_PROVIDER_ROLE_SP if a federation qualifier by remote_provider_id exists or LASSO_PROVIDER_ROLE_IDP if a federation qualifier by our own LassoProvider.ProviderID exists.

lasso_profile_get_signature_status ()

lasso_error_t       lasso_profile_get_signature_status  (LassoProfile *profile);

Returns the signature status from the last parsed message.

profile :

a LassoProfile object

Returns :

0 if no error from signature checking occurred, an error code otherwise.