![]() |
![]() |
![]() |
Lasso Reference Manual | ![]() |
---|---|---|---|---|
Top | Description |
LassoProfile; enum LassoRequestType; enum LassoProfileSignatureHint; enum LassoProfileSignatureVerifyHint; LassoRequestType lasso_profile_get_request_type_from_soap_msg (const gchar *soap); lasso_error_t lasso_profile_set_soap_fault_response (LassoProfile *profile, const char *faultcode, const char *faultstring, GList *details); gboolean lasso_profile_is_liberty_query (const gchar *query); LassoIdentity* lasso_profile_get_identity (LassoProfile *profile); LassoSession* lasso_profile_get_session (LassoProfile *profile); gboolean lasso_profile_is_identity_dirty (LassoProfile *profile); gboolean lasso_profile_is_session_dirty (LassoProfile *profile); lasso_error_t lasso_profile_set_identity_from_dump (LassoProfile *profile, const gchar *dump); lasso_error_t lasso_profile_set_session_from_dump (LassoProfile *profile, const gchar *dump); LassoNode* lasso_profile_get_nameIdentifier (LassoProfile *profile); char* lasso_profile_get_artifact (LassoProfile *profile); char* lasso_profile_get_artifact_message (LassoProfile *profile); void lasso_profile_set_artifact_message (LassoProfile *profile, const char *message); LassoServer* lasso_profile_get_server (LassoProfile *profile); void lasso_profile_set_signature_hint (LassoProfile *profile, LassoProfileSignatureHint signature_hint); LassoProfileSignatureHint lasso_profile_get_signature_hint (LassoProfile *profile); void lasso_profile_set_signature_verify_hint (LassoProfile *profile, LassoProfileSignatureVerifyHint signature_verify_hint); LassoProfileSignatureVerifyHint lasso_profile_get_signature_verify_hint (LassoProfile *profile); LassoProviderRole lasso_profile_sso_role_with (LassoProfile *profile, const char *remote_provider_id); lasso_error_t lasso_profile_get_signature_status (LassoProfile *profile);
typedef struct { LassoNode parent; LassoServer *server; LassoNode *request; LassoNode *response; LassoNode *nameIdentifier; gchar *remote_providerID; gchar *msg_url; gchar *msg_body; gchar *msg_relayState; } LassoProfile;
LassoProfile, child class of LassoNode is the basis object of profiles object like LassoLogin, LassoLogout, LassoDefederation, LassoNameIdentifierMapping, LassoNameRegistration, LassoNameIdManagement or LassoAssertionQuery. It handles the minimal state used by all theses profiles.
LassoNode |
|
LassoServer * |
LassoServer object representing the provider intiating this profile, |
LassoNode * |
the currently initialized request, or the last request parsed, |
LassoNode * |
the currently intialized request, or the last response parsed, |
LassoNode * |
for profiles which transmit a name identifier (that is, most of them), the parsed name identifier, can be a LassoSamlNameIdentifier or a LassoSaml2NameID, |
gchar * |
the provider ID of the issuer of the last parsed message, whatever it is (a request or a response), |
gchar * |
when generating a request or a response, it give the URL to contact |
gchar * |
when generating a request or a response using HTTP POST binding (can be HTTP-SOAP or HTTP-Post binding), the body of the POST will be in this field, |
gchar * |
put there the relaystate to put in the genereated URL for HTTP-Redirect or HTTP-Get binding. |
typedef enum { LASSO_REQUEST_TYPE_INVALID = 0, LASSO_REQUEST_TYPE_LOGIN = 1, LASSO_REQUEST_TYPE_LOGOUT = 2, LASSO_REQUEST_TYPE_DEFEDERATION = 3, LASSO_REQUEST_TYPE_NAME_REGISTRATION = 4, LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING = 5, LASSO_REQUEST_TYPE_LECP = 6, LASSO_REQUEST_TYPE_DISCO_QUERY = 7, LASSO_REQUEST_TYPE_DISCO_MODIFY = 8, LASSO_REQUEST_TYPE_DST_QUERY = 9, LASSO_REQUEST_TYPE_DST_MODIFY = 10, LASSO_REQUEST_TYPE_SASL_REQUEST = 11, LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT = 12, LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER = 13, LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD = 14, LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY = 15 } LassoRequestType;
Request types (known for SOAP endpoints)
invalid | |
Single Sign On and Federation | |
Single Logout | |
Federation Termination | |
Name Registration | |
Name Identifier Mapping | |
Liberty-Enabled Client / Proxy | |
ID-WSF 1.0 Discovery Query request | |
ID-WSF 1.0 Discovery Modify Request | |
ID-WSF 1.0 Data Service Template Query request | |
ID-WSF 1.0 Data Service Temaplte Modify request | |
ID-WSF 1.0 Authentication request | |
SAML 2.0 NameID Management request | |
ID-WSF 2.0 Discovery Service Metadata Register request | |
ID-WSF 2.0 Discovery Service Metadata Add Association request | |
ID-WSF 2.0 Discovery Query request |
typedef enum { LASSO_PROFILE_SIGNATURE_HINT_MAYBE = 0, LASSO_PROFILE_SIGNATURE_HINT_FORCE = 1, LASSO_PROFILE_SIGNATURE_HINT_FORBID = 2 } LassoProfileSignatureHint;
Advice a LassoProfile object about the policy for generating request and response signatures.
typedef enum { LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE = 0, LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE = 1, LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE = 2, LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST } LassoProfileSignatureVerifyHint;
Advice a LassoProfile object about the policy checking request and response signatures.
let Lasso decide what to do. | |
always check signatures. | |
check signatures but do not stop protocol handling on failures. The result of signature checking is still available in LassoProfile.signature_status | |
LassoRequestType lasso_profile_get_request_type_from_soap_msg (const gchar *soap);
Looks up and return the type of the request in a SOAP message.
|
the SOAP message |
Returns : |
the type of request |
lasso_error_t lasso_profile_set_soap_fault_response (LassoProfile *profile, const char *faultcode, const char *faultstring, GList *details);
Set the response to a SOAP fault, using faultcode
, faultstring
, and details
to initialize it.
|
a LassoProfile object |
|
the code for the SOAP fault |
|
the description for the SOAP fault |
|
a list of nodes to add as details. element-type LassoNode. allow-none LassoNode. |
Returns : |
0 if successful, an error code otherwise. |
gboolean lasso_profile_is_liberty_query (const gchar *query);
Tests the query string to know if the URL is called as the result of a Liberty redirect (action initiated elsewhere) or not.
|
HTTP query string |
Returns : |
TRUE if Liberty query, FALSE otherwise |
LassoIdentity* lasso_profile_get_identity (LassoProfile *profile);
Gets the identity bound to profile
.
|
a LassoProfile |
Returns : |
transfer none. transfer none. |
LassoSession* lasso_profile_get_session (LassoProfile *profile);
Gets the session bound to profile
.
|
a LassoProfile |
Returns : |
transfer none. transfer none. |
gboolean lasso_profile_is_identity_dirty (LassoProfile *profile);
Checks whether identity has been modified (and should therefore be saved).
|
a LassoProfile |
Returns : |
TRUE if identity has changed
|
gboolean lasso_profile_is_session_dirty (LassoProfile *profile);
Checks whether session has been modified (and should therefore be saved).
|
a LassoProfile |
Returns : |
TRUE if session has changed
|
lasso_error_t lasso_profile_set_identity_from_dump (LassoProfile *profile, const gchar *dump);
Builds a new LassoIdentity object from XML dump and binds it to profile
.
|
a LassoProfile |
|
XML identity dump |
Returns : |
0 on success; or a negative value otherwise. |
lasso_error_t lasso_profile_set_session_from_dump (LassoProfile *profile, const gchar *dump);
Builds a new LassoSession object from XML dump and binds it to profile
.
|
a LassoProfile |
|
XML session dump |
Returns : |
0 on success; or a negative value otherwise. |
LassoNode* lasso_profile_get_nameIdentifier (LassoProfile *profile);
Looks up appropriate federation in object and gets the service provider name identifier (which is actually a LassoSamlNameIdentifier in ID-FF 1.2 and LassoSaml2NameID in SAML 2.0).
|
a LassoProfile |
Returns : |
transfer none. transfer none. |
char* lasso_profile_get_artifact (LassoProfile *profile);
Return the artifact token
|
a LassoProfile object |
Returns : |
a newly allocated string or NULL.. transfer full. allow-none full. |
char* lasso_profile_get_artifact_message (LassoProfile *profile);
Return the artifact message.
|
a LassoProfile object |
Returns : |
a newly allocated string or NULL. transfer full. allow-none full. |
void lasso_profile_set_artifact_message (LassoProfile *profile, const char *message);
Set message
as the content for the ArtifactResolve response.
|
a LassoProfile object |
|
the artifact message content |
LassoServer* lasso_profile_get_server (LassoProfile *profile);
Return the LassoServer linked to this profile object. A profile object should always contains one. It allows to find metadatas of other providers and to know our own metadatas.
|
a LassoProfile object |
Returns : |
transfer none. transfer none. |
void lasso_profile_set_signature_hint (LassoProfile *profile, LassoProfileSignatureHint signature_hint);
By default each profile will choose to sign or not its messages, this method allow to force or forbid the signature of messages, on a per transaction basis.
|
a LassoProfile object |
|
wheter next produced messages should be signed or not (or let Lasso choose from implicit information). |
LassoProfileSignatureHint lasso_profile_get_signature_hint (LassoProfile *profile);
Return the value of the signature hint attribute (see lasso_profile_set_signature_hint()
).
|
a LassoProfile object |
Returns : |
a value in the enum type LassoProfileSignatureHint. |
void lasso_profile_set_signature_verify_hint (LassoProfile *profile, LassoProfileSignatureVerifyHint signature_verify_hint);
By default each profile will choose to verify or not its messages, this method allow to force or forbid the signature of messages, on a per transaction basis.
|
a LassoProfile object |
|
whether next received message signatures should be checked or not (or let Lasso choose from implicit information). |
LassoProfileSignatureVerifyHint lasso_profile_get_signature_verify_hint (LassoProfile *profile);
Return the value of the signature verify hint attribute (see
lasso_profile_set_signature_verify_hint()
).
|
a LassoProfile object |
Returns : |
a value in the enum type LassoProfileSignatureVerifyHint. |
LassoProviderRole lasso_profile_sso_role_with (LassoProfile *profile, const char *remote_provider_id);
Returns whether the current provider is a service provider relatively to another provider. It uses the LassoProfile.identity to find if a federation qualifier by the given provider exists or the reverse.
|
a LassoProfile object |
|
the identifier of a provider |
Returns : |
LASSO_PROVIDER_ROLE_NONE if nothing can be said, LASSO_PROVIDER_ROLE_SP if a
federation qualifier by remote_provider_id exists or LASSO_PROVIDER_ROLE_IDP if a federation
qualifier by our own LassoProvider.providerID exists.
|