LassoSaml2Assertion

LassoSaml2Assertion — <saml2:Assertion>

Synopsis

                    LassoSaml2Assertion;
enum                LassoSaml2AssertionValidationState;
#define             LASSO_DURATION_DAY
#define             LASSO_DURATION_HOUR
#define             LASSO_DURATION_MINUTE
#define             LASSO_DURATION_WEEK
LassoNode*          lasso_saml2_assertion_new           (void);
gboolean            lasso_saml2_assertion_has_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion);
gboolean            lasso_saml2_assertion_is_audience_restricted
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         char *providerID);
void                lasso_saml2_assertion_set_subject_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);
void                lasso_saml2_assertion_set_subject_confirmation_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);
LassoSaml2SubjectConfirmationData * lasso_saml2_assertion_get_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         gboolean create);
void                lasso_saml2_assertion_set_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         const char *Recipient,
                                                         const char *InResponseTo,
                                                         const char *Address);
void                lasso_saml2_assertion_set_basic_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         gboolean one_time_use);
void                lasso_saml2_assertion_add_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *providerID);
void                lasso_saml2_assertion_add_proxy_limit
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         int proxy_count,
                                                         GList *proxy_audiences);
LassoSaml2AssertionValidationState  lasso_saml2_assertion_validate_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *relaying_party_providerID);
LassoProvider*      lasso_saml2_assertion_get_issuer_provider
                                                        (const LassoSaml2Assertion *saml2_assertion,
                                                         const LassoServer *server);
int                 lasso_saml2_assertion_add_attribute_with_node
                                                        (LassoSaml2Assertion *assertion,
                                                         constchar *name,
                                                         const char *nameformat,
                                                         LassoNode *content);

Description

Figure 44. Schema fragment for saml2:Assertion


<complexType name="AssertionType">
  <sequence>
    <element ref="saml:Issuer"/>
    <element ref="ds:Signature" minOccurs="0"/>
    <element ref="saml:Subject" minOccurs="0"/>
    <element ref="saml:Conditions" minOccurs="0"/>
    <element ref="saml:Advice" minOccurs="0"/>
    <choice minOccurs="0" maxOccurs="unbounded">
      <element ref="saml:Statement"/>
      <element ref="saml:AuthnStatement"/>
      <element ref="saml:AuthzDecisionStatement"/>
      <element ref="saml:AttributeStatement"/>
    </choice>
  </sequence>
  <attribute name="Version" type="string" use="required"/>
  <attribute name="ID" type="ID" use="required"/>
  <attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>


Details

LassoSaml2Assertion

typedef struct {
	LassoNode parent;

	/* elements */
	LassoSaml2NameID *Issuer;
	LassoSaml2Subject *Subject;
	LassoSaml2Conditions *Conditions;
	LassoSaml2Advice *Advice;
	GList *Statement; /* of LassoSaml2StatementAbstract */
	GList *AuthnStatement; /* of LassoSaml2AuthnStatement */
	GList *AuthzDecisionStatement; /* of LassoSaml2AuthzDecisionStatement */
	GList *AttributeStatement; /* of LassoSaml2AttributeStatement */
	/* attributes */
	char *Version;
	char *ID;
	char *IssueInstant;
} LassoSaml2Assertion;

enum LassoSaml2AssertionValidationState

typedef enum {
	LASSO_SAML2_ASSERTION_VALID,
	LASSO_SAML2_ASSERTION_INVALID,
	LASSO_SAML2_ASSERTION_INDETERMINATE
} LassoSaml2AssertionValidationState;

LASSO_DURATION_DAY

#define LASSO_DURATION_DAY 24*2600

LASSO_DURATION_HOUR

#define LASSO_DURATION_HOUR 3600

LASSO_DURATION_MINUTE

#define LASSO_DURATION_MINUTE 60

LASSO_DURATION_WEEK

#define LASSO_DURATION_WEEK LASSO_DURATION_DAY*7

lasso_saml2_assertion_new ()

LassoNode*          lasso_saml2_assertion_new           (void);

Creates a new LassoSaml2Assertion object.

Returns :

a newly created LassoSaml2Assertion object

lasso_saml2_assertion_has_audience_restriction ()

gboolean            lasso_saml2_assertion_has_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion);

Verify that a LassoSaml2AudienceRestriction is present in the assertion.

saml2_assertion :

a LassoSaml2Assertion object

Returns :

TRUE if a LassoSaml2AudienceRestriction is present in the Conditions of the LassoSaml2Assertion.

lasso_saml2_assertion_is_audience_restricted ()

gboolean            lasso_saml2_assertion_is_audience_restricted
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         char *providerID);

Verify that the assertion is restricted to the given providerID.

saml2_assertion :

a LassoSaml2Assertion object

providerID :

the providerID that will be compared to the audience restriction declarations.

Returns :

TRUE if providerID is part of a LassoSaml2AudienceRestriction element in the assertion, FALSE otherwise.

lasso_saml2_assertion_set_subject_name_id ()

void                lasso_saml2_assertion_set_subject_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);

Set the subject NameID, which can be a simple LassoSaml2NameID object or an encrypted LassoSaml2NameID as a LassoSaml2EncryptedElement.

saml2_assertion :

a LassoSaml2Assertion object

node :

a LassoSaml2NameID or LassoSaml2EncryptedElement

lasso_saml2_assertion_set_subject_confirmation_name_id ()

void                lasso_saml2_assertion_set_subject_confirmation_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);

Set the subject NameID, which can be a simple LassoSaml2NameID object or an encrypted LassoSaml2NameID as a LassoSaml2EncryptedElement.

saml2_assertion :

a LassoSaml2Assertion object

node :

a LassoSaml2NameID or LassoSaml2EncryptedElement

lasso_saml2_assertion_get_subject_confirmation_data ()

LassoSaml2SubjectConfirmationData * lasso_saml2_assertion_get_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         gboolean create);

lasso_saml2_assertion_set_subject_confirmation_data ()

void                lasso_saml2_assertion_set_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         const char *Recipient,
                                                         const char *InResponseTo,
                                                         const char *Address);

lasso_saml2_assertion_set_basic_conditions ()

void                lasso_saml2_assertion_set_basic_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         gboolean one_time_use);

Set conditions limiting usage of the assertion.

tolerance and length are time quantity measured in seconds, it defines the time range in which the assertion is valid, it is computed as [now()-tolerance, now()+length+tolerance]. one_time_use allows the issuer to limit caching of the assertion. proxy_count specify how many proxy hop can be traversed before this assertion should lose any trust.

tolerance :

tolerance to the range of time when the assertion is valid. default -1.

length :

length of the range of time when the assertion is valid. default -1.

one_time_use :

can the assertion be kept or should it be used immediately. default FALSE.

lasso_saml2_assertion_add_audience_restriction ()

void                lasso_saml2_assertion_add_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *providerID);

Add an audience restriction to a LassoSaml2Assertion.

saml2_assertion :

a LassoSaml2Assertion object

providerId :

the provider id to restrict audience to

lasso_saml2_assertion_add_proxy_limit ()

void                lasso_saml2_assertion_add_proxy_limit
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         int proxy_count,
                                                         GList *proxy_audiences);

A LassoSaml2ProxyRestriction to the conditions of consumption of saml2_assertion.

saml2_assertion :

a LassoSaml2Assertion object

proxy_count :

the number of hops in the proxy chain, a negative value means no limitation. default -1.

proxy_audiences :

allow-none)(element-type string. allow-none. element-type string.

lasso_saml2_assertion_validate_conditions ()

LassoSaml2AssertionValidationState  lasso_saml2_assertion_validate_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *relaying_party_providerID);

lasso_saml2_assertion_get_issuer_provider ()

LassoProvider*      lasso_saml2_assertion_get_issuer_provider
                                                        (const LassoSaml2Assertion *saml2_assertion,
                                                         const LassoServer *server);

Return the LassoProvider object for the provider who created this assertion.

saml2_assertion :

a LassoSaml2 assertion

server :

a LassoServer object

Returns :

a LassoProvider object, or NULL if the Issuer element is missing, or the given provider unknown to the LassoServer object.

lasso_saml2_assertion_add_attribute_with_node ()

int                 lasso_saml2_assertion_add_attribute_with_node
                                                        (LassoSaml2Assertion *assertion,
                                                         constchar *name,
                                                         const char *nameformat,
                                                         LassoNode *content);

Add a new attribute declaration and set this node as the content.

assertion :

a LassoSaml2Assertion object

name :

the attribute name

name_format :

the attribute name format (the namespace of the name)

content :

a LassoNode object to put as content of the attribute

Returns :

0 if successful, an error code otherwise.