LassoProfile

LassoProfile — Base class for all identity profiles

Synopsis

                    LassoProfile;
LassoRequestType    lasso_profile_get_request_type_from_soap_msg
                                                        (const gchar *soap);
enum                LassoRequestType;
gboolean            lasso_profile_is_liberty_query      (const gchar *query);
LassoIdentity*      lasso_profile_get_identity          (LassoProfile *profile);
LassoSession*       lasso_profile_get_session           (LassoProfile *profile);
gboolean            lasso_profile_is_identity_dirty     (LassoProfile *profile);
gboolean            lasso_profile_is_session_dirty      (LassoProfile *profile);
gint                lasso_profile_set_identity_from_dump
                                                        (LassoProfile *profile,
                                                         const gchar *dump);
gint                lasso_profile_set_session_from_dump (LassoProfile *profile,
                                                         const gchar *dump);
LassoNode*          lasso_profile_get_nameIdentifier    (LassoProfile *profile);
char*               lasso_profile_get_artifact          (LassoProfile *profile);
char*               lasso_profile_get_artifact_message  (LassoProfile *profile);
void                lasso_profile_set_artifact_message  (LassoProfile *profile,
                                                         char *message);
LassoServer*        lasso_profile_get_server            (LassoProfile *profile);
void                lasso_profile_set_signature_hint    (LassoProfile *profile,
                                                         LassoProfileSignatureHint signature_hint);
LassoProfileSignatureHint  lasso_profile_get_signature_hint
                                                        (LassoProfile *profile);
enum                LassoProfileSignatureHint;

Description

Details

LassoProfile

typedef struct {
	LassoNode parent;

	LassoServer *server;

	LassoNode *request;
	LassoNode *response;

	LassoNode *nameIdentifier;

	gchar *remote_providerID;

	gchar *msg_url;
	gchar *msg_body;
	gchar *msg_relayState;
} LassoProfile;

LassoProfile, child class of LassoNode is the basis object of profiles object like LassoLogin, LassoLogout, LassoDefederation, LassoNameIdentifierMapping, LassoNameRegistration, LassoNameIdManagement or LassoAssertionQuery. It handles the minimal state used by all theses profiles.

LassoNode parent;

LassoServer *server;

LassoServer object representing the provider intiating this profile,

LassoNode *request;

the currently initialized request, or the last request parsed,

LassoNode *response;

the currently intialized request, or the last response parsed,

LassoNode *nameIdentifier;

for profiles which transmit a name identifier (that is, most of them), the parsed name identifier, can be a LassoSamlNameIdentifier or a LassoSaml2NameID,

gchar *remote_providerID;

the provider ID of the issuer of the last parsed message, whatever it is (a request or a response),

gchar *msg_url;

when generating a request or a response, it give the URL to contact

gchar *msg_body;

when generating a request or a response using HTTP POST binding (can be HTTP-SOAP or HTTP-Post binding), the body of the POST will be in this field,

gchar *msg_relayState;

put there the relaystate to put in the genereated URL for HTTP-Redirect or HTTP-Get binding.

lasso_profile_get_request_type_from_soap_msg ()

LassoRequestType    lasso_profile_get_request_type_from_soap_msg
                                                        (const gchar *soap);

Looks up and return the type of the request in a SOAP message.

soap :

the SOAP message

Returns :

the type of request

enum LassoRequestType

typedef enum {
	LASSO_REQUEST_TYPE_INVALID = 0,
	LASSO_REQUEST_TYPE_LOGIN = 1,
	LASSO_REQUEST_TYPE_LOGOUT = 2,
	LASSO_REQUEST_TYPE_DEFEDERATION = 3,
	LASSO_REQUEST_TYPE_NAME_REGISTRATION = 4,
	LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING = 5,
	LASSO_REQUEST_TYPE_LECP = 6,
	LASSO_REQUEST_TYPE_DISCO_QUERY = 7,
	LASSO_REQUEST_TYPE_DISCO_MODIFY = 8,
	LASSO_REQUEST_TYPE_DST_QUERY = 9,
	LASSO_REQUEST_TYPE_DST_MODIFY = 10,
	LASSO_REQUEST_TYPE_SASL_REQUEST = 11,
	LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT = 12,
	LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER = 13,
	LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD = 14,
	LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY = 15
} LassoRequestType;

Request types (known for SOAP endpoints)

LASSO_REQUEST_TYPE_INVALID

invalid

LASSO_REQUEST_TYPE_LOGIN

Single Sign On and Federation

LASSO_REQUEST_TYPE_LOGOUT

Single Logout

LASSO_REQUEST_TYPE_DEFEDERATION

Federation Termination

LASSO_REQUEST_TYPE_NAME_REGISTRATION

Name Registration

LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING

Name Identifier Mapping

LASSO_REQUEST_TYPE_LECP

Liberty-Enabled Client / Proxy

LASSO_REQUEST_TYPE_DISCO_QUERY

ID-WSF 1.0 Discovery Query request

LASSO_REQUEST_TYPE_DISCO_MODIFY

ID-WSF 1.0 Discovery Modify Request

LASSO_REQUEST_TYPE_DST_QUERY

ID-WSF 1.0 Data Service Template Query request

LASSO_REQUEST_TYPE_DST_MODIFY

ID-WSF 1.0 Data Service Temaplte Modify request

LASSO_REQUEST_TYPE_SASL_REQUEST

ID-WSF 1.0 Authentication request

LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT

SAML 2.0 NameID Management request

LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER

ID-WSF 2.0 Discovery Service Metadata Register request

LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD

ID-WSF 2.0 Discovery Service Metadata Add Association request

LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY

ID-WSF 2.0 Discovery Query request

lasso_profile_is_liberty_query ()

gboolean            lasso_profile_is_liberty_query      (const gchar *query);

Tests the query string to know if the URL is called as the result of a Liberty redirect (action initiated elsewhere) or not.

query :

HTTP query string

Returns :

TRUE if Liberty query, FALSE otherwise

lasso_profile_get_identity ()

LassoIdentity*      lasso_profile_get_identity          (LassoProfile *profile);

Gets the identity bound to profile.

profile :

a LassoProfile

Returns :

the identity or NULL if it none was found. The LassoIdentity object is internally allocated and must not be freed by the caller.

lasso_profile_get_session ()

LassoSession*       lasso_profile_get_session           (LassoProfile *profile);

Gets the session bound to profile.

profile :

a LassoProfile

Returns :

the session or NULL if it none was found. The LassoSession object is internally allocated and must not be freed by the caller.

lasso_profile_is_identity_dirty ()

gboolean            lasso_profile_is_identity_dirty     (LassoProfile *profile);

Checks whether identity has been modified (and should therefore be saved).

profile :

a LassoProfile

Returns :

TRUE if identity has changed

lasso_profile_is_session_dirty ()

gboolean            lasso_profile_is_session_dirty      (LassoProfile *profile);

Checks whether session has been modified (and should therefore be saved).

profile :

a LassoProfile

Returns :

TRUE if session has changed

lasso_profile_set_identity_from_dump ()

gint                lasso_profile_set_identity_from_dump
                                                        (LassoProfile *profile,
                                                         const gchar *dump);

Builds a new LassoIdentity object from XML dump and binds it to profile.

profile :

a LassoProfile

dump :

XML identity dump

Returns :

0 on success; or a negative value otherwise.

lasso_profile_set_session_from_dump ()

gint                lasso_profile_set_session_from_dump (LassoProfile *profile,
                                                         const gchar *dump);

Builds a new LassoSession object from XML dump and binds it to profile.

profile :

a LassoProfile

dump :

XML session dump

Returns :

0 on success; or a negative value otherwise.

lasso_profile_get_nameIdentifier ()

LassoNode*          lasso_profile_get_nameIdentifier    (LassoProfile *profile);

Looks up appropriate federation in object and gets the service provider name identifier (which is actually a LassoSamlNameIdentifier in ID-FF 1.2 and LassoSaml2NameID in SAML 2.0).

profile :

a LassoProfile

Returns :

the name identifier or NULL if none was found. The LassoNode object is internally allocated and must not be freed by the caller.

lasso_profile_get_artifact ()

char*               lasso_profile_get_artifact          (LassoProfile *profile);

lasso_profile_get_artifact_message ()

char*               lasso_profile_get_artifact_message  (LassoProfile *profile);

lasso_profile_set_artifact_message ()

void                lasso_profile_set_artifact_message  (LassoProfile *profile,
                                                         char *message);

lasso_profile_get_server ()

LassoServer*        lasso_profile_get_server            (LassoProfile *profile);

Return the LassoServer linked to this profile object. A profile object should always contains one. It allows to find metadatas of other providers and to know our own metadatas.

profile :

a LassoProfile object

Returns :

a LassoServer or NULL if profile is not a LassoProfile or no LassoServer object was setup at the creation of this profile.

lasso_profile_set_signature_hint ()

void                lasso_profile_set_signature_hint    (LassoProfile *profile,
                                                         LassoProfileSignatureHint signature_hint);

By default each profile will choose to sign or not its messages, this method allow to force or forbid the signature of messages, on a per transaction basis.

profile :

a LassoProfile object

signature_hint :

wheter next produced messages should be signed or not (or let Lasso choose from implicit information).

lasso_profile_get_signature_hint ()

LassoProfileSignatureHint  lasso_profile_get_signature_hint
                                                        (LassoProfile *profile);

Return the value of the signature hint attribute (see lasso_profile_set_signature_hint()).

profile :

a LassoProfile object

Returns :

a value in the enum type LassoProfileSignatureHint.

enum LassoProfileSignatureHint

typedef enum {
	LASSO_PROFILE_SIGNATURE_HINT_MAYBE  = 0,
	LASSO_PROFILE_SIGNATURE_HINT_FORCE  = 1,
	LASSO_PROFILE_SIGNATURE_HINT_FORBID = 2
} LassoProfileSignatureHint;

Advice a LassoProfile object about the policy for generating and validating request and response signatures.

LASSO_PROFILE_SIGNATURE_HINT_MAYBE

let Lasso decide what to do.

LASSO_PROFILE_SIGNATURE_HINT_FORCE

generate and validate all signatures.

LASSO_PROFILE_SIGNATURE_HINT_FORBID

do not generate or validate any signature.