LassoSaml2Assertion

LassoSaml2Assertion — <saml2:Assertion>

Synopsis

                    LassoSaml2Assertion;
enum                LassoSaml2AssertionValidationState;
#define             LASSO_DURATION_DAY
#define             LASSO_DURATION_HOUR
#define             LASSO_DURATION_MINUTE
#define             LASSO_DURATION_WEEK
LassoNode*          lasso_saml2_assertion_new           (void);
gboolean            lasso_saml2_assertion_has_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion);
gboolean            lasso_saml2_assertion_is_audience_restricted
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         char *providerID);
void                lasso_saml2_assertion_set_subject_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);
void                lasso_saml2_assertion_set_subject_confirmation_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);
LassoSaml2SubjectConfirmationData * lasso_saml2_assertion_get_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         gboolean create);
void                lasso_saml2_assertion_set_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         const char *Recipient,
                                                         const char *InResponseTo,
                                                         const char *Address);
void                lasso_saml2_assertion_set_basic_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         gboolean one_time_use);
void                lasso_saml2_assertion_add_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *providerID);
void                lasso_saml2_assertion_add_proxy_limit
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         int proxy_count,
                                                         GList *proxy_audiences);
LassoSaml2AssertionValidationState  lasso_saml2_assertion_validate_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *relaying_party_providerID);
LassoProvider*      lasso_saml2_assertion_get_issuer_provider
                                                        (const LassoSaml2Assertion *saml2_assertion,
                                                         const LassoServer *server);
int                 lasso_saml2_assertion_add_attribute_with_node
                                                        (LassoSaml2Assertion *assertion,
                                                         constchar *name,
                                                         const char *nameformat,
                                                         LassoNode *content);

Description

Figure 44. Schema fragment for saml2:Assertion


<complexType name="AssertionType">
  <sequence>
    <element ref="saml:Issuer"/>
    <element ref="ds:Signature" minOccurs="0"/>
    <element ref="saml:Subject" minOccurs="0"/>
    <element ref="saml:Conditions" minOccurs="0"/>
    <element ref="saml:Advice" minOccurs="0"/>
    <choice minOccurs="0" maxOccurs="unbounded">
      <element ref="saml:Statement"/>
      <element ref="saml:AuthnStatement"/>
      <element ref="saml:AuthzDecisionStatement"/>
      <element ref="saml:AttributeStatement"/>
    </choice>
  </sequence>
  <attribute name="Version" type="string" use="required"/>
  <attribute name="ID" type="ID" use="required"/>
  <attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>


Details

LassoSaml2Assertion

typedef struct {
	LassoNode parent;

	/* elements */
	LassoSaml2NameID *Issuer;
	LassoSaml2Subject *Subject;
	LassoSaml2Conditions *Conditions;
	LassoSaml2Advice *Advice;
	GList *Statement; /* of LassoSaml2StatementAbstract */
	GList *AuthnStatement; /* of LassoSaml2AuthnStatement */
	GList *AuthzDecisionStatement; /* of LassoSaml2AuthzDecisionStatement */
	GList *AttributeStatement; /* of LassoSaml2AttributeStatement */
	/* attributes */
	char *Version;
	char *ID;
	char *IssueInstant;
} LassoSaml2Assertion;

enum LassoSaml2AssertionValidationState

typedef enum {
	LASSO_SAML2_ASSERTION_VALID,
	LASSO_SAML2_ASSERTION_INVALID,
	LASSO_SAML2_ASSERTION_INDETERMINATE
} LassoSaml2AssertionValidationState;

LASSO_DURATION_DAY

#define LASSO_DURATION_DAY 24*2600

LASSO_DURATION_HOUR

#define LASSO_DURATION_HOUR 3600

LASSO_DURATION_MINUTE

#define LASSO_DURATION_MINUTE 60

LASSO_DURATION_WEEK

#define LASSO_DURATION_WEEK LASSO_DURATION_DAY*7

lasso_saml2_assertion_new ()

LassoNode*          lasso_saml2_assertion_new           (void);

Creates a new LassoSaml2Assertion object.

Returns :

a newly created LassoSaml2Assertion object

lasso_saml2_assertion_has_audience_restriction ()

gboolean            lasso_saml2_assertion_has_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion);

Verify that a LassoSaml2AudienceRestriction is present in the assertion.

saml2_assertion :

a LassoSaml2Assertion object

Returns :

TRUE if a LassoSaml2AudienceRestriction is present in the Conditions of the LassoSaml2Assertion.

lasso_saml2_assertion_is_audience_restricted ()

gboolean            lasso_saml2_assertion_is_audience_restricted
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         char *providerID);

Verify that the assertion is restricted to the given providerID.

saml2_assertion :

a LassoSaml2Assertion object

providerID :

the providerID that will be compared to the audience restriction declarations.

Returns :

TRUE if providerID is part of a LassoSaml2AudienceRestriction element in the assertion, FALSE otherwise.

lasso_saml2_assertion_set_subject_name_id ()

void                lasso_saml2_assertion_set_subject_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);

Set the subject NameID, which can be a simple LassoSaml2NameID object or an encrypted LassoSaml2NameID as a LassoSaml2EncryptedElement.

saml2_assertion :

a LassoSaml2Assertion object

node :

a LassoSaml2NameID or LassoSaml2EncryptedElement

lasso_saml2_assertion_set_subject_confirmation_name_id ()

void                lasso_saml2_assertion_set_subject_confirmation_name_id
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         LassoNode *node);

Set the subject NameID, which can be a simple LassoSaml2NameID object or an encrypted LassoSaml2NameID as a LassoSaml2EncryptedElement.

saml2_assertion :

a LassoSaml2Assertion object

node :

a LassoSaml2NameID or LassoSaml2EncryptedElement

lasso_saml2_assertion_get_subject_confirmation_data ()

LassoSaml2SubjectConfirmationData * lasso_saml2_assertion_get_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         gboolean create);

lasso_saml2_assertion_set_subject_confirmation_data ()

void                lasso_saml2_assertion_set_subject_confirmation_data
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         const char *Recipient,
                                                         const char *InResponseTo,
                                                         const char *Address);

lasso_saml2_assertion_set_basic_conditions ()

void                lasso_saml2_assertion_set_basic_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         time_t tolerance,
                                                         time_t length,
                                                         gboolean one_time_use);

lasso_saml2_assertion_add_audience_restriction ()

void                lasso_saml2_assertion_add_audience_restriction
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *providerID);

Add an audience restriction to a LassoSaml2Assertion.

saml2_assertion :

a LassoSaml2Assertion object

providerId :

the provider id to restrict audience to

lasso_saml2_assertion_add_proxy_limit ()

void                lasso_saml2_assertion_add_proxy_limit
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         int proxy_count,
                                                         GList *proxy_audiences);

A LassoSaml2ProxyRestriction to the conditions of consumption of saml2_assertion.

saml2_assertion :

a LassoSaml2Assertion object

proxy_count :

the number of hops in the proxy chain, a negative value means no limitation. default -1.

proxy_audiences :

allow-none)(element-type string. allow-none. element-type string.

lasso_saml2_assertion_validate_conditions ()

LassoSaml2AssertionValidationState  lasso_saml2_assertion_validate_conditions
                                                        (LassoSaml2Assertion *saml2_assertion,
                                                         const char *relaying_party_providerID);

lasso_saml2_assertion_get_issuer_provider ()

LassoProvider*      lasso_saml2_assertion_get_issuer_provider
                                                        (const LassoSaml2Assertion *saml2_assertion,
                                                         const LassoServer *server);

Return the LassoProvider object for the provider who created this assertion.

saml2_assertion :

a LassoSaml2 assertion

server :

a LassoServer object

Returns :

a LassoProvider object, or NULL if the Issuer element is missing, or the given provider unknown to the LassoServer object.

lasso_saml2_assertion_add_attribute_with_node ()

int                 lasso_saml2_assertion_add_attribute_with_node
                                                        (LassoSaml2Assertion *assertion,
                                                         constchar *name,
                                                         const char *nameformat,
                                                         LassoNode *content);

Add a new attribute declaration and set this node as the content.

assertion :

a LassoSaml2Assertion object

name :

the attribute name

name_format :

the attribute name format (the namespace of the name)

content :

a LassoNode object to put as content of the attribute

Returns :

0 if successful, an error code otherwise.