| Top | |
|
|
|
Authentication requests are sent from a service provider to an identity provider.
The lib:AuthnRequest is defined as an extension of samlp:RequestAbstractType. The RequestID attribute in samlp:RequestAbstractType has uniqueness requirements placed on it by [SAMLCore11], which require it to have the properties of a nonce.
Figure 5. Schema fragment for lib:AuthnRequest
<xs:element name="AuthnRequest" type="AuthnRequestType" />
<xs:complexType name="AuthnRequestType">
<xs:complexContent>
<xs:extension base="samlp:RequestAbstractType">
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="ProviderID"/>
<xs:element ref="AffiliationID" minOccurs="0"/>
<xs:element ref="NameIDPolicy" minOccurs="0"/>
<xs:element name="ForceAuthn" type="xs:boolean" minOccurs="0"/>
<xs:element name="IsPassive" type="xs:boolean "minOccurs="0"/>
<xs:element ref="ProtocolProfile" minOccurs="0"/>
<xs:element name="AssertionConsumerServiceID" type="xs:string" minOccurs="0"/>
<xs:element ref="RequestAuthnContext" minOccurs="0"/>
<xs:element ref="RelayState" minOccurs="0"/>
<xs:element ref="Scoping" minOccurs="0 "/>
</xs:sequence>
<xs:attribute ref="consent" use="optional"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:element name="ProviderID" type="md:entityIDType"/>
<xs:element name="AffiliationID" type="md:entityIDType"/>
<xs:element name="NameIDPolicy" type="NameIDPolicyType"/>
<xs:simpleType name="NameIDPolicyType">
<xs:restriction base="xs:string">
<xs:enumeration value="none"/>
<xs:enumeration value="onetime"/>
<xs:enumeration value="federated"/>
<xs:enumeration value="any"/ >
</xs:restriction>
</xs:simpleType>
<xs:element name="ProtocolProfile" type="xs:anyURI"/>
<xs:element name="RelayState" type="xs:string"/>
LassoLibAuthnRequest *
lasso_lib_authn_request_new (void);
Creates a new LassoLibAuthnRequest object.
struct LassoLibAuthnRequest {
LassoSamlpRequestAbstract parent;
/* <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> */
GList *Extension; /* of xmlNode* */
/* <xs:element ref="ProviderID"/> */
char *ProviderID;
/* <xs:element ref="AffiliationID" minOccurs="0"/> */
char *AffiliationID;
/* <xs:element ref="NameIDPolicy" minOccurs="0"/> */
char *NameIDPolicy;
/* <xs:element name="ForceAuthn" type="xs:boolean" minOccurs="0"/> */
gboolean ForceAuthn;
/* <xs:element name="IsPassive" type="xs:boolean "minOccurs="0"/> */
gboolean IsPassive;
/* <xs:element ref="ProtocolProfile" minOccurs="0"/> */
char *ProtocolProfile;
/* <xs:element name="AssertionConsumerServiceID" type="xs:string" minOccurs="0"/> */
char *AssertionConsumerServiceID;
/* <xs:element ref="RequestAuthnContext" minOccurs="0"/> */
LassoLibRequestAuthnContext *RequestAuthnContext;
/* <xs:element ref="RelayState" minOccurs="0"/> */
char *RelayState;
/* <xs:element ref="Scoping" minOccurs="0 "/> */
LassoLibScoping *Scoping;
/* <xs:attribute ref="consent" use="optional"/> */
char *consent;
};
ProviderID
isthe service provider identifier, this field will often be
filled with lasso_login_init_authn_request()
nameIDPolicy
tells the identity provider about the policy to use for
federation; it must be one of LASSO_LIB_NAMEID_POLICY_TYPE_NONE,
LASSO_LIB_NAMEID_POLICY_TYPE_ONE_TIME,
LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED or
LASSO_LIB_NAMEID_POLICY_TYPE_ANY.
IsPassive
; if TRUE (default) it tells the identity provider not to
interact with the user.
ForceAuthn
; only used if IsPassive
is FALSE, it tells the identity
provider to force authentication of the user even when already
authenticated.
ProtocolProfile
is the Single Sign-On and Federation profile to adopt;
either LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART (which is the default value)
or LASSO_LIB_PROTOCOL_PROFILE_BRWS_POST.