| Top | |
|
|
|
| struct | LassoProvider |
| enum | LassoProviderRole |
| enum | LassoHttpMethod |
| enum | LassoMdProtocolType |
| enum | LassoProtocolConformance |
| enum | LassoEncryptionMode |
| enum | LassoEncryptionSymKeyType |
The LassoProvider object holds metadata about a provider. Metadata are sorted into descriptors, each descriptor being assigned a role. We refer you to Liberty Metadata Description and Discovery Specification and Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0.
Roles are represented by the enumeration LassoProviderRole, you can access descriptors
content using lasso_provider_get_metadata_list_for_role() and lasso_provider_get_metadata_by_role().
Descriptors resources are flattened inside a simple hashtable. For example to get the URL(s) for the
SAML 2.0 single logout response endpoint using binding HTTP-POST of the SP descriptor of a provider
called x, you would call:
GList *urls = lasso_provider_get_metadata_list_for_role(x, LASSO_PROVIDER_ROLE_SP, "SingleLogoutService HTTP-POST ResponseLocation");
A provider usually possess a default role stored in the LassoProvider.role field, which is
initialized by the lasso_server_add_provider() method when registering a new remote provider to our
current provider. The methods lasso_provider_get_metadata() and lasso_provider_get_metadata_list()
use this default role to access descriptors.
LassoProvider * lasso_provider_new (LassoProviderRole role,const char *metadata,const char *public_key,const char *ca_cert_chain);
Creates a new LassoProvider.
LassoProvider * lasso_provider_new_from_buffer (LassoProviderRole role,const char *metadata,const char *public_key,const char *ca_cert_chain);
Creates a new LassoProvider.
gchar * lasso_provider_get_assertion_consumer_service_url (LassoProvider *provider,const char *service_id);
Extracts the AssertionConsumerServiceURL from the provider metadata descriptor.
gchar * lasso_provider_get_metadata_one (LassoProvider *provider,const char *name);
Extracts the element name
from the provider metadata descriptor.
GList * lasso_provider_get_metadata_list (LassoProvider *provider,const char *name);
Extracts zero to many elements from the provider metadata descriptor.
LassoProvider *
lasso_provider_new_from_dump (const gchar *dump);
Restores the dump
to a new LassoProvider.
LassoHttpMethod lasso_provider_get_first_http_method (LassoProvider *provider,LassoProvider *remote_provider,LassoMdProtocolType protocol_type);
Looks up and returns a LassoHttpMethod appropriate for performing the
protocol_type
between provider
and remote_provider
.
provider |
[transfer none] | |
remote_provider |
a LassoProvider depicting the remote provider |
|
protocol_type |
a Liberty profile |
gboolean lasso_provider_accept_http_method (LassoProvider *provider,LassoProvider *remote_provider,LassoMdProtocolType protocol_type,LassoHttpMethod http_method,gboolean initiate_profile);
Gets if http_method
is an appropriate method for the protocol_type
profile
between provider
and remote_provider
.
provider |
||
remote_provider |
a LassoProvider depicting the remote provider |
|
protocol_type |
a Liberty profile type |
|
http_method |
an HTTP method |
|
initiate_profile |
whether |
gboolean lasso_provider_has_protocol_profile (LassoProvider *provider,LassoMdProtocolType protocol_type,const char *protocol_profile);
Gets if provider
supports protocol_profile
.
gchar *
lasso_provider_get_base64_succinct_id (const LassoProvider *provider);
Computes and returns the base64-encoded provider succinct ID.
xmlNode *
lasso_provider_get_organization (const LassoProvider *provider);
Returns the provider metadata <Organization> XML node.
LassoProtocolConformance
lasso_provider_get_protocol_conformance
(const LassoProvider *provider);
Return the protocol conformance of the given provider, it should allow to switch behaviour of SP and IdP code toward a specific protocol. See also LassoProtocolConformance.
LassoEncryptionMode
lasso_provider_get_encryption_mode (LassoProvider *provider);
Return the current encryption mode.
void lasso_provider_set_encryption_mode (LassoProvider *provider,LassoEncryptionMode encryption_mode);
Activate or desactivate encryption
void lasso_provider_set_encryption_sym_key_type (LassoProvider *provider,LassoEncryptionSymKeyType encryption_sym_key_type);
Set the type of the generated encryption symetric key
lasso_error_t lasso_provider_verify_single_node_signature (LassoProvider *provider,LassoNode *node,const char *id_attr_name);
Return wheter the provider signed this node.
provider |
a LassoProvider object |
|
node |
a LassoNode object, still having its originalXmlnode content, and containing an XML signature. |
|
id_attr_name |
the name of the ID attribute to lookup. |
gchar *
lasso_provider_get_default_name_id_format
(LassoProvider *provider);
If the provider has a list of supported name id formats in its metadatas, return the first one.
const char *
lasso_provider_get_sp_name_qualifier (LassoProvider *provider);
Return the entityID to use for qualifying NameIdentifier.
GList *
lasso_provider_get_idp_supported_attributes
(LassoProvider *provider);
If the provider supports the IDP SSO role, then return the list of Attribute definition that this provider declared supporting.
a list of LassoSaml2Attribute or LassoSamlAttribute.
[transfer none][element-type LassoNode]
char *
lasso_provider_get_valid_until (LassoProvider *provider);
Return the time after which the metadata for this provider will become invalid. This is an ISO-8601 formatted string.
char *
lasso_provider_get_cache_duration (LassoProvider *provider);
Return the time during which the metadata for this provider can be kept.
char * lasso_provider_get_metadata_one_for_role (LassoProvider *provider,LassoProviderRole role,const char *name);
Return the given information extracted from the metadata of the given LassoProvider for the
given role
descriptor.
Retun value: a newly allocated string or NULL. If non-NULL must be freed by the caller.
provider |
a LassoProvider object |
|
role |
a LassoProviderRole value |
|
name |
a metadata information name |
GList * lasso_provider_get_metadata_list_for_role (const LassoProvider *provider,LassoProviderRole role,const char *name);
Extracts zero to many elements from the provider
descriptor for the given role
.
GList * lasso_provider_get_metadata_keys_for_role (LassoProvider *provider,LassoProviderRole role);
Returns the list of metadata keys existing for the given provider.
LassoProviderRole
lasso_provider_get_roles (LassoProvider *provider);
Return the bitmask of the supported roles.
gboolean lasso_provider_match_conformance (LassoProvider *provider,LassoProvider *another_provider);
Return whether the two provider support a same protocol. See also LassoProtocolConformance.
void lasso_provider_set_protocol_conformance (LassoProvider *provider,LassoProtocolConformance protocol_conformance);
Normally the protocol conformance is set when the metadata for the provider is loaded because the metadata defines the type of server. However some LassoServer variants do not have metadata (e.g. ECP) therefore instead of loading the metadata it is necessary to explicitly set the protocol conformance because parts of the Lasso library dispatch based on the protocol conformance. Without the protocol conformance being set it is likely the wrong code will execute.
**WARNING**, do not manually set the protocol conformance if metadata has been loaded, metadata is the final arbiter of protocol conformance.
provider |
a LassoProvider object |
|
protocol_conformance |
LassoProtocolConformance enumerated value. |
struct LassoProvider {
LassoNode parent;
gchar *ProviderID;
LassoProviderRole role;
char *metadata_filename;
gchar *public_key;
gchar *ca_cert_chain;
};
Any kind of provider, identity provider, service provider, attribute authority, authorization
authority will be represented by a LassoProvider object. This object will holds public keys,
certificate chains and metadata informations. The ID-FF 1.2 and SAML 2.0 metadata files are
flattened inside a key-value map that you can access using the functions
lasso_provider_get_metadata_one_for_role(), lasso_provider_get_metadata_list_for_role(),
lasso_provider_get_metadata_keys_for_role().
LassoNode |
||
the identifier URI of this provider |
||
LassoProviderRole |
the role prescribed when this LassoProvider was built |
|
file path or content of the metadata description for this provider. |
||
file path or content of the public key file for this provider. |
||
file path or content of the CA cert chain used to validate signature of this provider (can be used instead of a public key to limit the need for metadata updates). |
LassoProviderRole is an enumeration allowing to enumerate the roles handled by a provider, it can be used in a bitmask as each value is a power of 2 (except LASSO_PROVIDER_ROLE_ANY which is the full bitmask and LASSO_PROVIDER_ROLE_NONE).
|
unitialized value (internal use) |
||
|
service provider. |
||
|
identity provider. |
||
|
service&identity provider. |
||
|
an authentification authority, i.e. an endpoint able to return previously returned assertion, |
||
|
an authorization authority, i.e. an endpoint able to return assertion providing authorization about a principal acessing a resource, |
||
|
an attribute authority, i.e. an endpoint able to return attributes aboute a principal, |
||
|
all values in the enumeration are guaranteed to be < to
|
||
Method.
Liberty Metadata Type.