LassoLibAuthnRequest

LassoLibAuthnRequest — <lib:AuthnRequest>

Functions

Types and Values

Description

Authentication requests are sent from a service provider to an identity provider.

The lib:AuthnRequest is defined as an extension of samlp:RequestAbstractType. The RequestID attribute in samlp:RequestAbstractType has uniqueness requirements placed on it by [SAMLCore11], which require it to have the properties of a nonce.

Figure 5. Schema fragment for lib:AuthnRequest

<xs:element name="AuthnRequest" type="AuthnRequestType" />
<xs:complexType name="AuthnRequestType">
  <xs:complexContent>
    <xs:extension base="samlp:RequestAbstractType">
      <xs:sequence>
        <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
        <xs:element ref="ProviderID"/>
        <xs:element ref="AffiliationID" minOccurs="0"/>
        <xs:element ref="NameIDPolicy" minOccurs="0"/>
        <xs:element name="ForceAuthn" type="xs:boolean" minOccurs="0"/>
        <xs:element name="IsPassive" type="xs:boolean "minOccurs="0"/>
        <xs:element ref="ProtocolProfile" minOccurs="0"/>
        <xs:element name="AssertionConsumerServiceID" type="xs:string" minOccurs="0"/>
        <xs:element ref="RequestAuthnContext" minOccurs="0"/>
        <xs:element ref="RelayState" minOccurs="0"/>
        <xs:element ref="Scoping" minOccurs="0 "/>
      </xs:sequence>
      <xs:attribute ref="consent" use="optional"/>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>

<xs:element name="ProviderID" type="md:entityIDType"/>
<xs:element name="AffiliationID" type="md:entityIDType"/>

<xs:element name="NameIDPolicy" type="NameIDPolicyType"/>
<xs:simpleType name="NameIDPolicyType">
  <xs:restriction base="xs:string">
    <xs:enumeration value="none"/>
    <xs:enumeration value="onetime"/>
    <xs:enumeration value="federated"/>
    <xs:enumeration value="any"/ >
  </xs:restriction>
</xs:simpleType>

<xs:element name="ProtocolProfile" type="xs:anyURI"/>
<xs:element name="RelayState" type="xs:string"/>

Functions

lasso_lib_authn_request_new ()

LassoLibAuthnRequest *
lasso_lib_authn_request_new (void);

Creates a new LassoLibAuthnRequest object.

Returns

a newly created LassoLibAuthnRequest object

Types and Values

struct LassoLibAuthnRequest

struct LassoLibAuthnRequest {
	LassoSamlpRequestAbstract parent;

	/* <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> */
	GList *Extension; /* of xmlNode* */
	/* <xs:element ref="ProviderID"/> */
	char *ProviderID;
	/* <xs:element ref="AffiliationID" minOccurs="0"/> */
	char *AffiliationID;
	/* <xs:element ref="NameIDPolicy" minOccurs="0"/> */
	char *NameIDPolicy;
	/* <xs:element name="ForceAuthn" type="xs:boolean" minOccurs="0"/> */
	gboolean ForceAuthn;
	/* <xs:element name="IsPassive" type="xs:boolean "minOccurs="0"/> */
	gboolean IsPassive;
	/* <xs:element ref="ProtocolProfile" minOccurs="0"/> */
	char *ProtocolProfile;
	/* <xs:element name="AssertionConsumerServiceID" type="xs:string" minOccurs="0"/> */
	char *AssertionConsumerServiceID;
	/* <xs:element ref="RequestAuthnContext" minOccurs="0"/> */
	LassoLibRequestAuthnContext *RequestAuthnContext;
	/* <xs:element ref="RelayState" minOccurs="0"/> */
	char *RelayState;
	/* <xs:element ref="Scoping" minOccurs="0 "/> */
	LassoLibScoping *Scoping;
	/* <xs:attribute ref="consent" use="optional"/> */
	char *consent;
};

ProviderID isthe service provider identifier, this field will often be filled with lasso_login_init_authn_request()

nameIDPolicy tells the identity provider about the policy to use for federation; it must be one of LASSO_LIB_NAMEID_POLICY_TYPE_NONE, LASSO_LIB_NAMEID_POLICY_TYPE_ONE_TIME, LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED or LASSO_LIB_NAMEID_POLICY_TYPE_ANY.

IsPassive ; if TRUE (default) it tells the identity provider not to interact with the user.

ForceAuthn ; only used if IsPassive is FALSE, it tells the identity provider to force authentication of the user even when already authenticated.

ProtocolProfile is the Single Sign-On and Federation profile to adopt; either LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART (which is the default value) or LASSO_LIB_PROTOCOL_PROFILE_BRWS_POST.

See Also

LassoLogin