1 /* $Id$ 2 * 3 * Lasso - A free implementation of the Liberty Alliance specifications. 4 * 5 * Copyright (C) 2004-2007 Entr'ouvert 6 * http://lasso.entrouvert.org 7 * 8 * Authors: See AUTHORS file in top-level directory. 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #ifndef __LASSO_LOGIN_H__ 25 #define __LASSO_LOGIN_H__ 26 27 #ifdef __cplusplus 28 extern "C" { 29 30 #endif /* __cplusplus */ 31 32 33 #include "../xml/lib_authn_request.h" 34 #include "../xml/lib_authn_response.h" 35 #include "../xml/samlp_request.h" 36 #include "../xml/samlp_response.h" 37 38 #include "profile.h" 39 40 #define LASSO_TYPE_LOGIN (lasso_login_get_type()) 41 #define LASSO_LOGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_LOGIN, LassoLogin)) 42 #define LASSO_LOGIN_CLASS(klass) \ 43 (G_TYPE_CHECK_CLASS_CAST((klass), LASSO_TYPE_LOGIN, LassoLoginClass)) 44 #define LASSO_IS_LOGIN(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), LASSO_TYPE_LOGIN)) 45 #define LASSO_IS_LOGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_LOGIN)) 46 #define LASSO_LOGIN_GET_CLASS(o) \ 47 (G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_LOGIN, LassoLoginClass)) 48 49 typedef struct _LassoLogin LassoLogin; 50 typedef struct _LassoLoginClass LassoLoginClass; 51 typedef struct _LassoLoginPrivate LassoLoginPrivate; 52 53 /** 54 * LassoLoginProtocolProfile: 55 * @LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART: response is transmitted through a redirect request with 56 * an artifact, followed by an artifact resolution request by the service provider. 57 * @LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST: response is transmitted through a POST. 58 * @LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP: response is transmitted in a PAOS response (see 59 * #LassoLecp). 60 * @LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT: response is transmitted through a redirect. 61 * 62 * Identifies the four possible profiles for Single Sign-On and Federation. It defined how the 63 * response to authentication request will transmitted to the service provider. 64 */ 65 typedef enum { 66 LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART = 1, 67 LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST, 68 LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP, 69 LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT, 70 } LassoLoginProtocolProfile; 71 72 /** 73 * LassoLogin: 74 * @protocolProfile: the kind of binding used for this authentication request. 75 * @assertionArtifact: a string representing the artifact received through an artifact resolution. 76 * request 77 * @assertion: after calling lasso_login_build_assertion(), lasso_login_process_response_msg() or 78 * lasso_login_process_authn_response_msg(), the assertion is stored here. 79 * @nameIDPolicy: after calling lasso_login_process_request_msg(), the name id policy is stored 80 * here. 81 * @http_method: after calling lasso_login_init_authn_request(), the chosen #LassoHttpMethod is kept 82 * here and is used after by lasso_login_build_authn_request(). 83 * 84 * Single sign-on profile for the current transaction; possibly an 85 * assertionArtifact to be used by the service provider in its 86 * "assertionConsumerServiceURL" and the assertion created or received for the 87 * principal. 88 */ 89 struct _LassoLogin { 90 LassoProfile parent; 91 92 /*< public >*/ 93 LassoLoginProtocolProfile protocolProfile; 94 gchar *assertionArtifact; 95 /*< private >*/ 96 LassoSamlAssertion *assertion; 97 98 gchar *nameIDPolicy; 99 LassoHttpMethod http_method; 100 101 LassoLoginPrivate *private_data; 102 }; 103 104 struct _LassoLoginClass { 105 LassoProfileClass parent; 106 }; 107 108 LASSO_EXPORT GType lasso_login_get_type(void); 109 LASSO_EXPORT LassoLogin* lasso_login_new(LassoServer *server); 110 LASSO_EXPORT LassoLogin* lasso_login_new_from_dump(LassoServer *server, const gchar *dump); 111 LASSO_EXPORT lasso_error_t lasso_login_accept_sso(LassoLogin *login); 112 113 LASSO_EXPORT lasso_error_t lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method); 114 115 LASSO_EXPORT lasso_error_t lasso_login_build_assertion(LassoLogin *login, 116 const char *authenticationMethod, const char *authenticationInstant, 117 const char *reauthenticateOnOrAfter, 118 const char *notBefore, const char *notOnOrAfter); 119 120 LASSO_EXPORT lasso_error_t lasso_login_build_authn_request_msg(LassoLogin *login); 121 122 LASSO_EXPORT lasso_error_t lasso_login_build_authn_response_msg(LassoLogin *login); 123 124 LASSO_EXPORT lasso_error_t lasso_login_build_request_msg(LassoLogin *login); 125 LASSO_EXPORT lasso_error_t lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID); 126 LASSO_EXPORT void lasso_login_destroy(LassoLogin *login); 127 LASSO_EXPORT gchar* lasso_login_dump(LassoLogin *login); 128 LASSO_EXPORT lasso_error_t lasso_login_init_authn_request(LassoLogin *login, 129 const gchar *remote_providerID, LassoHttpMethod http_method); 130 131 LASSO_EXPORT lasso_error_t lasso_login_init_request(LassoLogin *login, gchar *response_msg, 132 LassoHttpMethod response_http_method); 133 134 LASSO_EXPORT lasso_error_t lasso_login_init_idp_initiated_authn_request(LassoLogin *login, 135 const gchar *remote_providerID); 136 137 LASSO_EXPORT gboolean lasso_login_must_ask_for_consent(LassoLogin *login); 138 LASSO_EXPORT gboolean lasso_login_must_authenticate(LassoLogin *login); 139 140 LASSO_EXPORT lasso_error_t lasso_login_process_authn_request_msg(LassoLogin *login, 141 const char *authn_request_msg); 142 143 LASSO_EXPORT lasso_error_t lasso_login_process_authn_response_msg(LassoLogin *login, 144 gchar *authn_response_msg); 145 146 LASSO_EXPORT lasso_error_t lasso_login_process_request_msg(LassoLogin *login, gchar *request_msg); 147 LASSO_EXPORT lasso_error_t lasso_login_process_response_msg(LassoLogin *login, gchar *response_msg); 148 149 LASSO_EXPORT lasso_error_t lasso_login_validate_request_msg(LassoLogin *login, 150 gboolean authentication_result, gboolean is_consent_obtained); 151 152 LASSO_EXPORT lasso_error_t lasso_login_process_paos_response_msg(LassoLogin *login, gchar *msg); 153 154 LASSO_EXPORT LassoNode *lasso_login_get_assertion(LassoLogin *login); 155 156 #ifdef __cplusplus 157 } 158 #endif /* __cplusplus */ 159 160 #endif /* __LASSO_LOGIN_H__ */ 161