Entr'ouvert Entr'ouvert Documentation

LassoLibAssertion

LassoLibAssertion — <lib:Assertion>

Synopsis

struct              LassoLibAssertion;
LassoLibAssertion *  lasso_lib_assertion_new            (void);
LassoLibAssertion *  lasso_lib_assertion_new_full       (const char *issuer,
                                                         const char *requestID,
                                                         const char *audience,
                                                         const char *notBefore,
                                                         const char *notOnOrAfter);

Description

Authentication assertions provided in an AuthnResponse element MUST be of type AssertionType, which is an extension of saml:AssertionType, so that the RequestID attribute from the original AuthnRequest MAY be included in the InResponseTo attribute in the Assertion element. This is done because it is not required that the AuthnResponse element itself be signed. Instead, the individual Assertion elements contained MUST each be signed. Note that it is optional for the InResponseTo to be present. Its absence indicates that the AuthnResponse has been unilaterally sent by the identity provider without a corresponding AuthnRequest message from the service provider. If the attribute is present, it MUST be set to the RequestID of the original AuthnRequest.

Figure 1. Schema fragment for lib:Assertion

<xs:element name="Assertion" type="AssertionType" substitutionGroup="saml:Assertion" />
<xs:complexType name="AssertionType">
  <xs:complexContent>
    <xs:extension base="saml:AssertionType">
      <xs:attribute name="InResponseTo" type="xs:NCName" use="optional"/>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>



Details

struct LassoLibAssertion

struct LassoLibAssertion {
	LassoSamlAssertion parent;

	char *InResponseTo;
};

lasso_lib_assertion_new ()

LassoLibAssertion *  lasso_lib_assertion_new            (void);

Creates a new LassoLibAssertion object.

Returns :

a newly created LassoLibAssertion object

lasso_lib_assertion_new_full ()

LassoLibAssertion *  lasso_lib_assertion_new_full       (const char *issuer,
                                                         const char *requestID,
                                                         const char *audience,
                                                         const char *notBefore,
                                                         const char *notOnOrAfter);

Creates a new LassoLibAssertion object and initializes its Issuer, InResponseTo, AudienceRestrictionCondition, notBefore and notOnOrAfter fields or attributes.

issuer :

the issuer entityID string

requestID:(allow-none) :

the identifier of the request which initiated the creation of this assertion

audience:(allow-none) :

the entityID of the receiver of this assertion

notBefore :

a timestamp formatted as iso-8601

notOnOrAfter :

a timestamp formatted as iso-8601

Returns :

a newly created LassoLibAssertion object