LassoLogout

LassoLogout — Single Logout Profile

Synopsis


#include <lasso/lasso.h>


            LassoLogout;
LassoLogout* lasso_logout_new               (LassoServer *server);
LassoLogout* lasso_logout_new_from_dump     (LassoServer *server,
                                             const gchar *dump);
gint        lasso_logout_build_request_msg  (LassoLogout *logout);
gint        lasso_logout_build_response_msg (LassoLogout *logout);
void        lasso_logout_destroy            (LassoLogout *logout);
gchar*      lasso_logout_dump               (LassoLogout *logout);
gchar*      lasso_logout_get_next_providerID
                                            (LassoLogout *logout);
gint        lasso_logout_init_request       (LassoLogout *logout,
                                             gchar *remote_providerID,
                                             LassoHttpMethod request_method);
gint        lasso_logout_process_request_msg
                                            (LassoLogout *logout,
                                             gchar *request_msg);
gint        lasso_logout_process_response_msg
                                            (LassoLogout *logout,
                                             gchar *response_msg);
gint        lasso_logout_reset_providerID_index
                                            (LassoLogout *logout);
gint        lasso_logout_validate_request   (LassoLogout *logout);

Object Hierarchy


  GObject
   +----LassoNode
         +----LassoProfile
               +----LassoLogout

Description

Details

LassoLogout

typedef struct _LassoLogout LassoLogout;


lasso_logout_new ()

LassoLogout* lasso_logout_new               (LassoServer *server);

Creates a new LassoLogout.

server : the LassoServer
Returns : a newly created LassoLogout object; or NULL if an error occured

lasso_logout_new_from_dump ()

LassoLogout* lasso_logout_new_from_dump     (LassoServer *server,
                                             const gchar *dump);

Restores the dump to a new LassoLogout.

server : the LassoServer
dump : XML logout dump
Returns : a newly created LassoLogout; or NULL if an error occured

lasso_logout_build_request_msg ()

gint        lasso_logout_build_request_msg  (LassoLogout *logout);

Builds the logout request message.

It gets the HTTP method retrieved to send the request and:

  • if it is a SOAP method, then it builds the logout request SOAP message, sets the msg_body attribute, gets the single logout service url and sets msg_url in the logout object.

  • if it is a HTTP-Redirect method, then it builds the logout request QUERY message, builds the logout request url, sets msg_url in the logout request url, sets msg_body to NULL.

If private key and certificate are set in server object it will also signs the message (either with X509 if SOAP or with a simple signature for query strings).

logout : a LassoLogout
Returns : 0 on success; or a negative value otherwise.

lasso_logout_build_response_msg ()

gint        lasso_logout_build_response_msg (LassoLogout *logout);

Builds the logout response message.

It gets the request message method and:

  • if it is a SOAP method, then it builds the logout response SOAP message, sets the msg_body attribute, gets the single logout service return url and sets msg_url in the logout object.

  • if it is a HTTP-Redirect method, then it builds the logout response QUERY message, builds the logout response url, sets msg_url with the logout response url, sets msg_body to NULL

If private key and certificate are set in server object it will also signs the message (either with X509 if SOAP or with a simple signature for query strings).

logout : a LassoLogout
Returns : 0 on success; or a negative value otherwise.

lasso_logout_destroy ()

void        lasso_logout_destroy            (LassoLogout *logout);

Destroys a logout object.

logout : a LassoLogout

lasso_logout_dump ()

gchar*      lasso_logout_dump               (LassoLogout *logout);

Dumps logout content to an XML string.

logout : a LassoLogout
Returns : the dump string. It must be freed by the caller.

lasso_logout_get_next_providerID ()

gchar*      lasso_logout_get_next_providerID
                                            (LassoLogout *logout);

Returns the provider id from providerID_index in list of providerIDs in principal session with the exception of initial service provider ID.

logout : a LassoLogout
Returns : a newly allocated string or NULL

lasso_logout_init_request ()

gint        lasso_logout_init_request       (LassoLogout *logout,
                                             gchar *remote_providerID,
                                             LassoHttpMethod request_method);

Initializes a new lib:LogoutRequest.

logout : a LassoLogout
remote_providerID : the providerID of the identity provider. If NULL the first identity provider is used.
request_method : if set, then it get the protocol profile in metadata corresponding of this HTTP request method.
Returns : 0 on success; or a negative value otherwise.

lasso_logout_process_request_msg ()

gint        lasso_logout_process_request_msg
                                            (LassoLogout *logout,
                                             gchar *request_msg);

Processes a lib:LogoutRequest message. Rebuilds a request object from the message and optionally verifies its signature.

logout : a LassoLogout
request_msg : the logout request message
Returns : 0 on success; or a negative value otherwise.

lasso_logout_process_response_msg ()

gint        lasso_logout_process_response_msg
                                            (LassoLogout *logout,
                                             gchar *response_msg);

Parses the response message and builds the response object.

Checks the status code value and if it is not success, then if the local provider is a Service Provider and response method is SOAP, then builds a new logout request message for HTTP Redirect / GET method and returns the error code LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE.

If it is a SOAP method or, IDP type and http method is Redirect/GET, then removes assertion.

If local server is an Identity Provider and if there is no more assertion (Identity Provider has logged out every Service Providers), then restores the initial response.

logout : a LassoLogout
response_msg : the response message
Returns : 0 on success; or a negative value otherwise.

lasso_logout_reset_providerID_index ()

gint        lasso_logout_reset_providerID_index
                                            (LassoLogout *logout);

Reset the providerID_index attribute (set to 0).

logout : a LassoLogout
Returns : 0 on success; or a negative value otherwise.

lasso_logout_validate_request ()

gint        lasso_logout_validate_request   (LassoLogout *logout);

  • Sets the remote provider id
  • Sets a logout response with status code value to success.
  • Verifies federation and authentication.
  • If the request http method is a SOAP method, then verifies every other Service Providers supports SOAP method : if not, then sets status code value to UnsupportedProfile and returns a code error with LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE.
  • Every tests are ok, then removes assertion.
  • If local server is an Identity Provider and if there is more than one Service Provider (except the initial Service Provider), then saves the initial request, response and remote provider id.

logout : a LassoLogout
Returns : 0 on success; or a negative value otherwise.