#293 Mandatory wsa:MessageID node missing

[|EViL0nE|]

As the title says, there WS-Fed request to an IDP is not standards (WS-Addressing) compliant. While an ADFS server seems to ignore this lack of compliance, other WS-Fed capable IDPs do not. The specific problem is a lack of wsa:MessageID attribute in the soap header.

I'm by no means even close to a C programmer, but I was able to get the plugin to work (for me) Below is the diff from my fix. I think the initial include of sipe-digest is unused and leftover from my initial attempt at solving this. This was done with 1.20.1.

diff sipe-svc.c.orig sipe-svc.c
40a41
> #include "sipe-digest.h"
234a236
> 
246a249,260
>         /* Testing MessageID Generation */
>         struct sipe_tls_random id;
>         gchar *id_base64;
>         gchar *id_uuid;
>         gchar *soap_header;
>         gchar *body;
>         gboolean ret;
>         sipe_tls_fill_random(&id, 256);
>   id_base64 = g_base64_encode(id.buffer, id.length);
>   sipe_tls_free_random(&id);
>   id_uuid = generateUUIDfromEPID(id_base64);                                
>                         
248c262
<   gchar *soap_header = wsse_security ?
---
>   soap_header = wsse_security ?
253a268
>               " <wsa:MessageID>uuid:%s</wsa:MessageID>"
257a273
>               id_uuid,
261c277,279
<   gchar *body = g_strdup_printf("<?xml version=\"1.0\"?>\r\n"
---
>       g_free(id_uuid);
>       g_free(id_base64);
>   body = g_strdup_printf("<?xml version=\"1.0\"?>\r\n"
276c294
<   gboolean ret = sipe_svc_https_request(sipe_private,
---
>   ret = sipe_svc_https_request(sipe_private,

[Stefan Becker]

You are probably correct, WS-Addressing states that wsa:MessageID is mandatory with wsa:ReplyTo.

But I guess the content doesn't seem to be important, correct?

[Stefan Becker]

Fixed by commit 45447f0