2009-04-07 22:38:24 +02:00
|
|
|
## @file
|
|
|
|
|
# SAML Consumer skeleton
|
|
|
|
|
|
|
|
|
|
## @class
|
|
|
|
|
# SAML Consumer skeleton
|
|
|
|
|
package Lemonldap::NG::Portal::AuthSAML;
|
|
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
2010-01-29 11:44:56 +01:00
|
|
|
use Lemonldap::NG::Portal::_SAML; #inherits
|
2010-02-01 15:01:28 +01:00
|
|
|
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
2009-04-07 22:38:24 +02:00
|
|
|
|
2009-06-08 18:29:13 +02:00
|
|
|
our $VERSION = '0.1';
|
|
|
|
|
|
2009-04-07 22:38:24 +02:00
|
|
|
## @apmethod int authInit()
|
2010-01-29 18:33:35 +01:00
|
|
|
# Load Lasso and metadata
|
2010-02-01 15:01:28 +01:00
|
|
|
# TODO - cache Lasso::Server
|
2009-04-07 22:38:24 +02:00
|
|
|
# @return Lemonldap::NG::Portal error code
|
|
|
|
|
sub authInit {
|
|
|
|
|
my $self = shift;
|
2010-01-29 11:44:56 +01:00
|
|
|
|
|
|
|
|
# Load Lasso
|
|
|
|
|
return PE_ERROR unless $self->loadLasso();
|
|
|
|
|
|
2010-01-29 18:33:35 +01:00
|
|
|
# Activate SOAP
|
|
|
|
|
$self->{Soap} = 1;
|
|
|
|
|
|
2010-02-03 11:59:53 +01:00
|
|
|
# Check presence of service metadata and private key in configuration
|
|
|
|
|
unless ( $self->{samlServiceMetaData} and $self->{samlServicePrivateKey} ) {
|
|
|
|
|
$self->lmLog(
|
|
|
|
|
"SAML service metadata or private key not found in configuration",
|
|
|
|
|
'error' );
|
|
|
|
|
return PE_ERROR;
|
|
|
|
|
}
|
2010-02-01 15:01:28 +01:00
|
|
|
|
|
|
|
|
# Get metadata from configuration
|
2010-02-01 18:07:40 +01:00
|
|
|
$self->lmLog( "Get Metadata for this service", 'debug' );
|
2010-02-01 15:01:28 +01:00
|
|
|
my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
|
|
|
|
unless (
|
|
|
|
|
$service_metadata->initializeFromConfHash(
|
|
|
|
|
$self->{samlServiceMetaData}
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
$self->lmLog( "Fail to read Service Metadata from configuration",
|
|
|
|
|
'error' );
|
|
|
|
|
return PE_ERROR;
|
2010-01-29 18:33:35 +01:00
|
|
|
}
|
|
|
|
|
|
2010-02-01 15:01:28 +01:00
|
|
|
# Create Lasso server with service metadata
|
2010-02-03 11:59:53 +01:00
|
|
|
my $server = $self->createServer(
|
|
|
|
|
$service_metadata->toXML(),
|
|
|
|
|
$self->{samlServicePrivateKey},
|
|
|
|
|
);
|
2010-01-29 18:33:35 +01:00
|
|
|
|
2010-02-03 11:59:53 +01:00
|
|
|
unless ($server) {
|
|
|
|
|
$self->lmLog( 'Unable to create Lasso server', 'error' );
|
|
|
|
|
return PE_ERROR;
|
|
|
|
|
}
|
2010-01-29 11:44:56 +01:00
|
|
|
|
2010-02-01 18:07:40 +01:00
|
|
|
$self->lmLog( "Service created", 'debug' );
|
|
|
|
|
|
|
|
|
|
# Check presence of at least one identity provider in configuration
|
|
|
|
|
unless ( $self->{samlIDPMetaData} and keys %{ $self->{samlIDPMetaData} } ) {
|
|
|
|
|
$self->lmLog( "No IDP found in configuration", 'error' );
|
|
|
|
|
return PE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Load identity provider metadata
|
|
|
|
|
# IDP are listed in $self->{samlIDPMetaData}
|
|
|
|
|
# Each key is the IDP name and value is the metadata
|
|
|
|
|
foreach ( keys %{ $self->{samlIDPMetaData} } ) {
|
|
|
|
|
|
|
|
|
|
$self->lmLog( "Get Metadata for IDP $_", 'debug' );
|
|
|
|
|
|
|
|
|
|
# Get metadata from configuration
|
|
|
|
|
my $idp_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
|
|
|
|
unless (
|
|
|
|
|
$idp_metadata->initializeFromConfHash(
|
|
|
|
|
$self->{samlIDPMetaData}->{$_}
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
$self->lmLog( "Fail to read IDP $_ Metadata from configuration",
|
|
|
|
|
'error' );
|
|
|
|
|
return PE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Add this IDP to Lasso::Server
|
|
|
|
|
my $result = $self->addIDP( $server, $idp_metadata->toXML() );
|
|
|
|
|
|
|
|
|
|
unless ($result) {
|
|
|
|
|
$self->lmLog( "Fail to use IDP $_ Metadata", 'error' );
|
|
|
|
|
return PE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$self->lmLog( "IDP $_ added", 'debug' );
|
|
|
|
|
}
|
2010-01-29 11:44:56 +01:00
|
|
|
|
|
|
|
|
PE_OK;
|
2009-04-07 22:38:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
## @apmethod int extractFormInfo()
|
|
|
|
|
# TODO
|
|
|
|
|
# @return Lemonldap::NG::Portal error code
|
|
|
|
|
sub extractFormInfo {
|
|
|
|
|
PE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
## @apmethod int setAuthSessionInfo()
|
|
|
|
|
# TODO
|
|
|
|
|
# @return Lemonldap::NG::Portal error code
|
|
|
|
|
sub setAuthSessionInfo {
|
|
|
|
|
PE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
## @apmethod int authenticate()
|
|
|
|
|
# Does nothing here
|
|
|
|
|
# @return PE_OK
|
|
|
|
|
sub authenticate {
|
|
|
|
|
PE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
## @apmethod void authLogout()
|
|
|
|
|
# TODO
|
|
|
|
|
sub authLogout {
|
|
|
|
|
}
|
|
|
|
|
|
2009-04-08 18:31:13 +02:00
|
|
|
## @apmethod array SAMLIssuerLinks()
|
|
|
|
|
# TODO
|
|
|
|
|
# @return 2 arrays: HTTP links and SAML issuer names
|
|
|
|
|
sub SAMLIssuerLinks {
|
|
|
|
|
}
|
|
|
|
|
|
2009-04-07 22:38:24 +02:00
|
|
|
1;
|
|
|
|
|
__END__
|
|
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
2010-01-03 09:09:59 +01:00
|
|
|
=encoding utf8
|
|
|
|
|
|
2009-04-07 22:38:24 +02:00
|
|
|
Lemonldap::NG::Portal::AuthSAML - TODO
|
|
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::AuthSAML;
|
|
|
|
|
#TODO
|
|
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
|
|
TODO
|
|
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
|
|
L<Lemonldap::NG::Portal>
|
|
|
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
|
|
|
|
|
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
|
|
|
|
|
Copyright (C) 2009 by Xavier Guimard
|
|
|
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
|
it under the same terms as Perl itself, either Perl version 5.10.0 or,
|
|
|
|
|
at your option, any later version of Perl 5 you may have available.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
=cut
|
