2010-08-23 17:47:53 +02:00
|
|
|
## @file
|
|
|
|
# CAS Issuer file
|
|
|
|
|
|
|
|
## @class
|
|
|
|
# CAS Issuer class
|
|
|
|
package Lemonldap::NG::Portal::IssuerDBCAS;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
2010-08-25 16:23:45 +02:00
|
|
|
use Lemonldap::NG::Portal::_CAS;
|
|
|
|
our @ISA = qw(Lemonldap::NG::Portal::_CAS);
|
2010-08-23 17:47:53 +02:00
|
|
|
|
|
|
|
our $VERSION = '0.01';
|
|
|
|
|
|
|
|
## @method void issuerDBInit()
|
2010-08-23 18:41:38 +02:00
|
|
|
# Nothing to do
|
2010-08-23 17:47:53 +02:00
|
|
|
# @return Lemonldap::NG::Portal error code
|
|
|
|
sub issuerDBInit {
|
|
|
|
my $self = shift;
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int issuerForUnAuthUser()
|
2010-08-23 18:41:38 +02:00
|
|
|
# Manage CAS request for unauthenticated user
|
2010-08-23 17:47:53 +02:00
|
|
|
# @return Lemonldap::NG::Portal error code
|
|
|
|
sub issuerForUnAuthUser {
|
|
|
|
my $self = shift;
|
2010-08-23 18:41:38 +02:00
|
|
|
|
2010-08-25 16:23:45 +02:00
|
|
|
my $portal = $self->{portal};
|
|
|
|
$portal =~ s/\/$//;
|
|
|
|
|
2010-08-23 18:41:38 +02:00
|
|
|
# CAS URLs
|
2010-08-25 16:23:45 +02:00
|
|
|
my $cas_login_url = $portal . '/cas/login';
|
|
|
|
my $cas_logout_url = $portal . '/cas/logout';
|
|
|
|
my $cas_validate_url = $portal . '/cas/validate';
|
|
|
|
my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
|
|
|
|
my $cas_proxyValidate_url = $portal . '/cas/proxyValidate';
|
|
|
|
my $cas_proxy_url = $portal . '/cas/proxy';
|
|
|
|
|
|
|
|
# Called URL
|
|
|
|
my $url = $self->url();
|
|
|
|
|
|
|
|
# 1. LOGIN
|
|
|
|
if ( $url =~ /\Q$cas_login_url\E/io ) {
|
|
|
|
|
|
|
|
$self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
|
|
|
|
|
|
|
|
# GET parameters
|
|
|
|
my $service = $self->getHiddenFormValue('service')
|
|
|
|
|| $self->param('service');
|
|
|
|
my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
|
|
|
|
my $gateway = $self->getHiddenFormValue('gateway')
|
|
|
|
|| $self->param('gateway');
|
|
|
|
|
|
|
|
# Keep values in hidden fields
|
|
|
|
$self->setHiddenFormValue( 'service', $service );
|
|
|
|
$self->setHiddenFormValue( 'renew', $renew );
|
|
|
|
$self->setHiddenFormValue( 'gateway', $gateway );
|
|
|
|
|
|
|
|
# Gateway
|
|
|
|
# Authentication must use non-interactive mean
|
|
|
|
# TODO
|
|
|
|
if ( $gateway eq 'true' ) {
|
|
|
|
$self->lmLog( "Gateway authentication not managed", 'error' );
|
|
|
|
return PE_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2010-08-23 18:41:38 +02:00
|
|
|
|
2010-08-23 17:47:53 +02:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int issuerForAuthUser()
|
2010-08-23 18:41:38 +02:00
|
|
|
# Manage CAS request for unauthenticated user
|
2010-08-23 17:47:53 +02:00
|
|
|
# @return Lemonldap::NG::Portal error code
|
|
|
|
sub issuerForAuthUser {
|
|
|
|
my $self = shift;
|
2010-08-23 18:41:38 +02:00
|
|
|
|
2010-08-25 16:23:45 +02:00
|
|
|
my $portal = $self->{portal};
|
|
|
|
$portal =~ s/\/$//;
|
|
|
|
|
2010-08-23 18:41:38 +02:00
|
|
|
# CAS URLs
|
2010-08-25 16:23:45 +02:00
|
|
|
my $cas_login_url = $portal . '/cas/login';
|
|
|
|
my $cas_logout_url = $portal . '/cas/logout';
|
|
|
|
my $cas_validate_url = $portal . '/cas/validate';
|
|
|
|
my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
|
|
|
|
my $cas_proxyValidate_url = $portal . '/cas/proxyValidate';
|
|
|
|
my $cas_proxy_url = $portal . '/cas/proxy';
|
|
|
|
|
|
|
|
# Called URL
|
|
|
|
my $url = $self->url();
|
|
|
|
|
|
|
|
# Session ID
|
|
|
|
my $session_id = $self->{sessionInfo}->{_session_id} || $self->{id};
|
|
|
|
|
|
|
|
# 1. LOGIN
|
|
|
|
if ( $url =~ /\Q$cas_login_url\E/io ) {
|
|
|
|
|
|
|
|
$self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
|
|
|
|
|
|
|
|
# GET parameters
|
|
|
|
my $service = $self->getHiddenFormValue('service')
|
|
|
|
|| $self->param('service');
|
|
|
|
my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
|
|
|
|
my $gateway = $self->getHiddenFormValue('gateway')
|
|
|
|
|| $self->param('gateway');
|
|
|
|
|
|
|
|
# Renew
|
|
|
|
# Authentication must be replayed
|
|
|
|
# TODO
|
|
|
|
if ( $renew eq 'true' ) {
|
|
|
|
$self->lmLog( "Authentication renewal not managed", 'error' );
|
|
|
|
return PE_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
# If no service defined, exit
|
|
|
|
unless ( defined $service ) {
|
|
|
|
$self->lmLog( "No service defined in CAS URL", 'debug' );
|
|
|
|
return PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Create a service ticket
|
|
|
|
$self->lmLog( "Create a CAS service ticket for service $service",
|
|
|
|
'debug' );
|
|
|
|
|
|
|
|
my $casServiceSession = $self->getCasSession();
|
|
|
|
|
|
|
|
return PE_ERROR unless $casServiceSession;
|
|
|
|
|
|
|
|
$casServiceSession->{type} = 'casService';
|
|
|
|
$casServiceSession->{service} = $service;
|
|
|
|
$casServiceSession->{id} = $session_id;
|
|
|
|
|
|
|
|
my $casServiceSessionID = $casServiceSession->{_session_id};
|
|
|
|
my $casServiceTicket = "ST-" . $casServiceSessionID;
|
|
|
|
|
|
|
|
untie %$casServiceSession;
|
|
|
|
|
|
|
|
$self->lmLog( "CAS service session $casServiceSessionID created",
|
|
|
|
'debug' );
|
|
|
|
|
|
|
|
# Redirect to service
|
|
|
|
my $service_url = (
|
|
|
|
$service =~ /\?/
|
|
|
|
? $service .= '&ticket=' . $casServiceTicket
|
|
|
|
: $service .= '?ticket=' . $casServiceTicket
|
|
|
|
);
|
|
|
|
|
|
|
|
$self->{urldc} = $service_url;
|
|
|
|
|
|
|
|
return $self->_subProcess(qw(autoRedirect));
|
|
|
|
}
|
2010-08-23 18:41:38 +02:00
|
|
|
|
2010-08-23 17:47:53 +02:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int issuerLogout()
|
2010-08-25 16:23:45 +02:00
|
|
|
# Destroy linked CAS sessions
|
2010-08-23 17:47:53 +02:00
|
|
|
# @return Lemonldap::NG::Portal error code
|
|
|
|
sub issuerLogout {
|
2010-08-23 18:41:38 +02:00
|
|
|
my $self = shift;
|
2010-08-25 16:23:45 +02:00
|
|
|
|
|
|
|
# TODO
|
|
|
|
|
2010-08-23 17:47:53 +02:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|
|
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
=encoding utf8
|
|
|
|
|
|
|
|
Lemonldap::NG::Portal::IssuerDBCAS - CAS IssuerDB for LemonLDAP::NG
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
CAS Issuer implementation in LemonLDAP::NG
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<Lemonldap::NG::Portal>
|
|
|
|
http://www.jasig.org/cas/protocol
|
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
2010-08-23 18:41:38 +02:00
|
|
|
Clement OUDOT, E<lt>clement@oodo.netE<gt>
|
2010-08-23 17:47:53 +02:00
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
|
|
|
Copyright (C) 2010 by Clement OUDOT
|
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the same terms as Perl itself, either Perl version 5.10.0 or,
|
|
|
|
at your option, any later version of Perl 5 you may have available.
|
|
|
|
|
|
|
|
=cut
|