2007-02-11 16:14:33 +01:00
|
|
|
#==============================================================================
|
|
|
|
# Liberty Alliance Authentication for LemonLDAP.
|
|
|
|
#
|
|
|
|
# This file is part of the LemonLDAP project and released under GPL.
|
|
|
|
#==============================================================================
|
|
|
|
|
|
|
|
package Lemonldap::NG::Portal::AuthLA;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::SharedConf qw(:all);
|
|
|
|
use lasso;
|
|
|
|
|
|
|
|
*EXPORT_OK = *Lemonldap::NG::Portal::SharedConf::EXPORT_OK;
|
|
|
|
*EXPORT_TAGS = *Lemonldap::NG::Portal::SharedConf::EXPORT_TAGS;
|
|
|
|
*EXPORT = *Lemonldap::NG::Portal::SharedConf::EXPORT;
|
|
|
|
|
|
|
|
our $VERSION = '0.1';
|
|
|
|
|
|
|
|
our @ISA = qw(Lemonldap::NG::Portal::SharedConf);
|
|
|
|
|
|
|
|
#==============================================================================
|
|
|
|
# Overloaded methods
|
|
|
|
#==============================================================================
|
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
# Main process as described in Portal::Simple module
|
|
|
|
|
|
|
|
# 1. Retrieve source URL
|
|
|
|
# Not overloaded
|
|
|
|
|
|
|
|
# 2. Control existing sessions
|
|
|
|
# Not overloaded
|
|
|
|
|
|
|
|
# 3. Retrieve user credentials
|
|
|
|
# Test here if the user was authenticated by IdP
|
2007-02-11 16:14:33 +01:00
|
|
|
sub extractFormInfo {
|
2007-03-14 19:11:15 +01:00
|
|
|
my $self = shift;
|
|
|
|
&_lasso_init();
|
|
|
|
my $libertyFilesDir = $self->{libertyFilesDir} ;
|
|
|
|
my $server = &_lasso_create_server($libertyFilesDir);
|
|
|
|
my $login = &_lasso_create_authnrequest($server);
|
|
|
|
|
|
|
|
print STDERR $server->dump();
|
|
|
|
print STDERR $login->dump();
|
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
return PE_OK;
|
2007-02-11 16:14:33 +01:00
|
|
|
}
|
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
# 4. LDAP format filter for attributes reading
|
|
|
|
# We must retrive user DN in SAML response
|
|
|
|
# Or use WSF to retrieve attributes
|
2007-02-11 16:14:33 +01:00
|
|
|
sub formateFilter {
|
2007-03-14 16:39:29 +01:00
|
|
|
my $self = shift;
|
2007-02-11 16:14:33 +01:00
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
# Get DN in SAML response (TODO)
|
|
|
|
my $dn = "uid=clement,ou=personnes,dc=linagora,dc=com";
|
2007-02-11 16:14:33 +01:00
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
# Explode DN to build RDN
|
|
|
|
my @rdn = split /,/ , $dn;
|
|
|
|
|
|
|
|
$self->{filter}="(".shift(@rdn).")";
|
2007-02-11 16:14:33 +01:00
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
return PE_OK;
|
2007-02-11 16:14:33 +01:00
|
|
|
}
|
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
# 5. LDAP connection
|
|
|
|
# Overload only if WSF is used to retrieve attributes
|
|
|
|
#sub connectLDAP {
|
|
|
|
# return PE_OK;
|
|
|
|
#}
|
|
|
|
|
|
|
|
# 6. LDAP bind (with Directory Manager or anonymous)
|
|
|
|
# Overload only if WSF is used to retrieve attributes
|
|
|
|
#sub bind {
|
|
|
|
# return PE_OK;
|
|
|
|
#}
|
|
|
|
|
|
|
|
|
|
|
|
# 7. Search the DN
|
|
|
|
# Overload only if WSF is used to retrieve attributes
|
|
|
|
#sub search {
|
|
|
|
# return PE_OK;
|
|
|
|
#}
|
|
|
|
|
|
|
|
# 8. Load parameters
|
|
|
|
# Overload only if WSF is used to retrieve attributes
|
|
|
|
#sub setSessionInfo {
|
|
|
|
# # Use WSF to get "exprotedVars"
|
|
|
|
# return PE_OK;
|
|
|
|
#}
|
|
|
|
|
|
|
|
# 9. Set macros
|
|
|
|
# Not overloaded
|
|
|
|
|
|
|
|
# 10. Set groups
|
|
|
|
# Not overloaded
|
|
|
|
|
|
|
|
# 11. LDAP unbind
|
|
|
|
# Overload only if WSF is used to retrieve attributes
|
|
|
|
#sub unbind {
|
|
|
|
# return PE_OK;
|
|
|
|
#}
|
|
|
|
|
|
|
|
# 12. Authentication
|
|
|
|
# Authentication is done by IdP, so we disable this step
|
|
|
|
sub authenticate {
|
|
|
|
return PE_OK;
|
2007-02-11 16:14:33 +01:00
|
|
|
}
|
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
# 13. Store parameters in session
|
|
|
|
# Not overloaded
|
|
|
|
|
|
|
|
# 14. Build cookie
|
|
|
|
# Not overloaded
|
|
|
|
|
|
|
|
# 15. Log
|
|
|
|
# Not overloaded
|
|
|
|
|
|
|
|
# 16. Redirection
|
|
|
|
# Not overloaded
|
2007-02-11 16:14:33 +01:00
|
|
|
|
2007-03-14 19:11:15 +01:00
|
|
|
#==============================================================================
|
|
|
|
# Liberty Alliance methods
|
|
|
|
#==============================================================================
|
|
|
|
# Lasso intialisation
|
|
|
|
sub _lasso_init {
|
|
|
|
lasso::init;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Create server object
|
|
|
|
sub _lasso_create_server {
|
|
|
|
|
|
|
|
# TODO: file names in global configuration
|
|
|
|
|
|
|
|
my $libertyFilesDir = shift;
|
|
|
|
|
|
|
|
my $server = lasso::Server->new(
|
|
|
|
"$libertyFilesDir/lemonldapng-metadata.xml",
|
|
|
|
"private-key.pem",
|
|
|
|
undef, undef);
|
|
|
|
|
|
|
|
$server->addProvider(
|
|
|
|
$lasso::PROVIDER_ROLE_IDP,
|
|
|
|
"$libertyFilesDir/idp-http-authentic.demo.interldap.org-liberty-metadata-metadata.xml",
|
|
|
|
"$libertyFilesDir/idp-http-authentic.demo.interldap.org-liberty-metadata-publickey.pem",
|
|
|
|
undef);
|
|
|
|
|
|
|
|
return $server;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Create AuthnRequest
|
|
|
|
sub _lasso_create_authnrequest {
|
|
|
|
|
|
|
|
my $server = shift;
|
|
|
|
|
|
|
|
my $login = lasso::Login->new($server);
|
|
|
|
|
|
|
|
return $login;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2007-02-11 16:14:33 +01:00
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
Lemonldap::NG::Portal::AuthLA - Provide Liberty Alliance Authentication
|
2007-02-11 16:14:33 +01:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<Lemonldap::NG::Portal::SharedConf>, L<Lemonldap::NG::Portal>,
|
2007-04-02 21:13:05 +02:00
|
|
|
L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Manager>,
|
|
|
|
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
|
2007-02-11 16:14:33 +01:00
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
2007-03-14 16:39:29 +01:00
|
|
|
Clement Oudot, E<lt>coudot@linagora.comE<gt>
|
2007-02-11 16:14:33 +01:00
|
|
|
|
2007-04-14 15:12:11 +02:00
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
|
|
|
L<http://forge.objectweb.org/tracker/?group_id=274>
|
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
2007-02-11 16:14:33 +01:00
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
2007-03-18 19:33:38 +01:00
|
|
|
Copyright (C) 2007 by Clement Oudot, E<lt>coudot@linagora.comE<gt>
|
2007-02-11 16:14:33 +01:00
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
|
|
|
at your option, any later version of Perl 5 you may have available.
|
|
|
|
|
|
|
|
=cut
|