SAML: Option to configure default NameID format for a SP (#67)
This commit is contained in:
Clément Oudot
parent
f187851ba6
commit
0817e9918f
@ -118,8 +118,11 @@ sub cstruct {
|
||||
. ":samlSPMetaDataXML:filearea",
|
||||
samlSPMetaDataOptions => {
|
||||
_nodes => [
|
||||
qw(samlSPMetaDataOptionsOneTimeUse samlSPMetaDataOptionsSignSSOMessage samlSPMetaDataOptionsCheckSSOMessageSignature samlSPMetaDataOptionsSignSLOMessage samlSPMetaDataOptionsCheckSLOMessageSignature)
|
||||
qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsOneTimeUse samlSPMetaDataOptionsSignSSOMessage samlSPMetaDataOptionsCheckSSOMessageSignature samlSPMetaDataOptionsSignSLOMessage samlSPMetaDataOptionsCheckSLOMessageSignature)
|
||||
],
|
||||
samlSPMetaDataOptionsNameIDFormat =>
|
||||
"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDFormat"
|
||||
. ":default:nameIdFormatParams",
|
||||
samlSPMetaDataOptionsOneTimeUse =>
|
||||
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse",
|
||||
samlSPMetaDataOptionsSignSSOMessage =>
|
||||
@ -1260,6 +1263,7 @@ sub defaultConf {
|
||||
samlIDPMetaDataOptionsSignSLOMessage => '1',
|
||||
samlIDPMetaDataOptionsCheckSLOMessageSignature => '1',
|
||||
samlIDPMetaDataOptionsRequestedAuthnContext => '',
|
||||
samlSPMetaDataOptionsNameIDFormat => '',
|
||||
samlSPMetaDataOptionsOneTimeUse => '0',
|
||||
samlSPMetaDataOptionsSignSSOMessage => '1',
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature => '1',
|
||||
|
||||
@ -242,6 +242,7 @@ sub en {
|
||||
samlSPMetaDataXML => 'Metadata',
|
||||
samlSPMetaDataExportedAttributes => 'Exported attributes',
|
||||
samlSPMetaDataOptions => 'Options',
|
||||
samlSPMetaDataOptionsNameIDFormat => 'Default NameID format',
|
||||
samlSPMetaDataOptionsOneTimeUse => 'One time use',
|
||||
samlSPMetaDataOptionsSignSSOMessage => 'Sign SSO message',
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
||||
@ -476,7 +477,7 @@ sub fr {
|
||||
samlIDPMetaDataXML => 'Metadonnées',
|
||||
samlIDPMetaDataExportedAttributes => 'Attributs exportés',
|
||||
samlIDPMetaDataOptions => 'Options',
|
||||
samlIDPMetaDataOptionsNameIDFormat => 'Format NameID',
|
||||
samlIDPMetaDataOptionsNameIDFormat => 'Format du NameID',
|
||||
samlIDPMetaDataOptionsForceAuthn => 'Authentification forcée',
|
||||
samlIDPMetaDataOptionsIsPassive => 'Authentication passive',
|
||||
samlIDPMetaDataOptionsAllowProxiedAuthn =>
|
||||
@ -500,6 +501,7 @@ sub fr {
|
||||
samlSPMetaDataXML => 'Metadonnées',
|
||||
samlSPMetaDataExportedAttributes => 'Attributs exportés',
|
||||
samlSPMetaDataOptions => 'Options',
|
||||
samlSPMetaDataOptionsNameIDFormat => 'Format par défaut du NameID',
|
||||
samlSPMetaDataOptionsOneTimeUse => 'Utilisation unique',
|
||||
samlSPMetaDataOptionsSignSSOMessage => 'Signature des messages SSO',
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
||||
|
||||
@ -512,10 +512,14 @@ sub issuerForAuthUser {
|
||||
|
||||
$self->lmLog( "SSO: assertion is built", 'debug' );
|
||||
|
||||
# Build NameID
|
||||
# Default NameID Format
|
||||
my $nameIDFormat = $self->getNameIDFormat("email");
|
||||
my $nameIDContent;
|
||||
# Get default NameID Format from configuration
|
||||
# Set to "email" if no value in configuration
|
||||
my $nameIDFormatKey =
|
||||
$self->{samlSPMetaDataOptions}->{$spConfKey}
|
||||
->{samlSPMetaDataOptionsNameIDFormat} || "email";
|
||||
my $nameIDFormat = $self->getNameIDFormat($nameIDFormatKey);
|
||||
|
||||
$self->lmLog( "Default NameID format is $nameIDFormat", 'debug' );
|
||||
|
||||
# Check NameID Policy in request
|
||||
if ( $login->request()->NameIDPolicy ) {
|
||||
@ -525,6 +529,7 @@ sub issuerForAuthUser {
|
||||
# TODO use options to map format with session vars
|
||||
# TODO Take the first value of a multivaluated var ( split ;)
|
||||
# TODO support other formats
|
||||
my $nameIDContent;
|
||||
$nameIDContent = $self->{sessionInfo}->{mail}
|
||||
if ( $nameIDFormat eq $self->getNameIDFormat("email") );
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user