SAML: Option to configure default NameID format for a SP (#67)
This commit is contained in:
Clément Oudot
parent
f187851ba6
commit
0817e9918f
@ -118,8 +118,11 @@ sub cstruct {
|
|||||||
. ":samlSPMetaDataXML:filearea",
|
. ":samlSPMetaDataXML:filearea",
|
||||||
samlSPMetaDataOptions => {
|
samlSPMetaDataOptions => {
|
||||||
_nodes => [
|
_nodes => [
|
||||||
qw(samlSPMetaDataOptionsOneTimeUse samlSPMetaDataOptionsSignSSOMessage samlSPMetaDataOptionsCheckSSOMessageSignature samlSPMetaDataOptionsSignSLOMessage samlSPMetaDataOptionsCheckSLOMessageSignature)
|
qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsOneTimeUse samlSPMetaDataOptionsSignSSOMessage samlSPMetaDataOptionsCheckSSOMessageSignature samlSPMetaDataOptionsSignSLOMessage samlSPMetaDataOptionsCheckSLOMessageSignature)
|
||||||
],
|
],
|
||||||
|
samlSPMetaDataOptionsNameIDFormat =>
|
||||||
|
"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDFormat"
|
||||||
|
. ":default:nameIdFormatParams",
|
||||||
samlSPMetaDataOptionsOneTimeUse =>
|
samlSPMetaDataOptionsOneTimeUse =>
|
||||||
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse",
|
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse",
|
||||||
samlSPMetaDataOptionsSignSSOMessage =>
|
samlSPMetaDataOptionsSignSSOMessage =>
|
||||||
@ -1260,6 +1263,7 @@ sub defaultConf {
|
|||||||
samlIDPMetaDataOptionsSignSLOMessage => '1',
|
samlIDPMetaDataOptionsSignSLOMessage => '1',
|
||||||
samlIDPMetaDataOptionsCheckSLOMessageSignature => '1',
|
samlIDPMetaDataOptionsCheckSLOMessageSignature => '1',
|
||||||
samlIDPMetaDataOptionsRequestedAuthnContext => '',
|
samlIDPMetaDataOptionsRequestedAuthnContext => '',
|
||||||
|
samlSPMetaDataOptionsNameIDFormat => '',
|
||||||
samlSPMetaDataOptionsOneTimeUse => '0',
|
samlSPMetaDataOptionsOneTimeUse => '0',
|
||||||
samlSPMetaDataOptionsSignSSOMessage => '1',
|
samlSPMetaDataOptionsSignSSOMessage => '1',
|
||||||
samlSPMetaDataOptionsCheckSSOMessageSignature => '1',
|
samlSPMetaDataOptionsCheckSSOMessageSignature => '1',
|
||||||
|
|||||||
@ -242,6 +242,7 @@ sub en {
|
|||||||
samlSPMetaDataXML => 'Metadata',
|
samlSPMetaDataXML => 'Metadata',
|
||||||
samlSPMetaDataExportedAttributes => 'Exported attributes',
|
samlSPMetaDataExportedAttributes => 'Exported attributes',
|
||||||
samlSPMetaDataOptions => 'Options',
|
samlSPMetaDataOptions => 'Options',
|
||||||
|
samlSPMetaDataOptionsNameIDFormat => 'Default NameID format',
|
||||||
samlSPMetaDataOptionsOneTimeUse => 'One time use',
|
samlSPMetaDataOptionsOneTimeUse => 'One time use',
|
||||||
samlSPMetaDataOptionsSignSSOMessage => 'Sign SSO message',
|
samlSPMetaDataOptionsSignSSOMessage => 'Sign SSO message',
|
||||||
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
||||||
@ -476,7 +477,7 @@ sub fr {
|
|||||||
samlIDPMetaDataXML => 'Metadonnées',
|
samlIDPMetaDataXML => 'Metadonnées',
|
||||||
samlIDPMetaDataExportedAttributes => 'Attributs exportés',
|
samlIDPMetaDataExportedAttributes => 'Attributs exportés',
|
||||||
samlIDPMetaDataOptions => 'Options',
|
samlIDPMetaDataOptions => 'Options',
|
||||||
samlIDPMetaDataOptionsNameIDFormat => 'Format NameID',
|
samlIDPMetaDataOptionsNameIDFormat => 'Format du NameID',
|
||||||
samlIDPMetaDataOptionsForceAuthn => 'Authentification forcée',
|
samlIDPMetaDataOptionsForceAuthn => 'Authentification forcée',
|
||||||
samlIDPMetaDataOptionsIsPassive => 'Authentication passive',
|
samlIDPMetaDataOptionsIsPassive => 'Authentication passive',
|
||||||
samlIDPMetaDataOptionsAllowProxiedAuthn =>
|
samlIDPMetaDataOptionsAllowProxiedAuthn =>
|
||||||
@ -500,6 +501,7 @@ sub fr {
|
|||||||
samlSPMetaDataXML => 'Metadonnées',
|
samlSPMetaDataXML => 'Metadonnées',
|
||||||
samlSPMetaDataExportedAttributes => 'Attributs exportés',
|
samlSPMetaDataExportedAttributes => 'Attributs exportés',
|
||||||
samlSPMetaDataOptions => 'Options',
|
samlSPMetaDataOptions => 'Options',
|
||||||
|
samlSPMetaDataOptionsNameIDFormat => 'Format par défaut du NameID',
|
||||||
samlSPMetaDataOptionsOneTimeUse => 'Utilisation unique',
|
samlSPMetaDataOptionsOneTimeUse => 'Utilisation unique',
|
||||||
samlSPMetaDataOptionsSignSSOMessage => 'Signature des messages SSO',
|
samlSPMetaDataOptionsSignSSOMessage => 'Signature des messages SSO',
|
||||||
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
||||||
|
|||||||
@ -512,10 +512,14 @@ sub issuerForAuthUser {
|
|||||||
|
|
||||||
$self->lmLog( "SSO: assertion is built", 'debug' );
|
$self->lmLog( "SSO: assertion is built", 'debug' );
|
||||||
|
|
||||||
# Build NameID
|
# Get default NameID Format from configuration
|
||||||
# Default NameID Format
|
# Set to "email" if no value in configuration
|
||||||
my $nameIDFormat = $self->getNameIDFormat("email");
|
my $nameIDFormatKey =
|
||||||
my $nameIDContent;
|
$self->{samlSPMetaDataOptions}->{$spConfKey}
|
||||||
|
->{samlSPMetaDataOptionsNameIDFormat} || "email";
|
||||||
|
my $nameIDFormat = $self->getNameIDFormat($nameIDFormatKey);
|
||||||
|
|
||||||
|
$self->lmLog( "Default NameID format is $nameIDFormat", 'debug' );
|
||||||
|
|
||||||
# Check NameID Policy in request
|
# Check NameID Policy in request
|
||||||
if ( $login->request()->NameIDPolicy ) {
|
if ( $login->request()->NameIDPolicy ) {
|
||||||
@ -525,6 +529,7 @@ sub issuerForAuthUser {
|
|||||||
# TODO use options to map format with session vars
|
# TODO use options to map format with session vars
|
||||||
# TODO Take the first value of a multivaluated var ( split ;)
|
# TODO Take the first value of a multivaluated var ( split ;)
|
||||||
# TODO support other formats
|
# TODO support other formats
|
||||||
|
my $nameIDContent;
|
||||||
$nameIDContent = $self->{sessionInfo}->{mail}
|
$nameIDContent = $self->{sessionInfo}->{mail}
|
||||||
if ( $nameIDFormat eq $self->getNameIDFormat("email") );
|
if ( $nameIDFormat eq $self->getNameIDFormat("email") );
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user