Working on SAML (#595)
This commit is contained in:
parent
47c227246b
commit
083db048d4
167
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
Normal file
167
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
Normal file
|
@ -0,0 +1,167 @@
|
|||
package Lemonldap::NG::Portal::Lib::SAML;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
||||
use Lemonldap::NG::Common::Session;
|
||||
use XML::Simple;
|
||||
use MIME::Base64;
|
||||
use String::Random;
|
||||
use HTTP::Request; # SOAP call
|
||||
use POSIX qw(strftime); # Convert SAML2 date into timestamp
|
||||
use Time::Local; # Convert SAML2 date into timestamp
|
||||
use Encode; # Encode attribute values
|
||||
use URI; # Get metadata URL path
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
# PROPERTIES
|
||||
|
||||
has lassoServer => ( is => 'rw' );
|
||||
has spList => ( is => 'rw', default => sub { {} } );
|
||||
has idpList => ( is => 'rw', default => sub { {} } );
|
||||
has privateKeyEnc => ( is => 'rw' );
|
||||
has privateKeyEncPwd => ( is => 'rw' );
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
BEGIN {
|
||||
|
||||
# Load Glib if available
|
||||
eval 'use Glib;';
|
||||
if ($@) {
|
||||
print STDERR
|
||||
"Glib Lasso messages will not be catched (require Glib module)\n";
|
||||
eval "use constant GLIB => 0";
|
||||
}
|
||||
else {
|
||||
eval "use constant GLIB => 1";
|
||||
Glib::Log->set_handler(
|
||||
"Lasso",
|
||||
[qw/ error critical warning message info debug /],
|
||||
sub {
|
||||
$_[0]->lmLog( $_[0] . " error " . $_[1] . ": " . $_[2],
|
||||
'debug' );
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
# Load Lasso.pm
|
||||
eval 'use Lasso;';
|
||||
if ($@) {
|
||||
print STDERR "Lasso.pm not loaded: $@";
|
||||
eval
|
||||
'use constant LASSO => 0;use constant BADLASSO => 0;use constant LASSOTHINSESSIONS => 0';
|
||||
}
|
||||
else {
|
||||
no strict 'subs';
|
||||
eval 'use constant LASSO => 1';
|
||||
|
||||
# Check Lasso version >= 2.3.0
|
||||
my $lasso_check_version_mode =
|
||||
eval 'Lasso::Constants::CHECK_VERSION_NUMERIC';
|
||||
my $check_version =
|
||||
Lasso::check_version( 2, 3, 0, $lasso_check_version_mode );
|
||||
unless ($check_version) {
|
||||
eval 'use constant BADLASSO => 1';
|
||||
}
|
||||
else {
|
||||
eval 'use constant BADLASSO => 0';
|
||||
}
|
||||
|
||||
# Try to set thin-sessions flag
|
||||
eval 'Lasso::set_flag("thin-sessions");';
|
||||
if ($@) {
|
||||
eval 'use constant LASSOTHINSESSIONS => 0';
|
||||
}
|
||||
else {
|
||||
eval 'use constant LASSOTHINSESSIONS => 1';
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
|
||||
# Check for Lasso errors/messages (see BEGIN)
|
||||
unless (LASSO) {
|
||||
$self->error("Module Lasso not loaded (see below)");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (BADLASSO) {
|
||||
$self->error('Lasso version >= 2.3.0 required');
|
||||
return 0;
|
||||
}
|
||||
|
||||
unless (LASSOTHINSESSIONS) {
|
||||
$self->lmLog( 'Lasso thin-sessions flag could not be set', 'warn' );
|
||||
}
|
||||
else {
|
||||
$self->lmLog( 'Lasso thin-sessions flag set', 'debug' );
|
||||
}
|
||||
|
||||
# Conf initialization
|
||||
|
||||
# use signature cert for encryption unless defined
|
||||
if ( $self->conf->{samlServicePrivateKeyEnc} ) {
|
||||
$self->privateKeyEnc( $self->conf->{samlServicePrivateKeyEnc} );
|
||||
$self->privateKeyEncPwd( $self->conf->{samlServicePrivateKeyEncPwd} );
|
||||
}
|
||||
else {
|
||||
$self->privateKeyEnc( $self->conf->{samlServicePrivateKeySig} );
|
||||
$self->privateKeyEncPwd( $self->conf->{samlServicePrivateKeySigPwd} );
|
||||
}
|
||||
|
||||
unless ($self->conf->{samlServicePublicKeySig}
|
||||
and $self->conf->{samlServicePrivateKeySig} )
|
||||
{
|
||||
$self->error('SAML private and public key not found in configuration');
|
||||
return 0;
|
||||
}
|
||||
|
||||
# TODO
|
||||
$self->lassoServer( $self->loadService() ) or return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub loadService {
|
||||
my ($self) = @_;
|
||||
my $serviceCertificate;
|
||||
if ( $self->conf->{samlServiceUseCertificateInResponse}
|
||||
and $self->conf->{samlServicePublicKeySig} =~ /CERTIFICATE/ )
|
||||
{
|
||||
$serviceCertificate = $self->conf->{samlServicePublicKeySig};
|
||||
$self->lmLog( 'Certificate will be used in SAML responses', 'debug' );
|
||||
|
||||
}
|
||||
|
||||
# Get metadata from configuration
|
||||
$self->lmLog( "Get Metadata for this service", 'debug' );
|
||||
my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
|
||||
|
||||
# Create Lasso server with service metadata
|
||||
my $server = $self->createServer(
|
||||
$service_metadata->serviceToXML(
|
||||
$self->getApacheHtdocsPath() . "/skins/common/saml2-metadata.tpl",
|
||||
$self
|
||||
),
|
||||
$self->conf->{samlServicePrivateKeySig},
|
||||
$self->conf->{samlServicePrivateKeySigPwd},
|
||||
$self->privateKeyEnc,
|
||||
$self->privateKeyEncPwd,
|
||||
$serviceCertificate
|
||||
);
|
||||
|
||||
# Log
|
||||
unless ($server) {
|
||||
$self->error('Unable to create Lasso server');
|
||||
return 0;
|
||||
}
|
||||
$self->lmLog( "Service created", 'debug' );
|
||||
|
||||
return $server;
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue
Block a user