SAML: use ForceAuthn option
This commit is contained in:
parent
e57cafaf15
commit
0979ba0f28
|
@ -805,8 +805,14 @@ sub extractFormInfo {
|
|||
$self->{_idp} = $idp;
|
||||
my $IDPentityID = $self->{_idpList}->{$idp}->{entityID};
|
||||
|
||||
# IDP Options
|
||||
my $forceAuthn =
|
||||
$self->{samlIDPMetaDataOptions}->{$idp}
|
||||
->{samlIDPMetaDataOptionsForceAuthn};
|
||||
|
||||
# Create SSO request
|
||||
$login = $self->createAuthnRequest( $server, $IDPentityID, $method );
|
||||
$login =
|
||||
$self->createAuthnRequest( $server, $IDPentityID, $method, $forceAuthn );
|
||||
|
||||
unless ($login) {
|
||||
$self->lmLog( "Could not create authentication request on $IDPentityID",
|
||||
|
|
|
@ -211,14 +211,15 @@ sub getOrganizationName {
|
|||
return $data->{OrganizationName}->{content};
|
||||
}
|
||||
|
||||
## @method Lasso::Login createAuthnRequest(Lasso::Server server, string idp, int method)
|
||||
## @method Lasso::Login createAuthnRequest(Lasso::Server server, string idp, int method, boolean forceAuthn)
|
||||
# Create authentication request for selected IDP
|
||||
# @param server Lasso::Server object
|
||||
# @param entityID IDP entityID
|
||||
# @param method HTTP method
|
||||
# @param forceAuthn force authentication on IDP
|
||||
# @return Lasso::Login object
|
||||
sub createAuthnRequest {
|
||||
my ( $self, $server, $idp, $method ) = splice @_;
|
||||
my ( $self, $server, $idp, $method, $forceAuthn ) = splice @_;
|
||||
|
||||
# Create Lasso Login
|
||||
my $login = $self->createLogin($server);
|
||||
|
@ -250,6 +251,10 @@ sub createAuthnRequest {
|
|||
$request->NameIDPolicy()
|
||||
->Format(Lasso::Constants::SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT);
|
||||
$request->NameIDPolicy()->AllowCreate(1);
|
||||
if ($forceAuthn) {
|
||||
$self->lmLog( "Force authentication on IDP", 'debug' );
|
||||
$request->ForceAuthn(1);
|
||||
}
|
||||
|
||||
# Build authentication request
|
||||
unless ( $self->buildAuthnRequestMsg($login) ) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user