dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SAML OK with artifact + SOAP SLO (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2016-12-27 11:17:25 +00:00
parent e09eb9c237
commit 10d4f39511
4 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-portal/MANIFEST
View File

@ -356,7 +356,7 @@ t/26-AuthRemote.t
t/27-AuthProxy.t
t/28-AuthChoice.t
t/29-AuthSSL.t
t/30-Auth-and-issuer-SAML-Artifact-IdP-initiated.t
t/30-Auth-and-issuer-SAML-Artifact-soap-slo-IdP-initiated.t
t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t
t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t
t/30-Auth-and-issuer-SAML-POST.t

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
View File

@ -764,7 +764,11 @@ sub run {
# Artifact
# Choose method
if ($artifact) {
if ( $artifact
or $protocolProfile ==
Lasso::Constants::LOGIN_PROTOCOL_PROFILE_BRWS_ART )
{
$artifact = 1;
if ( $method == $self->getHttpMethod("post")
|| $method == $self->getHttpMethod("artifact-post") )
{

5
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-IdP-initiated.t → lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo-IdP-initiated.t
View File

@ -56,7 +56,6 @@ SKIP: {
ok( $res = $sp->_get( $url, query => $query, accept => 'test/html' ),
'Give artifact to SP' );
expectRedirection( $res, 'http://auth.sp.com' );
my $spId = expectCookie($res);
# Verify authentication on SP
my $spId = expectCookie($res);
@ -485,8 +484,8 @@ sub sp {
samlIDPMetaDataOptions => {
idp => {
samlIDPMetaDataOptionsEncryptionMode => 'none',
samlIDPMetaDataOptionsSSOBinding => 'Artifact',
samlIDPMetaDataOptionsSLOBinding => 'Artifact',
samlIDPMetaDataOptionsSSOBinding => 'artifact-get',
samlIDPMetaDataOptionsSLOBinding => 'http-soap',
samlIDPMetaDataOptionsSignSSOMessage => 1,
samlIDPMetaDataOptionsSignSLOMessage => 1,
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,

14
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t
View File

@ -365,7 +365,12 @@ entityID="http://auth.sp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/singleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/singleLogout"
ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/singleLogout"
ResponseLocation="http://auth.sp.com/saml/singleLogoutReturn" />
<NameIDFormat>
@ -420,7 +425,12 @@ entityID="http://auth.sp.com/saml/metadata">
<ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/artifact" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://auth.sp.com/saml/proxySingleLogoutSOAP" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://auth.sp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://auth.sp.com/saml/proxySingleLogout"
ResponseLocation="http://auth.sp.com/saml/proxySingleLogoutReturn" />
<NameIDFormat>