From 10d4f395112a8d10073546129f00d05d14b9fe59 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Tue, 27 Dec 2016 11:17:25 +0000 Subject: [PATCH] SAML OK with artifact + SOAP SLO (#595) --- lemonldap-ng-portal/MANIFEST | 2 +- .../lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 6 +++++- ...-issuer-SAML-Artifact-soap-slo-IdP-initiated.t} | 5 ++--- .../t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t | 14 ++++++++++++-- 4 files changed, 20 insertions(+), 7 deletions(-) rename lemonldap-ng-portal/t/{30-Auth-and-issuer-SAML-Artifact-IdP-initiated.t => 30-Auth-and-issuer-SAML-Artifact-soap-slo-IdP-initiated.t} (99%) diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index ec38b515f..87f75fec1 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -356,7 +356,7 @@ t/26-AuthRemote.t t/27-AuthProxy.t t/28-AuthChoice.t t/29-AuthSSL.t -t/30-Auth-and-issuer-SAML-Artifact-IdP-initiated.t +t/30-Auth-and-issuer-SAML-Artifact-soap-slo-IdP-initiated.t t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t t/30-Auth-and-issuer-SAML-POST.t diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index d0ed04def..55d0ab4ee 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -764,7 +764,11 @@ sub run { # Artifact # Choose method - if ($artifact) { + if ( $artifact + or $protocolProfile == + Lasso::Constants::LOGIN_PROTOCOL_PROFILE_BRWS_ART ) + { + $artifact = 1; if ( $method == $self->getHttpMethod("post") || $method == $self->getHttpMethod("artifact-post") ) { diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-IdP-initiated.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo-IdP-initiated.t similarity index 99% rename from lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-IdP-initiated.t rename to lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo-IdP-initiated.t index f1e25c1c9..6992a47d0 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-IdP-initiated.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo-IdP-initiated.t @@ -56,7 +56,6 @@ SKIP: { ok( $res = $sp->_get( $url, query => $query, accept => 'test/html' ), 'Give artifact to SP' ); expectRedirection( $res, 'http://auth.sp.com' ); - my $spId = expectCookie($res); # Verify authentication on SP my $spId = expectCookie($res); @@ -485,8 +484,8 @@ sub sp { samlIDPMetaDataOptions => { idp => { samlIDPMetaDataOptionsEncryptionMode => 'none', - samlIDPMetaDataOptionsSSOBinding => 'Artifact', - samlIDPMetaDataOptionsSLOBinding => 'Artifact', + samlIDPMetaDataOptionsSSOBinding => 'artifact-get', + samlIDPMetaDataOptionsSLOBinding => 'http-soap', samlIDPMetaDataOptionsSignSSOMessage => 1, samlIDPMetaDataOptionsSignSLOMessage => 1, samlIDPMetaDataOptionsCheckSSOMessageSignature => 1, diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t index 65176f796..675668394 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-soap-slo.t @@ -365,7 +365,12 @@ entityID="http://auth.sp.com/saml/metadata"> - + + @@ -420,7 +425,12 @@ entityID="http://auth.sp.com/saml/metadata"> - + +