diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm index 04fcd16a8..3fe146594 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm @@ -37,10 +37,9 @@ sub extractFormInfo { # TODO: seems to be unused (redefined later) my ( - $login, $logout, $idp, - $idpConfKey, $request, $response, - $artifact, $relaystate, $signature_status, - $method + $login, $logout, $idp, $idpConfKey, + $request, $response, $artifact, $relaystate, + $signature_status, $method ); # 1. Get HTTP request informations to know @@ -127,10 +126,13 @@ sub extractFormInfo { ->{samlIDPMetaDataOptionsCheckSSOMessageSignature}; if ($checkSSOMessageSignature) { - - # TODO - #$signature_status = $login->signature_status; - #$self->lmLog( "Signature status is $signature_status", 'debug' ); + unless ( $self->checkSignatureStatus($login) ) { + $self->lmLog( "Signature is not valid", 'error' ); + return PE_ERROR; + } + else { + $self->lmLog( "Signature is valid", 'debug' ); + } } else { $self->lmLog( "Message signature will not be checked", @@ -348,8 +350,13 @@ sub extractFormInfo { ->{samlIDPMetaDataOptionsCheckSLOMessageSignature}; if ($checkSLOMessageSignature) { - - # TODO + unless ( $self->checkSignatureStatus($logout) ) { + $self->lmLog( "Signature is not valid", 'error' ); + return PE_ERROR; + } + else { + $self->lmLog( "Signature is valid", 'debug' ); + } } else { $self->lmLog( "Message signature will not be checked", @@ -421,8 +428,13 @@ sub extractFormInfo { ->{samlIDPMetaDataOptionsCheckSLOMessageSignature}; if ($checkSLOMessageSignature) { - - # TODO + unless ( $self->checkSignatureStatus($logout) ) { + $self->lmLog( "Signature is not valid", 'error' ); + return PE_ERROR; + } + else { + $self->lmLog( "Signature is valid", 'debug' ); + } } else { $self->lmLog( "Message signature will not be checked", diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm index 12a006834..e84f520c6 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm @@ -2218,6 +2218,18 @@ sub sendLogoutRequestToServiceProvider { } +## @method boolean checkSignatureStatus(Lasso::Profile profile) +# Check signature status +# @param profile Lasso::Profile object +# @return result +sub checkSignatureStatus { + my ( $self, $profile ) = splice @_; + + eval { Lasso::Profile::get_signature_status($profile); }; + + return $self->checkLassoError($@); +} + 1; __END__ @@ -2492,6 +2504,10 @@ Send logout response issue from a logout request Send logout request to a service provider +=head2 checkSignatureStatus + +Check signature status + =head1 SEE ALSO L, L