SAML: use get_signature_status from Lasso::Profile
This commit is contained in:
parent
c4ea39fae4
commit
1b81ccd96f
@ -37,10 +37,9 @@ sub extractFormInfo {
|
|||||||
|
|
||||||
# TODO: seems to be unused (redefined later)
|
# TODO: seems to be unused (redefined later)
|
||||||
my (
|
my (
|
||||||
$login, $logout, $idp,
|
$login, $logout, $idp, $idpConfKey,
|
||||||
$idpConfKey, $request, $response,
|
$request, $response, $artifact, $relaystate,
|
||||||
$artifact, $relaystate, $signature_status,
|
$signature_status, $method
|
||||||
$method
|
|
||||||
);
|
);
|
||||||
|
|
||||||
# 1. Get HTTP request informations to know
|
# 1. Get HTTP request informations to know
|
||||||
@ -127,10 +126,13 @@ sub extractFormInfo {
|
|||||||
->{samlIDPMetaDataOptionsCheckSSOMessageSignature};
|
->{samlIDPMetaDataOptionsCheckSSOMessageSignature};
|
||||||
|
|
||||||
if ($checkSSOMessageSignature) {
|
if ($checkSSOMessageSignature) {
|
||||||
|
unless ( $self->checkSignatureStatus($login) ) {
|
||||||
# TODO
|
$self->lmLog( "Signature is not valid", 'error' );
|
||||||
#$signature_status = $login->signature_status;
|
return PE_ERROR;
|
||||||
#$self->lmLog( "Signature status is $signature_status", 'debug' );
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog( "Signature is valid", 'debug' );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->lmLog( "Message signature will not be checked",
|
$self->lmLog( "Message signature will not be checked",
|
||||||
@ -348,8 +350,13 @@ sub extractFormInfo {
|
|||||||
->{samlIDPMetaDataOptionsCheckSLOMessageSignature};
|
->{samlIDPMetaDataOptionsCheckSLOMessageSignature};
|
||||||
|
|
||||||
if ($checkSLOMessageSignature) {
|
if ($checkSLOMessageSignature) {
|
||||||
|
unless ( $self->checkSignatureStatus($logout) ) {
|
||||||
# TODO
|
$self->lmLog( "Signature is not valid", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog( "Signature is valid", 'debug' );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->lmLog( "Message signature will not be checked",
|
$self->lmLog( "Message signature will not be checked",
|
||||||
@ -421,8 +428,13 @@ sub extractFormInfo {
|
|||||||
->{samlIDPMetaDataOptionsCheckSLOMessageSignature};
|
->{samlIDPMetaDataOptionsCheckSLOMessageSignature};
|
||||||
|
|
||||||
if ($checkSLOMessageSignature) {
|
if ($checkSLOMessageSignature) {
|
||||||
|
unless ( $self->checkSignatureStatus($logout) ) {
|
||||||
# TODO
|
$self->lmLog( "Signature is not valid", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog( "Signature is valid", 'debug' );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->lmLog( "Message signature will not be checked",
|
$self->lmLog( "Message signature will not be checked",
|
||||||
|
@ -2218,6 +2218,18 @@ sub sendLogoutRequestToServiceProvider {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method boolean checkSignatureStatus(Lasso::Profile profile)
|
||||||
|
# Check signature status
|
||||||
|
# @param profile Lasso::Profile object
|
||||||
|
# @return result
|
||||||
|
sub checkSignatureStatus {
|
||||||
|
my ( $self, $profile ) = splice @_;
|
||||||
|
|
||||||
|
eval { Lasso::Profile::get_signature_status($profile); };
|
||||||
|
|
||||||
|
return $self->checkLassoError($@);
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
||||||
__END__
|
__END__
|
||||||
@ -2492,6 +2504,10 @@ Send logout response issue from a logout request
|
|||||||
|
|
||||||
Send logout request to a service provider
|
Send logout request to a service provider
|
||||||
|
|
||||||
|
=head2 checkSignatureStatus
|
||||||
|
|
||||||
|
Check signature status
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
||||||
|
Loading…
Reference in New Issue
Block a user