SAML: use get_signature_status from Lasso::Profile
This commit is contained in:
parent
c4ea39fae4
commit
1b81ccd96f
@ -37,10 +37,9 @@ sub extractFormInfo {
|
||||
|
||||
# TODO: seems to be unused (redefined later)
|
||||
my (
|
||||
$login, $logout, $idp,
|
||||
$idpConfKey, $request, $response,
|
||||
$artifact, $relaystate, $signature_status,
|
||||
$method
|
||||
$login, $logout, $idp, $idpConfKey,
|
||||
$request, $response, $artifact, $relaystate,
|
||||
$signature_status, $method
|
||||
);
|
||||
|
||||
# 1. Get HTTP request informations to know
|
||||
@ -127,10 +126,13 @@ sub extractFormInfo {
|
||||
->{samlIDPMetaDataOptionsCheckSSOMessageSignature};
|
||||
|
||||
if ($checkSSOMessageSignature) {
|
||||
|
||||
# TODO
|
||||
#$signature_status = $login->signature_status;
|
||||
#$self->lmLog( "Signature status is $signature_status", 'debug' );
|
||||
unless ( $self->checkSignatureStatus($login) ) {
|
||||
$self->lmLog( "Signature is not valid", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Signature is valid", 'debug' );
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Message signature will not be checked",
|
||||
@ -348,8 +350,13 @@ sub extractFormInfo {
|
||||
->{samlIDPMetaDataOptionsCheckSLOMessageSignature};
|
||||
|
||||
if ($checkSLOMessageSignature) {
|
||||
|
||||
# TODO
|
||||
unless ( $self->checkSignatureStatus($logout) ) {
|
||||
$self->lmLog( "Signature is not valid", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Signature is valid", 'debug' );
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Message signature will not be checked",
|
||||
@ -421,8 +428,13 @@ sub extractFormInfo {
|
||||
->{samlIDPMetaDataOptionsCheckSLOMessageSignature};
|
||||
|
||||
if ($checkSLOMessageSignature) {
|
||||
|
||||
# TODO
|
||||
unless ( $self->checkSignatureStatus($logout) ) {
|
||||
$self->lmLog( "Signature is not valid", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Signature is valid", 'debug' );
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Message signature will not be checked",
|
||||
|
@ -2218,6 +2218,18 @@ sub sendLogoutRequestToServiceProvider {
|
||||
|
||||
}
|
||||
|
||||
## @method boolean checkSignatureStatus(Lasso::Profile profile)
|
||||
# Check signature status
|
||||
# @param profile Lasso::Profile object
|
||||
# @return result
|
||||
sub checkSignatureStatus {
|
||||
my ( $self, $profile ) = splice @_;
|
||||
|
||||
eval { Lasso::Profile::get_signature_status($profile); };
|
||||
|
||||
return $self->checkLassoError($@);
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
@ -2492,6 +2504,10 @@ Send logout response issue from a logout request
|
||||
|
||||
Send logout request to a service provider
|
||||
|
||||
=head2 checkSignatureStatus
|
||||
|
||||
Check signature status
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
||||
|
Loading…
Reference in New Issue
Block a user