Use new Session module in SAML authentication (#671, #LEMONLDAP-700)
This commit is contained in:
parent
e056a0427a
commit
1cfdd9fb6e
|
@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
|
|||
use Lemonldap::NG::Portal::_SAML; #inherits
|
||||
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
||||
|
||||
our $VERSION = '1.3.1';
|
||||
our $VERSION = '1.4.0';
|
||||
our @ISA = qw(Lemonldap::NG::Portal::_SAML);
|
||||
|
||||
## @apmethod int authInit()
|
||||
|
@ -322,10 +322,11 @@ sub extractFormInfo {
|
|||
|
||||
my $samlSessionInfo = $self->getSamlSession($saml_session);
|
||||
|
||||
$self->{_proxiedRequest} = $samlSessionInfo->{Request};
|
||||
$self->{_proxiedMethod} = $samlSessionInfo->{Method};
|
||||
$self->{_proxiedRelayState} = $samlSessionInfo->{RelayState};
|
||||
$self->{_proxiedArtifact} = $samlSessionInfo->{Artifact};
|
||||
$self->{_proxiedRequest} = $samlSessionInfo->data->{Request};
|
||||
$self->{_proxiedMethod} = $samlSessionInfo->data->{Method};
|
||||
$self->{_proxiedRelayState} =
|
||||
$samlSessionInfo->data->{RelayState};
|
||||
$self->{_proxiedArtifact} = $samlSessionInfo->data->{Artifact};
|
||||
|
||||
# Save values in hidden fields in case of other user interactions
|
||||
$self->setHiddenFormValue( 'SAMLRequest',
|
||||
|
@ -337,7 +338,7 @@ sub extractFormInfo {
|
|||
$self->{_proxiedArtifact} );
|
||||
|
||||
# Delete session
|
||||
eval { tied(%$samlSessionInfo)->delete(); };
|
||||
$samlSessionInfo->remove();
|
||||
}
|
||||
|
||||
return PE_OK;
|
||||
|
@ -557,7 +558,8 @@ sub extractFormInfo {
|
|||
# If session index is defined and not equal to SAML session index,
|
||||
# jump to next session
|
||||
if ( defined $session_index
|
||||
and $session_index ne $sessionInfo->{_sessionIndex} )
|
||||
and $session_index ne
|
||||
$sessionInfo->data->{_sessionIndex} )
|
||||
{
|
||||
$self->lmLog(
|
||||
"Session $local_session has not the good session index, skipping",
|
||||
|
@ -570,7 +572,7 @@ sub extractFormInfo {
|
|||
else {
|
||||
|
||||
# Open real session
|
||||
my $real_session = $sessionInfo->{_saml_id};
|
||||
my $real_session = $sessionInfo->data->{_saml_id};
|
||||
|
||||
my $ssoSession =
|
||||
$self->getApacheSession( $real_session, 1 );
|
||||
|
@ -600,11 +602,7 @@ sub extractFormInfo {
|
|||
$logout_error = 1 unless $del_real_result;
|
||||
|
||||
# Delete SAML session
|
||||
my $del_saml_result = 1;
|
||||
eval { tied(%$sessionInfo)->delete() };
|
||||
if ($@) {
|
||||
$del_saml_result = 0;
|
||||
}
|
||||
my $del_saml_result = $sessionInfo->remove();
|
||||
|
||||
$self->lmLog(
|
||||
"Delete SAML session $local_session result: $del_saml_result",
|
||||
|
@ -970,15 +968,17 @@ sub extractFormInfo {
|
|||
|
||||
return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
|
||||
|
||||
$samlSessionInfo->{type} = 'proxy';
|
||||
$samlSessionInfo->{_utime} = time;
|
||||
$samlSessionInfo->{Request} = $self->{_proxiedRequest};
|
||||
$samlSessionInfo->{Method} = $self->{_proxiedMethod};
|
||||
$samlSessionInfo->{RelayState} = $self->{_proxiedRelayState};
|
||||
$samlSessionInfo->{Artifact} = $self->{_proxiedArtifact};
|
||||
$samlSessionInfo->{ProxyID} = $samlID;
|
||||
my $infos;
|
||||
|
||||
untie %$samlSessionInfo;
|
||||
$infos->{type} = 'proxy';
|
||||
$infos->{_utime} = time;
|
||||
$infos->{Request} = $self->{_proxiedRequest};
|
||||
$infos->{Method} = $self->{_proxiedMethod};
|
||||
$infos->{RelayState} = $self->{_proxiedRelayState};
|
||||
$infos->{Artifact} = $self->{_proxiedArtifact};
|
||||
$infos->{ProxyID} = $samlID;
|
||||
|
||||
$samlSessionInfo->update($infos);
|
||||
|
||||
$self->lmLog( "Keep initial SAML request data in memory for ID $samlID",
|
||||
'debug' );
|
||||
|
@ -1460,15 +1460,16 @@ sub authFinish {
|
|||
|
||||
return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
|
||||
|
||||
$samlSessionInfo->{type} = 'saml'; # Session type
|
||||
$samlSessionInfo->{_utime} = $utime; # Creation time
|
||||
$samlSessionInfo->{_saml_id} = $id; # SSO session id
|
||||
$samlSessionInfo->{_nameID} = $nameid->dump; # SAML NameID
|
||||
$samlSessionInfo->{_sessionIndex} = $session_index; # SAML SessionIndex
|
||||
my $infos;
|
||||
$infos->{type} = 'saml'; # Session type
|
||||
$infos->{_utime} = $utime; # Creation time
|
||||
$infos->{_saml_id} = $id; # SSO session id
|
||||
$infos->{_nameID} = $nameid->dump; # SAML NameID
|
||||
$infos->{_sessionIndex} = $session_index; # SAML SessionIndex
|
||||
|
||||
my $session_id = $samlSessionInfo->{_session_id};
|
||||
$samlSessionInfo->update($infos);
|
||||
|
||||
untie %$samlSessionInfo;
|
||||
my $session_id = $samlSessionInfo->id;
|
||||
|
||||
$self->lmLog( "Link session $id to SAML session $session_id", 'debug' );
|
||||
|
||||
|
|
|
@ -1611,8 +1611,6 @@ sub storeReplayProtection {
|
|||
|
||||
my $session_id = $samlSessionInfo->id;
|
||||
|
||||
untie %$samlSessionInfo;
|
||||
|
||||
$self->lmLog( "Keep request ID $samlID in assertion session $session_id",
|
||||
'debug' );
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user