Use new Session module in SAML authentication (#671, #LEMONLDAP-700)
This commit is contained in:
parent
e056a0427a
commit
1cfdd9fb6e
|
@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
|
||||||
use Lemonldap::NG::Portal::_SAML; #inherits
|
use Lemonldap::NG::Portal::_SAML; #inherits
|
||||||
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
||||||
|
|
||||||
our $VERSION = '1.3.1';
|
our $VERSION = '1.4.0';
|
||||||
our @ISA = qw(Lemonldap::NG::Portal::_SAML);
|
our @ISA = qw(Lemonldap::NG::Portal::_SAML);
|
||||||
|
|
||||||
## @apmethod int authInit()
|
## @apmethod int authInit()
|
||||||
|
@ -322,10 +322,11 @@ sub extractFormInfo {
|
||||||
|
|
||||||
my $samlSessionInfo = $self->getSamlSession($saml_session);
|
my $samlSessionInfo = $self->getSamlSession($saml_session);
|
||||||
|
|
||||||
$self->{_proxiedRequest} = $samlSessionInfo->{Request};
|
$self->{_proxiedRequest} = $samlSessionInfo->data->{Request};
|
||||||
$self->{_proxiedMethod} = $samlSessionInfo->{Method};
|
$self->{_proxiedMethod} = $samlSessionInfo->data->{Method};
|
||||||
$self->{_proxiedRelayState} = $samlSessionInfo->{RelayState};
|
$self->{_proxiedRelayState} =
|
||||||
$self->{_proxiedArtifact} = $samlSessionInfo->{Artifact};
|
$samlSessionInfo->data->{RelayState};
|
||||||
|
$self->{_proxiedArtifact} = $samlSessionInfo->data->{Artifact};
|
||||||
|
|
||||||
# Save values in hidden fields in case of other user interactions
|
# Save values in hidden fields in case of other user interactions
|
||||||
$self->setHiddenFormValue( 'SAMLRequest',
|
$self->setHiddenFormValue( 'SAMLRequest',
|
||||||
|
@ -337,7 +338,7 @@ sub extractFormInfo {
|
||||||
$self->{_proxiedArtifact} );
|
$self->{_proxiedArtifact} );
|
||||||
|
|
||||||
# Delete session
|
# Delete session
|
||||||
eval { tied(%$samlSessionInfo)->delete(); };
|
$samlSessionInfo->remove();
|
||||||
}
|
}
|
||||||
|
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
|
@ -557,7 +558,8 @@ sub extractFormInfo {
|
||||||
# If session index is defined and not equal to SAML session index,
|
# If session index is defined and not equal to SAML session index,
|
||||||
# jump to next session
|
# jump to next session
|
||||||
if ( defined $session_index
|
if ( defined $session_index
|
||||||
and $session_index ne $sessionInfo->{_sessionIndex} )
|
and $session_index ne
|
||||||
|
$sessionInfo->data->{_sessionIndex} )
|
||||||
{
|
{
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Session $local_session has not the good session index, skipping",
|
"Session $local_session has not the good session index, skipping",
|
||||||
|
@ -570,7 +572,7 @@ sub extractFormInfo {
|
||||||
else {
|
else {
|
||||||
|
|
||||||
# Open real session
|
# Open real session
|
||||||
my $real_session = $sessionInfo->{_saml_id};
|
my $real_session = $sessionInfo->data->{_saml_id};
|
||||||
|
|
||||||
my $ssoSession =
|
my $ssoSession =
|
||||||
$self->getApacheSession( $real_session, 1 );
|
$self->getApacheSession( $real_session, 1 );
|
||||||
|
@ -600,11 +602,7 @@ sub extractFormInfo {
|
||||||
$logout_error = 1 unless $del_real_result;
|
$logout_error = 1 unless $del_real_result;
|
||||||
|
|
||||||
# Delete SAML session
|
# Delete SAML session
|
||||||
my $del_saml_result = 1;
|
my $del_saml_result = $sessionInfo->remove();
|
||||||
eval { tied(%$sessionInfo)->delete() };
|
|
||||||
if ($@) {
|
|
||||||
$del_saml_result = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Delete SAML session $local_session result: $del_saml_result",
|
"Delete SAML session $local_session result: $del_saml_result",
|
||||||
|
@ -970,15 +968,17 @@ sub extractFormInfo {
|
||||||
|
|
||||||
return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
|
return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
|
||||||
|
|
||||||
$samlSessionInfo->{type} = 'proxy';
|
my $infos;
|
||||||
$samlSessionInfo->{_utime} = time;
|
|
||||||
$samlSessionInfo->{Request} = $self->{_proxiedRequest};
|
|
||||||
$samlSessionInfo->{Method} = $self->{_proxiedMethod};
|
|
||||||
$samlSessionInfo->{RelayState} = $self->{_proxiedRelayState};
|
|
||||||
$samlSessionInfo->{Artifact} = $self->{_proxiedArtifact};
|
|
||||||
$samlSessionInfo->{ProxyID} = $samlID;
|
|
||||||
|
|
||||||
untie %$samlSessionInfo;
|
$infos->{type} = 'proxy';
|
||||||
|
$infos->{_utime} = time;
|
||||||
|
$infos->{Request} = $self->{_proxiedRequest};
|
||||||
|
$infos->{Method} = $self->{_proxiedMethod};
|
||||||
|
$infos->{RelayState} = $self->{_proxiedRelayState};
|
||||||
|
$infos->{Artifact} = $self->{_proxiedArtifact};
|
||||||
|
$infos->{ProxyID} = $samlID;
|
||||||
|
|
||||||
|
$samlSessionInfo->update($infos);
|
||||||
|
|
||||||
$self->lmLog( "Keep initial SAML request data in memory for ID $samlID",
|
$self->lmLog( "Keep initial SAML request data in memory for ID $samlID",
|
||||||
'debug' );
|
'debug' );
|
||||||
|
@ -1460,15 +1460,16 @@ sub authFinish {
|
||||||
|
|
||||||
return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
|
return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
|
||||||
|
|
||||||
$samlSessionInfo->{type} = 'saml'; # Session type
|
my $infos;
|
||||||
$samlSessionInfo->{_utime} = $utime; # Creation time
|
$infos->{type} = 'saml'; # Session type
|
||||||
$samlSessionInfo->{_saml_id} = $id; # SSO session id
|
$infos->{_utime} = $utime; # Creation time
|
||||||
$samlSessionInfo->{_nameID} = $nameid->dump; # SAML NameID
|
$infos->{_saml_id} = $id; # SSO session id
|
||||||
$samlSessionInfo->{_sessionIndex} = $session_index; # SAML SessionIndex
|
$infos->{_nameID} = $nameid->dump; # SAML NameID
|
||||||
|
$infos->{_sessionIndex} = $session_index; # SAML SessionIndex
|
||||||
|
|
||||||
my $session_id = $samlSessionInfo->{_session_id};
|
$samlSessionInfo->update($infos);
|
||||||
|
|
||||||
untie %$samlSessionInfo;
|
my $session_id = $samlSessionInfo->id;
|
||||||
|
|
||||||
$self->lmLog( "Link session $id to SAML session $session_id", 'debug' );
|
$self->lmLog( "Link session $id to SAML session $session_id", 'debug' );
|
||||||
|
|
||||||
|
|
|
@ -1611,8 +1611,6 @@ sub storeReplayProtection {
|
||||||
|
|
||||||
my $session_id = $samlSessionInfo->id;
|
my $session_id = $samlSessionInfo->id;
|
||||||
|
|
||||||
untie %$samlSessionInfo;
|
|
||||||
|
|
||||||
$self->lmLog( "Keep request ID $samlID in assertion session $session_id",
|
$self->lmLog( "Keep request ID $samlID in assertion session $session_id",
|
||||||
'debug' );
|
'debug' );
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user