dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove SAML redirection screen (#1465)

Browse Source
This commit is contained in:
Xavier Guimard 2018-07-18 08:02:48 +02:00
parent 48482892fa
commit 22e5eb6986
19 changed files with 40 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
View File

@ -753,7 +753,7 @@ sub extractFormInfo {
my $res = $self->p->deleteSession($req);
return (
$res eq PE_LOGOUT_OK ? PE_SENDRESPONSE : $res );
}
}
]
);
@ -824,12 +824,8 @@ sub extractFormInfo {
# Search a selected IdP
my ( $idp, $idp_cookie ) = $self->getIDP($req);
# Get confirmation flag
my $confirm_flag = $req->param("confirm") // 0;
# If confirmation is -1 from resolved IDP screen,
# or IDP was not resolve, let the user choose its IDP
if ( $confirm_flag == -1 or !$idp ) {
# If IDP was not resolved, let the user choose its IDP
unless ($idp) {
$self->logger->debug("Redirecting user to IDP list");
# Control url parameter
@ -864,31 +860,7 @@ sub extractFormInfo {
return PE_IDPCHOICE;
}
# If IDP is found but not confirmed, let the user confirm it
elsif ( $confirm_flag != 1 ) {
$self->logger->debug("IDP $idp selected, need user confirmation");
# Control url parameter
my $urlcheck = $self->p->controlUrl($req);
return $urlcheck unless ( $urlcheck == PE_OK );
# Choosen IDP
$req->info(
$self->loadTemplate(
'samlRedirectToIdp',
params => {
name => $self->idpList->{$idp}->{name},
idp => $idp,
( $req->param("url") ? ( url => $req->param("url") ) : () ),
}
)
);
$req->data->{login} = 1;
return PE_CONFIRM;
}
# Here confirmation is OK (confirm_flag == 1), store choosen IDP in cookie
# Store choosen IDP in cookie
unless ( $idp_cookie and $idp eq $idp_cookie ) {
$self->logger->debug("Build cookie to remember $idp as IDP choice");

16
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t
View File

@ -9,7 +9,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 16;
my $maintests = 15;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -137,7 +137,7 @@ m#img src="http://auth.idp.com(/saml/relaySingleLogoutSOAP)\?(relay=.*?)"#s,
# Test if logout is done
switch ('issuer');
ok(
$res = $sp->_get(
$res = $issuer->_get(
'/', cookie => "lemonldap=$idpId",
),
'Test if user is reject on IdP'
@ -154,16 +154,8 @@ m#img src="http://auth.idp.com(/saml/relaySingleLogoutSOAP)\?(relay=.*?)"#s,
),
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# );
}
count($maintests);

39
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t
View File

@ -9,7 +9,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 17;
my $maintests = 14;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -64,29 +64,6 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
my $confirm = $1;
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new(
"confirm=$confirm&idp=http://auth.idp.com/saml/metadata"),
accept => 'text/html',
length => length($confirm) + 46,
),
'Select IDP'
);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],
@ -201,18 +178,8 @@ SKIP: {
),
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# );
}
count($maintests);

14
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 19;
my $maintests = 18;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -185,17 +185,7 @@ m#iframe src="http://auth.idp.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
expectAutoPost($res);
}
count($maintests);

36
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 19;
my $maintests = 16;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -49,28 +49,6 @@ SKIP: {
'Unauth SP request'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
my $confirm = $1;
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new(
"confirm=$confirm&idp=http://auth.idp.com/saml/metadata"),
accept => 'text/html',
length => length($confirm) + 46,
),
'Select IDP'
);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],
@ -203,17 +181,7 @@ SKIP: {
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', 'SAMLRequest' );
}
count($maintests);

14
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 20;
my $maintests = 19;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -166,16 +166,8 @@ m#iframe src="http://auth.sp.com(/saml/proxySingleLogout)\?(SAMLRequest=.*?)"#,
),
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
}
count($maintests);

31
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 18;
my $maintests = 16;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -50,20 +50,7 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' );
$query .= '&idp=http://auth.idp.com/saml/metadata';
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new($query),
accept => 'text/html',
length => length($query),
),
'Select IDP'
);
my ( $host, $url, $query );
ok(
expectCookie( $res, 'lemonldapidp' ) eq
'http://auth.idp.com/saml/metadata',
@ -201,18 +188,8 @@ qr#^http://auth.sp.com(/saml/proxySingleLogoutReturn)\?(SAMLResponse=.+)#
),
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
}
count($maintests);

37
lemonldap-ng-portal/t/30-SAML-Head-to-Tail-POST.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 16;
my $maintests = 13;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -48,29 +48,6 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
my $confirm = $1;
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new(
"confirm=$confirm&idp=http://auth.idp.com/saml/metadata"),
accept => 'text/html',
length => length($confirm) + 46,
),
'Select IDP'
);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],
@ -204,17 +181,7 @@ SKIP: {
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', 'SAMLRequest' );
}
count($maintests);

25
lemonldap-ng-portal/t/30-SAML-ReAuth-with-choice.t
View File

@ -11,7 +11,7 @@ BEGIN {
}
eval { unlink 't/userdb.db' };
my $maintests = 15;
my $maintests = 13;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -74,29 +74,6 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
my $confirm = $1;
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new(
"confirm=$confirm&idp=http://auth.idp.com/saml/metadata"),
accept => 'text/html',
length => length($confirm) + 46,
),
'Select IDP'
);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],

25
lemonldap-ng-portal/t/30-SAML-ReAuth.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 15;
my $maintests = 13;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -62,29 +62,6 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
my $confirm = $1;
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new(
"confirm=$confirm&idp=http://auth.idp.com/saml/metadata"),
accept => 'text/html',
length => length($confirm) + 46,
),
'Select IDP'
);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],

18
lemonldap-ng-portal/t/30-SAML-SP-rule.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 8;
my $maintests = 7;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -50,20 +50,6 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' );
$query .= '&idp=http://auth.idp.com/saml/metadata';
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new($query),
accept => 'text/html',
length => length($query),
),
'Select IDP'
);
ok(
expectCookie( $res, 'lemonldapidp' ) eq
'http://auth.idp.com/saml/metadata',
@ -73,7 +59,7 @@ SKIP: {
$res->[1],
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
);
( $url, $query ) = expectRedirection( $res,
my ( $url, $query ) = expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
# Push SAML request to IdP

14
lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 12;
my $maintests = 11;
my $debug = 'error';
my ( $idp, $proxy, $app, $res );
my %handlerOR = ( idp => [], proxy => [], app => [] );
@ -98,18 +98,6 @@ SKIP: {
my $proxyPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
my ( $host, $tmp );
( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
ok(
$res = $proxy->_post(
$url,
IO::String->new($query),
length => length($query),
accept => 'text/html',
cookie =>
"lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata"
),
'Confirm IdP'
);
( $host, $url, $query ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );

18
lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 26;
my $maintests = 25;
my $debug = 'error';
my ( $op, $rp, $sp, $res );
my %handlerOR = ( op => [], rp => [], sp => [] );
@ -170,17 +170,6 @@ SKIP: {
),
'Try SAML SP'
);
( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' );
ok(
$res = $sp->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
cookie => 'lemonldapidp=http://auth.op.com/saml/metadata'
),
'Confirm IdP'
);
( $host, $url, $query ) =
expectAutoPost( $res, 'auth.op.com', '/saml/singleSignOn',
'SAMLRequest' );
@ -333,10 +322,7 @@ m#iframe src="http://auth.op.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
'Test if user is reject on SP'
);
expectOK($res);
expectForm( $res, '#', undef, 'confirm', 'idp' );
#print STDERR Dumper($res);
expectAutoPost( $res, 'auth.op.com', '/saml/singleSignOn', 'SAMLRequest' );
}
count($maintests);

13
lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 19;
my $maintests = 18;
my $debug = 'error';
my ( $idp, $sp, $rp, $res );
my %handlerOR = ( idp => [], sp => [], rp => [] );
@ -121,17 +121,6 @@ SKIP: {
);
my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
my ( $host, $tmp );
( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
ok(
$res = $sp->_post(
$url,
IO::String->new($query),
length => length($query),
accept => 'text/html',
cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
),
'Confirm IdP'
);
( $url, $query ) = expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );

13
lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 19;
my $maintests = 18;
my $debug = 'error';
my ( $idp, $sp, $rp, $res );
my %handlerOR = ( idp => [], sp => [], rp => [] );
@ -121,17 +121,6 @@ SKIP: {
);
my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
my ( $host, $tmp );
( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
ok(
$res = $sp->_post(
$url,
IO::String->new($query),
length => length($query),
accept => 'text/html',
cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata"
),
'Confirm IdP'
);
( $host, $url, $query ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );

17
lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 13;
my $maintests = 12;
my $debug = 'error';
my ( $op, $proxy, $sp, $res );
my %handlerOR = ( op => [], proxy => [], sp => [] );
@ -110,18 +110,7 @@ SKIP: {
),
'Try SAML SP'
);
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' );
ok(
$res = $sp->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata'
),
'Confirm IdP'
);
( $url, $query ) = expectRedirection( $res,
my ( $url, $query ) = expectRedirection( $res,
qr#^http://auth.proxy.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
# Push SAML request to IdP
@ -161,7 +150,7 @@ SKIP: {
);
count(1);
my $opId = expectCookie($res);
my $tmp;
my ( $host, $tmp );
( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
ok(

25
lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 19;
my $maintests = 17;
my $debug = 'error';
my ( $issuer, $proxy, $sp, $res );
my %handlerOR = ( issuer => [], proxy => [], sp => [] );
@ -87,29 +87,6 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
my $confirm = $1;
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new(
"confirm=$confirm&idp=http://auth.proxy.com/saml/metadata"),
accept => 'text/html',
length => length($confirm) + 48,
),
'Select IDP'
);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],

25
lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 17;
my $maintests = 15;
my $debug = 'error';
my ( $issuer, $proxy, $sp, $res );
my %handlerOR = ( issuer => [], proxy => [], sp => [] );
@ -88,29 +88,6 @@ SKIP: {
),
'Unauth SP request'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
my $confirm = $1;
# Choose idp on sp
ok(
$res = $sp->_post(
'/',
IO::String->new(
"confirm=$confirm&idp=http://auth.proxy.com/saml/metadata"),
accept => 'text/html',
length => length($confirm) + 48,
),
'Select IDP'
);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],

15
lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t
View File

@ -10,7 +10,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 13;
my $maintests = 12;
my $debug = 'error';
my ( $op, $proxy, $sp, $res );
my %handlerOR = ( op => [], proxy => [], sp => [] );
@ -110,18 +110,7 @@ SKIP: {
),
'Try SAML SP'
);
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' );
ok(
$res = $sp->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata'
),
'Confirm IdP'
);
( $host, $url, $query ) =
my ( $host, $url, $query ) =
expectForm( $res, 'auth.proxy.com', '/saml/singleSignOn', 'SAMLRequest' );
# Push SAML request to IdP