SAML:
* IDP Option to check conditions (#98) * Extend SAML date format (add milliseconds)
This commit is contained in:
parent
a2921f9d10
commit
2b7cbd4d83
@ -60,7 +60,7 @@ sub cstruct {
|
||||
. ":samlIDPMetaDataXML:filearea",
|
||||
samlIDPMetaDataOptions => {
|
||||
_nodes => [
|
||||
qw(samlIDPMetaDataOptionsNameIDFormat samlIDPMetaDataOptionsForceAuthn samlIDPMetaDataOptionsIsPassive samlIDPMetaDataOptionsAllowProxiedAuthn samlIDPMetaDataOptionsSSOBinding samlIDPMetaDataOptionsSLOBinding samlIDPMetaDataOptionsResolutionRule samlIDPMetaDataOptionsAllowLoginFromIDP samlIDPMetaDataOptionsAdaptSessionUtime samlIDPMetaDataOptionsSignSSOMessage samlIDPMetaDataOptionsCheckSSOMessageSignature samlIDPMetaDataOptionsSignSLOMessage samlIDPMetaDataOptionsCheckSLOMessageSignature samlIDPMetaDataOptionsRequestedAuthnContext samlIDPMetaDataOptionsForceUTF8 samlIDPMetaDataOptionsEncryptionMode)
|
||||
qw(samlIDPMetaDataOptionsNameIDFormat samlIDPMetaDataOptionsForceAuthn samlIDPMetaDataOptionsIsPassive samlIDPMetaDataOptionsAllowProxiedAuthn samlIDPMetaDataOptionsSSOBinding samlIDPMetaDataOptionsSLOBinding samlIDPMetaDataOptionsResolutionRule samlIDPMetaDataOptionsAllowLoginFromIDP samlIDPMetaDataOptionsAdaptSessionUtime samlIDPMetaDataOptionsSignSSOMessage samlIDPMetaDataOptionsCheckSSOMessageSignature samlIDPMetaDataOptionsSignSLOMessage samlIDPMetaDataOptionsCheckSLOMessageSignature samlIDPMetaDataOptionsRequestedAuthnContext samlIDPMetaDataOptionsForceUTF8 samlIDPMetaDataOptionsEncryptionMode samlIDPMetaDataOptionsCheckConditions)
|
||||
],
|
||||
samlIDPMetaDataOptionsNameIDFormat =>
|
||||
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsNameIDFormat"
|
||||
@ -98,6 +98,8 @@ sub cstruct {
|
||||
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsForceUTF8",
|
||||
samlIDPMetaDataOptionsEncryptionMode =>
|
||||
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsEncryptionMode:default:encryptionModeParams",
|
||||
samlIDPMetaDataOptionsCheckConditions =>
|
||||
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckConditions",
|
||||
},
|
||||
}
|
||||
}
|
||||
@ -1295,6 +1297,7 @@ sub defaultConf {
|
||||
samlIDPMetaDataOptionsRequestedAuthnContext => '',
|
||||
samlIDPMetaDataOptionsForceUTF8 => '0',
|
||||
samlIDPMetaDataOptionsEncryptionMode => 'none',
|
||||
samlIDPMetaDataOptionsCheckConditions => '1',
|
||||
samlSPMetaDataOptionsNameIDFormat => '',
|
||||
samlSPMetaDataOptionsOneTimeUse => '0',
|
||||
samlSPMetaDataOptionsSignSSOMessage => '1',
|
||||
|
@ -247,6 +247,7 @@ sub en {
|
||||
'Requested authentication context',
|
||||
samlIDPMetaDataOptionsForceUTF8 => 'Force UTF-8',
|
||||
samlIDPMetaDataOptionsEncryptionMode => 'Encryption mode',
|
||||
samlIDPMetaDataOptionsCheckConditions => 'Check conditions',
|
||||
samlSPMetaDataNode => 'SAML service providers',
|
||||
samlSPMetaDataXML => 'Metadata',
|
||||
samlSPMetaDataExportedAttributes => 'Exported attributes',
|
||||
@ -515,6 +516,7 @@ sub fr {
|
||||
'Contexte d\'authentification demandé',
|
||||
samlIDPMetaDataOptionsForceUTF8 => 'Forcer l\'UTF-8',
|
||||
samlIDPMetaDataOptionsEncryptionMode => 'Mode de chiffrement',
|
||||
samlIDPMetaDataOptionsCheckConditions => 'Vérifier les conditions',
|
||||
samlSPMetaDataNode => 'Fournisseurs de service SAML',
|
||||
samlSPMetaDataXML => 'Metadonnées',
|
||||
samlSPMetaDataExportedAttributes => 'Attributs exportés',
|
||||
|
@ -180,9 +180,16 @@ sub extractFormInfo {
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
# Do we check conditions?
|
||||
my $checkConditions =
|
||||
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
|
||||
->{samlIDPMetaDataOptionsCheckConditions};
|
||||
|
||||
# Check conditions - time and audience
|
||||
unless (
|
||||
$self->validateConditions( $assertion, $self->{samlEntityID} ) )
|
||||
if ( $checkConditions
|
||||
and
|
||||
!$self->validateConditions( $assertion, $self->{samlEntityID} )
|
||||
)
|
||||
{
|
||||
$self->lmLog( "Conditions not validated", 'error' );
|
||||
return PE_ERROR;
|
||||
|
@ -2106,8 +2106,8 @@ sub timestamp2samldate {
|
||||
sub samldate2timestamp {
|
||||
my ( $self, $samldate ) = splice @_;
|
||||
|
||||
my ( $year, $mon, $mday, $hour, $min, $sec, $ztime ) =
|
||||
( $samldate =~ /(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(Z)?/ );
|
||||
my ( $year, $mon, $mday, $hour, $min, $sec, $msec, $ztime ) =
|
||||
( $samldate =~ /(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(\.\d+)?(Z)?/ );
|
||||
|
||||
my $timestamp =
|
||||
timegm( $sec, $min, $hour, $mday, $mon - 1, $year - 1900, 0 );
|
||||
|
Loading…
Reference in New Issue
Block a user