Possibility to force session key use to fill NameID (#657)

2014-02-10 09:14:06 +00:00 · 2014-02-10 09:14:06 +00:00 · 2ee3f6d5a6
commit 2ee3f6d5a6
parent 36f79f4e40
3 changed files with 22 additions and 8 deletions
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@ -201,12 +201,14 @@ sub cstruct {

                        samlSPMetaDataOptionsAuthnResponse => {
                            _nodes => [
-                                qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsOneTimeUse)
+                                qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsNameIDSessionKey samlSPMetaDataOptionsOneTimeUse)
                            ],

                            samlSPMetaDataOptionsNameIDFormat =>
 "text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDFormat"
                              . ":samlSPOptions:nameIdFormatParams",
+                            samlSPMetaDataOptionsNameIDSessionKey =>
+"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDSessionKey",
                            samlSPMetaDataOptionsOneTimeUse =>
 "bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse",
                        },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@ -454,13 +454,14 @@ sub en {
        samlSPMetaDataOptionsSecurity       => 'Security',
        samlSPMetaDataOptionsEnableIDPInitiatedURL =>
          'Enable use of IDP initiated URL',
-        samlServiceMetaData         => 'SAML 2 Service',
-        samlEntityID                => 'Entity Identifier',
-        samlOrganization            => 'Organization',
-        samlOrganizationDisplayName => 'Display Name',
-        samlOrganizationName        => 'Name',
-        samlOrganizationURL         => 'URL',
-        samlSPSSODescriptor         => 'Service Provider',
+        samlSPMetaDataOptionsNameIDSessionKey => 'Force NameID session key',
+        samlServiceMetaData                   => 'SAML 2 Service',
+        samlEntityID                          => 'Entity Identifier',
+        samlOrganization                      => 'Organization',
+        samlOrganizationDisplayName           => 'Display Name',
+        samlOrganizationName                  => 'Name',
+        samlOrganizationURL                   => 'URL',
+        samlSPSSODescriptor                   => 'Service Provider',
        samlSPSSODescriptorAuthnRequestsSigned =>
          'Signed Authentication Request',
        samlSPSSODescriptorWantAssertionsSigned => 'Want Assertions Signed',
@ -941,6 +942,8 @@ sub fr {
        samlSPMetaDataOptionsSecurity       => 'Sécurité',
        samlSPMetaDataOptionsEnableIDPInitiatedURL =>
          'Enable use of IDP initiated URL',
+        samlSPMetaDataOptionsNameIDSessionKey =>
+          "Forcer la clé de session NameID",
        samlServiceMetaData         => 'Service SAML 2',
        samlEntityID                => 'Identifiant d\'entité',
        samlOrganization            => 'Organisation',
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
@ -1521,6 +1521,15 @@ sub issuerForAuthUser {
            my $nameIDSessionKey =
              $self->{ $nameIDFormatConfiguration->{$nameIDFormat} };

+            # Override default NameID Mapping
+            if ( $self->{samlSPMetaDataOptions}->{$spConfKey}
+                ->{samlSPMetaDataOptionsNameIDSessionKey} )
+            {
+                $nameIDSessionKey =
+                  $self->{samlSPMetaDataOptions}->{$spConfKey}
+                  ->{samlSPMetaDataOptionsNameIDSessionKey};
+            }
+
            my $nameIDContent;
            if ( defined $self->{sessionInfo}->{$nameIDSessionKey} ) {
                $nameIDContent =