diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm index 70887fc21..2285b8d3f 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm @@ -201,12 +201,14 @@ sub cstruct { samlSPMetaDataOptionsAuthnResponse => { _nodes => [ - qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsOneTimeUse) + qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsNameIDSessionKey samlSPMetaDataOptionsOneTimeUse) ], samlSPMetaDataOptionsNameIDFormat => "text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDFormat" . ":samlSPOptions:nameIdFormatParams", + samlSPMetaDataOptionsNameIDSessionKey => +"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDSessionKey", samlSPMetaDataOptionsOneTimeUse => "bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse", }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm index 1a68bf94c..54a7ef19e 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm @@ -454,13 +454,14 @@ sub en { samlSPMetaDataOptionsSecurity => 'Security', samlSPMetaDataOptionsEnableIDPInitiatedURL => 'Enable use of IDP initiated URL', - samlServiceMetaData => 'SAML 2 Service', - samlEntityID => 'Entity Identifier', - samlOrganization => 'Organization', - samlOrganizationDisplayName => 'Display Name', - samlOrganizationName => 'Name', - samlOrganizationURL => 'URL', - samlSPSSODescriptor => 'Service Provider', + samlSPMetaDataOptionsNameIDSessionKey => 'Force NameID session key', + samlServiceMetaData => 'SAML 2 Service', + samlEntityID => 'Entity Identifier', + samlOrganization => 'Organization', + samlOrganizationDisplayName => 'Display Name', + samlOrganizationName => 'Name', + samlOrganizationURL => 'URL', + samlSPSSODescriptor => 'Service Provider', samlSPSSODescriptorAuthnRequestsSigned => 'Signed Authentication Request', samlSPSSODescriptorWantAssertionsSigned => 'Want Assertions Signed', @@ -941,6 +942,8 @@ sub fr { samlSPMetaDataOptionsSecurity => 'Sécurité', samlSPMetaDataOptionsEnableIDPInitiatedURL => 'Enable use of IDP initiated URL', + samlSPMetaDataOptionsNameIDSessionKey => + "Forcer la clé de session NameID", samlServiceMetaData => 'Service SAML 2', samlEntityID => 'Identifiant d\'entité', samlOrganization => 'Organisation', diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm index 25211e31f..0d3549e3f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm @@ -1521,6 +1521,15 @@ sub issuerForAuthUser { my $nameIDSessionKey = $self->{ $nameIDFormatConfiguration->{$nameIDFormat} }; + # Override default NameID Mapping + if ( $self->{samlSPMetaDataOptions}->{$spConfKey} + ->{samlSPMetaDataOptionsNameIDSessionKey} ) + { + $nameIDSessionKey = + $self->{samlSPMetaDataOptions}->{$spConfKey} + ->{samlSPMetaDataOptionsNameIDSessionKey}; + } + my $nameIDContent; if ( defined $self->{sessionInfo}->{$nameIDSessionKey} ) { $nameIDContent =