From 2ee3f6d5a6d7d681fee2b75dccea0e4017bffe0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Mon, 10 Feb 2014 09:14:06 +0000 Subject: [PATCH] Possibility to force session key use to fill NameID (#657) --- .../lib/Lemonldap/NG/Manager/_Struct.pm | 4 +++- .../lib/Lemonldap/NG/Manager/_i18n.pm | 17 ++++++++++------- .../lib/Lemonldap/NG/Portal/IssuerDBSAML.pm | 9 +++++++++ 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm index 70887fc21..2285b8d3f 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm @@ -201,12 +201,14 @@ sub cstruct { samlSPMetaDataOptionsAuthnResponse => { _nodes => [ - qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsOneTimeUse) + qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsNameIDSessionKey samlSPMetaDataOptionsOneTimeUse) ], samlSPMetaDataOptionsNameIDFormat => "text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDFormat" . ":samlSPOptions:nameIdFormatParams", + samlSPMetaDataOptionsNameIDSessionKey => +"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDSessionKey", samlSPMetaDataOptionsOneTimeUse => "bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse", }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm index 1a68bf94c..54a7ef19e 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm @@ -454,13 +454,14 @@ sub en { samlSPMetaDataOptionsSecurity => 'Security', samlSPMetaDataOptionsEnableIDPInitiatedURL => 'Enable use of IDP initiated URL', - samlServiceMetaData => 'SAML 2 Service', - samlEntityID => 'Entity Identifier', - samlOrganization => 'Organization', - samlOrganizationDisplayName => 'Display Name', - samlOrganizationName => 'Name', - samlOrganizationURL => 'URL', - samlSPSSODescriptor => 'Service Provider', + samlSPMetaDataOptionsNameIDSessionKey => 'Force NameID session key', + samlServiceMetaData => 'SAML 2 Service', + samlEntityID => 'Entity Identifier', + samlOrganization => 'Organization', + samlOrganizationDisplayName => 'Display Name', + samlOrganizationName => 'Name', + samlOrganizationURL => 'URL', + samlSPSSODescriptor => 'Service Provider', samlSPSSODescriptorAuthnRequestsSigned => 'Signed Authentication Request', samlSPSSODescriptorWantAssertionsSigned => 'Want Assertions Signed', @@ -941,6 +942,8 @@ sub fr { samlSPMetaDataOptionsSecurity => 'Sécurité', samlSPMetaDataOptionsEnableIDPInitiatedURL => 'Enable use of IDP initiated URL', + samlSPMetaDataOptionsNameIDSessionKey => + "Forcer la clé de session NameID", samlServiceMetaData => 'Service SAML 2', samlEntityID => 'Identifiant d\'entité', samlOrganization => 'Organisation', diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm index 25211e31f..0d3549e3f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm @@ -1521,6 +1521,15 @@ sub issuerForAuthUser { my $nameIDSessionKey = $self->{ $nameIDFormatConfiguration->{$nameIDFormat} }; + # Override default NameID Mapping + if ( $self->{samlSPMetaDataOptions}->{$spConfKey} + ->{samlSPMetaDataOptionsNameIDSessionKey} ) + { + $nameIDSessionKey = + $self->{samlSPMetaDataOptions}->{$spConfKey} + ->{samlSPMetaDataOptionsNameIDSessionKey}; + } + my $nameIDContent; if ( defined $self->{sessionInfo}->{$nameIDSessionKey} ) { $nameIDContent =